Welcome to our Support Center
< All Topics
Print

CIFS access to ERIS volumes

The NFS automount of ERIS volumes under /autofs/eris has proven problematic for many reasons.  There is a different access method that uses the Windows CIFS protocol rather
than the NFS protocol. It also requires use of something called Kerberos
tickets which are time limited access tokens and therefor introduce complications of your access expiring if not renewed in time (possibly killing running jobs).

Here are key points to keep in mind:

  1. this will only work on personal accounts that are directly tied to Partners accounts (no special or shared lab accounts)
  2. this will only work if you have an ERIS account that lets you ssh login to erisone.partners.org and access the volume(s) under /data/… so try this and test it. If you don’t, apply at the ERIS cluster account request site.
  3. you cannot use this method on launchpad/MLSC for jobs on nodes as there is no way to do Kerberos tickets via batch submission systems
  4. when the ticket expires, you will get Permission denied on any access to the ERIS volume till you re-kinit the ticket
  5. if your Partners user ID does not match your Marintos user ID, you will see Partners name or just numbers as the user/owner when you do commands like ‘ls’

Here is how it works.  Please, you really need to read all the way to the bottom of this:

  1. Log into a Martinos CentOS box.
  2. Run ‘klist’ to see if you already have a ticket on that box. If you do, you can skip to #4 but if the expires date/time is soon I suggest you go ahead and do step #3.
  3. Run ‘kinit <partnersusername>’ and give it your Partners password. For example:
    pinto[0]:~$ kinit per2
    Password for per2@PARTNERS.ORG: ************
    pinto[0]:~$ klist
    Ticket cache: FILE:/tmp/krb5cc_5829
    Default principal: per2@PARTNERS.ORG
    
    Valid starting Expires Service principal
    05/22/2018 10:06:49 05/22/2018 20:06:44 krbtgt/PARTNERS.ORG@PARTNERS.ORG
    renew until 05/29/2018 10:06:44
    
  4. Assess your ERIS volume under /autofs/cifs/
  5. Make sure to rerun kinit before it expires in 24 hours if you still need access.

Yes, this is complicated.  On your group systems that you will be using this procedure consistently I can setup services that will auto renew your ticket for up to 7 days from the first kinit.  It will also reset the 7 days every time you login to the box where you give a password (beware using ssh pubkey passwordless login will bypass this).

 

Table of Contents