We have a new file server which will slowly be replacing the H:/ drive (geo_workspace) and the various Mac-shared workpaces (geodynes 1-6). The machine is named Epidote, and is accessible from both the macs (via the chooser) and PC's (via a drive letter).

Before you start using this server, there are a few things you need to know about file names, and what won't work on the file server. So be sure to read File Name Issues before using the server.

The File Server will have two separate areas: a "public" area, much like Geo_workspace has been, where people can put temporary files, or files that need to be shared within a class or between people. This area will be regularly cleaned out, with stuff deleted, and won't be regularly backed up. Then there will be "private" areas, which will be accessible only to one person, where people can keep files long-term, and is regularly backed up, with the backups kept off-site for disaster recovery purposes. These private areas will also be secure, as secure as they can be made on an internet connected machine, so private or confidential data, with appropriate forethought, can be stored here. No internet connected computer is absolutely safe from being attacked.
These private areas will have a quota system in place, to be determined as the usage of the file server is determined. So this is a place to store data, but not back up your entire system. Quotas are maliable, so requests for more space will be honored, within reason.

Anyone in the department, or in the outlying buildings, should be able to access the "Public" area, with the standard departmental username and password. (If you don't know what this is, contact System Administrator, and she'll let you know). For private space, see System Administrator. If you can't access the server from outside Pillsbury, contact System Administrator. She'll specifically need to know the IP address from which you are connecting.

Never, ever name a file or a directory "core". This is a name used by unix machines for files that are created when something goes drastically wrong, and are deleted on a regular basis without being examined first.

More things to keep in mind:

• Unix machines do not like spaces in their file names. It's much safer to call a file long_file_name.doc than it is to call it   long   file   name.doc
• Don't use special characters, such as
  ! # $ % ^ & * = ? " / \ : | > <
  because these have special meanings to the operating systems. Acceptable and encouraged symbols to use are:
  - _ and not much else. Try to stay with letters and numbers.
• Do not start your file name with a period (or dot). These file names have special meanings to the operating systems, and the file server is set to hide them from the Macs and PCs. So if you put such a file on the file server, you'll probably never "see" it again. Using periods (or dots) before extentions is okay. So file.doc is acceptable   .file.xls is not. (If you do this by accident, the file can be recovered from the unix side)
• Unless you have specific need for it, do not use uppercase. This is because Macs and Unix machines are case sensitive, so the file BadFile.doc is not the same file as badfile.doc, but on PC, which is not case sensitive, these would be considered the same file, and so one would overwrite the other. Also, staying in lower case is a good idea for web page names.
• Use extensions. Especially if you move use files on both Macs and PCs. By this I mean the .doc section of the file above. PCs use the extensions to determine which application to open the file with, and it also makes it much easier to determine on the mac which application to use, if the Mac can't figure it out. Some common extensions:
  .doc - Microsoft Word Document
  .xls - Microsoft Excel Document
  .ppt - Powerpoint document
  .ai - Illustrator document
  .psd - Photoshop document
  .gif .bmp .jpg or .jpeg .tif - various image file formats
  .html .htm - web pages
  A more comprehensive list can be found at Camalott.com, but the list is organized such that you search on the extension, not on the application.

To connect from a Mac

• The University of Minnesota no longer uses Appletalk (as of sometime in 2003). So the list of machines on the right of the chooser will no longer show up.

  

  Choose AppleShare in the left panel, and then click on the Server IP Address ... button in the lower right hand corner of the dialog.

  

  Type in the server name or the IP address, and click Connect. The login screen will appear:

  

• If you want to access the "Public" space, enter the standard username and password.
  If you want to access your own directory, enter your username and password.

  Make a note of the line below the Password box. If it says:
  Encrypted Password Transport or 2-way encrypted Password you're in good shape. If it doesn't, if it says ( Cleartext ) , let System Administrator know, and she'll come and update your computer a bit. It will still be able to connect, but this is something that won't be supported for long, because of security concerns (see "Sniffing" on the VPN/SSH page)

• If you're logging in as the general account, you'll get a screen that looks like this:

  

  Both "public" and "Public FileShare" are the same public directory, this is a configuration thing. Choose one, and click "OK", and an icon should show up on your desktop.

• If you want to log into your directory, and have input your username and password, you'll get a screen that looks like this:

  

  From here you can either log into your own directory (which will be your username), or you can log into public. Please be aware: If you log into public as yourself, with your userame and password, this will change how the permissions are created on the files you deal with in "Public" and this may cause problems. So it's generally better to log into "public" as the standard username.

  Once you're logged in, the icon will probably appear as one of these three icons, depending on various things:

  

There are, as of 5/22/01, a few known problems with the the program (netatalk) that shares files between the macs and the unix server. These shouldn't affect most users, but you should be aware of them. These are actively being fixed by those who write this software.

• Shortcuts or Aliases to specific directories in "Public" may randomly change what they connect to. Yes, that sounds bizarre, but it has to do with the differences in how Macs and Unix machines keep track of directory names. So for now, don't create shortcuts thaat refer to your directory on "public", just shortcut "Public" itself.
• If you are copying massive amounts of files to and from Epidote from your computer, there might be some problems. By massive I mean hundreds or thousands of files and directories at a time, or hundreds of megs of data. If you keep your transfers small, you should be fine.

The Geodyne workspaces are simply folders on the macs in the lab which are set to be shared. Many of you have had problems with this setup, for instance when the computer on which your files reside is turned off, or when it crashes when you're accessing files from elsewhere. So to resolve this, I'm going to be moving all of the Geodyne files over to Epidote in the coming weeks. As I do this, I will put up a dialog to display when you try to log into the old Geodyne machine with the choose in the normal matter. This dialog will look something like this:

When you hit "OK" you will be automatically be sent to the new files on Epidote.

The old files will be kept on the old machines in case of emergency, but won't be accessible via the chooser. Please see System Administrator if you need them. But everything should be on Epidote, this is just if something goes drastically wrong with Epidote.

Connecting from Off-Campus

For Macs, this is MacSSH or NiftyTelnet. I recommend MacSSH, because you can also run FTP across it. See Setting Up SSH and FTP Port Forwarding (Mac Version)

For PC's, you can either use Teraterm Pro with the SSH plug-in (ttssh.exe), see Setting up SSH and FTP Port Forwarding (WIndows Version), or use WinSCP (directions for WinSCP will also be on the SSH port forwarding page soon.)

Why do I need another account?

But why?

"Single Sign-on" account solutions, a setup where a person only has one username and one password, and only has to log in once to access everything, is sort of the holy grail of networking and security. A few places have come close, but the entire computer structure has to agree to one format, and the University of Minnesota has not gotten that far yet. But we're getting closer. In the Geology and Geophysics department, the tools needed to reduce the number of accounts all seem to be "in production." The progress of those tools is being followed closely.

You only need another account if you want to take advantage of the private storage space. If you're happy with "Public" and are okay with files being cleaned out of there on a regular basis, then you don't need another account.

The reason the file server can't use the same accounts as the University e-mail accounts is complicated, but basically it comes down to different authentication schemes. But System Administrator is still exploring this possibility.

The file server also cannot use the same accounts as the printing server, because of authentication differences. The Print Server is a Windows NT machine, and the file server is running OpenBSD, which is the most secure unix there is, by default.
Those who have played with the free unixes before, might know about PAM's. They don't currently work on OpenBSD for security reasons, but this is being worked on.

As for why we need different accounts than the unix machines we already have, this is harder to explain, and possibly the easiest to fix. Again, it's being worked on.