Summary of Contents for Alfresco JLAN
-
Page 1: Installation Guide
Alfresco JLAN Server Installation Guide For Alfresco JLAN Server v6.0 Author: GK Spencer © Alfresco 2007-2011. All rights reserved... -
Page 2: Table Of Contents
1 Alfresco JLAN Server Overview..............3 2 The JLAN Server Applications..............4 2.1 Jar Files....................... 4 2.2 org.alfresco.jlan.app.JLANServer................5 2.3 org.alfresco.jlan.app.JLANServerService..............5 2.4 JLAN Server XML Configuration File................. 6 2.4.1 Server Configuration..................6 2.4.2 Global Configuration..................6 2.4.3 SMB Server Configuration................7 2.4.4 Cluster Configuration..................12 2.4.5 FTP Server Configuration................ -
Page 3: Alfresco Jlan Server Overview
Access control manager and access control rules • Quota manager • The JLAN Server kit contains a virtual filesystem driver class that maps to the local filesystem using the java.io.File class and a database filesystem that stores the filesystem structure in a database table with a custom file loader class used to load and save the file data. -
Page 4: The Jlan Server Applications
2 The JLAN Server Applications The Jar file supplied with the JLAN Server kit contains two fully functional server applications that use the SMB/CIFS, NetBIOS, FTP and NFS server components:- org.alfresco.jlan.app.JLANServer • Allows the JLAN Server to be started as a console application, or as an NT service. -
Page 5: Org.alfresco.jlan.app.jlanserver
To start as a console application use the following command line:- jlanserver -c jlansrv.conf The ServiceWrapper can also be used to run the JLAN Server as an NT service or daemon process. To install and start the JLAN Server as an NT service use the following commands:-... -
Page 6: Jlan Server Xml Configuration File
2.4 JLAN Server XML Configuration File The JLAN Server is configured using a simple XML file. A DTD is available in the kit to validate the configuration (jlanserver.dtd). The configuration is contained within the <jlanserver> section of the configuration file. -
Page 7: Smb Server Configuration
Server comment sent out as part of the host announcement and also returned by various server/workstation information requests. <comment>JLAN SMB Server</comment> <bindto>n.n.n.n</bindto> Specifies the network adapter to bind to if the host has multiple network adapters. If not specified the <bindto adapter=”...”/>... - Page 8 The ipv6 attribute enables native SMB support under Ipv6 sockets. The JLAN Server will bind to IPv4 and IPv6 sockets. To run the native SMB over TCP/IP protocol under...
- Page 9 The accept attribute can be used to restrict the clients that are allowed to connect to the server. This is useful if the JLAN Server should only be accessible from the local host. The lana attribute can be used to specify which NetBIOS LAN adapter the Win32 NetBIOS interface will use.
- Page 10 If not specified the default port of 138 will be used. <Win32Announce interval=”n”/> Enables host announcement via the Win32 Netbios API so that the JLAN SMB server appears under Network Neighborhood. The interval attribute specifies the announcement interval in minutes.
- Page 11 Memory pool allocations/deallocations PKTSTATS Dump memory pool statistics during server shutdown THREADPOOL Thread pool BENCHMARK Benchmarking STATECACHE File state cache OPLOCK Oplocks A sample SMB configuration section is shown below:- <SMB> <host name="JLANSRV" domain="STARLASOFT"> <broadcast>192.168.1.255</broadcast> <smbdialects>Core,LanMan,NT</smbdialects> <comment>JLAN SMB Server</comment> <bindto>192.168.1.2</bindto>...
-
Page 12: Cluster Configuration
2.4.4 Cluster Configuration The <cluster> section defines the global cluster configuration. The JLAN Server currently has clustered file state cache and debug interface classes which are based on the Hazelcast clustering code. The <cluster> configuration section allows a single Hazelcast instance to be used by multiple clustered filesystems and/or have debug output piped to a central server. - Page 13 <class>..</class> enable site specific extensions to the FTP server. The class must be specified, and must implement the </siteInterface> org.alfresco.jlan.ftp.FTPSiteInterface interface. Other configuration parameters may be specified as required. <keyStore> Path to the keys store file when FTPS is enabled.
- Page 14 FTP Debug Levels TIMING Request/response timing FTPS/SSL A sample FTP server configuration section is shown below:- <FTP> <bindto>192.168.1.2</bindto> <allowAnonymous/> <debug flags=”File,FileIO,Search,Error”/> </FTP>...
-
Page 15: Nfs Server Configuration
<class>...</class> to the mount and NFS servers. </rpcAuthenticator> The class must implement the org.alfresco.jlan.oncrpc.RpcAuthenticator interface. A default RPC authenticator that allows any client to access the RPC servers is used if no authenticator is specified. <disablePortMapperRegistrat Do not register the NFS and mount servers with a port ion/>... - Page 16 NFS Configuration received. If only a single value is specified it will be used for file I/O and file close timers. Two values may be specified, seperated by a ':'. The first value is the I/O timer and the second value is the file close timer, in seconds.
-
Page 17: Shares Configuration
The <shares> section defines the available virtual filesystems. Each virtual filesystem is associated with a driver class that provides the interface between the virtual filesystem and the core protocol servers. The JLAN Server Jar file contains two virtual filesystem drivers:- JavaFileDiskDriver •... - Page 18 The <driver> section must contain a <class>...</class> item to specify the driver class, for example:- <class>org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver</class> The <accessControl> sub-section contains the access control rules that are used to allow read or read/write access to the share, or to disallow access to the share.
- Page 19 Set the access depending on the callers domain name. This rule only applies to SMB/CIFS sessions. A sample access control block is shown below :- <diskshare name="TESTAREA"> <driver> <class> org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver </class> <LocalPath>N:\TestArea</LocalPath> </driver> <volume label="TESTLABEL"/> <size totalSize="2T" freeSize="100G"/> <accessControl default="Read">...
-
Page 20: Javafilediskdriver Configuration
The <driver> sub-section configuration parameters are shown below:- JavaFileDiskDriver Configuration <LocalPath>...</LocalPath> Specifies the local path to map the virtual filesystem to. A sample JavaFileDiskDriver share configuration section is shown below:- <shares> <diskshare name=”JLAN” comment=”Test share”> <class> org.alfresco.jlan.smb.server.disk.JavaFileDiskDriver </class> <LocalPath>R:\JLAN</LocalPath> </diskshare>... -
Page 21: Dbdiskdriver Configuration
The loader class is org.alfresco.jlan.server.filesys.db.DBFileLoader. The DBDiskDriver can use the clustered file state cache to allow multiple JLAN Servers to operate as a cluster, where file locks, access mode checks and updates are implemented between the cluster members. - Page 22 DBDiskDriver Configuration rather than deleting them from the database. <QuotaManagement/> Enables quota management for this share. Disk quotas are enforced using the disk size value set via the <size ...> configuration value. <RetentionPeriod> Enables file/folder retention. The configuration value specifies the retention period as the number of days. </RetentionPeriod>...
- Page 23 The clustered state cache has the following configuration values :- Clustered State Cache Configuration <fileStateExpire> Specifies the file state expiry interval, in seconds. This is the number of seconds a file state may be held in the </fileStateExpire> state cache after the file has been closed by the last referencing session.
- Page 24 RENAME Rename state FILEDATAUPDATE File data updates FILESTATUS File status changes (exist/not exist)
-
Page 25: Databaseinterface Configuration
2.4.7.2.1 DatabaseInterface Configuration The database interface classes included in the JLAN Server kit have the following configuration parameters :- DatabaseInterface Configuration <DSN>...<DSN> Specifies the datasource that holds the JLAN Server database tables. The required database tables will be created if they do not exist. -
Page 26: Fileloader Configuration
The DBFileLoader has the following configuration parameters:- JDBCFileLoader Configuration <class>..</class> Specifies the file loader class, which must be an implementation of the org.alfresco.jlan.smb.loader.FileLoader interface. For the JDBCFileLoader the class is org.alfresco.jlan.smb.disk.jdbc.JDBCFileLoader. <FragmentSize> Specifies the maximum size of file data to be stored per blob. - Page 27 JDBCFileLoader Configuration <load_threads>:<save_threads>. The default number of worker threads is 4. <TempDirectory> Specifies the local directory to be used to cache the file data whilst the file is being accessed. </TempDirectory> <MaximumFilesPerDirectory> Specifies the number of temporary files to store per sub- directory within the temporary file cache area.
- Page 28 JDBCFileLoader Configuration The default value is 0 (no compression). <KeepJars/> Indicates that the generated Jar files should not be deleted from the temporary cache are after they have been saved by the file loader. This setting is useful for testing purposes. <Debug/>...
-
Page 29: Sample Configurations
2.4.7.2.3 Sample Configurations This section contains sample filesystem configurations using the database interface and file loader implementations available in the JLAN Server kit. The following sample configuration uses a Cloudscape/Derby database to hold the filesystem structure details and stores the file data and directory structure on the local filesystem, at N:\DerbyFileSys. - Page 30 <ConnectionPool>10:20</ConnectionPool> <FileSystemTable>filesys</FileSystemTable> <StreamsTable>filestrm</StreamsTable> </DatabaseInterface> <FileLoader> <class>org.alfresco.jlan.server.filesys.db.DBFileLoader</class> <ThreadPoolSize>6:2</ThreadPoolSize> <TempDirectory>N:\mysqlcTemp\</TempDirectory> <MaximumFilesPerDirectory>1000</MaximumFilesPerDirectory> <SmallFileSize>100K</SmallFileSize> <FilesPerJar>500</FilesPerJar> <SizePerJar>1000K</SizePerJar> <JarCompressionLevel>9</JarCompressionLevel> </FileLoader> </driver> </diskshare> The following sample configuration uses an Oracle database to hold the filesystem structure, load/save queues and file data. The file data is stored using BLOB fields.
- Page 31 <FileLoader> <class>org.alfresco.jlan.server.filesys.db.DBFileLoader</class> <ThreadPoolSize>6:2</ThreadPoolSize> <TempDirectory>N:\oracleTemp\</TempDirectory> <MaximumFilesPerDirectory>1000</MaximumFilesPerDirectory> </FileLoader> </driver> </diskshare> The following sample configuration uses a mySQL database in a clustered configuration to hold the filesystem structure, load/save queues and file data. The file data is stored using BLOB fields. The configuration enables the packing of small files into Jar files which are then stored as a single file within the database.
- Page 32 <SmallFileSize>100K</SmallFileSize> <FilesPerJar>500</FilesPerJar> <SizePerJar>1000K</SizePerJar> <JarCompressionLevel>9</JarCompressionLevel> </FileLoader> <stateCache type=”cluster”> <clusterName>MySQLCluster</clusterName> <clusterTopic>MySQLTopic</clusterTopic> <nearCache timeout=”10”/> <cacheDebug flags=”Expire,FileAccess”/> </stateCache> </driver> </diskshare>...
-
Page 33: Security Configuration
The authentication is performed by a class derived from the org.alfresco.jlan.smb.server.Authenticator abstract class. If no authenticator is specified the default authenticator is used that allows access to any user. The JLAN Server Jar contains two authenticator implementations:- org.alfresco.jlan.jlansrv.LocalAuthenticator • Uses user accounts defined in the configuration file to provide protected access to the virtual filesystems. -
Page 34: Localauthenticator
Multiple <rule> blocks may be specified. A sample <accessControlManager> sub-section is shown below :- <accessControlManager> <class>org.alfresco.jlan.server.auth.acl.DefaultAccessControlManager</class> <debug/> <rule>org.alfresco.jlan.server.auth.acl.DomainAccessControlParser</rule> </accessControlManager> 2.4.8.1 LocalAuthenticator The org.alfresco.jlan.server.auth.LocalAuthenticator Authenticator implementation uses a list of users defined in the configuration file to control access to the JLAN... - Page 35 Server virtual filesystems. The <users> sub-section has the following parameters:- Users Configuration <user name=”..”> Defines a user account on the JLAN Server. <password>..</password> Defines the password for this user. For the org.alfresco.jlan.server.auth.LocalAuthenticator class the password is expected to be in plain text.
-
Page 36: Passthruauthenticator
</users> </security> 2.4.8.2 PassthruAuthenticator The org.alfresco.jlan.server.auth.passthru.PassthruAuthenticator Authenticator implementation uses a domain controller or other network server to authenticate the user connecting to the JLAN Server virtual filesystems. Passthru Authenticator <class>...</class> Specifies the authenticator class. Use org.alfresco.jlan.server.auth.passthru.PassthruAuthenticato r for the passthru authenticator. -
Page 37: Enterprise Authenticator
</class> <mode>USER</mode> <Domain>STARLASOFT</Domain> </authenticator> </security> 2.4.8.3 Enterprise Authenticator The org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator Authenticator implementation provides support for newer CIFS authentication types such as NTLMSSP, SPNEGO, NTLMv2 and Active Directory/Kerberos. Enterprise CIFS Authenticator <class>...</class> Specifies the authenticator class. Use org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator for the enterprise authenticator. -
Page 38: Share Mapper Configuration
2.4.10 Drive Mappings Configuration The <DriveMappings> section defines local drive mappings that will be added when the JLAN Server SMB/CIFS server starts. This can be useful when using the JLAN Server to provide custom filesystems to the local host. The drives are mapped after the SMB/CIFS server component has started and removed as the SMB/CIFS server shuts down. -
Page 39: Debug Configuration
DriveMappings Configuration The interactive parameter specifies whether a dialog is displayed to prompt for a username and password if the default or supplied credentials cannot logon to the JLAN Server. The prompt parameter specifies that the username/password dialog is displayed before the connection attempt is made. -
Page 40: Cluster Debug Configuration
2.4.11.1 Cluster Debug Configuration When running with filesystems that are using a cluster configuration, or to send output from multiple standalone JLAN Servers to a central logging server, the ClusterDebug class is used. The cluster debug implementation uses the Hazelcast code to provide the underlying cluster connection with other nodes. - Page 41 A sample cluster debug configuration section is shown below, sending local output to the console, and acting as the central debug logger for the cluster:- <debug> <output> <class>org.alfresco.jlan.debug.cluster.ClusterDebug</class> <debugTopic>AlfrescoJLANDebug</debugTopic> <receiveOnly/> <localOutput> <class>org.alfresco.jlan.debug.LogFileDebug</class> <logFile>jlansrv.log</logFile> <append/> </localOutput> </output> </debug>...
-
Page 42: Deploying The Smb/Cifs Server On Windows
3 Deploying The SMB/CIFS Server On Windows The Windows SMB/CIFS server is integrated into the core Windows networking services and is usually enabled by default, to allow access to the IPC$ named pipe and admin shares (C$, D$ etc.). Windows uses two underlying protocols to access the SMB/CIFS server, native SMB and NetBIOS over TCP/IP. -
Page 43: Jlan Server Smb/Cifs Implementation
The followng SMB/CIFS XML configuration section is the minimum configuration required to enable JLAN Server native SMB/CIFS support :- <SMB> <host name=”JLANSRV” domain=”ALFRESCO”> <tcpipSMB/> </host> </SMB> The JLAN Server native SMB/CIFS session handler may also be bound to a particular network address :- <SMB> <host name=”JLANSRV” domain=”ALFRESCO”> <tcpipSMB/> <bindto>192.168.1.2</bindto>... -
Page 44: Netbios Over Tcp/Ip
Windows requires that either the Windows TCP/IP NetBIOS support is disabled on a network adapter or the localhost/127.0.0.1 address is used. The localhost/127.0.0.1 address is only useful if you are using the JLAN Server to provide a filesystem that is accessible locally. -
Page 45: Win32 Netbios
</host> </SMB> 3.3.3 Win32 NetBIOS The Win32 Netbios API allows the JLAN Server code to use the Windows NetBIOS over TCP/IP code to publish the server name, accept incoming sessions and announce the server to Network Neighborhood. Using the Win32 Netbios API allows the JLAN Server to co-exist with the Windows file server without requiring changes to the network configuration. - Page 46 <SMB> <host name=”JLANSRV” domain=”ALFRESCO”> <Win32NetBIOS/> <Win32Announce interval=”5”/> </host> </SMB>...
-
Page 47: Enterprise Authentication Setup
This section details how to setup an account under Active Directory for use by the JLAN CIFS server. 1. Create a user account for use by the JLAN CIFS server using the Active Directory Users and Computers application. Use the Action->New->User menu, then enter the full name, such as 'JLAN Server CIFS', and the user logon name, such as 'jlanservercifs'. - Page 48 NetBIOS/short name versions of the SPNs. Use the setspn -l <account-name> command to check if the ktpass command set the SPN. 4. Copy the cifs.keytab file to the server where the JLAN Server will run. Copy the file to a protected are such as C:\etc\ or /etc.
- Page 49 Where <Password> is the account password from step 1. To help diagnose problems with the Kerberos/Active Directory setup you can enable debug output from the Java security APIs by defining the following property on the command line of the JVM :- -Dsun.security.krb5.debug=true...
Need help?
Do you have a question about the JLAN and is the answer not in the manual?
Questions and answers