The following additional prerequisites must be met before a File Server machine can begin to export aggregates or partitions:
· The BOS Server (bosserver process) must be running on the machine.
· A keytab file and a server encryption key must exist on the machine.
· The dfsbind process must be running on the machine.
· The fxd process must be running on the machine.
· The Fileset Server (ftserver process) must be running on the machine.
· The Replication Server (repserver process) must be running on the machine, if the machine is to house read-only DCE LFS filesets.
The following procedure provides instructions for starting these processes and generating a key. The instructions assume that the dcecp keytab create command has already been used to create a keytab file on the machine.
1. Log in as root on the machine.
2. Start the BOS Server (bosserver process) on the machine with the bosserver command, using the -noauth option to disable DFS authorization checking on the server machine. (See Using Administrative Lists and Keytab Files for a thorough description of DFS authorization checking.) The process automatically creates the admin.bos file when it starts.
# bosserver -noauth
The -noauth option starts the bosserver with DFS authorization checking turned off.
3. Use the bos addadmin command to add the necessary administrative users and groups to the admin.bos file. Make sure you are included in the list of users or groups added to the list. You must use the -noauth option to use the identity nobody as the identity of the issuer of the command.
# bos addadmin -server machine -adminlist admin.bos [-principal name...] [-group name...] -noauth
The -adminlist admin.bos option specifies that principals and groups are to be added to the admin.bos list on the machine indicated with the -server option.
The -principal name option specifies the principal name of each user to be added to the admin.bos list. A user from the local cell can be specified by a full or an abbreviated principal name (for example, /.../cellname/username or just username); a user from a foreign cell can be specified only by a full principal name.
The -group name option specifies the name of each group to be added to the admin.bos list. A group from the local cell can be specified by a full or an abbreviated group name (for example, /.../cellname/group_name or just group_name); a group from a foreign cell can be specified only by a full group name.
The -noauth option directs the bos program to use the unprivileged identity nobody as the identity of the issuer.
4. Add a server encryption key to the keytab file on the machine with the bos genkey command, again using the -noauth option. (See Using Administrative Lists and Keytab Files for complete details about managing a keytab file.)
# bos genkey -server machine -kvno version_number -noauth
The -kvno version_number option is the key version number of the new key. Valid arguments for this option are decimal integers from 0 (zero) to 255.
The -noauth option directs the bos program to use the unprivileged identity nobody as the identity of the issuer.
5. Enable DFS authorization checking on the machine with the bos setauth command, once again using the -noauth option.
# bos setauth -server machine -authchecking on -noauth
The -authchecking on option enables DFS authorization checking by removing the NoAuth file from the machine specified with the -server option.
The -noauth option directs the bos program to use the unprivileged identity nobody as the identity of the issuer.
6. Start the dfsbind process on the machine.
# dfsbind
7. Start the fxd process to initialize the File Exporter in the kernel of the machine. Specify the name of the proper administrative group with the -admingroup option. (See Using ACLs and Groups for more information about using administrative groups.)
# fxd -admingroup group
The -admingroup group option specifies the group that can administer the File Exporter on the machine. A group from the local cell can be specified by a full or an abbreviated group name (for example, /.../cellname/group_name or just group_name); a group from a foreign cell can be specified only by a full group name. (You may add any other applicable options; see the Transarc DCE DFS Administration Reference for complete information about the fxdprocess ).
8. Log out as root from the machine to return to your authenticated DCE identity.
9. Start the Fileset Server (ftserver process) with the bos create command. (See Monitoring and Controlling Server Processes for complete information about starting a server process.) The admin.ft file is created automatically when the process starts.
$ bos create -server machine -process ftserver -type simple -cmd dcelocal/bin/ftserver
The -server option names the server machine on which to create the new process. The BOS Server on this machine executes the command. If you want to run this command using a privileged identity, specify the File Server machine using the full DCE path name. If you want to run this command using the unprivileged identity nobody (the equivalent of running the command with the -noauth option), specify the File Server machine with either the machine's host name or IP address.
The -process ftserver option specifies that the process to be created and started is to be identified by the name ftserver.
The -type simple option specifies that the ftserver process is to be a simple process.
The -cmd /dcelocal/bin/ftserver option provides the full path name to the binary file for the ftserver process.
10. Use the bos addadmin command to add the necessary administrative users and groups (and possibly server machines) to the admin.ft file.
$ bos addadmin -server machine -adminlist admin.ft [-principal name...] [-group name...]
The -server option names the server machine that houses the administrative list to which principals, groups, or both are to be added. The BOS Server on this machine executes the command. If you want to run this command using a privileged identity, specify the File Server machine using the full DCE path name. If you want to run this command using the unprivileged identity nobody (the equivalent of running the command with the -noauth option), specify the File Server machine with either the machine's host name or IP address.
The -adminlist admin.ft option specifies that principals and groups are to be added to the admin.ft list on the machine indicated with the -server option.
The -principal name option specifies the principal name of each user or server machine to be added to the admin.ft list. A principal from the local cell can be specified by a full or an abbreviated principal name (for example, /.../cellname/username or just username); a principal from a foreign cell can be specified only by a full principal name.
The -group name option specifies the name of each group to be added to the admin.ft list. A group from the local cell can be specified by a full or an abbreviated group name (for example, /.../cellname/group_name or just group_name); a group from a foreign cell can be specified only by a full group name.
11. Start the Replication Server (repserver process) with the bos create command. No administrative list is associated with the repserver process.
$ bos create -server machine -process repserver -type simple -cmd dcelocal/bin/repserver
The -server option names the server machine on which to create the new process. The BOS Server on this machine executes the command. If you want to run this command using a privileged identity, specify the File Server machine using the full DCE path name. If you want to run this command using the unprivileged identity nobody (the equivalent of running the command with the -noauth option), specify the File Server machine with either the machine's host name or IP address.
The -process repserver option specifies that the process to be created and started is to be identified by the name repserver.
The -type simple option specifies that the repserver process is to be a simple process.
The -cmd /dcelocal/bin/repserver option provides the full path name to the binary file for the repserver process.
12. After the Fileset Server process is started, use the fts statftserver command to verify that the process is performing requested actions. This command is useful mainly if you believe the process is not functioning properly.
$ fts statftserver -server machine
The fts statftserver command displays the message No active transactions on machine if the Fileset Server is functioning properly. It displays additional information if the Fileset Server is currently performing an action. Depending on the information displayed, the Fileset Server may or may not be functioning properly.