HP Visualize J5000 hp enterprise file system: planning and configuring hp DCE/
HP Visualize J5000 - Workstation Manual
View all HP Visualize J5000 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Visualize J5000 manual content summary:
- HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 1
HP Enterprise File System Planning and Configuring HP DCE/9000 Enhanced DFS Version 3.0 HP Part No. B6863-IE002-E0302 Edition 1 © Hewlett-Packard Company, 2002. All rights reserved. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 2
the specific warranty terms applicable to your HewlettPackard product and replacement parts can be obtained from your local Sales and Service Office Alto, California 94304 U.S.A. Use of this document and the CD-ROM(s) supplied for this pack is restricted to this product only. Additional copies of the - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 3
Legal Notices This software is based in part on the Fourth Berkeley Software Distribution under license from the Regents of the University of California. ©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 4
Legal Notices 4 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 5
Contents Planning and Configuring HP DCE/9000 Enhanced DFS Version 3.0 1 1 About HP DCE/9000 Enhanced DFS Overview of HP DCE/9000 Enhanced DFS Version 3.0 12 Benefits 13 Features 14 Restriction of RPC Addresses 14 DCE/DFS TCL Configuration Functions 15 Global Variables 15 System Tuning Variables 15 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 6
Information and DFS Cache Files 44 Restricting RPC Addresses 45 Setting Global Variables 46 Using Tuning Variables 48 3 Running dce_config to Configure Enhanced DFS Configuring a System Control Server 50 Configuring a DFS Fileset Location Database 52 Configuring a File Server and a Private File - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 7
Miscellaneous Functions 84 DCE TCL Examples 112 Configuring a DCE Client 112 Configuring a Single-machine DCE Server 112 Configuring dced 113 Configuring secd 113 Configuring cdsd 114 Configuring dtsd 114 Configuring a Security Replica 114 Configuring a CDS Replica 115 Unconfiguring a Client (only - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 8
151 Configuring a Client and Enabling Remote Authentication 152 Accessing DFS from an NFS Client 154 Unauthenticated Access to DFS 154 Authenticated Access to DFS 155 Authenticating to DCE from an NFS Client 157 Authenticating to DCE from a Gateway Server Machine 159 Determining Whether a Specific - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 9
HP DCE/9000 Enhanced DFS Version 3.0 specific to Hewlett-Packard. For features of standard DFS, see the OSF documentation. This book is organized as follows: • Chapter 1 describes the benefits and features of HP DCE/9000 HP DCE/9000 Enhanced DFS. • Chapter 3 describes configuring HP DCE/9000 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 10
10 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 11
1 About HP DCE/9000 Enhanced DFS HP DCE/9000 Enhanced DFS Version 3.0 is a distributed file system functionally equivalent to Version 1.2.2 of The Open Group (formerly Open Software Foundation) DCE Distributed File Service (DFS). Enhanced DFS is one component of the HP Enterprise File System product - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 12
global view. Enhanced DFS requires the HP-UX 11.0 operating system and the HP DCE/9000 Version 1.7 product. Enhanced DFS supports all HP DCE/9000 DFS 1.7 functionality and protocols, and interoperates fully with other DFS servers. The client and server components of Enhanced DFS 3.0 are available - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 13
from non-LFS file systems • Allows the addition of server and client machines to an HP DCE/9000 DFS configuration with little impact on other servers or clients and with few additional administrative responsibilities • Supports enhanced administration and security • Stores central copies of system - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 14
3.0 offers complete HP DCE/9000 1.7 DFS server functionality for distributed computing environments, which can include: • Server machines • Client of the environment variable, RPC_SUPPORTED_NETADDRS. See the HP DCE 1.7 planning and configuration guide for a description of this environment variable. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 15
About HP DCE/9000 Enhanced DFS Features DCE/DFS TCL Configuration Functions Enhanced DFS 3.0 offers a number of configuration, unconfiguration, cleanup, and miscellaneous TCL functions for DCE and DFS. For more information, see Appendix A. Global Variables Enhanced DFS 3.0 offers a number of global - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 16
About HP DCE/9000 Enhanced DFS Administration Tools for Enhanced DFS 3.0 Administration Tools for Enhanced DFS 3.0 Enhanced DFS 3.0 provides several tools, in addition to the standard tools and commands provided with OSF DFS 1.2.2, to help you monitor and administer your DFS 3.0 file servers. These - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 17
access a copy of the HP DCE/9000 Enhanced DFS Version 3.0 Release Note (in HTML format) from the HP EFS home page. The HTML Release Note is the same as the printed Release Note, except it may contain post-product-release updates to the printed version. See the "What Manuals are Available for This - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 18
the hardware, software, operating system, memory, and swap space requirements for HP DCE/9000 Enhanced DFS Version 3.0 on HP-UX 11.0. Enhanced DFS 3.0 Interoperability Enhanced DFS 3.0 clients and servers are completely interoperable with HP DCE/9000 Version 1.4x, 1.5.x, EFS 1.0, DFS 2.0, and - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 19
/opt/dce/efs_docs/text/EnhDFSRelNote.text • Planning and Configuring HP DCE/9000 Enhanced DFS Version 3.0 - available at the following manual is a detailed, comprehensive description of OSF DCE DFS Version 1.2.2, the software upon which Enhanced DFS 3.0 is based. • OSF DCE DFS Reference Guide - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 20
About HP DCE/9000 Enhanced DFS What Manuals are Available for This Version 20 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 21
2 Installing and Configuring Enhanced DFS 3.0 This chapter describes how to install and configure HP DCE/9000 Enhanced DFS Version 3.0 on HP-UX 11.0. It also contains a list of the filesets for Enhanced DFS. 21 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 22
Server is required in each cell that is running Enhanced DFS. The File server can be configured automatically when you configure the FLDB server, defaults to /var/opt/dce/adm/dfs/cache, but any local path can be used.) Hosts with only one disk or logical volume, therefore, should not be configured - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 23
Before you install and configure Enhanced DFS, be sure to make the planning decisions described in the OSF DCE DFS Administration and Reference guides. These decisions include: • Determining which machine and file system to use for the root.dfs fileset • Defining Enhanced DFS server and client roles - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 24
Installing and Configuring Enhanced DFS 3.0 Preparing to Administer DFS Preparing to Administer DFS If you are logging in as the root user and are planning to run the - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 25
including config/dce_config.log, dced/dced.log, svc/fatal.log, svc/error.log, and svc/warning.log. • DFS Installation Size ❒ Client (Assuming a typical, single-user, graphic desktop, HP-UX workstation): A minimum of 64 MB of ram for a client-only system A minimum of 170 MB of swap space for a client - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 26
3.0 Considerations for Enhanced DFS 3.0 Installation and Configuration system (A DCE/DFS File Server/Fileset Database Machine combination needs about 89 MB of additional swap space) A minumum of 164 MB of swap space for a file/fileset database/backup server system (A DCE/DFS Fileset Database/Backup - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 27
creating a UFS file system, you can create the file system manually using HP-UX file system commands (for example, newfs), or you can use an existing file system. You should configure the first (if more than one) FLDB server on the machine that exports root.dfs. • Install the prerequisite software - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 28
the command line; however the "Match what target has" option is not supported in this mode. As root, execute the following command: /usr/sbin/swinstall Server. The execution of this command reboots your system when the installation is complete. It is not necessary to manually save any configuration - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 29
Installing and Configuring Enhanced DFS 3.0 Enhanced DFS 3.0 Filesets Enhanced DFS 3.0 Filesets The Enhanced DFS language support EFS client kernel libraries EFS Core man pages EFS Release Note and OSF DFS (Rev. 1.2.2) manuals EFS NFS secure gateway client EFS NFS secure gateway server Dependencies - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 30
Installing and Configuring Enhanced DFS 3.0 Enhanced DFS 3.0 Filesets Product EFS-DFSServer Fileset EFS-ADMIN EFS-EPISODE EFS-KERN-EPI EFS-KERN-SVR EFS-SERVER EFS-SERVER-CMN EFS-ENG-A-MAN EFS-ResourceKit EFS-WEB EFS-CNTRB-SNTL EFS-CNTRB-TKMAJ Description Dependencies EFS administration tools - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 31
dfs from UFS to Episode After installing and configuring Enhanced DFS, if you want to migrate your procedure, consult the OSF DCE DFS Reference Guide, Revision 1.2.2. An HTML version of this in the directory /opt/dce/efs_docs. 1 Use the HP-UX Logical Volume Manager (LVM) to create the logical volume - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 32
Installing and Configuring Enhanced DFS 3.0 Migrating root.dfs from UFS to Episode 5 Use the dce_login command to become the administrator. Example: dce_login cell_admin password 6 Use the fts create command to create a read/write fileset to be used as the new Episode root.dfs. Example: fts create - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 33
Container Creation (IC) and Initial Object Creation (IO) ACLs. See Chapter 3 of the The OSF DCE DFS Administration Guide, Revision 1.2.2 for details. Note that the default ACLs for a newly created fileset are equivalent to a UNIX mode of 700; specifically: dcecp> acl show /.:/fs {user_obj rwxcid - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 34
and Configuring Enhanced DFS concept of cheap replication, consult the OSF DCE DFS Reference Guide, Revision 1.2.2. An HTML version of this document is provided root.dfs fileset; that is, a replica site on the same File server machine and aggregate as the root.dfs read/write master. Example: fts - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 35
NOTE: Installing and Configuring Enhanced DFS 3.0 Replicating root.dfs Using "Cheap Replication" 6 Use this command to make sure that the replica (the read-only copy of root.dfs) is - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 36
and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS Handling of setuid Programs and Device Files in DFS By default, the up. The shell script below suggests a method to do this. Also by default, the DFS Cache Manager does not honor device files stored in filesets in - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 37
Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS # These files contain the global and local configuration # for the setuid state. The global file should contain the # setuid state that is common to everyone in the cell. # Putting it into DFS makes - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 38
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS # if [ -r ${localconf} ]; then while read PATH STATE; do cm setsetuid ${PATH} -state ${STATE} done < ${localconf} fi For more information, see the OSF DCE DFS Reference Guide, Revision 1.2.2. Additional - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 39
and Configuring Enhanced the -path option. This information comes from the kernel of the workstation on which the command is issued. System administrators set whether hard -Cache Manager basis with the cm sethardmount command. By default, the Cache Manager does not provide hard mount semantics on - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 40
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS OUTPUT The cm gethardmount command first displays the line Fileset pathname status: In the - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 41
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS NAME cm down during a long (that is, over night) series of operations, the programs complete when the server comes back online, rather than needing to be restarted. OPTIONS -path {file | dir} Names a - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 42
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files state options, the Cache Manager does not provide hard mount semantics for the indicated filesets. By default, the Cache Manager does not provide hard mount semantics for a fileset. Privilege Required The issuer - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 43
DFS Neither dce_config nor the SAM-based DCM (DCE Configuration Manager) can successfully stop Enhanced DFS daemons. Enhanced DFS Enhanced DFS daemons that are kernel processes. If Enhanced DFS is started automatically at boot time and you want to prevent this, you can take either of the following - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 44
state, is: 1 Use dce_config to unconfigure the node from the DCE cell. This removes the node's information from the DCE servers and resets the node's system configuration files so that DCE and Enhanced DFS are not restarted automatically upon reboot. 2 Reboot the node. Neither DCE nor Enhanced DFS - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 45
Installing and Configuring Enhanced DFS 3.0 Restricting RPC Addresses Restricting RPC Addresses Enhanced RPC_SUPPORTED_NETADDRS=ip:myhost or export RPC_SUPPORTED_NETADDRS=ip:10.3.2.1 forces any servers started in the current shell to support only the addresses associated with the name myhost and the - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 46
variables include directory variables, execution variables, and security server variables. Global variables may be defined by the user if the default setting is not correct for whatever reason. If none are defined, the configuration scripts will still work correctly. Directory variables should only - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 47
Enhanced DFS 3.0 Setting Global Variables Security server variables can change how the security server is eventually configured. • LOW_UID - This is the starting UID value to use when new entries are made in the security registry. Default is '100'. • LOW_GID - This is the starting GID value - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 48
, many options should notbe passed, and specifying them can cause problems for your installation. Please read and fully understand the DFS administration guide and the command reference manual before using any of these to alter the configuration of your system. In /etc/rc.config.d/dfs there are - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 49
Enhanced DFS This chapter describes how to configure HP DCE/9000 Enhanced DFS 3.0 on HP-UX 11.0 using the dce_config utility. You cannot configure Enhanced DFS 3.0 with the SAM-based DCM (DCE Configuration Manager) tool. Follow the instructions in this chapter to complete the installation and - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 50
the DCE Configuration Menu, choose Additional Server Configuration: DCE Configuration Menu (on hostname) selection: 2 S:****** Configuring additional server... S:****** Please wait for user authentication and authorization... Enter Cell Administrator's principal name:(cell_admin) Enter password: 50 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 51
4. DFS Private File Server 5. DFS File Server 6. DFS Fileset Location Database Server 7. GDA Server 8. Replica Security Server 9. Auditing 10.Password Management Server 11.Unconfigure Password Management Server 98. Return to previous menu 99. Exit selection: 3 S:****** Configuring DFS System Control - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 52
automatically, depending on the setting of the CONFIG_DFS_FLDB_ONLY environment variable. A setting of "no" (default) causes a File Server to be automatically configured; "yes" causes only an FLDB server to be configured; if the environment variable is not set, a prompt appears asking if you want to - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 53
remaining steps assume you entered y in the previous step to continue and configure a File server. 4 dce_config prompts for the name of the DFS fileset. root.dfs is the default name. When configuring the first (or only) FLDB server, root.dfs must be specified. Enter the fileset name (root.dfs): root - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 54
in Step 4: number of sites: 1 server flags aggr siteAge principal owner name.acme.com RW epi1 0:00:00 /hosts/name Fileset 0,,1 created on aggregate epi1 of node_name S:****** Starting dfsbind... S:****** Starting fxd... Configuration of the FLDB server and the first File server is now complete. 54 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 55
use the same instructions to configure a Private File server. To configure a File server or Private File server, perform the following steps: 1 From the Additional Server Configuration Menu, choose 4 (DFS Private File Server) or 5 (DFS File Server): Additional Server Configuration Menu (on hostname - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 56
and about the servers it is starting: number of sites: 1 server flags aggr siteAge principal owner name.acme.com RW epi1 0:00:00 /hosts/name Fileset 0,,1 created on aggregate epi1 of node_name S:****** Starting dfsbind... S:****** Starting fxd... Configuration of the DFS File server is now complete - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 57
machine must have been previously configured as a DCE client. Before you configure a DFS client, determine the following: • The cache size, where it is located (system memory or the local disk), and the directory where it will be stored. If you select disk cache, the default of 10000 will create - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 58
password: 4 Choose whether the cache is in system memory or on the local disk. Is the cache: 1. in memory 2. on the local disk selection: S:****** Starting dfsbind... Step 5 assumes you choose 1 (in memory). 5 Choose a cache size for the memory. The default cache size is 1MB. Enter the RAM size - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 59
Running dce_config to Configure Enhanced DFS Configuring a DFS Client 9 Reply to the prompt "Would you like to use BOS server to monitor and administer the dfsgwd process?". If you want the dfsgw server administrator to administer and monitor the dfsgw server via BOS (bosserver) commands, enter y. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 60
Running dce_config to Configure Enhanced DFS dfs_config Environment Variables dfs_config Environment , user.jlw). The unique numerical aggregate ID of the exported aggregate. "mem" means cache is in memory;"disk" means cache is on the local disk. The pathname of the directory to use for a local - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 61
DFS dfs_config Environment Variables Definition "n" (default) causes a File server to be automatically configured when a Fileset Location Database (FLDB) server is configured; "y" causes only an FLDB server to be configured; if not set, when an FLDB server is configured, a prompt appears asking if - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 62
to Configure Enhanced DFS dfs_config Environment Variables Environment Variable LOAD_LFS_KEXT ROOT_FILESET_NM SCM_NAME Definition "y" if user wants to load the LFS kernel extension; "n" otherwise. The root fileset name. The name of the system control machine to be used during configuration. 62 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 63
A TCL Functions This appendix describes the DCE and DFS TCL functions. It also includes examples of primary DFS functions. 63 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 64
the local host as a dce client • tcl_dce_config_dced - Configures the local host (specified by hostname) with DCED • tcl_dce_config_dceserver - Configures the local host as a full DCE server • tcl_dce_config_dtsserver - Configures the local host as a DTS machine, depending on the 'dts_type - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 65
of dced commands. cds_server The name of the CDS server in the cell you wish to configure into that should be cached locally. celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the local host as a CDS client - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 66
of the cds server to cache if a name cannot be determined automatically. celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. cds_dirlist The list of cds namespace objects that should be replicated. RETURNS TCL_OK Successfully configured the host - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 67
without the /.../ prepended). sec_server The name of the master security server in the cell. celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the host as a CDS server. err_msg An error was encountered. 67 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 68
CDS server in the cell you wish to configure into that will be cached locally. dts_type Keyword identifying how to configure the DTS on the local machine (client, local, global, none). celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 69
using the full domain name, as opposed to the short name. cellname The name of the cell which this dced will be configured into. If the local node will be a server machine, this parameter is required. If the local node will be a client to an existing cell, this parameter can be passed - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 70
prepended). dts_type Keyword identifying how to configure the DTS on the local machine (client, local, global, none). celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured a DCE server on the local host. err_msg - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 71
daemon regardless of which type of DTS machine is configured. SYNOPSIS tcl_dce_config_dtsserver celladmin_pw) (hostname dts_type celladmin PARAMETERS cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured DTS on the local host. err_msg An error - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 72
the sec_server parameter. sec_server The name of the security server in the cell you wish to configure into. celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the security client on the local host. err_msg - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 73
The host must also already have dced running, as well as be configured as a security and cds client. Also modifies ACLs on the as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the host as a security replica. err_msg An error was - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 74
Configures the local host as a DCE security server. This function first checks that secd has been installed, and if so, creates the dce_cf.db file. Initializes the security service cell administrator's password. RETURNS TCL_OK Successfully configured the local host as a security server. err_msg An - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 75
to signal whether the unconfiguration should continue on error (y) or stop on error (n). celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully unconfigured the specified host. err_msg An error was encountered. 75 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 76
TCL Functions DCE TCL Functions Cleanup Functions The cleanup functions include the following: • tcl_cleanup - Attempts to clean up the host DCE configuration whenever global variable CLEAN_UP is set to 'yes' • tcl_dce_cleanup_cds - Set up the commands required to unconfigure the CDS client • - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 77
TCL Functions DCE TCL Functions NAME tcl_cleanup - Attempts to clean up the host DCE configuration whenever CLEAN_UP = y. SYNOPSIS tcl_dce_cleanup_dced (input) PARAMETERS input The list of commands that make up the cleanup attempt. RETURNS TCL_OK Successfully ran the cleanup commands represented - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 78
tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_cds (hostname cds_server) PARAMETERS hostname The name of the local host to clean up. cds_server The name of the server cached on the local host. RETURNS $result The result passed up from the tcl cleanup function. 78 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 79
TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_cdsreplica - Sets up the commands required to unconfigure the local machine from being a CDS replica. Unconfigures the CDS replica if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_cdsreplica (hostname cds_dirlist) - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 80
TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_dced - Sets up the commands required to unconfigure dced. Unconfigures DCED if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_dced (hostname) PARAMETERS hostname The name of the local host to clean up. RETURNS $ - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 81
TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_dtsd - Sets up the commands required to unconfigure dtsd. Unconfigures the dts server if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_dtsd () RETURNS $result The result passed up from the tcl cleanup function. 81 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 82
TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_secreplica - Sets up the commands required to unconfigure the local machine from being a security replica. Unconfigures the security replica if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_secreplica (hostname - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 83
TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_security - Sets up the commands required to unconfigure the security client. Unconfigures the security client if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_security (hostname cellname) PARAMETERS hostname The - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 84
the name service to reflect an additional CDS server • tcl_dce_cds_client_init - Creates the correct CDS client entries in the namespace • tcl_dce_cds_server_init - Initialize the name service • tcl_dce_check_for_sec_client_service - Check local machine for an active or configured security client - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 85
type specified as the first parameter • tcl_mod_rcfile - Modifies the file specified by 'filename' so the correct daemons will be started at boot time • tcl_rmline_file - Removes any line from the file named in 'filename' which matches the string provided in 'dline' • tcl_settimezone - Establishes - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 86
TCL Functions DCE TCL Functions NAME tcl_checktime - Synchronizes the local host's system time with the time on the cell time server. Updates the local host's system time if the time difference is greater than the tolerance specified below. SYNOPSIS tcl_checktime (hostname time_server) PARAMETERS - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 87
tcl_dce_cds_addserver_init - Initialize the name service to reflect an additional CDS server. Creates all required directories and opposed to the short name. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully initialized CDS namespace information for replica. err_msg An - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 88
as opposed to the short name. cellname The name of the cell you wish to configure into (without the /.../ prepended). cds_server The name of the CDS server in the cell you wish to configure into that should be cached locally. RETURNS TCL_OK Successfully initialized CDS client information. err_msg An - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 89
TCL Functions NAME tcl_dce_cds_server_init - Initializes the name service. Creates all DCE required directories and objects in without the /.../ prepended). sec_server The name of a security server in the cell. RETURNS TCL_OK Successfully initialized CDS namespace information. err_msg An error - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 90
- Checks the local machine for an active or configured security client (sec_client) service. SYNOPSIS tcl_dce_check_for_sec_client_service () RETURNS TCL_OK No active sec_client service exists. ALREADY_RUNNING An active sec_client service exists. err_msg An error was encountered. 90 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 91
using the full domain name, as opposed to the short name. cellname The name of the cell which this dced will be configured into. If the local node will be a server machine, this parameter is required. If the local node will be a client to an existing cell, this parameter can be passed - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 92
and adds the kerberos5 entry to /etc/services. SYNOPSIS tcl_dce_create_krbconf (cellname sec_server) PARAMETERS cellname The name of the cell you wish to configure into. sec_server The name of the security server in the cell you wish to configure into. RETURNS TCL_OK Successfully created the krbconf - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 93
user will be encouraged to specify the hostname using the full domain name, as opposed to the short name. sec_server The name of the security server in the cell you wish to configure into. RETURNS TCL_OK Successfully created a new pe_site file on the local host. err_msg An error was encountered. 93 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 94
TCL Functions DCE TCL Functions NAME tcl_dce_remove - Removes the files created by DCE during the initial configuration and subsequent operations, thereby allowing the local host to be configured again. Note that if a host is being 'removed' from an existing cell (in which it is a client), it should - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 95
with CDS, even though it attempts to every sixty seconds, and 2) in the split server server configuration, the CDS client is not yet configured on the CDS server when the ACL modifications are performed. SYNOPSIS tcl_dce_set_security_acl (hostname cellname sec_server) PARAMETERS hostname The name - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 96
TCL Functions DCE TCL Functions NAME tcl_dce_shutdown - Stops all running DCE daemons (that are stoppable). SYNOPSIS tcl_dce_shutdown (hostname force) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the 'hostname' command) because the user - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 97
TCL Functions DCE TCL Functions NAME tcl_dce_start_sec_client_service - Starts the already-configured security client services on the local host. SYNOPSIS tcl_dce_start_sec_client_service (mod_rc) PARAMETERS mod_rc Update the rcfile if set to "yes". RETURNS TCL_OK Successfully started the security - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 98
TCL Functions DCE TCL Functions NAME tcl_dce_stop_sec_client_service - Stops the already-configured security client services on the local host. SYNOPSIS tcl_dce_stop_sec_client_service () RETURNS TCL_OK Successfully stopped the security client services. err_msg An error was encountered. 98 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 99
TCL Functions DCE TCL Functions NAME tcl_dce_verify_cds - Ensures that the CDS namespace service is up and running correctly. SYNOPSIS tcl_dce_verify_cds () RETURNS TCL_OK CDS is running correctly. err_msg An error was encountered. 99 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 100
TCL Functions DCE TCL Functions NAME tcl_dce_verify_consistency - Ensures that any exisiting security replicas are consistent with the security master. SYNOPSIS tcl_dce_verify_consistency () RETURNS TCL_OK Security replicas and master are consistent. err_msg An error was encountered. 100 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 101
dce as the cell administrator. SYNOPSIS tcl_dcelogin (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully logged into dce as the specified account. err_msg An error was encountered. 101 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 102
TCL Functions DCE TCL Functions NAME tcl_find_name - Returns 'TCL_OK' if it finds the specified name in the specified file or 'NOT FOUND' if it does not. SYNOPSIS tcl_find_name (name file) PARAMETERS name The name to search for. file The file in which to search. RETURNS TCL_OK Successfully found - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 103
TCL Functions DCE TCL Functions NAME tcl_get_ids - Gets UNIX ID information from the system. SYNOPSIS tcl_get_ids (type) PARAMETERS type The type to use when looking for high UID. RETURNS high_uid The high UID calculated by the system. 103 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 104
TCL Functions DCE TCL Functions NAME tcl_get_pid - Returns the process identification (pid) of the process specified in proc_name or 'NOT FOUND' if the process is not running. SYNOPSIS tcl_get_pid (proc_name) PARAMETERS proc_name The name of the process to search for. RETURNS pid # Successfully - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 105
TCL Functions DCE TCL Functions NAME tcl_get_ugid - Determines which uids and gids to use for the initial and subsequent additions into the security registry. SYNOPSIS tcl_get_ugid (low_uid low_gid) PARAMETERS low_uid Initial User ID (uid) to use. low_gid Initial Group ID (gid) to use. RETURNS - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 106
display. passwd A list of words to be substituted. Any occurance of this string will be replaced with "" on output. In this way, no password will ever be displayed as part of standard output or logfile. Passing NULL as the value for this parameter will result in no checking being - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 107
so the correct daemons will be started at boot time. SYNOPSIS tcl_mod_rcfile (mdaemon sw filename) PARAMETERS mdaemon The DCE/DFS daemon to mark. sw Switches to apply when the daemon is modified. filename The name of the file where the configuration information is stored. RETURNS TCL_OK Successfully - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 108
TCL Functions DCE TCL Functions NAME tcl_rmline_file- Removes any line from the file named in 'filename' which matches the string provided in 'dline'. SYNOPSIS tcl_rmline_file (dline filename) PARAMETERS dline The info to delete when found in the file. filename The file to remove information from. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 109
TCL Functions DCE TCL Functions NAME tcl_settimezone - Establishes a DCE timezone setting by creating a localtime link if it does not yet exist. When the HPUX TZ system variable contains a recognizable value, the localtime link is set to point to the corresponding DCE timezone information file. If - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 110
TCL Functions DCE TCL Functions NAME tcl_slay_daemon - Executes a system kill on the specified daemon and the specified process id number. SYNOPSIS tcl_slay_daemon (daemon_name daemon_pid) PARAMETERS daemon_name The name of the dce daemon to kill. daemon_pid The pid the dce daemon is running as. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 111
by 'filename' so the specified daemon will not be started at boot time. SYNOPSIS tcl_unmod_rcfile (mdaemon sw filename) PARAMETERS mdaemon The DCE/ . filename The name of the file where the configuration information is stored. RETURNS TCL_OK Successfully modifies specified file with mdaemon. - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 112
Configuring a Single-machine DCE Server hp.com) or the short name (for example, blech). Specify the cellname parameter without the /.../ in front. The dts_type parameter should be one of 'client', 'local', 'global' or 'none'. Choose your own celladmin account name (usually 'cell_admin') and password - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 113
configuring the dced on a machine to be a client in an existing cell, sec_server would be the name of the security server in that cell. If you are configuring name (for example, blech.ch.apollo.hp.com) or the short name (for example usually 'cell_admin') and password. Example: dcecp> tcl_dce_config_secserver oddball gumby1 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 114
(usually 'cell_admin') and password. If you are configuring a single-node server, sec_server should be the Configuring dtsd tcl_dce_config_dtsserver (hostname dts_type \ > celladmin celladmin_pw) The hostname parameter can be passed as either the full domain name (for example, blech.ch.apollo.hp - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 115
DCE TCL Examples Example: dcecp> tcl_dce_config_secreplica oddball cell_admin \ > -dce: dcecp> Configuring a CDS Replica tcl_dce_config_cdsreplica (hostname cds_server \ > celladmin celladmin_pw cds_dirlist) Will create a CDS replica server on an existing dce client machine. The node you run this - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 116
On a client, do this after an tcl_dce_unconfig. On a server, do this to completely remove the server and destroy the cell. It doesn't touch the registry or process before attempting any additional configuration work. hostname must be the local host Example: dcecp> tcl_dce_remove oddball 116 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 117
(The local host must already be configured with DCE, either as a client or a server) • tcl_dfs_config_dfsfldb - Configures a DFS Fileset Location Database Server • tcl_dfs_config_dfsfs - Configures a DFS Fileset Server • tcl_dfs_config_repserver - Configures the repserver on the local host 117 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 118
bakserver on the local host. SYNOPSIS tcl_dfs_config_bosserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured a bakserver on host. err_msg An error was encountered. 118 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 119
TCL Functions DFS TCL Functions NAME tcl_dfs_config_bosserver - Configures a bosserver on the local host. SYNOPSIS tcl_dfs_config_bosserver () RETURNS TCL_OK Successfully configured a bosserver on the local host. err_msg An error was encountered. 119 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 120
a server. SYNOPSIS tcl_dfs_config_dfsclient (cache_type cache_size cache_dir) PARAMETERS cache_type Type of caching to use. The only two legal values are 'disk' and 'mem'. Using anything else will result in an error. cache_size Size to use when creating the cache, whether it is disk or memory cache - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 121
Fileset Location Database Server. SYNOPSIS tcl_dfs_config_dfsfldb (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the local host as a DFS FLDB Server. err_msg An error - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 122
Functions NAME tcl_dfs_config_dfsfs - Configures a DFS Fileset Server. SYNOPSIS tcl_dfs_config_dfsfs (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured the local host as - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 123
. SYNOPSIS tcl_dfs_config_repserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully configured a repserver or repserver already configured. err_msg An error was encountered. 123 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 124
• tcl_dfs_unconfig_dfsclient - Unconfigures the local host as a dfs client • tcl_dfs_unconfig_dfsfldb - Unconfigures a DFS Fileset Location Database Server • tcl_dfs_unconfig_dfsfs - Unconfigures a DFS Fileset Server • tcl_dfs_unconfig_repserver - Unconfigures the repserver on the local host 124 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 125
force) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. force Allow the unconfigure even if it is the last bakserver. Default: 0 (no force). RETURNS TCL_OK Successfully unconfigured a bakserver on this host. err_msg An error was - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 126
local host. SYNOPSIS tcl_dfs_unconfig_bosserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully unconfigured the bosserver on the local host. err_msg An error was encountered. 126 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 127
TCL Functions DFS TCL Functions NAME tcl_dfs_unconfig_dfsclient - Unconfigures the local host as a dfs client. SYNOPSIS tcl_dfs_unconfig_dfsclient () RETURNS TCL_OK Successfully unconfigured the host as a dfs client. err_msg An error was encountered. 127 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 128
administrator. celladmin_pw The cell administrator's password. force Allow the unconfigure even if it is the last flserver. Default: 0 (no force). RETURNS TCL_OK Successfully unconfigured the local host as a DFS FLDB Server or the machine is not an FLDB server. err_msg An error was encountered. 128 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 129
(celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully unconfigured the local host as a DFS Fileset Server or the host is not a fileset server. err_msg An error was encountered. 129 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 130
on the local host. SYNOPSIS tcl_dfs_unconfig_repserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator's password. RETURNS TCL_OK Successfully unconfigured the repserver daemon. err_msg An error was encountered. 130 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 131
the following: • tcl_dfs_add_episode_aggregate - Creates an episode aggregate • tcl_dfs_add_episode_fileset - Creates an episode fileset • tcl_dfs_add_native_fileset - Configures a native (UFS) fileset • tcl_dfs_format_episode_aggregate - Checks for an aggregate (agg_dev_name) and creates one if - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 132
format y or n. Format a partition as an episode aggregate. epi_force y or n. Reinitialize an existing aggregate. blksize The block size to be used (ex: 8192). fragsize The fragment size to be used (ex: 1024). RETURNS TCL_OK Successfully created an episode aggregate. err_msg An error was encountered - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 133
TCL Functions DFS TCL Functions NAME tcl_dfs_add_episode_fileset - Creates an episode fileset. SYNOPSIS tcl_dfs_add_episode_fileset (fileset_name agg_name) PARAMETERS fileset_name The name of the fileset (ex: root.dfs). agg_name The name of the aggregate (ex: epi1). RETURNS TCL_OK Successfully - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 134
TCL Functions DFS TCL Functions NAME tcl_dfs_add_native_fileset - Configures a native (UFS) fileset. SYNOPSIS tcl_dfs_add_native_fileset (fileset_name agg_name The aggregate ID number (ex: 1). RETURNS TCL_OK Successfully configured the native (UFS) fileset. err_msg An error was encountered. 134 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 135
aggregate (ex: /dev/vg00/lvol8). epi_format_force y or n. Reinitialize an existing aggregate. Default: n. blksize The block size to be used. Default: 8192. fragsize The fragment size to be used. Default: 1024. (agg_dev_name RETURNS TCL_OK Successfully checked, created, or reinitialized an episode - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 136
# Then create the first FLDB server. # Then create the first Fileset Server (ie root.dfs). # Having problems when first FLDB server and first server # are not on the same vg00/lvol8 \ 1 episode y y 8192 1024 CONFIGURE A DFS CLIENT # tcl_dfs_config_dfsclient cache_type cache_size cache_dir - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 137
fragsize tcl_dfs_config_episode_fileset softtail cell_admin -dce- \ mgmfs epi_agg /dev/vg01/lvol3 3 y 8192 1024 CONFIGURE BAK SERVER # tcl_dfs_config_bakserver hostname celladmin celladmin_pw tcl_dfs_config_bakserver harpoon cell_admin -dce- # Start a repserver # tcl_dfs_start_repserver - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 138
TCL Functions DFS TCL Functions Unconfigure (and remove) a dfs System Control Machine # This must be the SCM (machine running upserver) #tcl_dfs_unconfig_dfsscm hostname celladmin celladmin_pw tcl_dfs_unconfig_dfsscm harpoon cell_admin -dce Stop (unconfigure) an upclient # Upclient should only be - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 139
B The DFS/NFS Secure Gateway This appendix describes how to use the Distributed File Service/Network File System (DFS/NFS) Secure Gateway to grant authenticated access to the DFS filespace from an NFS client. 139 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 140
Service/ Configuration consists only of installing the dfsgw commands on the Gateway Server machines. However, authentication requires either administrative intervention or remote access to the Gateway Server machine (for example, via the telnet program); the latter approach results in user passwords - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 141
configuring Kerberos on the NFS clients, and configuring the remote authentication service on both the Gateway Server machines and the NFS clients. However, authentication requires no administrative measures, and user passwords from the specific NFS client default, each ticket receives the default - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 142
the credentials. Because the authentication table resides in memory, all authenticated sessions are terminated if the machine configured as a Gateway Server is rebooted. The following two subsections provide complete instructions for configuring Gateway Server machines and NFS clients to provide NFS - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 143
command to administrators only. To configure a Gateway Server machine without enabling remote authentication via the dfs_login command, follow the instructions in "Configuring a Gateway Server Without Enabling Remote Authentication." • Configure the Gateway Server machines so that users can issue - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 144
keep the system clocks on these machines synchronized at all times. Once you have met these prerequisites, you can configure your Gateway Server machines. Configuring a Gateway Server Without Enabling Remote Authentication Perform the steps in this section to enable DCE authentication from a Gateway - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 145
; the exact command and procedure depends on your vendor's implementation of NFS. (See your vendor's NFS documentation for more information.) The Gateway Server machine is now configured to provide DCE authentication via only the dfsgw add command. Repeat these steps on each DFS client that is to be - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 146
Configuring Gateway Server Machines Configuring the BOS Server Process To configure the BOS Server (bosserver) process, perform the following steps on the machine to be configured as a Gateway Server in the registry database. In the commands, password is the password of the DCE identity to which you - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 147
The DFS/NFS Secure Gateway Configuring Gateway Server Machines 4 Use the su command to become the local root user on the machine: $ su Password: root_password 5 Add a server key for the hosts/hostname/dfs-server principal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 148
: The DFS/NFS Secure Gateway Configuring Gateway Server Machines Configuring the Gateway Server Process To configure the Gateway Server (dfsgwd) process, perform the following steps on the machine to be configured as a Gateway Server. The steps assume that the BOS Server is already running on the - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 149
the DCE identity to which you are authenticated. dcecp> principal create hosts/hostnamedfsgw-server dcecp> account create hosts/hostname/dfsgw-server \ > -group susbsys/dce/dfsgw-admin -org none \ > -password password -mypwd password dcecp> exit 9 Use the su command to become the local root user on - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 150
/bin/dfsgwd The Gateway Server process is now fully configured on the machine. Configuring NFS Clients to Access DFS Once you have configured at least one Gateway Server machine according to the instructions in "Configuring Gateway Server Machines," you can configure your NFS clients to provide - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 151
authentication via the dfs_login command; follow the instructions in "Configuring a Client Without Enabling Remote Authentication." • If you configured your Gateway Servers so that users can issue the dfs_login command to authenticate to DCE, configure your NFS clients and enable DCE authentication - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 152
to DCE from the NFS client, simply perform the steps in "Configuring a Client and Enabling Remote Authentication" on the client. Configuring a Client and Enabling Remote Authentication If you configured your Gateway Server machines so that users can issue the dfs_login command to authenticate to - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 153
receives RPCs, udp is the protocol the service uses to communicate, and dlog is an alias for the dfsgw service. If you use an NIS Services map in your environment, you added an entry to the services map file when you configured the first Gateway Server process. You do not need to add the entry - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 154
in this manner. Accessing DFS from an NFS Client Once a Gateway Server machine and one or more NFS clients are configured according to the instructions in "Configuring Gateway Server Machine" and "Configuring NFS Clients to Access DFS", users of the NFS clients can access data in the DFS filespace - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 155
Security Service: • From an NFS client, enter the dfs_login command. (See "Authenticating to DCE from an NFS Client.") • From a Gateway Server machine, exist for the user in the /etc/passwd file on the machine configured as a Gateway Server and on each NFS client from which the user is to access DCE - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 156
Configuring Gateway Server Machines database. (On a DCE client, the passwd_export command can be used to keep /etc/passwd files current with respect to the registry database; see the OSF DCE Administration Guide the lifetime specified by the DCE Security Service. Once they expire, the tickets can - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 157
machine. By default, the command uses the hostname of the machine that exports /.... to the NFS client. Use this option to contact a different Gateway Server. -l hh[:mm] Specifies the lifetime to be assigned to the service ticket obtained with the command. Enter the lifetime as a number of hours - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 158
NOTE: The DFS/NFS Secure Gateway Configuring Gateway Server Machines dce_password Provides the DCE password of the specified user. If you do not specify a password, the command prompts for a password if one of the following is true: You name a user other than yourself; you name yourself and you do - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 159
and argument: -h hostname Specifies the hostname of the Gateway Server machine. By default, the command uses the hostname of the machine that administer authenticated access to DFS from a Gateway Server machine. Note that for NFS clients not configured to enable DCE authentication, the dfsgw add - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 160
The DFS/NFS Secure Gateway Configuring Gateway Server Machines the user. In addition, password if you name a principal other than yourself. -af address_family Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 161
dfsgw query command determines whether a specific user is authenticated to DCE via the Gateway Server machine. The command can be issued either by the user whose authentication is to be determined or by a user who is logged in as the local root user on the machine configured as a Gateway Server. 161 - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 162
to be determined. -af address_family Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported, inet (Internet). For example, the following dfsgw query command determines whether the user ludwig is authenticated from - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 163
The DFS/NFS Secure Gateway Configuring Gateway Server Machines to DCE The dfsgw list command lists all users who are authenticated to DCE via the Gateway Server machine. The command lists all entries from the authentication table on the Gateway Server machine on which it is issued. If your - HP Visualize J5000 | hp enterprise file system: planning and configuring hp DCE/ - Page 164
The DFS/NFS Secure Gateway Configuring Gateway Server Machines 164
HP Enterprise File System
Planning and Configuring HP DCE/9000
Enhanced DFS Version 3.0
HP Part No.
B6863-IE002-E0302
Edition 1
© Hewlett-Packard Company, 2002. All rights reserved.