Installing AFS on Red Hat Linux
The following instructions are for Red Hat Enterprise Linux 4 and 5, but should work on other versions of Red Hat as well. These are generic instructions for any Red Hat system. (See Linux Service page for information on adding other repositories)
Visit https://yum.stanford.edu/mrepo/ from an on campus IP address to determine the latest release of OpenAFS (EG: 1.4.7 at the time this document was written).
As root, run the following command to import the Stanford package signing GPG pubkey:
rpm --import https://yum.stanford.edu/STANFORD-GPG-KEY
For RHEL4: Using the OpenAFS release number (EG 1.4.7) in the place of "X.Y.Z", as root edit your /etc/sysconfig/rhn/sources file and add the following line:
yum openafs-X.Y.Z http://yum.stanford.edu/mrepo/openafs-X.Y.Z-EL4-$ARCH/RPMS.updates
To install OpenAFS for single and smp CPUs (along with the latest kernel available), as root run:
up2date -f openafs openafs-client openafs-krb5 kmod-openafs-smp kmod-openafs
For RHEL5: Using the OpenAFS release number (EG 1.4.7) in the place of "X.Y.Z", as root create and edit a new file /etc/yum.repos.d/openafs.conf and add the following:
pre[ [openafs-X.Y.Z] name = OpenAFS X.Y.Z packages baseurl = http://yum.stanford.edu/mrepo/openafs-X.Y.Z-EL5-$basearch/RPMS.updates enabled = 1 protect = 0 gpgkey = http://yum.stanford.edu/STANFORD-GPG-KEY gpgcheck = 1 ]
To install OpenAFS for single and smp CPUs, as root run:
yum install openafs openafs-client openafs-krb5 kmod-openafs-smp kmod-openafs
For RHEL4 and RHEL5: To enable openafs-client to start at boot time, execute as root:
chkconfig --enable openafs-client
* Note that for Fedora Core systems, you will need to Obtain the packages from the OpenAFS web site. There are RPMs available there for a variety of different versions of Red Hat and Fedora. You need the openafs, openafs-kernel, openafs-krb5, and openafs-client RPMs. (You may need to get openafs-kernel-source and build the modules yourself if you build your own kernel.)
Install manually downloaded packages using
rpm -iin the above order. The packages will create the
/afsmount point and install an init script to start the client on boot.
/usr/vice/etc/ThisCell. It should contain:
You can replace it with the copy found in
/afs/ir/systems/@sys/pubsw/package/Local/config/share/etc/conf/ThisCellon a system that mounts AFS, but the content is just the above single line. If you have an older installation, please check your ThisCell file. Older versions provided a ThisCell which is now incorrect. You should make sure it only has what is listed above.
/usr/vice/etc/CellAlias. It should contain:
Alternately, you can replace it with the copy found in
/afs/ir/systems/@sys/pubsw/package/Local/config/share/etc/conf/CellAliason a system that mounts AFS, but the content is just the above single line.
/usr/vice/etc/cacheinfoif you want to change the size of the AFS cache. The default in the AFS RPMs (as of December 2004) is 100MB, which is fine for light to moderate AFS usage.
If you are using iptables or a firewall, make sure that it allows UDP packets to ports 7000 through 7010. The AFS protocol uses UDP for communication with the server and the server has to be able to respond to client requests. All of the ports in that range are not used by tools that we use at Stanford, but the above range will avoid any problems.
Restart the openafs-client service to make the changes take effect.
If the installation is successful, AFS should show up in the output of
df command, and you should be able to cd to
see Stanford's AFS cell. If this doesn't work, make sure that the afsd
process is running with:
ps -ef | grep afs
Watch the boot process for any error messages. You can also try restarting the AFS client by hand with:
or if openafs-client isn't already running, just:
and see if it produces any helpful error messages. Note that starting the AFS client again if, according to the above ps command it's already running, can sometimes produce unstable behavior and system crashes. You should only start the AFS client again if it failed to start the first time.
If AFS fails to start or if AFS is not accessible after starting, the most
common problems are firewall restrictions preventing your system from
contacting the AFS servers, bad configuration in
characters or bad configuration in
cacheinfo, or a mismatch between
the kernel for which the AFS client was compiled and the kernel that
The above instructions only set up AFS, not Kerberos. After installing AFS, you should be able to authenticate to it with:
where username is your SUNet ID. This may be sufficient for many
users. If you want to be able to authenticate with
obtain Kerberos tickets, or if you want to be able to log on to your system
with Kerberos or use AFS for user home directories, you will also want to
see the Kerberos
The openafs-krb5 package has the aklog binary which you need to authenticate to kerberos.