Difference between revisions of "Installing an OpenAFS Client on Ubuntu"

Revision as of 20:07, 10 April 2019

This documentation will show you how to access the NJIT's AFS file system (/afs/cad.njit.edu/) from your Ubuntu machine (Ubuntu 18.04.1 LTS). You will have to do some installations on your Ubuntu machine to get access to AFS directories. Follow the instructions provided in the rest of the document.

1. Installing OpenAFS packages

• Open the Terminal application on your machine and run the following command to install the AFS client and Kerberos packages.

sudo apt-get install openafs-krb5 openafs-client

• Now, you will be prompted to provide information Like AFS Cell and AFS Cache.

• Provide the following information in the dialog boxes and hit ok:
  • AFS Cell: cad.njit.edu
  • AFS Cache: Leave this default

• Once the command has been completed, you will see the message DKMS: install completed

2. Installing Kerberos Client package

• After installing the OpenAFS packages, you will have to install the Kerberos Client package. Run the following command in a Terminal.

sudo apt-get install krb5-user

• Now, you will be prompted to provide information Like Kerberos Realm, Servers and Admin Server.

• Provide the following information in the dialog boxes and hit ok:
  • Realm: NJIT.EDU (In capital letters)
  • Servers: kay00.njit.edu:88 kay01.njit.edu:88 kay02.njit.edu:88
  • Admin Server: kay00.njit.edu:749

3. Edit /etc/krb5.conf

• Delete all the content of file /etc/krb5.conf and add the following:

# NJIT - ARCS Kerberos Configuration  - 20140404
[logging]
       default = FILE:/var/log/krb5libs.log
       kdc = FILE:/var/log/krb5kdc.log
       admin_server = FILE:/var/log/kadmind.log
[libdefaults]
       default_realm = NJIT.EDU
       dns_lookup_realm = false
       dns_lookup_kdc = false
       ticket_lifetime = 8h
       renew_lifetime = 30d
       forwardable = true
       allow_weak_crypto = TRUE
       allow_weak_enctypes = TRUE
[realms]
       NJIT.EDU = {
               kdc = kay00.njit.edu:88
               kdc = kay01.njit.edu:88
               kdc = kay02.njit.edu:88
               admin_server = kay00.njit.edu:749
               default_domain = njit.edu
       }
[domain_realm]
       .njit.edu = NJIT.EDU
       njit.edu = NJIT.EDU
[appdefaults]
       pam = {
               debug = false
               ticket_lifetime = 36000
               renew_lifetime = 30d
               forwardable = true
               krb4_convert = false
               pam-afs-session = {
                       ignore_root=true
                       debug=true
               }
       }
       libkafs = {
               NJIT.EDU = {
                       afs-use-524 = no
               }
       }

4. Edit /etc/openafs/CellServDB

• Delete all the content of file /etc/openafs/CellServDB and add the following:

>cad.njit.edu     #Cell name
128.235.209.210   #ucsafsdb00.coresys.njit.edu
128.235.209.211   #ucsafsdb01.coresys.njit.edu
128.235.209.243   #ucsafsdb02.coresys.njit.edu
128.235.209.244   #ucsafsdb03.coresys.njit.edu

5. Starting the AFS Client and accessing the afs home directory

• Reboot the machine. The OpenAFS client should auto start upon reboot.

• Using the following command, check if afs/ is mounted or not to verify if AFS client auto started or not on boot up.

ls -l /

• Get the Kerberos ticket using kinit, and your AFS token using aklog

kinit <Your NJIT UCID> && aklog

• Use the following command to check if AFS token is generated or not.

tokens

• You should now be able to access your AFS home directory.

cd /afs/cad/u/<first_letter_of_ucid>/<second_letter_of_ucid>/<your_ucid>/

Example: If your NJIT UCID is abc123 then

cd /afs/cad/u/a/b/abc123/