Mounting CERN DFS file system on linux¶
Mounting CERN DFS file system on linux
CERN uses Microsoft DFS file system for storing users and application data for Windows systems.
This documentation outlines the setup process allowing Linux clients to mount and access CERN DFS file system.
While the initial installation of required software is specific to CERN SLC6 Linux distribution, following configuration steps shall be applicable on any modern Linux platform, providing it features cifs-utils version 4.8.1 or newer and kernel version 2.6.38 or newer, or a patched cifs kernel module on older kernels (see the patch discussion here).
Software installation
As root on your fully updated (if in doubt, execute as root: yum update...) SLC6 system run:# yum install cifs-utils(As of SLC 6.3 - kernel 2.6.32-279.el6 an additional cifs kernel module is not needed, the in-kernel one works correctly)kernel-module-cifs-`uname -r`
Configuration
As root on your system:Please verify that your host keytab is valid:
# klist -kit should show output similar to:
Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 10 host/yourhost.cern.ch@CERN.CH 9 host/yourhost.cern.ch@CERN.CH 1 host/yourhost.cern.ch@CERN.CH(actual output may vary depending on when and how keytab was set)
Edit /etc/request-key.conf and add following lines at the end:
# added for CIFS create cifs.spnego * * /usr/sbin/cifs.upcall %k create dns_resolver * * /usr/sbin/cifs.upcall %kCreate mountpoint:
# mkdir /dfsCreate /etc/cron.d/host-kinit file with following content:
# This cron job will reacquire host credentials every 12 hours 01 */12 * * * root /usr/bin/kinit -k
Filesystem mount
Please choose one of the following two methods on your system.Mounting with other filesystems
Edit /etc/rc.local and insert there these lines:# Mount DFS /usr/bin/kinit -k /bin/mount /dfsEdit /etc/fstab and add at the end this line:
//cerndfs.cern.ch/dfs /dfs cifs noauto,nocase,sec=krb5,multiuser,uid=0,gid=0 0 0Next, execute:
# /etc/rc.localOn subsequent system reboots DFS will be mounted automatically.
Mounting with automounter
Edit /etc/auto.master and add following line:/dfs/ /etc/auto.dfsCreate /etc/auto.dfs with following content:
#!/bin/sh [ !`/usr/bin/kinit -k 2>&1 >> /dev/null` ] && echo " -fstype=cifs,sec=krb5,multiuser,user=0,uid=0,gid=0 ://cerndfs.cern.ch/dfs/&"Execute:
# chmod 755 /etc/auto.dfs
To finish the configuration please enable and restart the automounter:
# /sbin/chkconfig --levels 345 autofs on # /sbin/service autofs restartNote: The DFS filesystem is automounted: therefore until user accesses it nothing is visible under /dfs/: try ls /dfs/Users or ls /dfs/Applications to see the content.
Usage notes
- This method of accessing DFS requires a valid Kerberos host key - which can be allocated ONLY to systems on CERN network.
- User access to files requires a valid Kerberos ticket from CERN KDC, please check yours using: klist.
-
On some DFS mounts sometimes part of DFS hierarchy is not accessible showing: Object is remote error, to make the problem go away please either use ls /dfs/PROBLEMATIC/PATH/ (note trailing slash!) or cd /dfs/PROBLEMATIC/PATH/.(this problem seems to be solved in current SLC6 kernels). - Case sensitivity: DFS mount on Linux emulates Windows behaviour Files/Folders are case-sensitive upon creation, but case-insensitive for later access.
- User ownership and permissions on files/directories are shown as full root user permissions and root ownership:
ls -l /dfs/ total 140 drwxr-xr-x 1 root root 32768 Feb 9 14:41 Applications [...]
but actual access permisions are mapped correctly, if you create files these will be created with default Windows permissions in given folder. - Ownership/access mode changing using chmod/chown will not work on DFS files.
- Getting/setting ACLs for DFS is not supported with current kernels (do not try
cifsacl mount option it is buggy ...) - ...