17-9-2007
PC install
we got a pc from upstairs.
DHCP was already configured.
AFS profile copied, but was not working, with errors
""
root@pcitgd10# /afs/usr/local/etc/ccdbuser dfrodrig
Fatal error, ccdbinfo returned:
SELECT
ORA-00942: table or view does not exist
""
after browsing,
http://linux.web.cern.ch/linux/redhat6/install/step_by_step.html
http://linux.web.cern.ch/linux/redhat6/laptop/#TOC19
concluded a home directory should be created:
http://linux.web.cern.ch/linux/redhat6/laptop/#TOC9
therefore:
root@pcitgd10# ccdbuser -home /home/dfrodrig dfrodrig
~
root@pcitgd10# /usr/sbin/pwconv
~
root@pcitgd10# passwd dfrodrig
Changing password for user dfrodrig.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
~
root@pcitgd10# ssh dfrodrig@pcitgd10
dfrodrig@pcitgd10's password:
Last login: Mon Sep 17 10:51:11 2007
/usr/bin/X11/xauth: creating new authority file /home/dfrodrig/.Xauthority
not sure yet if everything is working properly. ( when logging with my local account is afs certificate immeadiately available? )
18-9-2007
For having myself authenticated in lxplus ( no need to type the password over and over ), I need to have a kerberos initialization, issuing the command:
'kinit'
Moreover, there was a sync problem related to time unphasing. Localhost and server were not within the same timeframe therefore. NTPD was not installed, and this was done by using
ncm-ncd (Node Configuration Dispatcher of the Node Configuration Manager subsystem.) [ncm-ncd --list add ntpd as not activated]
After that, authentication worked. Home directory when logging now redirects to the afs home directory;
[unsolved] Still to solve, verify why the authentication doesn't work the other way around: when logged on lxplus, I can't login automatically to my local machine(pcitgd10).
Next tasks, get a Grid certificate, and access cvs repository.
Yum is the automatic updater in use for machine configuration. (http://linux.web.cern.ch/linux/scientific3/docs/softwaremgmtyum.shtml)
11:52 Have E-mail! Changes password, and issued a request for Cern certificate:
bash-3.00$ pwd
/afs/cern.ch/user/d/dfrodrig/private
bash-3.00$ openssl req -new -out myrequest.csr
Generating a 1024 bit RSA private key
...............++++++
................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH
State or Province Name (full name) [Berkshire]:Geneva
Locality Name (eg, city) [Newbury]:Meyrin
Organization Name (eg, company) [My Company Ltd]:CERN
Organizational Unit Name (eg, section) []:IT-GD
Common Name (eg, your name or your server's hostname) []:Daniel Rodrigues
Email Address []:daniel.rodrigues@cern.ch
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Mother's Maiden Name
An optional company name []:
bash-3.00$ ls
id_dsa identity id_rsa myrequest.csr privkey.pem
bash-3.00$ vi myrequest.csr
bash-3.00$ vi myrequest.csr
bash-3.00$ pwd
/afs/cern.ch/user/d/dfrodrig/Desktop
bash-3.00$ ls ../private/
id_dsa identity id_rsa myrequest.csr privkey.pem
bash-3.00$ openssl pkcs12 -export -inkey ../private/privkey.pem -in newcert.cer -out myCertificate.pks
Enter pass phrase for ../private/privkey.pem: /* tainada Process caps */
Enter Export Password: /* Igreja Process caps */
Verifying - Enter Export Password:
No comments:
Post a Comment