Installation de OpenAFS+Kerberos+LDAP

From NBSWiki

Jump to: navigation, search

1 Références
2 Configuration de Kerberos
3 Configuration de LDAP
- 3.1 Création des clefs pour OpenAFS
4 OpenAFS

Références

[1]

Configuration de Kerberos

Kerberos Installation Notes

Configuration de LDAP

LDAP Installation Notes

Création des clefs pour OpenAFS

kadmin.local -e des-cbc-crc:v4 -q "addprinc afs"
kadmin.local -e des-cbc-crc:v4 -q "addprinc afs/admin"
kadmin.local -q "modprinc -kvno 0 afs@LIVIA.ETSMTL.CA"

OpenAFS

Ref...

Séquence de tentative d'installation de OpenAFS...

pythagore ~ # cat OpenAFS.sh
#!/bin/bash
SERVER=`hostname -f`
CELL=`hostname -d`
PART="/dev/sdc1"
VOL="/vicepa"
KRBKEY="/var/kerberos/krb5kdc/kadm5.afs"

rm /etc/openafs/ThisCell
rm /etc/openafs/CellServDB

bosserver -noauth -syslog&

bos setcellname ${SERVER} ${CELL} -noauth
bos create ${SERVER} buserver simple /usr/libexec/openafs/buserver -cell ${CELL} -noauth
bos create ${SERVER} ptserver simple /usr/libexec/openafs/ptserver -cell ${CELL} -noauth
bos create ${SERVER} vlserver simple /usr/libexec/openafs/vlserver -cell ${CELL} -noauth

bos status ${SERVER} -noauth

bos adduser ${SERVER} admin -cell ${CELL} -noauth

# Mettre dans /etc/krb5.conf
#[appdefaults]
#afs_krb5 = {
#      LIVIA.ETSMTL.CA = {
#                afs = false
#      }
#}
# kadmin.local -e des-cbc-crc:v4 -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab afs@LIVIA.ETSMTL.CA"
# Attention, on mets 2 pcq c'est la version 2 de la clef
asetkey add 2 $KRBKEY afs

pts createuser -name admin -cell ${CELL} -noauth

pts adduser admin system:administrators -cell ${CELL} -noauth
pts membership admin -cell ${CELL} -noauth

bos restart ${SERVER} -all -cell ${CELL} -noauth

# Mount le volume si il n'est pas déjà monté
[ `mount | grep -q $VOL` ] && mount $PART $VOL

bos create ${SERVER} fs fs /usr/libexec/openafs/fileserver /usr/libexec/openafs/volserver /usr/libexec/openafs/salvager -cell ${CELL} -noauth
bos status ${SERVER} -long -noauth

vos create ${SERVER}  ${VOL} root.afs -cell ${CELL} -noauth

vos syncvldb ${SERVER} -cell ${CELL} -verbose -noauth
vos syncserv ${SERVER} -cell ${CELL} -verbose -noauth

bos create ${SERVER} upserver simple "/usr/libexec/openafs/upserver -crypt /etc/openafs/server -clear /usr/libexec/openafs" -cell ${CELL} -noauth

# /etc/conf.d/openafs-client --> ENABLE_DYNROOT="no"
/etc/init.d/openafs-client start

fs setacl /afs system:anyuser rl

vos create ${SERVER} ${VOL} root.cell
fs mkmount /afs/${CELL} root.cell
fs setacl /afs/${CELL} system:anyuser rl
fs mkmount /afs/.${CELL} root.cell -rw

Retrieved from "http://www.neuralbs.com/index.php/Installation_de_OpenAFS%2BKerberos%2BLDAP"

Installation de OpenAFS+Kerberos+LDAP

From NBSWiki

Contents

Références

Configuration de Kerberos

Configuration de LDAP

Création des clefs pour OpenAFS

OpenAFS

Views

Personal tools

Navigation

Search

Toolbox