<para>It is best to read this chapter before installing your cell's
first file server machine or performing any other administrative
- task.</para>
+ task.
<indexterm>
<primary>AFS</primary>
<secondary>between AFS and UNIX, summarized</secondary>
</indexterm>
+ </para>
<sect1 id="HDRWQ30">
<title>Differences between AFS and UNIX: A Summary</title>
the attempt proceeds to the next step.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ66" />The utility obtains a PAG.</para>
+ <listitem id="LIWQ66">
+ <para>The utility obtains a PAG.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ67" />The utility converts the password
+ <listitem id="LIWQ67">
+ <para>The utility converts the password
provided by the user into an encryption key and encrypts a
packet of data with the key. It sends the packet to the AFS
authentication service (the AFS Authentication Server in the
</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ68" />If no AFS token was granted in
+ <listitem id="LIWQ68">
+ <para>If no AFS token was granted in
Step <link linkend="LIWQ67">4</link>, the login utility
attempts to log the user into the local file system, by
comparing the password provided to the local password file.
<chapter id="HDRWQ80">
<title>Administering Server Machines</title>
+ <para>
<indexterm>
<primary>server machine</primary>
<secondary>server machine</secondary>
</indexterm>
- <para>This chapter describes how to administer an AFS server machine. It describes the following configuration information and
+ This chapter describes how to administer an AFS server machine. It describes the following configuration information and
administrative tasks: <itemizedlist>
<listitem>
<para>The binary and configuration files that must reside in the subdirectories of the <emphasis
become the synchronization site in an election.</para>
</listitem>
- <listitem>
- <para><anchor id="LIDBBK_SHUTDOWN" />Issue the <emphasis role="bold">bos shutdown</emphasis> command to shut down the
+ <listitem id="LIDBBK_SHUTDOWN">
+ <para>Issue the <emphasis role="bold">bos shutdown</emphasis> command to shut down the
relevant server process on the local machine. For a complete description of the command, see <link linkend="HDRWQ168">To
stop processes temporarily</link>.</para>
cell.</para>
</listitem>
- <listitem>
- <para><anchor id="LIDBREST_SHUTDOWN" />Working on one of the machines, issue the <emphasis role="bold">bos
+ <listitem id="LIDBREST_SHUTDOWN">
+ <para>Working on one of the machines, issue the <emphasis role="bold">bos
shutdown</emphasis> command once for each database server machine, to shut down the relevant server process on all of
them. For a complete description of the command, see <link linkend="HDRWQ168">To stop processes temporarily</link>.</para>
using a transfer utility such as the <emphasis role="bold">ftp</emphasis> command.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ112" />Issue the <emphasis role="bold">bos install</emphasis> command for the binary distribution
+ <listitem id="LIWQ112">
+ <para>Issue the <emphasis role="bold">bos install</emphasis> command for the binary distribution
machine. (If you have forgotten which machine is performing that role, see <link linkend="HDRWQ97">To locate the binary
distribution machine for a system type</link>.) <programlisting>
% <emphasis role="bold">bos install</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>files to install</replaceable>>+
role="bold">.BAK</emphasis></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ114" />Issue the <emphasis role="bold">bos uninstall</emphasis> command for a binary distribution
+ <listitem id="LIWQ114">
+ <para>Issue the <emphasis role="bold">bos uninstall</emphasis> command for a binary distribution
machine. (If you have forgotten which machine is performing that role, see <link linkend="HDRWQ97">To locate the binary
distribution machine for a system type</link>.) <programlisting>
% <emphasis role="bold">bos uninstall</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>files to uninstall</replaceable>>+
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ132" />Using a text editor, create an entry in the machine's file systems registry file (<emphasis
+ <listitem id="LIWQ132">
+ <para>Using a text editor, create an entry in the machine's file systems registry file (<emphasis
role="bold">/etc/fstab</emphasis> or equivalent) for each new disk partition, mapping its device name to the directory you
created in the previous step. Refer to existing entries in the file to learn the proper format, which varies for different
operating systems.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ133" />If the operating system requires that you shut off the machine to install a new disk, issue
+ <listitem id="LIWQ133">
+ <para>If the operating system requires that you shut off the machine to install a new disk, issue
the <emphasis role="bold">bos shutdown</emphasis> command to shut down all AFS server processes other than the BOS Server
(it terminates safely when you shut off the machine). Include the <emphasis role="bold">-localauth</emphasis> flag because
you are logged in as the local superuser <emphasis role="bold">root</emphasis> but do not necessarily have administrative
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ134" />If necessary, shut off the machine. Install and format the new disk according to the
+ <listitem id="LIWQ134">
+ <para>If necessary, shut off the machine. Install and format the new disk according to the
instructions provided by the disk and operating system vendors. If necessary, edit the disk's partition table to reflect
the changes you made to the files system registry file in step <link linkend="LIWQ132">4</link>; consult the operating
system documentation for instructions.</para>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ136" />Using a text editor, remove or comment out each partition's entry from the machine's file
+ <listitem id="LIWQ136">
+ <para>Using a text editor, remove or comment out each partition's entry from the machine's file
systems registry file (<emphasis role="bold">/etc/fstab</emphasis> or equivalent).</para>
</listitem>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ137" />If necessary, shut off the machine. Remove the disk according to the instructions provided by
+ <listitem id="LIWQ137">
+ <para>If necessary, shut off the machine. Remove the disk according to the instructions provided by
the disk and operating system vendors. If necessary, edit the disk's partition table to reflect the changes you made to
the files system registry file in step <link linkend="LIWQ136">7</link>; consult the operating system documentation for
instructions.</para>
<chapter id="HDRWQ142">
<title>Monitoring and Controlling Server Processes</title>
+ <para>
<indexterm>
<primary>monitoring</primary>
<secondary>monitoring server processes</secondary>
</indexterm>
- <para>One of your most important responsibilities as a system administrator is ensuring that the processes on file server machines
+ One of your most important responsibilities as a system administrator is ensuring that the processes on file server machines
are running correctly. The BOS Server, which runs on every file server machine, relieves you of much of the responsibility by
constantly monitoring the other AFS server processes on its machine. It can automatically restart processes that have failed,
ordering the restarts to take interdependencies into account.</para>
</listitem>
<listitem>
- <para><anchor id="LIWQ163" />Issue the <emphasis role="bold">bos create</emphasis> command to create an entry in the
+ <para>Issue the <emphasis role="bold">bos create</emphasis> command to create an entry in the
<emphasis role="bold">BosConfig</emphasis> file and start the process. <programlisting>
% <emphasis role="bold">bos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>server process name</replaceable>> \
<<replaceable>server type</replaceable>> <<replaceable>command lines</replaceable>>+ [ <emphasis
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIPROC-STOP" />Issue the <emphasis role="bold">bos stop</emphasis> command to change each process's
+ <listitem id="LIPROC-STOP">
+ <para>Issue the <emphasis role="bold">bos stop</emphasis> command to change each process's
status flag in the <emphasis role="bold">BosConfig</emphasis> file to <computeroutput>NotRun</computeroutput> and to stop
it. You must issue this command even for cron processes that you wish to remove from the <emphasis
role="bold">BosConfig</emphasis> file, even though they do not run continuously. For a detailed description of this
</listitem>
<listitem>
- <para><anchor id="LIPROC-DEL" />Issue the <emphasis role="bold">bos delete</emphasis> command to remove each process from
+ <para>Issue the <emphasis role="bold">bos delete</emphasis> command to remove each process from
the <emphasis role="bold">BosConfig</emphasis> file. <programlisting>
% <emphasis role="bold">bos delete</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>server process name</replaceable>>+
</programlisting></para>
</listitem>
<listitem>
- <para><anchor id="LIPROC-START" />Issue the <emphasis role="bold">bos start</emphasis> command to change each process's
+ <para>Issue the <emphasis role="bold">bos start</emphasis> command to change each process's
status flag to <computeroutput>Run</computeroutput> in both the <emphasis role="bold">BosConfig</emphasis> file and the
BOS Server's memory and to start it. <programlisting>
% <emphasis role="bold">bos start</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>server process name</replaceable>>+
</listitem>
<listitem>
- <para><anchor id="LIWQ169" />Issue the <emphasis role="bold">bos shutdown</emphasis> command to stop each process by
+ <para>Issue the <emphasis role="bold">bos shutdown</emphasis> command to stop each process by
changing its status flag in the BOS Server's memory to <computeroutput>NotRun</computeroutput>. <programlisting>
% <emphasis role="bold">bos shutdown</emphasis> <<replaceable>machine name</replaceable>> [<<replaceable>instances</replaceable>>+] [<emphasis
role="bold">-wait</emphasis>]
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ186" />Select a site (disk partition on a file server machine) for the new volume. To verify that
+ <listitem id="LIWQ186">
+ <para>Select a site (disk partition on a file server machine) for the new volume. To verify that
the site has enough free space to house the volume (now, or if it grows to use its entire quota), issue the <emphasis
role="bold">vos partinfo</emphasis> command.</para>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ187" />Select a volume name, taking note of the information in <link linkend="HDRWQ184">About Volume
+ <listitem id="LIWQ187">
+ <para>Select a volume name, taking note of the information in <link linkend="HDRWQ184">About Volume
Names</link>.</para>
<indexterm>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ188" />Issue the <emphasis role="bold">vos create</emphasis> command to create the volume.
+ <listitem id="LIWQ188">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create the volume.
<programlisting>
% <emphasis role="bold">vos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <<replaceable>volume name</replaceable>> \
[<emphasis role="bold">-maxquota</emphasis> <<replaceable>initial quota (KB)</replaceable>>]
</indexterm>
</listitem>
- <listitem>
- <anchor id="LIWQ189" />
-
+ <listitem id="LIWQ189">
<para><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">fs mkmount</emphasis> command to mount
the volume in the filespace. For complete syntax, see <link linkend="HDRWQ212">To create a regular or read/write mount
point</link>. <programlisting>
</indexterm>
<orderedlist>
- <listitem>
- <para><anchor id="LIWQ195" />Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis>
+ <listitem id="LIWQ195">
+ <para>Verify that you are listed in the <emphasis role="bold">/usr/afs/etc/UserList</emphasis>
file. If necessary, issue the <emphasis role="bold">bos listusers</emphasis> command, which is fully described in <link
linkend="HDRWQ593">To display the users in the UserList file</link>. <programlisting>
% <emphasis role="bold">bos listusers</emphasis> <<replaceable>machine name</replaceable>>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ196" />Select one or more sites at which to replicate the volume. There are several factors to
+ <listitem id="LIWQ196">
+ <para>Select one or more sites at which to replicate the volume. There are several factors to
consider: <itemizedlist>
<listitem>
<para>How many sites are already defined. As previously noted, it is usually appropriate to define a read-only site
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ197" />Issue the <emphasis role="bold">vos addsite</emphasis> command to define each new read-only
+ <listitem id="LIWQ197">
+ <para>Issue the <emphasis role="bold">vos addsite</emphasis> command to define each new read-only
site in the VLDB. <programlisting>
% <emphasis role="bold">vos addsite</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <<replaceable>volume name or ID</replaceable>>
</programlisting></para>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ198" /><emphasis role="bold">(Optional)</emphasis> Verify that the <emphasis
+ <listitem id="LIWQ198">
+ <para><emphasis role="bold">(Optional)</emphasis> Verify that the <emphasis
role="bold">fs</emphasis> process (which incorporates the Volume Server) is functioning normally on each file server
machine where you have defined a read-only site, and that the <emphasis role="bold">vlserver</emphasis> process (the
Volume Location Server) is functioning correctly on each database server machine. Knowing that they are functioning
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ199" />Issue the <emphasis role="bold">vos release</emphasis> command to clone the read/write source
+ <listitem id="LIWQ199">
+ <para>Issue the <emphasis role="bold">vos release</emphasis> command to clone the read/write source
volume and distribute the clone to each read-only site. <programlisting>
% <emphasis role="bold">vos release</emphasis> <<replaceable>volume name or ID</replaceable>> [<emphasis role="bold">-f</emphasis>]
</programlisting></para>
</variablelist></para>
</listitem>
- <listitem>
- <anchor id="LIWQ200" />
-
+ <listitem id="LIWQ200">
<para><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">vos examine</emphasis> command to verify
that no site definition in the VLDB entry is marked with an <computeroutput>Old release</computeroutput> or
<computeroutput>New release</computeroutput> flag. The command is described fully in <link linkend="HDRWQ221">Displaying
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ206" />Issue the <emphasis role="bold">vos backup</emphasis> command to create a backup version of a
+ <listitem id="LIWQ206">
+ <para>Issue the <emphasis role="bold">vos backup</emphasis> command to create a backup version of a
read/write source volume. The message shown confirms the success of the backup operation. <programlisting>
% <emphasis role="bold">vos backup</emphasis> <<replaceable>volume name or ID</replaceable>> Created backup volume for volume name or ID
</programlisting></para>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ207" /><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">fs
+ <listitem id="LIWQ207">
+ <para><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">fs
mkmount</emphasis> to mount the backup volume. While this step is optional, Cache Managers cannot access the volume's
contents if it is not mounted. <programlisting>
% <emphasis role="bold">fs mkmount</emphasis> <<replaceable>directory</replaceable>> <<replaceable>volume name</replaceable>> <emphasis
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ214" />If you are mounting one or more foreign cells' <emphasis role="bold">root.cell</emphasis>
+ <listitem id="LIWQ214">
+ <para>If you are mounting one or more foreign cells' <emphasis role="bold">root.cell</emphasis>
volume at the second level in your filespace and your cell's <emphasis role="bold">root.afs</emphasis> volume is
replicated, you must create a temporary mount point for the <emphasis role="bold">root.afs</emphasis> volume's read/write
version in a directory on which the ACL grants you the <emphasis role="bold">i</emphasis> and <emphasis
of the volume containing the file. Therefore, the VLDB must accurately reflect the state of volumes on the file server machines
at all times. The Volume Server and VL Server automatically update a volume's VLDB entry when its status changes during a
<emphasis role="bold">vos</emphasis> operation, by performing the following series of steps. <orderedlist>
- <listitem>
- <para><anchor id="LIWQ228" />The VL Server locks the VLDB entry. The lock advises other operations not to manipulate any
+ <listitem id="LIWQ228">
+ <para>The VL Server locks the VLDB entry. The lock advises other operations not to manipulate any
of the volume versions (read/write, read-only, or backup), which prevents the inconsistency that can result from multiple
simultaneous operations.</para>
</listitem>
- <listitem>
+ <listitem id="LIWQ229">
<para><indexterm>
<primary>intention flag in VLDB entry</primary>
</indexterm> <indexterm>
<primary>VLDB</primary>
<secondary>intention flag set by VL Server</secondary>
- </indexterm> <anchor id="LIWQ229" />The VL Server sets an <emphasis>intention flag</emphasis> in the VLDB entry that
+ </indexterm>
+ The VL Server sets an <emphasis>intention flag</emphasis> in the VLDB entry that
indicates the kind of operation to be performed. This flag never appears in VLDB listings because it is for internal use
only. In case the operation terminates prematurely, this flag tells the Salvager which operation was interrupted. (The
Salvager then determines the steps necessary either to complete the operation or return the volume to a previous
consistent state. For more information on salvaging, see <link linkend="HDRWQ232">Salvaging Volumes</link>.)</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ230" />The Volume Server manipulates the volume. It usually sets the
+ <listitem id="LIWQ230">
+ <para>The Volume Server manipulates the volume. It usually sets the
<computeroutput>Off-line</computeroutput> flag in the volume header, which makes the volume inaccessible to the File
Server and other Volume Server operations during the manipulation. When the operation completes, the volume is again
marked <computeroutput>On-line</computeroutput>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ231" />The VL Server records any changes resulting from the operation in the VLDB entry. Once the
+ <listitem id="LIWQ231">
+ <para>The VL Server records any changes resulting from the operation in the VLDB entry. Once the
operation is complete, it removes the intention flag set in Step <link linkend="LIWQ229">2</link>and releases the lock set
in Step <link linkend="LIWQ228">1</link>.</para>
</listitem>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIVOL-SYNCVL" />Issue the <emphasis role="bold">vos syncvldb</emphasis> command to make the VLDB reflect
+ <listitem id="LIVOL-SYNCVL">
+ <para>Issue the <emphasis role="bold">vos syncvldb</emphasis> command to make the VLDB reflect
the true state of all volumes on a machine or partition, or the state of one volume.</para>
<note>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIVOL-SYNCSR" />Issue the <emphasis role="bold">vos syncserv</emphasis> command to inspect each volume
+ <listitem id="LIVOL-SYNCSR">
+ <para>Issue the <emphasis role="bold">vos syncserv</emphasis> command to inspect each volume
for which the VLDB lists a version at the specified site.</para>
<note>
role="bold">fs setacl</emphasis> command to grant other rights as necessary.</para>
</listitem>
- <listitem>
- <anchor id="LIWQ237" />
+ <listitem id="LIWQ237">
<para><emphasis role="bold">(Optional)</emphasis> Dump the volume to a file or to tape, in case you want to restore it
later. To copy the volume's contents to a file, use the <emphasis role="bold">vos dump</emphasis> command as instructed in
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ238" />Issue the <emphasis role="bold">vos remove</emphasis> command to remove the volume. If
+ <listitem id="LIWQ238">
+ <para>Issue the <emphasis role="bold">vos remove</emphasis> command to remove the volume. If
removing a read-only volume from multiple sites, repeat the command for each one. <programlisting>
% <emphasis role="bold">vos remove</emphasis> [<emphasis role="bold">-server</emphasis> machine name>] [<emphasis role="bold">-partition</emphasis> <<replaceable>partition name</replaceable>>] \
<emphasis role="bold">-id</emphasis> <<replaceable>volume name or ID</replaceable>>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ239" />If you are removing the last existing version of the volume, issue the <emphasis
+ <listitem id="LIWQ239">
+ <para>If you are removing the last existing version of the volume, issue the <emphasis
role="bold">fs rmmount</emphasis> command remove the corresponding mount point. Complete instructions appear in <link
linkend="HDRWQ236">To remove a volume and unmount it</link>.</para>
role="bold">fs setacl</emphasis> command to grant other rights as necessary.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ241" />Issue the <emphasis role="bold">vos dump</emphasis> command to dump the volume.
+ <listitem id="LIWQ241">
+ <para>Issue the <emphasis role="bold">vos dump</emphasis> command to dump the volume.
<programlisting>
% <emphasis role="bold">vos dump -id</emphasis> <<replaceable>volume name or ID</replaceable>> [<emphasis role="bold">-time</emphasis> <<replaceable>dump from time</replaceable>>] [<emphasis
role="bold">-file</emphasis> <<replaceable>arg</replaceable>>] [<emphasis role="bold">-server</emphasis> <<replaceable>server</replaceable>>] [<emphasis
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ243" />Issue the <emphasis role="bold">vos restore</emphasis> command to create a new volume and
+ <listitem id="LIWQ243">
+ <para>Issue the <emphasis role="bold">vos restore</emphasis> command to create a new volume and
restore the dump file into it. Type it on a single line; it appears on multiple lines here only for legibility.
<programlisting>
% <emphasis role="bold">vos restore</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> \
role="bold">fs setacl</emphasis> command to grant other rights as necessary.</para>
</listitem>
- <listitem>
- <para><anchor id="LIVOL-REN" />Issue the <emphasis role="bold">vos rename</emphasis> command to rename the volume.
+ <listitem id="LIVOL-REN">
+ <para>Issue the <emphasis role="bold">vos rename</emphasis> command to rename the volume.
<programlisting>
% <emphasis role="bold">vos rename</emphasis> <<replaceable>old volume name</replaceable>> <<replaceable>new volume name</replaceable>>
</programlisting></para>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ263" />Install one or more tape devices on the Tape Coordinator machine according to the
+ <listitem id="LIWQ263">
+ <para>Install one or more tape devices on the Tape Coordinator machine according to the
manufacturer's instructions. The Backup System can track a maximum of 58,511 tape devices or backup data files per
cell.</para>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LICONFTC-ADDHOST" />Issue the <emphasis role="bold">backup addhost</emphasis> command to create a Tape
+ <listitem id="LICONFTC-ADDHOST">
+ <para>Issue the <emphasis role="bold">backup addhost</emphasis> command to create a Tape
Coordinator entry in the Backup Database. Repeat the command for each Tape Coordinator. <programlisting>
# <emphasis role="bold">backup addhost</emphasis> <<replaceable>tape machine name</replaceable>> [<<replaceable>TC port offset</replaceable>>]
</programlisting></para>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LITAPECONFIG-FILE" />Using a text editor, create an entry for the backup data file in the local
+ <listitem id="LITAPECONFIG-FILE">
+ <para>Using a text editor, create an entry for the backup data file in the local
<emphasis role="bold">/usr/afs/backup/tapeconfig</emphasis> file, using the standard syntax: <programlisting>
[capacity filemark_size] device_name port_offset
</programlisting></para>
</programlisting>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
and write to files in the <emphasis role="bold">/usr/afs/backup</emphasis> directory.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ293" />Open a connection (using a command such as <emphasis role="bold">telnet</emphasis> or
+ <listitem id="LIWQ293">
+ <para>Open a connection (using a command such as <emphasis role="bold">telnet</emphasis> or
<emphasis role="bold">rlogin</emphasis>) to the Tape Coordinator machine that drives the tape device, or whose local disk
houses the backup data file. The Tape Coordinator uses a devoted connection or window that must remain open for the Tape
Coordinator to accept requests and while it is executing them.</para>
role="bold">root</emphasis>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ294" />Issue the <emphasis role="bold">butc</emphasis> command to start the Tape Coordinator. You
+ <listitem id="LIWQ294">
+ <para>Issue the <emphasis role="bold">butc</emphasis> command to start the Tape Coordinator. You
can include either, but not both, of the <emphasis role="bold">-localauth</emphasis> and <emphasis
role="bold">-cell</emphasis> options, as discussed in <link linkend="HDRWQ287">Performing Backup Operations as the Local
Superuser Root or in a Foreign Cell</link>. <programlisting>
</programlisting>
<orderedlist>
- <listitem>
- <para><anchor id="LIBKOV-BUTC" />You issue the <emphasis role="bold">butc</emphasis> command to start a Tape Coordinator
+ <listitem id="LIBKOV-BUTC">
+ <para>You issue the <emphasis role="bold">butc</emphasis> command to start a Tape Coordinator
to handle the dump operation. The Tape Coordinator does not have to be running when you issue the <emphasis
role="bold">backup dump</emphasis> command, but must be active in time to accept the list of volumes to be included in the
dump, when Step <link linkend="LIBKOV-VOLMATCHES">3</link> is completed. To avoid coordination problems, it is best to
mode</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-VOLMATCHES" />The Backup System works with the VL Server to generate a list of the volumes in the
+ <listitem id="LIBKOV-VOLMATCHES">
+ <para>The Backup System works with the VL Server to generate a list of the volumes in the
VLDB that match the name and location criteria defined in the volume set's volume entries. If a volume matches more than
one volume entry, the Backup System ignores the duplicates so that the dump includes only one copy of data from the
volume.</para>
role="bold">user.terry.backup</emphasis>, and <emphasis role="bold">user.smith.backup</emphasis>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-CLONEDATE" />The Backup System next scans the dump hierarchy for the dump level you have
+ <listitem id="LIBKOV-CLONEDATE">
+ <para>The Backup System next scans the dump hierarchy for the dump level you have
specified on the <emphasis role="bold">backup dump</emphasis> command line. If it is a full level, then in the current
operation the Backup System backs up all of the data in all of the volumes in the list obtained in Step <link
linkend="LIBKOV-VOLMATCHES">3</link>.</para>
</programlisting>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-READCFG" />The Tape Coordinator prepares to back up the data. If there is a <emphasis
+ <listitem id="LIBKOV-READCFG">
+ <para>The Tape Coordinator prepares to back up the data. If there is a <emphasis
role="bold">CFG_</emphasis>device_name file, the Tape Coordinator already read it in Step <link
linkend="LIBKOV-BUTC">1</link>. The following list describes how the instructions in the file guide the Tape Coordinator's
behavior at this point: <variablelist>
the <emphasis role="bold">-noautoquery</emphasis> flag to the <emphasis role="bold">butc</emphasis> command).</para>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-NAMECHECK" />The Tape Coordinator opens either a tape drive or backup data file at this point, as
+ <listitem id="LIBKOV-NAMECHECK">
+ <para>The Tape Coordinator opens either a tape drive or backup data file at this point, as
directed by the instructions in the <emphasis role="bold">CFG_</emphasis>device_name file (described in Step <link
linkend="LIBKOV-READCFG">6</link>). The instructions also determine whether it invokes a mount script or prompts the
operator. In Step <link linkend="LIBKOV-BUTC">1</link> the Tape Coordinator read in the device's capacity and filemark
linkend="HDRWQ280">Eliminating the AFS Tape Name Check</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-EXPDATE" />For an initial dump, the Tape Coordinator starts writing at the beginning of the tape
+ <listitem id="LIBKOV-EXPDATE">
+ <para>For an initial dump, the Tape Coordinator starts writing at the beginning of the tape
or backup dump file, overwriting any existing data. To prevent inappropriate overwriting, the Backup System first checks
the Backup Database for any dump records associated with the name (permanent or AFS tape name) on the tape or backup dump
file's label. It refuses to write to a backup data file that has unexpired dumps in it, or to a tape that belongs to a
</programlisting>
</listitem>
- <listitem>
- <para><anchor id="LIBKOV-WRITE" />The Tape Coordinator now writes data to the tape or backup data file. It uses the
+ <listitem id="LIBKOV-WRITE">
+ <para>The Tape Coordinator now writes data to the tape or backup data file. It uses the
capacity and filemark size it obtained in Step <link linkend="LIBKOV-NAMECHECK">7</link> as it tracks how much more space
is available, automatically using its tape acquisition procedure if the dump is not finished when it reaches the end of
the tape. For a more detailed description, and a discussion of what happens if the Tape Coordinator reaches the physical
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIBKDUMP-SYNTAX" />Issue the <emphasis role="bold">backup dump</emphasis> command to dump the volume
+ <listitem id="LIBKDUMP-SYNTAX">
+ <para>Issue the <emphasis role="bold">backup dump</emphasis> command to dump the volume
set. <itemizedlist>
<listitem>
<para>To create one initial dump, provide only the volume set name, dump level name, and port offset (if not
cell.</para>
</listitem>
- <listitem>
- <para><anchor id="LISAVEDB-STARTTC" />If the Tape Coordinator for the tape device that is to perform the operation is not
+ <listitem id="LISAVEDB-STARTTC">
+ <para>If the Tape Coordinator for the tape device that is to perform the operation is not
already running, open a connection to the appropriate Tape Coordinator machine and issue the <emphasis
role="bold">butc</emphasis> command, for which complete instructions appear in <link linkend="HDRWQ292">To start a Tape
Coordinator process</link>. <programlisting>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LISAVEDB-CMD" />Issue the <emphasis role="bold">(backup) savedb</emphasis> command to repair corruption
+ <listitem id="LISAVEDB-CMD">
+ <para>Issue the <emphasis role="bold">(backup) savedb</emphasis> command to repair corruption
in the database as it is written to tape or a file. <programlisting>
backup> <emphasis role="bold">savedb</emphasis> [<emphasis role="bold">-portoffset</emphasis> <<emphasis>TC port offset</emphasis>>]
</programlisting></para>
</orderedlist>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
<chapter id="HDRWQ323">
<title>Monitoring and Auditing AFS Performance</title>
+ <para>
<indexterm>
<primary>scout program</primary>
</indexterm>
<secondary>monitoring activity</secondary>
</indexterm>
- <para>AFS comes with three main monitoring tools: <itemizedlist>
+ AFS comes with three main monitoring tools: <itemizedlist>
<listitem>
<para>The <emphasis role="bold">scout</emphasis> program, which monitors and gathers statistics on File Server
performance.</para>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ364" />Issue the <emphasis role="bold">bos listkeys</emphasis> command to display the key version
+ <listitem id="LIWQ364">
+ <para>Issue the <emphasis role="bold">bos listkeys</emphasis> command to display the key version
numbers that are already in use, as a first step in choosing the key version number for the new key. <programlisting>
% <emphasis role="bold">bos listkeys</emphasis> <<replaceable>machine name</replaceable>>
</programlisting></para>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ365" />Choose a key version number for the new key, based on the output from Step <link
+ <listitem id="LIWQ365">
+ <para>Choose a key version number for the new key, based on the output from Step <link
linkend="LIWQ364">2</link> and the following requirements: <itemizedlist>
<listitem>
<para>A key version number must be an integer between 0 (zero) and 255 to comply with Kerberos standards. It is
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ366" />Issue the <emphasis role="bold">bos addkey</emphasis> command to create a new AFS server
+ <listitem id="LIWQ366">
+ <para>Issue the <emphasis role="bold">bos addkey</emphasis> command to create a new AFS server
encryption key in the <emphasis role="bold">KeyFile</emphasis> file.</para>
<para>If you run the United States edition of AFS and use the Update Server to distribute the contents of the system
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ367" />Issue the <emphasis role="bold">kas setpassword</emphasis> command to enter the same key in
+ <listitem id="LIWQ367">
+ <para>Issue the <emphasis role="bold">kas setpassword</emphasis> command to enter the same key in
the <emphasis role="bold">afs</emphasis> entry in the Authentication Database.</para>
<para>The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ374" />Create the file <emphasis role="bold">/usr/afs/local/NoAuth</emphasis> to disable
+ <listitem id="LIWQ374">
+ <para>Create the file <emphasis role="bold">/usr/afs/local/NoAuth</emphasis> to disable
authorization checking. <programlisting>
# <emphasis role="bold">touch /usr/afs/local/NoAuth</emphasis>
</programlisting></para>
<title>To create a new server encryption key in emergencies</title>
<orderedlist>
- <listitem>
- <para><anchor id="LIWQ376" /><emphasis role="bold">On the system control machine</emphasis>, disable authorization
+ <listitem id="LIWQ376">
+ <para><emphasis role="bold">On the system control machine</emphasis>, disable authorization
checking as instructed in <link linkend="HDRWQ373">Disabling Authorization Checking in an Emergency</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ377" />Issue the <emphasis role="bold">bos listkeys</emphasis> command to display the key version
+ <listitem id="LIWQ377">
+ <para>Issue the <emphasis role="bold">bos listkeys</emphasis> command to display the key version
numbers already in use in the <emphasis role="bold">KeyFile</emphasis> file, as a first step in choosing the new key's key
version number. <programlisting>
# <emphasis role="bold">bos listkeys</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-noauth</emphasis>
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ378" />Choose a key version number for the new key, based on what you learned in Step <link
+ <listitem id="LIWQ378">
+ <para>Choose a key version number for the new key, based on what you learned in Step <link
linkend="LIWQ377">2</link> plus the following requirements: <itemizedlist>
<listitem>
<para>It is best to keep your key version numbers in sequence by choosing a key version number one greater than the
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ379" /><emphasis role="bold">On the system control machine</emphasis>, issue the <emphasis
+ <listitem id="LIWQ379">
+ <para><emphasis role="bold">On the system control machine</emphasis>, issue the <emphasis
role="bold">bos addkey</emphasis> command to create a new AFS server encryption key in the <emphasis
role="bold">KeyFile</emphasis> file. <programlisting>
# <emphasis role="bold">bos addkey</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">-kvno</emphasis> <<replaceable>key version number</replaceable>> <emphasis
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ380" /><emphasis role="bold">On every database server machine in your cell</emphasis> (other than
+ <listitem id="LIWQ380">
+ <para><emphasis role="bold">On every database server machine in your cell</emphasis> (other than
the system control machine), disable authorization checking as instructed in <link linkend="HDRWQ373">Disabling
Authorization Checking in an Emergency</link>. Do not repeat the procedure on the system control machine, if it is a
database server machine, because you already disabled authorization checking in Step <link linkend="LIWQ376">1</link>. (If
command as described in <link linkend="HDRWQ95">To locate database server machines</link>.)</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ381" />Wait at least 90 seconds after finishing Step <link linkend="LIWQ380">5</link>, to allow each
+ <listitem id="LIWQ381">
+ <para>Wait at least 90 seconds after finishing Step <link linkend="LIWQ380">5</link>, to allow each
of the database server processes (the Authentication, Backup, Protection and Volume Location Servers) to finish electing a
new sync site. Then issue the <emphasis role="bold">udebug</emphasis> command to verify that the election worked properly.
Issue the following commands, substituting each database server machine's name for server machine in turn. Include the
assistance.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ382" /><emphasis role="bold">On every database server machine in your cell</emphasis> (other than
+ <listitem id="LIWQ382">
+ <para><emphasis role="bold">On every database server machine in your cell</emphasis> (other than
the system control machine), issue the <emphasis role="bold">bos addkey</emphasis> command described in Step <link
linkend="LIWQ379">4</link>. Be sure to use the same values for afs_password and kvno as you used in that step.</para>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ383" />Issue the <emphasis role="bold">kas setpassword</emphasis> command to define the new key in
+ <listitem id="LIWQ383">
+ <para>Issue the <emphasis role="bold">kas setpassword</emphasis> command to define the new key in
the Authentication Database's <emphasis role="bold">afs</emphasis> entry. It must match the key you created in Step <link
linkend="LIWQ379">4</link> and Step <link linkend="LIWQ382">7</link>. <programlisting>
# <emphasis role="bold">kas setpassword -name afs</emphasis> <emphasis role="bold">-kvno</emphasis> <<replaceable>key version number</replaceable>> <emphasis
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ384" /><emphasis role="bold">On every database server machine in your cell</emphasis> (including the
+ <listitem id="LIWQ384">
+ <para><emphasis role="bold">On every database server machine in your cell</emphasis> (including the
system control machine if it is a database server machine), reenable authorization checking as instructed in <link
linkend="HDRWQ375">Reenabling Authorization Checking in an Emergency</link>. If the system control machine is not a
database server machine, do not perform this procedure until Step <link linkend="LIWQ385">11</link>.</para>
site after being restarted in Step <link linkend="LIWQ384">9</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ385" /><emphasis role="bold">On the system control machine</emphasis> (if it is not a database
+ <listitem id="LIWQ385">
+ <para><emphasis role="bold">On the system control machine</emphasis> (if it is not a database
server machine), reenable authorization checking as instructed in <link linkend="HDRWQ375">Reenabling Authorization
Checking in an Emergency</link>. If it is a database server machine, you already performed the procedure in Step <link
linkend="LIWQ384">9</link>.</para>
instructed in <link linkend="HDRWQ373">Disabling Authorization Checking in an Emergency</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ386" /><emphasis role="bold">On all remaining (simple) file server machines</emphasis>, issue the
+ <listitem id="LIWQ386">
+ <para><emphasis role="bold">On all remaining (simple) file server machines</emphasis>, issue the
<emphasis role="bold">bos addkey</emphasis> command described in Step <link linkend="LIWQ379">4</link>. Be sure to use the
same values for afs_password and kvno as you used in that step.</para>
</listitem>
</orderedlist>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
</listitem>
<listitem>
- <para><anchor id="LIWQ400" />Issue the <emphasis role="bold">fs setcachesize</emphasis> command to set a new disk cache
+ <para>Issue the <emphasis role="bold">fs setcachesize</emphasis> command to set a new disk cache
size.</para>
<note>
</listitem>
<listitem>
- <para><anchor id="LINEWCELL" />Issue the <emphasis role="bold">fs newcell</emphasis> command to add or change a cell's
+ <para>Issue the <emphasis role="bold">fs newcell</emphasis> command to add or change a cell's
entry in kernel memory. Repeat the command for each cell.</para>
<note>
</listitem>
<listitem>
- <para><anchor id="LIWQ484" /><emphasis role="bold">(Optional)</emphasis> Change to the directory where the template
+ <para><emphasis role="bold">(Optional)</emphasis> Change to the directory where the template
resides. This affects the type of pathname you must type in Step <link linkend="LIWQ485">6</link>. <programlisting>
% <emphasis role="bold">cd</emphasis> template_directory
</programlisting></para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ485" />Issue the <emphasis role="bold">uss add</emphasis> command to create the account. Enter the
+ <listitem id="LIWQ485">
+ <para>Issue the <emphasis role="bold">uss add</emphasis> command to create the account. Enter the
command on a single line; it appears here on multiple lines only for legibility.</para>
<para>The <emphasis role="bold">uss add</emphasis> operation creates an Authentication Database entry. The Authentication
</listitem>
<listitem>
- <para><anchor id="LIWQ490" />Issue the <emphasis role="bold">uss bulk</emphasis> command to create or delete accounts, or
+ <para>Issue the <emphasis role="bold">uss bulk</emphasis> command to create or delete accounts, or
both. Enter the command on a single line; it appears here on multiple lines only for legibility.</para>
<para>The bulk operation always manipulates user entries in the Authentication Database. The Authentication Server
<title>To create one user account with individual commands</title>
<orderedlist>
- <listitem>
- <para><anchor id="LIWQ504" />Decide on the value to assign to each of the following account components. If you are
+ <listitem id="LIWQ504">
+ <para>Decide on the value to assign to each of the following account components. If you are
creating an authentication-only account, you need to pick only a username, AFS UID, and initial password. <itemizedlist>
<listitem>
<para>The username. By convention, the names of many components of the user account incorporate this name. For a
</itemizedlist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ505" />Authenticate as an AFS identity with all of the following privileges. In the conventional
+ <listitem id="LIWQ505">
+ <para>Authenticate as an AFS identity with all of the following privileges. In the conventional
configuration, the <emphasis role="bold">admin</emphasis> user account has them, or you possibly have a personal
administrative account. (To increase cell security, it is best to create special privileged accounts for use only while
performing administrative procedures; for further discussion, see <link linkend="HDRWQ584">An Overview of Administrative
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ506" />Issue the <emphasis role="bold">pts createuser</emphasis> command to create an entry in the
+ <listitem id="LIWQ506">
+ <para>Issue the <emphasis role="bold">pts createuser</emphasis> command to create an entry in the
Protection Database. For a discussion of setting AFS UIDs, see <link linkend="HDRWQ496">Assigning AFS and UNIX UIDs that
Match</link>. If you are converting an existing UNIX account into an AFS account, also see <link
linkend="HDRWQ498">Converting Existing UNIX Accounts</link>. <programlisting>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ507" />Issue the <emphasis role="bold">kas create</emphasis> command to create an entry in the
+ <listitem id="LIWQ507">
+ <para>Issue the <emphasis role="bold">kas create</emphasis> command to create an entry in the
Authentication Database. To avoid having the user's temporary initial password echo visibly on the screen, omit the
<emphasis role="bold">-initial_password</emphasis> argument; instead enter the password at the prompts that appear when
you omit the argument, as shown in the following syntax specification.</para>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ508" />Issue the <emphasis role="bold">vos create</emphasis> command to create the user's volume.
+ <listitem id="LIWQ508">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create the user's volume.
<programlisting>
% <emphasis role="bold">vos create</emphasis> <<replaceable>machine name</replaceable>> <<replaceable>partition name</replaceable>> <<replaceable>volume name</replaceable>> \
[<emphasis role="bold">-maxquota</emphasis> <<replaceable>initial quota (KB)</replaceable>>]
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ509" />Issue the <emphasis role="bold">fs mkmount</emphasis> command to mount the volume in the
+ <listitem id="LIWQ509">
+ <para>Issue the <emphasis role="bold">fs mkmount</emphasis> command to mount the volume in the
filespace and create the user's home directory. <programlisting>
% <emphasis role="bold">fs mkmount</emphasis> <<replaceable>directory</replaceable>> <<replaceable>volume name</replaceable>>
</programlisting></para>
</variablelist>
</listitem>
- <listitem>
- <para><anchor id="LIWQ510" />Issue the <emphasis role="bold">fs setacl</emphasis> command to set the ACL on the new home
+ <listitem id="LIWQ510">
+ <para>Issue the <emphasis role="bold">fs setacl</emphasis> command to set the ACL on the new home
directory. At the least, create an entry that grants all permissions to the user, as shown.</para>
<para>You can also use the command to edit or remove the entry that the <emphasis role="bold">vos create</emphasis>
</programlisting>
</listitem>
- <listitem>
- <para><anchor id="LIWQ511" /><emphasis role="bold">(Optional)</emphasis> Create configuration files and subdirectories in
+ <listitem id="LIWQ511">
+ <para><emphasis role="bold">(Optional)</emphasis> Create configuration files and subdirectories in
the new home directory. Possibilities include <emphasis role="bold">.login</emphasis> and <emphasis
role="bold">.logout</emphasis> files, a shell-initialization file such as <emphasis role="bold">.cshrc</emphasis>, files
to help with printing and mail delivery, and so on.</para>
directories).</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ512" />In Step <link linkend="LIWQ513">12</link> and Step <link linkend="LIWQ514">14</link>, you
+ <listitem id="LIWQ512">
+ <para>In Step <link linkend="LIWQ513">12</link> and Step <link linkend="LIWQ514">14</link>, you
must know the user's AFS UID. If you had the Protection Server assign it in Step <link linkend="LIWQ506">3</link>, you
probably do not know it. If necessary, issue the <emphasis role="bold">pts examine</emphasis> command to display it.
<programlisting>
see <link linkend="HDRWQ536">Displaying Information from the Protection Database</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ513" />Designate the user as the owner of the home directory and any files and subdirectories
+ <listitem id="LIWQ513">
+ <para>Designate the user as the owner of the home directory and any files and subdirectories
created or moved in Step <link linkend="LIWQ511">9</link>. Specify the owner by the AFS UID you learned in Step <link
linkend="LIWQ512">11</link> rather than by username. This is necessary for new accounts because the user does not yet have
an entry in your local machine's password file (<emphasis role="bold">/etc/passwd</emphasis> or equivalent). If you are
</note>
</listitem>
- <listitem>
- <para><anchor id="LIWQ514" />Create or modify an entry for the new user in the local password file (<emphasis
+ <listitem id="LIWQ514">
+ <para>Create or modify an entry for the new user in the local password file (<emphasis
role="bold">/etc/passwd</emphasis> or equivalent) of each machine the user can log onto. Remember to make the UNIX UID the
same as the AFS UID you learned in Step <link linkend="LIWQ512">11</link>, and to fill the password field appropriately
(for instructions, see <link linkend="HDRWQ497">Specifying Passwords in the Local Password File</link>).</para>
</itemizedlist>
</listitem>
- <listitem>
- <para><anchor id="LIWQ519" />Issue the <emphasis role="bold">pts listowned</emphasis> command to display the names of the
+ <listitem id="LIWQ519">
+ <para>Issue the <emphasis role="bold">pts listowned</emphasis> command to display the names of the
groups the user owns. After you change the username in the Protection Database in Step <link linkend="LIWQ520">3</link>,
you must issue the <emphasis role="bold">pts rename</emphasis> command to change each group's owner prefix to match the
new name, because the Protection Server does not automatically make this change. For a complete description of the
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ520" />Issue the <emphasis role="bold">pts rename</emphasis> command to change the user's name in
+ <listitem id="LIWQ520">
+ <para>Issue the <emphasis role="bold">pts rename</emphasis> command to change the user's name in
the Protection Database. <programlisting>
% <emphasis role="bold">pts rename</emphasis> <<replaceable>old name</replaceable>> <<replaceable>new name</replaceable>>
</programlisting></para>
</listitem>
<listitem>
- <para><anchor id="LIWQ521" />Issue the <emphasis role="bold">vos rename</emphasis> command to change the name of the
+ <para>Issue the <emphasis role="bold">vos rename</emphasis> command to change the name of the
user's volume. For complete syntax, see <link linkend="HDRWQ246">To rename a volume</link>. <programlisting>
% <emphasis role="bold">vos rename</emphasis> <<replaceable>old volume name</replaceable>> <<replaceable>new volume name</replaceable>>
</programlisting><indexterm>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ522" />Issue the <emphasis role="bold">fs rmmount</emphasis> command to remove the existing mount
+ <listitem id="LIWQ522">
+ <para>Issue the <emphasis role="bold">fs rmmount</emphasis> command to remove the existing mount
point. For the directory argument, specify the read/write path to the mount point, to avoid the failure that results when
you attempt to delete a mount point from a read-only volume. <programlisting>
% <emphasis role="bold">fs rmmount</emphasis> <<replaceable>directory</replaceable>>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ523" />Issue the <emphasis role="bold">fs mkmount</emphasis> command to create a mount point for the
+ <listitem id="LIWQ523">
+ <para>Issue the <emphasis role="bold">fs mkmount</emphasis> command to create a mount point for the
volume's new name. Specify the read/write path to the mount point for the directory argument, as in the previous step. For
complete syntax, see Step <link linkend="LIWQ509">6</link> in <link linkend="HDRWQ503">To create one user account with
individual commands</link>. <programlisting>
Volumes</link> or the AFS Backup System as described in <link linkend="HDRWQ296">Backing Up Data</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ525" /><emphasis role="bold">(Optional)</emphasis> If you intend to remove groups that the user owns
+ <listitem id="LIWQ525">
+ <para><emphasis role="bold">(Optional)</emphasis> If you intend to remove groups that the user owns
from the Protection Database after removing the user's entry, issue the <emphasis role="bold">pts listowned</emphasis>
command to display them. For complete instructions, see <link linkend="HDRWQ536">Displaying Information from the
Protection Database</link>. <programlisting>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ526" />(<emphasis role="bold">Optional)</emphasis> Issue the <emphasis role="bold">pts
+ <listitem id="LIWQ526">
+ <para>(<emphasis role="bold">Optional)</emphasis> Issue the <emphasis role="bold">pts
delete</emphasis> command to remove the groups the user owns. However, if it is likely that other users have placed the
groups on the ACLs of directories they own, it is best not to remove them. <programlisting>
% <emphasis role="bold">pts delete</emphasis> <<replaceable>user or group name or id</replaceable>>+
</variablelist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ527" />Issue the <emphasis role="bold">vos listvldb</emphasis> command to display the site of the
+ <listitem id="LIWQ527">
+ <para>Issue the <emphasis role="bold">vos listvldb</emphasis> command to display the site of the
user's home volume in preparation for removing it. By convention, user volumes are named <emphasis
role="bold">user</emphasis>.username. <programlisting>
% <emphasis role="bold">vos listvldb</emphasis> <<replaceable>volume name or ID</replaceable>>
</listitem>
<listitem>
- <para><anchor id="LIWQ528" />Issue the <emphasis role="bold">vos remove</emphasis> command to remove the user's volume. It
+ <para>Issue the <emphasis role="bold">vos remove</emphasis> command to remove the user's volume. It
automatically removes the backup version of the volume, if it exists. It is not conventional to replicate user volumes, so
the command usually also completely removes the volume's entry from the Volume Location Database (VLDB). If there are
ReadOnly replicas of the volume, you must repeat the <emphasis role="bold">vos remove</emphasis> command to remove each
</listitem>
<listitem>
- <para><anchor id="LIWQ529" />Issue the <emphasis role="bold">fs rmmount</emphasis> command to remove the volume's mount
+ <para>Issue the <emphasis role="bold">fs rmmount</emphasis> command to remove the volume's mount
point.</para>
<para>If you mounted the user's backup volume as a subdirectory of the home directory, then this command is sufficient to
</listitem>
<listitem>
- <para><anchor id="LIWQ530" />Issue the <emphasis role="bold">pts delete</emphasis> command to remove the user's Protection
+ <para>Issue the <emphasis role="bold">pts delete</emphasis> command to remove the user's Protection
Database entry. A complete description of this command appears in Step <link linkend="LIWQ526">5</link>. <programlisting>
% <emphasis role="bold">pts delete</emphasis> <<replaceable>user or group name or id</replaceable>>
</programlisting></para>
</orderedlist>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
</listitem>
<listitem>
- <para><anchor id="LIWQ539" />Issue the <emphasis role="bold">pts membership</emphasis> command to display the list of
+ <para>Issue the <emphasis role="bold">pts membership</emphasis> command to display the list of
groups to which a user or machine belongs, or the list of users and machines that belong to a group. <programlisting>
% <emphasis role="bold">pts membership</emphasis> <<replaceable>user or group name or id</replaceable>>+
</programlisting></para>
</orderedlist>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
</listitem>
<listitem>
- <para><anchor id="LIWQ578" />Issue the <emphasis role="bold">fs copyacl</emphasis> command to copy a source ACL to the ACL
+ <para>Issue the <emphasis role="bold">fs copyacl</emphasis> command to copy a source ACL to the ACL
on one or more destination directories. (The command appears here on two lines only for legibility.) <programlisting>
% <emphasis role="bold">fs copyacl -fromdir</emphasis> <<replaceable>source directory</replaceable>> <emphasis role="bold">-todir</emphasis> <<replaceable>destination directory</replaceable>>+ \
[<emphasis role="bold">-clear</emphasis>]
</listitem>
</itemizedlist>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
<orderedlist>
<listitem>
- <para><anchor id="LIWQ591" />Issue the <emphasis role="bold">kas examine</emphasis> command to display an entry from the
+ <para>Issue the <emphasis role="bold">kas examine</emphasis> command to display an entry from the
Authentication Database.</para>
<para>The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
</orderedlist>
</sect2>
</sect1>
-</chapter>
\ No newline at end of file
+</chapter>
<appendix id="HDRWQ595">
<title>Managing the NFS/AFS Translator</title>
+ <para>
<indexterm>
<primary>NFS/AFS Translator</primary>
</indexterm>
<secondary>NFS/AFS</secondary>
</indexterm>
- <para>The NFS(R)/AFS(R) Translator enables users working on NFS client machines to access, create and remove files stored in AFS.
+ The NFS(R)/AFS(R) Translator enables users working on NFS client machines to access, create and remove files stored in AFS.
This chapter assumes familiarity with both NFS and AFS.</para>
<sect1 id="HDRWQ596">
cell.</para>
</listitem>
- <listitem>
- <para><anchor id="LITRANS-MOUNTFILE" />Modify the file that controls mounting of directories on the machine by remote
+ <listitem id="LITRANS-MOUNTFILE">
+ <para>Modify the file that controls mounting of directories on the machine by remote
NFS clients. <itemizedlist>
<indexterm>
<primary>etc/exports file</primary>
for the entire AFS filespace; before, it is a local directory like any other.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ605" />Modify the <emphasis role="bold">afsd</emphasis> command in the AFS initialization file to
+ <listitem id="LIWQ605">
+ <para>Modify the <emphasis role="bold">afsd</emphasis> command in the AFS initialization file to
include the <emphasis role="bold">-rmtsys</emphasis> flag.</para>
<para>For system types other than IRIX, the instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> for
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ607" />Modify the machine's file systems registry file (<emphasis role="bold">/etc/fstab</emphasis>
+ <listitem id="LIWQ607">
+ <para>Modify the machine's file systems registry file (<emphasis role="bold">/etc/fstab</emphasis>
or equivalent) to include a command that mounts a translator machine's <emphasis role="bold">/afs</emphasis> directory. To
verify the correct syntax of the <emphasis role="bold">mount</emphasis> command, see the operating system's <emphasis
role="bold">mount(5)</emphasis> manual page. The following example includes options that are appropriate on many system
</note>
</listitem>
- <listitem>
- <para><anchor id="LIWQ608" /><emphasis role="bold">(Optional)</emphasis> If appropriate, create the <emphasis
+ <listitem id="LIWQ608">
+ <para><emphasis role="bold">(Optional)</emphasis> If appropriate, create the <emphasis
role="bold">/.AFSSERVER</emphasis> file to set the AFSSERVER environment variable for all of the machine's users. For a
discussion, see <link linkend="HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</link>. Place a single
line in the file, specifying the fully-qualified hostname of the translator machine that is to serve as the remote
<link linkend="LIWQ607">4</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ609" /><emphasis role="bold">(Optional)</emphasis> If appropriate, create the <emphasis
+ <listitem id="LIWQ609">
+ <para><emphasis role="bold">(Optional)</emphasis> If appropriate, create the <emphasis
role="bold">/.AFSCONF</emphasis> file to set the AFSCONF environment variable for all of the machine's users. For a
discussion, see <link linkend="HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</link>. Place a single
line in the file, specifying the name of the directory where the <emphasis role="bold">CellServDB</emphasis> and <emphasis
Suite</link> or <link linkend="HDRWQ491">Administering User Accounts</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ611" />Modify the user's PATH environment variable to include the pathname of AFS binaries, such as
+ <listitem id="LIWQ611">
+ <para>Modify the user's PATH environment variable to include the pathname of AFS binaries, such as
<emphasis role="bold">/afs/</emphasis>cellname<emphasis role="bold">/</emphasis>sysname<emphasis
role="bold">/usr/afsws/bin</emphasis>. If the user works on NFS client machines of different system types, considering
replacing the specific sysname value with the <emphasis role="bold">@sys</emphasis> variable. The PATH variable is
</orderedlist>
</sect2>
</sect1>
-</appendix>
\ No newline at end of file
+</appendix>
<para>This Appendix provides a complete listing of the AFS events that can be audited on AIX file server machines. See Chapter
<link linkend="HDRWQ323">Monitoring and Auditing AFS Performance</link> for instructions on auditing AFS events on AIX file server
- machines. <anchor id="IDX8189" /></para>
+ machines.</para>
<sect1 id="HDRWQ621">
<title>Introduction</title>
</tgroup>
</informaltable>
</sect1>
-</appendix>
\ No newline at end of file
+</appendix>
</para>
</listitem>
- <listitem>
- <para><anchor id="AppendixLIWQ54" />Issue the
+ <listitem id="AppendixLIWQ54">
+ <para>Issue the
<emphasis role="bold">kas create</emphasis> command to create
Authentication Database entries called
<emphasis role="bold">admin</emphasis> and
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="AppendixLIWQ55" />Issue the
+ <listitem id="AppendixLIWQ55">
+ <para>Issue the
<emphasis role="bold">kas examine</emphasis> command to display
the <emphasis role="bold">afs</emphasis> entry. The output
includes a checksum generated by encrypting a constant with the
</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ56" />Issue the
+ <listitem id="LIWQ56">
+ <para>Issue the
<emphasis role="bold">kas setfields</emphasis> command to turn
on the <computeroutput>ADMIN</computeroutput> flag in the
<emphasis role="bold">admin</emphasis> entry. This enables the
</para>
</listitem>
- <listitem>
- <para><anchor id="AppendixLIWQ57" />Issue the
+ <listitem id="AppendixLIWQ57">
+ <para>Issue the
<emphasis role="bold">bos adduser</emphasis> command to add the
<emphasis role="bold">admin</emphasis> user to the
<emphasis role="bold">/usr/afs/etc/UserList</emphasis> file.
</para>
</listitem>
- <listitem>
- <para><anchor id="AppendixLIWQ58" />Issue the
+ <listitem id="AppendixLIWQ58">
+ <para>Issue the
<emphasis role="bold">bos addkey</emphasis> command to define
the AFS server encryption key in the
<emphasis role="bold">/usr/afs/etc/KeyFile</emphasis> file.
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="AppendixLIWQ59" />Issue the
+ <listitem id="AppendixLIWQ59">
+ <para>Issue the
<emphasis role="bold">bos listkeys</emphasis> command to verify
that the checksum for the new key in the
<emphasis role="bold">KeyFile</emphasis> file is the same as the
as detailed below</para>
<orderedlist>
- <listitem>
- <para><anchor id="LIWQ118" />Start the Authentication Server
+ <listitem id="LIWQ118">
+ <para>Start the Authentication Server
(the <emphasis role="bold">kaserver</emphasis> process).
<programlisting>
% <emphasis role="bold">bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">kaserver simple /usr/afs/bin/kaserver</emphasis>
</para>
</sect2>
</sect1>
-</appendix>
\ No newline at end of file
+</appendix>
<chapter id="HDRWQ17">
<title>Installing the First AFS Machine</title>
+ <para>
<indexterm>
<primary>file server machine</primary>
<secondary>first AFS machine</secondary>
</indexterm>
- <para>This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
+ This chapter describes how to install the first AFS machine in your cell, configuring it as both a file server machine and a
client machine. After completing all procedures in this chapter, you can remove the client functionality if you wish, as described
in <link linkend="HDRWQ98">Removing Client Functionality</link>.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ54" />Issue the
+ <listitem id="LIWQ54">
+ <para>Issue the
<emphasis role="bold">add_principal</emphasis> command to create
Kerberos Database entries called
<emphasis role="bold">admin</emphasis> and
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ55" />Issue the <emphasis role="bold">kadmin
+ <listitem id="LIWQ55">
+ <para>Issue the <emphasis role="bold">kadmin
get_principal</emphasis> command to display the <emphasis
role="bold">afs/</emphasis><<replaceable>cell name</replaceable>> entry.
<programlisting>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ57" />Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
+ <listitem id="LIWQ57">
+ <para>Issue the <emphasis role="bold">bos adduser</emphasis> command to add the <emphasis
role="bold">admin</emphasis> user to the <emphasis role="bold">/usr/afs/etc/UserList</emphasis> file. This enables the
<emphasis role="bold">admin</emphasis> user to issue privileged <emphasis role="bold">bos</emphasis> and <emphasis
role="bold">vos</emphasis> commands. <programlisting>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ58" />Issue the
+ <listitem id="LIWQ58">
+ <para>Issue the
<emphasis role="bold">asetkey</emphasis> command to set the AFS
server encryption key in the
<emphasis role="bold">/usr/afs/etc/KeyFile</emphasis> file. This key
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ59" />Issue the
+ <listitem id="LIWQ59">
+ <para>Issue the
<emphasis role="bold">bos listkeys</emphasis> command to verify that
the key version number for the new key in the
<emphasis role="bold">KeyFile</emphasis> file is the same as the key
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ81" />Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
+ <listitem id="LIWQ81">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create the <emphasis
role="bold">root.cell</emphasis> volume. Then issue the <emphasis role="bold">fs mkmount</emphasis> command to mount it as
a subdirectory of the <emphasis role="bold">/afs</emphasis> directory, where it serves as the root of your cell's local
AFS filespace. Finally, issue the <emphasis role="bold">fs setacl</emphasis> command to create an ACL entry for the
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ82" />Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
+ <listitem id="LIWQ82">
+ <para>Issue the <emphasis role="bold">vos addsite</emphasis> command to define a replication site
for both the <emphasis role="bold">root.afs</emphasis> and <emphasis role="bold">root.cell</emphasis> volumes. In each
case, substitute for the <replaceable>partition name</replaceable> argument the partition where the volume's read/write
version resides. When you install additional file server machines, it is a good idea to create replication sites on them
<tertiary>volume for AFS binaries</tertiary>
</indexterm>
- <listitem>
- <para><anchor id="LIWQ84" />Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
+ <listitem id="LIWQ84">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
the AFS client binaries for this system type. The following example instruction creates volumes called
<replaceable>sysname</replaceable>, <replaceable>sysname</replaceable>.<emphasis role="bold">usr</emphasis>, and
<replaceable>sysname</replaceable>.<emphasis role="bold">usr.afsws</emphasis>. Refer to the <emphasis>OpenAFS Release
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ85" />Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
+ <listitem id="LIWQ85">
+ <para>Issue the <emphasis role="bold">fs setquota</emphasis> command to set an unlimited quota on
the volume mounted at the <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/usr/afsws</emphasis> directory. This
enables you to copy all of the appropriate files from the CD-ROM into the volume without exceeding the volume's
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ86" />Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
+ <listitem id="LIWQ86">
+ <para>Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
directory <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/@sys/usr/afsws</emphasis>. You can specify the actual system name instead of <emphasis
role="bold">@sys</emphasis> if you wish, but the advantage of using <emphasis role="bold">@sys</emphasis> is that it
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ92" />If this machine is going to remain an AFS client after you complete the installation, verify
+ <listitem id="LIWQ92">
+ <para>If this machine is going to remain an AFS client after you complete the installation, verify
that the local <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file includes an entry for each foreign
cell.</para>
<chapter id="HDRWQ99">
<title>Installing Additional Server Machines</title>
+ <para>
<indexterm>
<primary>instructions</primary>
<see>file server machine, additional</see>
</indexterm>
- <para>Instructions for the following procedures appear in the indicated section of this chapter. <itemizedlist>
+ Instructions for the following procedures appear in the indicated section of this chapter. <itemizedlist>
<listitem>
<para><link linkend="HDRWQ100">Installing an Additional File Server Machine</link></para>
</listitem>
your operating system, either on the local filesystem or via an NFS
mount of the distribution's contents.</para>
</listitem>
- </itemizedlist></para>
+ </itemizedlist>
<indexterm>
<primary>requirements</primary>
<secondary>file server machine (additional)</secondary>
</indexterm>
+ </para>
<sect1 id="HDRWQ100">
<title>Installing an Additional File Server Machine</title>
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ105" />Create a directory called <emphasis
+ <listitem id="LIWQ105">
+ <para>Create a directory called <emphasis
role="bold">/vicep</emphasis><replaceable>xx</replaceable> for each AFS server partition you are configuring (there
must be at least one). Repeat the command for each partition. <programlisting>
# <emphasis role="bold">mkdir /vicep</emphasis><replaceable>xx</replaceable>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ109" />If you run a system control machine, create the <emphasis
+ <listitem id="LIWQ109">
+ <para>If you run a system control machine, create the <emphasis
role="bold">upclientetc</emphasis> process as an instance of the client portion of the Update Server. It accepts updates
of the common configuration files stored in the system control machine's <emphasis role="bold">/usr/afs/etc</emphasis>
directory from the <emphasis role="bold">upserver</emphasis> process (server portion of the Update Server) running on
</indexterm>
</listitem>
- <listitem>
- <para><anchor id="LIWQ110" />Create an instance of the Update
+ <listitem id="LIWQ110">
+ <para>Create an instance of the Update
Server to handle distribution of the file server binaries
stored in the <emphasis role="bold">/usr/afs/bin</emphasis>
directory. If your architecture using a package management system
</orderedlist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ113" />Verify that <emphasis role="bold">/usr/afs</emphasis> and its subdirectories on the new
+ <listitem id="LIWQ113">
+ <para>Verify that <emphasis role="bold">/usr/afs</emphasis> and its subdirectories on the new
file server machine meet the ownership and mode bit requirements outlined in <link linkend="HDRWQ96">Protecting
Sensitive AFS Directories</link>. If necessary, use the <emphasis role="bold">chmod</emphasis> command to correct the
mode bits.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ115" />Issue the <emphasis role="bold">bos addhost</emphasis> command to add the new database server
+ <listitem id="LIWQ115">
+ <para>Issue the <emphasis role="bold">bos addhost</emphasis> command to add the new database server
machine to the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file on existing server machines (as well as the
new database server machine itself).</para>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ116" />Add the new database server machine to your cell's central <emphasis
+ <listitem id="LIWQ116">
+ <para>Add the new database server machine to your cell's central <emphasis
role="bold">CellServDB</emphasis> source file, if you use one. The standard location is <emphasis
role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/common/etc/CellServDB</emphasis>.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ117" />If this machine's IP address is lower than any existing database server machine's, update
+ <listitem id="LIWQ117">
+ <para>If this machine's IP address is lower than any existing database server machine's, update
every client machine's <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file and kernel memory list to include
this machine. (If this machine's IP address is not the lowest, it is acceptable to wait until Step <link
linkend="LIWQ123">12</link>.)</para>
for an additional installation step.</para>
</listitem>
- <listitem>
+ <listitem id="LIWQ119">
<indexterm>
<primary>Backup Server</primary>
<secondary>starting</secondary>
<tertiary>new db-server machine</tertiary>
</indexterm>
- <para><anchor id="LIWQ119" />Start the Backup Server (the <emphasis role="bold">buserver</emphasis> process). You must
+ <para>Start the Backup Server (the <emphasis role="bold">buserver</emphasis> process). You must
perform other configuration procedures before actually using the AFS Backup System, as detailed in the <emphasis>OpenAFS
Administration Guide</emphasis>. <programlisting>
% <emphasis role="bold">bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">buserver simple /usr/afs/bin/buserver</emphasis>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ120" />Start the Protection Server (the <emphasis role="bold">ptserver</emphasis> process).
+ <listitem id="LIWQ120">
+ <para>Start the Protection Server (the <emphasis role="bold">ptserver</emphasis> process).
<programlisting>
% <emphasis role="bold">bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">ptserver simple /usr/afs/bin/ptserver</emphasis>
</programlisting> <indexterm>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ121" />Start the Volume Location (VL) Server (the <emphasis role="bold">vlserver</emphasis>
+ <listitem id="LIWQ121">
+ <para>Start the Volume Location (VL) Server (the <emphasis role="bold">vlserver</emphasis>
process). <programlisting>
% <emphasis role="bold">bos create</emphasis> <<replaceable>machine name</replaceable>> <emphasis role="bold">vlserver simple /usr/afs/bin/vlserver</emphasis>
</programlisting> <indexterm>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ122" />Issue the <emphasis role="bold">bos restart</emphasis> command on every database server
+ <listitem id="LIWQ122">
+ <para>Issue the <emphasis role="bold">bos restart</emphasis> command on every database server
machine in the cell, including the new machine. The command restarts the Authentication, Backup, Protection, and VL
Servers, which forces an election of a new Ubik coordinator for each process. The new machine votes in the election and is
considered as a potential new coordinator.</para>
</itemizedlist></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ123" />If you did not update the <emphasis role="bold">CellServDB</emphasis> file on client machines
+ <listitem id="LIWQ123">
+ <para>If you did not update the <emphasis role="bold">CellServDB</emphasis> file on client machines
in Step <link linkend="LIWQ117">6</link>, do so now.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ124" />If you wish to participate in the AFS
+ <listitem id="LIWQ124">
+ <para>If you wish to participate in the AFS
global name space, send the new database server machine's name and
IP address to grand.central.org. Do so, by emailing an updated
<emphasis role="bold">CellServDB</emphasis> fragment for your cell
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ126" />If your cell is included in the global
+ <listitem id="LIWQ126">
+ <para>If your cell is included in the global
<emphasis role="bold">CellServDB</emphasis>, send the revised list of
your cell's database server machines to grand.central.org</para>
machine.</para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ127" />Remove the decommissioned machine from your cell's central <emphasis
+ <listitem id="LIWQ127">
+ <para>Remove the decommissioned machine from your cell's central <emphasis
role="bold">CellServDB</emphasis> source file, if you use one. The conventional location is <emphasis
role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/common/etc/CellServDB</emphasis>.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ128" />Update every client machine's <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file
+ <listitem id="LIWQ128">
+ <para>Update every client machine's <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file
and kernel memory list to exclude this machine. Altering the <emphasis role="bold">CellServDB</emphasis> file and kernel
memory list before stopping the actual database server processes avoids possible time-out delays that result when users
send requests to a decommissioned database server machine that is still listed in the file.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ129" />Issue the <emphasis role="bold">bos removehost</emphasis> command to remove the
+ <listitem id="LIWQ129">
+ <para>Issue the <emphasis role="bold">bos removehost</emphasis> command to remove the
decommissioned database server machine from the <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> file on server
machines.</para>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ130" />Issue the <emphasis role="bold">bos stop</emphasis> command to stop the database server
+ <listitem id="LIWQ130">
+ <para>Issue the <emphasis role="bold">bos stop</emphasis> command to stop the database server
processes on the machine, by substituting its fully-qualified hostname for the
<replaceable>machine name</replaceable> argument. The command changes each process's status in the <emphasis
role="bold">/usr/afs/local/BosConfig</emphasis> file to <computeroutput>NotRun</computeroutput>, but does not remove its
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ131" /><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">bos
+ <listitem id="LIWQ131">
+ <para><emphasis role="bold">(Optional)</emphasis> Issue the <emphasis role="bold">bos
delete</emphasis> command to remove the entries for database server processes from the <emphasis
role="bold">BosConfig</emphasis> file. This step is unnecessary if you plan to restart the database server functionality
on this machine in future. <programlisting>
</indexterm></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ132" />Issue the <emphasis role="bold">bos restart</emphasis> command on every database server
+ <listitem id="LIWQ132">
+ <para>Issue the <emphasis role="bold">bos restart</emphasis> command on every database server
machine in the cell, to restart the Backup, Protection, and VL Servers. This forces the election of a Ubik
coordinator for each process, ensuring that the remaining database server processes recognize that the machine is no
longer a database server.</para>
<chapter id="HDRWQ133">
<title>Installing Additional Client Machines</title>
+ <para>
<indexterm>
<primary>instructions</primary>
<tertiary>client machine</tertiary>
</indexterm>
- <para>This chapter describes how to install AFS client machines after you have installed the first AFS machine. Some parts of the
+ This chapter describes how to install AFS client machines after you have installed the first AFS machine. Some parts of the
installation differ depending on whether or not the new client is of the same AFS system type (uses the same AFS binaries) as a
previously installed client machine. <indexterm>
<primary>overview</primary>
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ160" />Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
+ <listitem id="LIWQ160">
+ <para>Issue the <emphasis role="bold">vos create</emphasis> command to create volumes for storing
the AFS client binaries for this system type. The following example instruction creates volumes called
<replaceable>sysname</replaceable>, <replaceable>sysname</replaceable>.<emphasis role="bold">usr</emphasis>, and
<replaceable>sysname</replaceable>.<emphasis role="bold">usr.afsws</emphasis>. Refer to the <emphasis>OpenAFS Release
</programlisting>
</listitem>
- <listitem>
- <para><anchor id="LIWQ161" />Copy the contents of the indicated
+ <listitem id="LIWQ161">
+ <para>Copy the contents of the indicated
directories from the OpenAFS binary distribution into the
<emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/usr/afsws</emphasis> directory.
</programlisting></para>
</listitem>
- <listitem>
- <para><anchor id="LIWQ162" />Perform this step on the new client machine even if you have performed the previous steps
+ <listitem id="LIWQ162">
+ <para>Perform this step on the new client machine even if you have performed the previous steps
on another machine. Create <emphasis role="bold">/usr/afsws</emphasis> on the local disk as a symbolic link to the
directory <emphasis role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/@sys/usr/afsws</emphasis>. You can specify the actual system name instead of <emphasis
</listitem>
- <listitem>
- <para><anchor id="LIWQ166" />Working in the <emphasis
+ <listitem id="LIWQ166">
+ <para>Working in the <emphasis
role="bold">/afs/.</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/afs</emphasis> directory on a
machine of the system type for which you are building AFS, issue the <emphasis role="bold">make install</emphasis>
command.</para>
<listitem>
<para>
a Windows Installer package (.msi) that is built using the open source WiX Toolkit. The MSI can be customized for organizations via the use of MSI Transforms (see
- <link linkend="MSI_Deployment_Guide">MSI Deployment Guide</link>)
+ <link linkend="Introduction_to_MSI_Deployment">MSI Deployment Guide</link>)
</para>
</listitem>
</orderedlist>
<para>It is important to note that AFS file servers are character-set agnostic. All file system object names are stored as octet strings without any character set tagging. If a file system object is created using OEM Code Page 858 and then interpreted as UTF-8 it is likely that the object name will appear to be gibberish. OpenAFS for Windows goes to great lengths to ensure that the object name is converted to a form that will permit the user to rename the object using Unicode. Accessing UTF-8 names on UNIX systems that have the locale set to one of the ISO Latin character sets will result in the UTF-8 strings appearing to be gibberish. </para>
<para>Neither UNIX AFS nor Microsoft Windows 2000 systems can perform Unicode Normalization for string comparisons. Although it is possible to store and read Unicode object names, it is possible that a user may not be able to open an object by typing the name of the object at the keyboard. GUI point and click operations should permit any object to be accessed.</para>
</section>
- <section>
- <title id="Kerberos_v5_Requirements">3.2. Requirements for Kerberos v5 Authentication</title>
+ <section id="Kerberos_v5_Requirements">
+ <title>3.2. Requirements for Kerberos v5 Authentication</title>
<indexterm significance="normal">
<primary>kerberos for windows</primary>
</indexterm>
<para>Note that the OpenAFS 1.4.x servers permit the use of a secondary realm name that can be treated as equivalent to the cell name for authentication. This functionality can be used to avoid the need for the krb524 service if and only if both realms are managed by the same administrative entity.
</para>
</section>
- <section>
- <title id="Network_Identity_Manager_Provider">3.2.3. Network Identity Manager Provider</title>
+ <section id="Network_Identity_Manager_Provider">
+ <title>3.2.3. Network Identity Manager Provider</title>
<indexterm significance="normal">
<primary>network identity manager</primary>
</indexterm>
</indexterm>
<para>Prior to the 1.5.31 release, out of quota errors were reported to the calling application as an out of space error. As of 1.5.31, an out of space error will indicate that the partition on which the volume is located is in fact out of space. Whereas an out of quota error indicates that the user does not have permission to allocate additional space.</para>
</section>
- <section>
- <title id="Linked_Cells">3.48. Linked Cells</title>
+ <section id="Linked_Cells">
+ <title>3.48. Linked Cells</title>
<indexterm significance="normal">
<primary>linked cells</primary>
</indexterm>
<para>aklog and Network Identity Manager will automatically obtain tokens for the linked cell when tokens for the other cell is specified.
</para>
</section>
- <section>
- <title id="Registry_VLDB_Configuration">3.49 Registry Configuration for AFS Volume Database Servers</title>
+ <section id="Registry_VLDB_Configuration">
+ <title>3.49 Registry Configuration for AFS Volume Database Servers</title>
<indexterm significance="normal">
<primary>vldb server locations</primary>
</indexterm>
</chapter>
<chapter id="chap_4">
<title id="How_to_Debug_Problems">How to Troubleshoot Problems with OpenAFS for Windows</title>
+ <para>
<indexterm significance="normal">
<primary>debugging</primary>
</indexterm>
<indexterm significance="normal">
<primary>troubleshooting</primary>
</indexterm>
- <para>OpenAFS for Windows provides a wide range of tools to assist you in debugging problems. The techniques available to you are varied because of the wide range of issues that have been discovered over the years.</para>
+ OpenAFS for Windows provides a wide range of tools to assist you in debugging problems. The techniques available to you are varied because of the wide range of issues that have been discovered over the years.</para>
<section>
<title id="pioctl_debugging">4.1. pioctl debugging (
<link linkend="Value_IoctlDebug">IoctlDebug</link> registry key)
</para>
</section>
</chapter>
- <chapter id="chap_5">
- <title id="Reporting_Bugs">Reporting Bugs</title>
+ <chapter id="Reporting_Bugs">
+ <title>Reporting Bugs</title>
+ <para>
<indexterm significance="normal">
<primary>bug reports</primary>
</indexterm>
- <para>Bug reports should be sent to
+ Bug reports should be sent to
<ulink url="mailto:openafs-bugs@openafs.org?subject=Bug%20Report">openafs-bugs@openafs.org</ulink>. Please include as much information as possible about the issue. If you are reporting a crash, please install the debugging symbols by re-running the installer. If a dump file is available for the problem, %WINDIR%\TEMP\afsd.dmp, include it along with the AFS Client Trace file %WINDIR%\TEMP\afsd.log. The AFS Client startup log is %WINDIR%\TEMP\afsd_init.log. Send the last continuous block of log information from this file.
</para>
<para>Configuring DrWatson to generate dump files for crashes:</para>
</chapter>
<chapter id="chap_6">
<title id="Contributing_to_OpenAFS">How to Contribute to the Development of OpenAFS for Windows</title>
+ <para>
<indexterm significance="normal">
<primary>contributing to OpenAFS</primary>
</indexterm>
- <para>Contributions to the development of OpenAFS for Windows are continuously needed. Contributions may take many forms including cash donations, support contracts, donated developer time, and even donated tech writer time.</para>
+ Contributions to the development of OpenAFS for Windows are continuously needed. Contributions may take many forms including cash donations, support contracts, donated developer time, and even donated tech writer time.</para>
<section>
<title id="USENIX_OpenAFS_Fund">6.1. The USENIX OpenAFS Fund </title>
+ <para>
<indexterm significance="normal">
<primary>USENIX OpenAFS Fund</primary>
</indexterm>
- <para>
<ulink url="http://www.usenix.org/">USENIX</ulink>, a 501c3 non-profit corporation, has formed the USENIX OpenAFS Fund in order to accept tax deductible donations on behalf of the OpenAFS Elders. The donated funds will be allocated by the OpenAFS Elders to fund OpenAFS development, documentation, project management, and maintaining openafs.org.
</para>
<informaltable frame="none">
</section>
<section>
<title id="Secure_Endpoints_Inc">6.2. Secure Endpoints Inc. </title>
+ <para>
<indexterm significance="normal">
<primary>Secure Endpoints Inc.</primary>
</indexterm>
- <para>
<ulink url="http://www.secure-endpoints.com/">Secure Endpoints Inc.</ulink> provides development and support services for OpenAFS for Windows and
<ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for Windows</ulink>. Donations provided to Secure Endpoints Inc. for the development of OpenAFS are used to cover the OpenAFS gatekeeper responsibilities; providing support to the OpenAFS community via the OpenAFS mailing lists; and furthering development of desired features that are either too small to be financed by development contracts.
</para>
</chapter>
<chapter id="chap_7">
<title id="MSI_Deployment_Guide">MSI Deployment Guide</title>
- <indexterm significance="normal">
- <primary>msi deployment</primary>
- </indexterm>
- <indexterm significance="normal">
- <primary>msi transforms</primary>
- </indexterm>
<section>
- <title id="Introduction_to_MSI_Deployment">7.1. Introduction</title>
- <para>A MSI installer option is available for those who wish to use Windows Installer for installing OpenAFS and for organizations that wish to deploy OpenAFS through Group Policy. The first version of OpenAFS for Windows available as an MSI was 1.3.65.</para>
+ <title>7.1. Introduction</title>
+ <indexterm significance="normal">
+ <primary>msi deployment</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>msi transforms</primary>
+ </indexterm>
+ <para id="Introduction_to_MSI_Deployment">A MSI installer option is available for those who wish to use Windows Installer for installing OpenAFS and for organizations that wish to deploy OpenAFS through Group Policy. The first version of OpenAFS for Windows available as an MSI was 1.3.65.</para>
<para>This document provides a guide for authoring transforms used to customize the MSI package for a particular organization. Although many settings can be deployed via transforms, in an Active Directory environment it is advisable to deploy registry settings and configuration files through group policy and/or startup scripts so that machines where OpenAFS for Windows is already installed will pick up these customizations.</para>
<section>
<title id="MSI_Deployment_Requirements">7.1.1 Requirements</title>
</orderedlist>
</listitem>
</orderedlist>
- <section>
- <title id="MSI_Configuration_File_Components">7.2.3.1 Components for Configuration Files</title>
+ <section id="MSI_Configuration_File_Components">
+ <title>7.2.3.1 Components for Configuration Files</title>
<para>CellServDB: 'cpf_CellServDB' (ID {D5BA4C15-DBEC-4292-91FC-B54C30F24F2A})</para>
</section>
</section>
</chapter>
<chapter id="appendix_a" label="Appendix A">
<title id="Registry_Values">Registry Values</title>
- <section>
- <title id="Service_Parameters">A.1. Service parameters</title>
+ <section id="Service_Parameters">
+ <title>A.1. Service parameters</title>
<para>The service parameters primarily affect the behavior of the AFS client service (afsd_service.exe).</para>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</title>
<para>LAN adapter number to use. This is the lana number of the LAN adapter that the SMB server should bind to. If unspecified or set to -1, a LAN adapter with named 'AFS' or a loopback adapter will be selected. If neither are present, then all available adapters will be bound to. When binding to a non-loopback adapter, the NetBIOS name hostname%-AFS' will be used (where %hostname% is the NetBIOS name of the host truncated to 11 characters). Otherwise, the NetBIOS name will be 'AFS'.</para>
</section>
<section>
- <title id="Regkey_TransarcAFSDaemon_Parameters_CacheSize">
- <anchor id="Value_CacheSize" />Value: CacheSize</title>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_CacheSize">Value: CacheSize</title>
<indexterm significance="normal">
<primary>CacheSize</primary>
</indexterm>
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_CacheSize">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD</para>
<para>Default: 98304 (CM_CONFIGDEFAULT_CACHESIZE)</para>
<para>Variable: cm_initParams.cacheSize</para>
<indexterm significance="normal">
<primary>Stats</primary>
</indexterm>
- <anchor id="Value_Stats" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_Stats">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD</para>
<para>Default: 10000 (CM_CONFIGDEFAULT_STATS)</para>
<para>Variable: cm_initParams.nStatCaches</para>
<indexterm significance="normal">
<primary>LogoffPreserveTokens</primary>
</indexterm>
- <anchor id="Value_LogoffPreserveTokens" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_LogoffPreserveTokens">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {1,0}
</para>
<para>
<indexterm significance="normal">
<primary>/afs</primary>
</indexterm>
- <anchor id="Value_Mountroot" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_Mountroot">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: REG_SZ
</para>
<para>
<indexterm significance="normal">
<primary>AFSCache</primary>
</indexterm>
- <anchor id="Value_CachePath" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_CachePath">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: REG_SZ or REG_EXPAND_SZ
</para>
<para>
<indexterm significance="normal">
<primary>NonPersistentCaching</primary>
</indexterm>
- <anchor id="Value_NonPersistentCaching" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_NonPersistentCaching">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD [0..1]
</para>
<para>
<indexterm significance="normal">
<primary>\\AFS</primary>
</indexterm>
- <anchor id="Value_NetbiosName" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_NetbiosName">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: REG_EXPAND_SZ
</para>
<para>
<indexterm significance="normal">
<primary>TraceBufferSize</primary>
</indexterm>
- <anchor id="Value_TraceBufferSize" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_TraceBufferSize">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD
</para>
<para>
<indexterm significance="normal">
<primary>SysName</primary>
</indexterm>
- <anchor id="Value_SysName" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_SysName">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: REG_SZ
</para>
<para>
<indexterm significance="normal">
<primary>fs setcrypt</primary>
</indexterm>
- <anchor id="Value_SecurityLevel" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_SecurityLevel">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {1,0}
</para>
<para>
<indexterm significance="normal">
<primary>SRV DNS records</primary>
</indexterm>
- <anchor id="Value_UseDNS" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_UseDNS">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {1,0}
</para>
<para>
<indexterm significance="normal">
<primary>dynroot</primary>
</indexterm>
- <anchor id="Value_FreelanceClient" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_FreelanceClient">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {1,0}
</para>
<para>
<indexterm significance="normal">
<primary>HideDotFiles</primary>
</indexterm>
- <anchor id="Value_HideDotFiles" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_HideDotFiles">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {1,0}
</para>
<para>
<indexterm significance="normal">
<primary>workstation cell name</primary>
</indexterm>
- <anchor id="Value_Cell" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_Cell">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: REG_SZ
</para>
<para>
<indexterm significance="normal">
<primary>RxMaxMTU</primary>
</indexterm>
- <anchor id="Value_RxMaxMTU" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_RxMaxMTU">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD
</para>
<para>
<indexterm significance="normal">
<primary>ConnDeadTimeout</primary>
</indexterm>
- <anchor id="Value_ConnDeadTimeout" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_ConnDeadTimeout">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>
Type: DWORD
</para>
<indexterm significance="normal">
<primary>TraceOption</primary>
</indexterm>
- <anchor id="Value_TraceOption" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_TraceOption">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0-15}
</para>
<para>
<indexterm significance="normal">
<primary>NoFindLanaByName</primary>
</indexterm>
- <anchor id="Value_NoFindLanaByName" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_NoFindLanaByName">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0, 1}
</para>
<para>
<indexterm significance="normal">
<primary>SMBAuthType</primary>
</indexterm>
- <anchor id="Value_smbAuthType" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_smbAuthType">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0..2}
</para>
<para>
<indexterm significance="normal">
<primary>MaxLogSize</primary>
</indexterm>
- <anchor id="Value_MaxLogSize" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_MaxLogSize">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0 .. MAXDWORD}
</para>
<para>
<indexterm significance="normal">
<primary>EnableServerLocks</primary>
</indexterm>
- <anchor id="Value_EnableServerLocks" />
- <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para id="Value_EnableServerLocks">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0, 1, 2}
</para>
<para>
</para>
</section>
</section>
- <section>
- <title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</title>
+ <section id="Regkey_HKLM_SOFTWARE_OpenAFS_Client">
+ <title>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</title>
<section>
<title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_CellServDBDir">Value: CellServDBDir</title>
<indexterm significance="normal">
<indexterm significance="normal">
<primary>CellServDBDir</primary>
</indexterm>
- <anchor id="Value_CellServDBDir" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_CellServDBDir">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_SZ
</para>
<para>
<indexterm significance="normal">
<primary>VerifyServiceSignature</primary>
</indexterm>
- <anchor id="Value_VerifyServiceSignature" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_VerifyServiceSignature">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<indexterm significance="normal">
<primary>path ioctl debugging</primary>
</indexterm>
- <anchor id="Value_IoctlDebug" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_IoctlDebug">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<indexterm significance="normal">
<primary>MiniDumpType</primary>
</indexterm>
- <anchor id="Value_MiniDumpType" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_MiniDumpType">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<indexterm significance="normal">
<primary>EnableSMBAsyncStore</primary>
</indexterm>
- <anchor id="Value_EnableSMBAsyncStore" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_EnableSMBAsyncStore">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<indexterm significance="normal">
<primary>SMBAsyncStoreSize</primary>
</indexterm>
- <anchor id="Value_SMBAsyncStoreSize" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_SMBAsyncStoreSize">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<indexterm significance="normal">
<primary>character sets</primary>
</indexterm>
- <anchor id="Value_StoreAnsiFilenames" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_StoreAnsiFilenames">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_DWORD
</para>
<para>
<para>These values used to be stored in afsdsbmt.ini</para>
</section>
</section>
- <section>
- <title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_CellServDB">Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CellServDB]</title>
+ <section id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_CellServDB">
+ <title>Regkey: [HKLM\SOFTWARE\OpenAFS\Client\CellServDB]</title>
<indexterm significance="normal">
<primary>CellServDB</primary>
</indexterm>
<para>A text string that can be displayed to end users to describe the server.</para>
</section>
</section>
- <section>
- <title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_Freelance">Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance]</title>
+ <section id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_Freelance">
+ <title>Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance]</title>
<indexterm significance="normal">
<primary>Freelance</primary>
</indexterm>
<para>These values used to be stored in afs_freelance.ini</para>
</section>
</section>
- <section>
- <title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_Freelance_Symlinks">Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks]</title>
+ <section id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_Freelance_Symlinks">
+ <title>Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks]</title>
<indexterm significance="normal">
<primary>Freelance Symlinks</primary>
</indexterm>
<para>NOTE: Submounts should no longer be used with OpenAFS. Use the Windows Explorer to create drive mappings to AFS UNC paths instead of using the AFS Submount mechanism.</para>
</section>
</section>
- <section>
- <title id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_ServerPreferences_VLDB">Regkey:
-[HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB]</title>
+ <section id="Regkey_HKLM_SOFTWARE_OpenAFS_Client_ServerPreferences_VLDB">
+ <title>Regkey: [HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB]</title>
<indexterm significance="normal">
<primary>Server Preferences</primary>
</indexterm>
</section>
</section>
</section>
- <section>
- <title id="Domain_Specific_Configuration">A.2.1 Domain specific configuration keys for the Network Provider</title>
+ <section id="Domain_Specific_Configuration">
+ <title>A.2.1 Domain specific configuration keys for the Network Provider</title>
<indexterm significance="normal">
<primary>domain logon configuration</primary>
</indexterm>
</section>
<section>
<title id="Domain_Specific_Configuration_Values">A.2.1.1 Domain Specific Configuration Values</title>
- <section>
- <title id="Domain_Specific_Regkeys">Regkeys: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ <section id="Domain_Specific_Regkeys">
+ <title>Regkeys: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</title>
<indexterm significance="normal">
<primary>LogonOptions</primary>
</indexterm>
- <anchor id="Value_LogonOptions" />
- <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_LogonOptions">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
<para>Type: DWORD
<indexterm significance="normal">
<primary>Realm</primary>
</indexterm>
- <anchor id="Value_Realm" />
- <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_Realm">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
<para>Type: REG_SZ
<indexterm significance="normal">
<primary>TheseCells</primary>
</indexterm>
- <anchor id="Value_TheseCells" />
- <para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_TheseCells">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]</para>
<para>Type: REG_MULTI_SZ
<indexterm significance="normal">
<primary>EnableKFW</primary>
</indexterm>
- <anchor id="Value_EnableKFW" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_EnableKFW">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Regkey: [HKCU\SOFTWARE\OpenAFS\Client]</para>
<para>Type: DWORD {0, 1}
</para>
<indexterm significance="normal">
<primary>Use524</primary>
</indexterm>
- <anchor id="Value_Use524" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_Use524">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Regkey: [HKCU\SOFTWARE\OpenAFS\Client]</para>
<para>Type: DWORD {0, 1}
</para>
<indexterm significance="normal">
<primary>AfscredsShortcutParams</primary>
</indexterm>
- <anchor id="Value_AfscredsShortcutParams" />
- <para>Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
+ <para id="Value_AfscredsShortcutParams">Regkey: [HKLM\SOFTWARE\OpenAFS\Client]</para>
<para>Regkey: [HKCU\SOFTWARE\OpenAFS\Client]</para>
<para>Type: REG_SZ
</para>
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
- -->
\ No newline at end of file
+ -->
</indexterm></para>
<orderedlist>
- <listitem>
- <para><anchor id="LINOSAVE-TOKENS" />Issue the <emphasis role="bold">tokens</emphasis> command to verify that you have valid
+ <listitem id="LINOSAVE-TOKENS">
+ <para>Issue the <emphasis role="bold">tokens</emphasis> command to verify that you have valid
tokens. For complete instructions, see <link linkend="HDRWQ30">To Display Your Tokens</link>. <programlisting>
% <emphasis role="bold">tokens</emphasis>
</programlisting></para>
</itemizedlist>
</listitem>
- <listitem>
- <para><anchor id="LINOSAVE-FSCHECKS" />Issue the <emphasis role="bold">fs checkservers</emphasis> command to check the
+ <listitem id="LINOSAVE-FSCHECKS">
+ <para>Issue the <emphasis role="bold">fs checkservers</emphasis> command to check the
status of file server machines. For complete instructions, see <link linkend="HDRWQ41">Checking the Status of Server
Machines</link>. <programlisting>
% <emphasis role="bold">fs checkservers &</emphasis>
</itemizedlist>
</listitem>
- <listitem>
- <para><anchor id="LINOSAVE-PERMS" />Issue the <emphasis role="bold">fs listacl</emphasis> command to verify that you have
+ <listitem id="LINOSAVE-PERMS">
+ <para>Issue the <emphasis role="bold">fs listacl</emphasis> command to verify that you have
the permissions you need for accessing, copying, or saving the file. For complete instructions, see <link
linkend="HDRWQ53">To display an ACL</link>. <programlisting>
% <emphasis role="bold">fs listacl</emphasis> <<replaceable>dir/file path</replaceable>>
have the necessary permissions, proceed to Step <link linkend="LINOSAVE-QUOTA">4</link>.</para>
</listitem>
- <listitem>
- <para><anchor id="LINOSAVE-QUOTA" />If copying a file, issue the <emphasis role="bold">fs listquota</emphasis> command to
+ <listitem id="LINOSAVE-QUOTA">
+ <para>If copying a file, issue the <emphasis role="bold">fs listquota</emphasis> command to
check whether the volume into which you are copying it, or the partition that houses that volume, is almost full. For
saving, check the volume and partition that contain the directory into which you are saving the file. For complete
instructions, see <link linkend="HDRWQ39">Displaying Volume Quota</link>. <programlisting>
</sect2><sect2 id="HDRWQ83"><title>To Authenticate on an Unsupported Operating System</title>
<orderedlist>
<listitem><para>Log onto the NFS client machine using your NFS username.</para></listitem>
- <listitem><para><anchor id="LINFS-TELNET" />Establish a connection to the NFS/AFS translator machine you are
+ <listitem id="LINFS-TELNET"><para>Establish a connection to the NFS/AFS translator machine you are
using (for example, using the <emphasis role="bold">telnet</emphasis> utility) and log onto it using your AFS
username (which is normally the same as your NFS username).</para></listitem>
<listitem><para>
% <emphasis role="bold">klog -setpag</emphasis>
</programlisting>
</para></listitem>
- <listitem><para>
- <anchor id="LINFS-KNFS" />Issue the <emphasis role="bold">knfs</emphasis> command to associate your AFS tokens
+ <listitem id="LINFS-KNFS"><para>
+ Issue the <emphasis role="bold">knfs</emphasis> command to associate your AFS tokens
with your UNIX UID on the NFS client machine where you are working. This enables the Cache Manager on the
translator machine to use the tokens properly when you access AFS from the NFS client machine.
</para><para>If your NFS client machine is a system type for which AFS defines a system name, it can make sense
<listitem><para>Specifies your NFS client machine's system type name.</para></listitem></varlistentry>
</variablelist>
</listitem>
- <listitem><para><anchor id="LINFS-LOGOUT" />(<emphasis role="bold">Optional</emphasis>) Log out from the
+ <listitem id="LINFS-LOGOUT"><para>(<emphasis role="bold">Optional</emphasis>) Log out from the
translator machine, but do not unauthenticate.</para></listitem>
<listitem><para>Work on the NFS client machine, accessing AFS as necessary.</para></listitem>
<listitem><para>
<?xml version="1.0" encoding="utf-8"?>
<appendix id="HDRWQ86"><title>OpenAFS Command Syntax and Online Help</title>
+<para>
<indexterm><primary>syntax of AFS commands described</primary></indexterm>
- <para>The AFS commands available to you are used to authenticate, list AFS information, protect directories, create
+ The AFS commands available to you are used to authenticate, list AFS information, protect directories, create
and manage groups, and create and manage ACLs. There are three general types of commands available to all AFS
users: file server commands, protection server commands, and miscellaneous commands. This chapter discusses the
syntax of these AFS commands, the rules that must be followed when issuing them, and ways of accessing help