You are here

AFS for Debian / Ubuntu

Printer-friendly versionPrinter-friendly version

This page describes steps to get connectivity with DICE AFS on a non-DICE Debian (or derivative, e.g. Ubuntu) system.

Super-quick Summary

This should work for most Debian >=10 and Ubuntu >=18.04 machines.

Run the following commands in a terminal. You might be prompted for some of the following:

Setting Value
Kerberos Realm INF.ED.AC.UK
Kerberos Servers kdc.inf.ed.ac.uk
AFS Cell inf.ed.ac.uk
AFS Cache size whatever you wish. Try 500000 (500Mb) if you are unsure.

Kerberos

Install the essential packages:

$ sudo -i
# apt install krb5-user

You will be prompted to configure the Kerberos realm, enter INF.ED.AC.UK

Once configured you should be able to authenticate with the Informatics Kerberos service using kinit. Depending upon your Kerberos client configuration you may need to add the -f option to request a forwardable ticket.

$ kinit -f [DICE username]

If that does not work see below for further details

OpenAFS

Once Kerberos authentication is functional you can proceed to install the OpenAFS packages:

$ sudo -i
# apt install openafs-client openafs-krb5

You will be prompted to enter the AFS cell for the workstation, you should enter inf.ed.ac.uk. You will also be prompted for the cache size, we recommend at least 500000 (500Mb).

The install process might produce some FATAL messages about the openafs kernel module not being found. Those messages can be safely ignored as it will not be available until the openafs-modules-dkms package has finished building for the current version of the Linux kernel. Note that the module building process may take quite a while...

If all has gone well the final step is to restart the OpenAFS client service:

# systemctl restart openafs-client
# exit

It is worth checking the status of the service at this point (using the command systemctl status openafs-client) to be sure that all is well.

You should now be able to access your DICE home directory from your machine:

$ kinit -f [DICE username]
$ aklog
$ cd /afs/inf.ed.ac.uk/user/[u]/[username]/ (for staff)
$ cd /afs/inf.ed.ac.uk/user/s[MA]/sMATRIC/ (for students)

On the last line, [u/MA] is the first character(s) of your username/matric.. You can find the full path of your home directory by logging into a DICE machine and running the pwd command.

If you have problems, read on.

Required packages

If you are using Ubuntu you may need to enable the Universe repository for Kerberos packages.

These packages will likely request configuration. Depending on the distribution this may configure your system correctly, but some distributions do not modify the configuration sufficiently to work with DICE.

Extended Kerberos Configuration

If the simple configuration of the realm did not work you should try the following:

$ sudo -i
# dpkg -plow krb5-config

Work through the various dialogues. The KDC servers are kdc0.inf.ed.ac.uk kdc1.inf.ed.ac.uk kdc2.inf.ed.ac.uk and the admin server is kdc.inf.ed.ac.uk

If it still does not work, or for more functionality (for example, iFriend AFS access seems to need this), you may also set up /etc/krb5.conf to the following (and lose dpkg-managed configuration of the file):

[logging]
  default = FILE:/var/log/krb5libs.log

[libdefaults]
  default_realm = INF.ED.AC.UK
  dns_lookup_realm = true
  dns_lookup_kdc = true
  ticket_lifetime = 64800
  forwardable = yes

[realms]
  INF.ED.AC.UK = {
    admin_server = kdc.inf.ed.ac.uk:749
    default_domain = inf.ed.ac.uk
  }

[domain_realm]
  inf.ed.ac.uk = INF.ED.AC.UK
  .inf.ed.ac.uk = INF.ED.AC.UK

[capaths]
  INF.ED.AC.UK = {
    ED.AC.UK = EASE.ED.AC.UK
  }
  ED.AC.UK = {
    INF.ED.AC.UK = EASE.ED.AC.UK
  }

If you are using openafs version 1.4.11 on Ubuntu 10.04, or for any other reason also have Kerberos 1.8 installed, you will also need to add the following to the libdefaults section.

allow_weak_crypto = true

From version 1.4.12 onwards this is not necessary as openafs knows how to ask kerberos >=1.8 for the correct configuration. At the time of writing, OpenAFS 1.8.0 and kerberos 1.16 are the current versions with Ubuntu 18.04.

Configure AFS

The dkms package should have built the openafs kernel module for your installed kernel versions. It will continue to do so whenever a new version becomes available.

First, prepare a partition for OpenAFS. This can be your root partition (no configuration required), if it is formatted using ext2, ext3 or ext4 (that is the usual default).

If you did not set your AFS client as belonging to the 'inf.ed.ac.uk' cell at dpkg configuration-time, configure it now:

# echo "inf.ed.ac.uk" > /etc/openafs/ThisCell

Now start OpenAFS:

# systemctl restart openafs-client

Occasionally, if your machine is in an unusual state, this will not be sufficient and a reboot will be necessary for the kernel module to be installed and the service to start successfully.

Establish connection

Get your Kerberos credentials: type

$ kinit [DICE username]

and enter your password. Now establish your AFS credentials using

$ aklog

Your AFS home directory can be found in

/afs/inf.ed.ac.uk/user/[u]/[username]/ or /afs/inf.ed.ac.uk/user/s[MA]/sMATRIC/

where [u/MA] is the first character(s) of your username/matric.

If you have problems, check that the openafs module is loaded, and check afs daemons are running. eg

% ps -ef | grep afs
root      8302     2  0 16:27 ?        00:00:00 [afs_pagecopy]
root      8311     1  0 16:27 ?        00:00:00 /sbin/afsd -afsdb -dynroot -fakestat
...

or

% systemctl status openafs-client
‚óŹ openafs-client.service - OpenAFS client
   Loaded: loaded (/lib/systemd/system/openafs-client.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-12-11 16:27:23 GMT; 11min ago
...
% lsmod | grep afs
openafs             2379776   2

If the kernel module failed to build/load, try removing and then re-installing the module, and then stopping/restarting the client eg:

apt remove openafs-modules-dkms
apt install openafs-modules-dkms
/etc/init.d/openafs-client stop
/etc/init.d/openafs-client start

If the afs module still fails to load, check for any errors/warnings from the above commands.

Last reviewed: 
08/10/2019

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic