Mounting NCSU AFS locations locally on Elementary OS Luna (Ubuntu 12.04)

NC State uses AFS to store student files, course submission lockers, and the course web page. A friend of mine wrote a blog post with instructions on how to mount these locations on Windows. Using that and the MIT CSAIL page on using OpenAFS on Ubuntu, it’s possible to have the your AFS directories show up locally. I am on NCSU’s ResNet internet service, but this should work even from outside.

Installing the required software

First, add the openafs PPA for Ubuntu 12.04 and update your package cache

sudo add-apt-repository ppa:openafs/stable && sudo apt-get update

Then install the packages required

sudo apt-get install openafs-krb5 openafs-client krb5-user module-assistant openafs-modules-dkms

Answer the questions as follows:

Question Answer
AFS Cell this workstation belongs to EOS.NCSU.EDU
Size of AFS Cache in KB 512000

The first answer is then populated to /etc/openafs/ThisCell and the second to /etc/openafs/cacheinfo, in case you want to look it up.

Configuring Kerberos

By default, you won’t be asked to set up the Kerberos realm and other such things and so you’ll have to reconfigure the packages:

sudo dpkg-reconfigure krb5-config openafs-client

Here, answer:

Question Answer
Default Kerberos version 5 Realm EOS.NCSU.EDU

Installing the kernel module

Try to load the openafs kernel module:

sudo modprobe openafs

Restart the OpenAFS client:

sudo service openafs-client restart

Logging in

Authenticate against the Kerberos 5 Realm to receive a ticket-granting ticket:

kinit unityID

Confirm that you have received tickets:

klist

Expect output like:

Ticket cache: FILE:/tmp/krb5cc_105195
Default principal: unityID@EOS.NCSU.EDU

Valid starting    Expires           Service principal
11/02/2013 17:44  11/02/2013 00:24  krbtgt/EOS.NCSU.EDU@EOS.NCSU.EDU

At this point, you should be able to access /afs/eos.ncsu.edu and look at the parts that don’t require authentication. If you want to access your EOS home folder or course submission folders or any other place that you would imagine you require authentication to access, you first have to acquire a Kerberos token by running:

aklog -c unity.ncsu.edu -k EOS.NCSU.EDU

aklog -c eos.ncsu.edu -k EOS.NCSU.EDU

And that’s pretty much it. Your home folder is /afs/unity.ncsu.edu/users/firstLetterOfUnityID/unityID.

Naturally, I didn’t want to have to login each time and I wanted to try out some Python things, so here’s a small script to do the job.

Troubleshooting

  1. If kinit complains that it “Cannot parse principal ‘username'”, then try specifying the fully-qualified username: unityID@EOS.NCSU.EDU. Remember that capital letters are significant.

  2. If you have lots of possible cells that you don’t want to connect to in /afs, try blanking out or commenting lines in /etc/openafs/CellServDB.

  3. You can set up cell aliases, so that it’s easier to navigate to cells you frequently visit. Edit /etc/openafs/CellAlias to do so. Here’s the format:

    cell alias
    eos.ncsu.edu eos
    unity.ncsu.edu unity
    bp.ncsu.edu bp

  4. If you don’t have the openafs kernel module, then you may need to build it. From the CSAIL page, this is easy using module-assistant:

    sudo m-a prepare
    sudo m-a auto-install openafs
    sudo modprobe openafs