Frequently Asked questions
(Latest
update 13-11-2019 10:00)
INFN
Organizational Unit of Cagliari
|
Computing and
Networking service
|
Head of
Service Antonio Silvestri (0706754980/8) sysman@ca.infn.it |
This is a
collection of questions and answers, not exhaustive, regarding the use
of IT resources in the INFN organizational unit in Cagliari. For
briefness I refer to it with the term "Sezione di Cagliari" or
more briefly with the term "Sezione". You can also find the
acronym CCR which is the National INFN Computing & Networking
Committee.
********
Due to lack of staff, this page has not been updated since November 13,
219. Updated
Italian version ******
Legal Notices:
How can I request access to the INFN
Sezione di Cagliari computer resources?- In
order to gain access to the Sezione di Cagliari computing services,
first of all you must go to the INFN secretariat (Sig.ra Dessi) and
register as a Guest or Associate. Guests are those who are not
associated and use the IT infrastructures of the Institute. Then you
have to fill in the appropriate online form on the website www.ca.infn.it (
Tab
Quick links->Account Request
) in
ALL its parts. The printed form must be signed by you, your supervisor
and by the Director.
Finally hand it over to the Computing and Networking service manager.
By submitting this form all the obligations and conditions contained in
the document Regulation for the use of
IT resources in the INFN are accepted.
You will receive an email at the alternative address you specified to
set your password. Then, to finalize the account creation, you
must connect to the public server lxca.ca.infn.it
to
verify your password. For example:
ssh
username@lxca.ca.infn.it ( you must provide the password you chose)
The computer lxca.ca.infn.it
and
most services are only visible from within the local network of the
Institute. To access from outside (home, CERN, etc.) you have to
first access the computer Mizar.ca.infn.it
from this
host you have complete visibility of all services.
What is SSH?
- SSH stands for Secure
Shell
and identifies a communication protocol on an encrypted connection.
In practice, a program that is used to connect to local or
remote computers. For Linux, the command
ssh
is
recognized by default, for Windows
there are various packages with a graphical interface (for example:
Putty). For Mac
the command is available using application terminal.app
.
How do I request an IP address ? - To
obtain an IP number for any network device (desktop, printer, or any
other object that is connected to the local network) that is not a
handset, you must fill in the "Request
for a IP Number" form and submit it to the Computing and
networking service. Under no circumstances will it be possible to grant
a standalone IP address without being authorized. ( As
required by section 6, point 3 of the Regulation
for the use of IT resources in the INFN )
- If you do not know what is an IP address
you can consult Wikipedia.
In this case, I would recommend reading the information
regarding DNS
and MAC
Address.
- Please note that all mobile devices
(laptops, tablets, phones, etc.) must use the wireless network
that is published on the network with the names:
-
eduroam o INFN-dot1x
.
-
- This rule may be waived when wi-fi coverage is not sufficient,
inefficient or absent. In this case you need to know the "MAC
address " of your network interface. On Windows operating
systems, you must type the command
"ipconfig /all"
in a command
prompt window that opens by clicking in Start-->Accessories->Command
Prompt
.
- The result of this command provides a list of network interfaces. For
cable connection find the section Ethernet adapter [Local Area
Connection o Ethernet] line,
in the Physical Address line there are 6 alphanumeric
characters divided by": ", this is the string to be transcribed in the
module.
- If a Linux distribution is installed on the laptop, the command to be
done (in most distributions) from the terminal window is "
/sbin/ifconfig
-a
" in the resulting list of network interfaces, you must look
for (usually) an entry of the eth0
or ensxxx
type at which you will find the entry HWaddr
followed by the MAC Address.
- How do I change my login password ?
- You can change you
credentials only through the link present on the right side of our
website www.ca.infn.it.
If you need a password RESET because you no
longer remember it send an email to sysman@ca.infn.it
.
- How do I use e-mail?
- E-mail is one of the basic
services of the Sezione di Cagliari and can be accessed in a variety
of ways. There are several types of clients
that can connect to our mail server: Outlook,
Mozilla/Thunderbird, Pine/Alpine
so much to mention the most used ones. In addition,
one of the many web browsers ( Internet
Explorer, Chrome, Firefox, Safari, Opera,
etc.) can also be used
by
clicking on the webmail item on the horizontal bar on the
home page
of our site.
- The (usually sufficient)
configuration parameters for the aforementioned clients
are as follows:
- Protocol :
IMAP
- Incoming server
:
imapca.ca.infn.it
Port
: 143
Security
: (START)TLS¹
( Default
SSL can be used )
- Folder :
mail
( this is usually the folder name in
your home directory where the mails reside
)
- Outgoing server
:
mbox.ca.infn.it
Port
: 587
Security
: (START)TLS¹
( Default
SSL can be used )
- Also remember that in all "clients" (also called the Mail
User Agent) the sender's address
has to be defined otherwise there will be communication problems.
- Please note that attachments
that exceed 20MB and list of recipients greater than 100 are not
allowed. It is recommended that you organize mails immediately after
reading them in auto-explanatory folders and you are not advised to
keep an abnormal number of messages in the Arrival area (INBOX).
- (¹) For mobile devices,
when possible, choose (START) TLS in the variant "accepts all
certificates"
WARNING: It is strongly discouraged to enable
automatic mail forwarding usually through the
file .forward
that is created in the user's home root. This practice generally
involves the transfer of information to entities other than the INFN
which is generally not permitted. It also poses problems of
increasing spam. In the future this practice could be specifically
prohibited.
- How do I create mailing
lists?
- There is a national SYMPA
(
mailing list server
)
shared management system available for
all the OU of INFN to which you can access with the address
lists.ca.infn.it.
At this time only with a personal
certificate. With this system, you
can create moderate, closed or open list types (distribution,
discussion).
- Be careful that generally a
mail destined to a given list is accepted only if the originating
address of that mail is present in the list itself.
- There is an on-line help
available on the site that is important to read carefully.
How di I create a mail address alias
as <...>@infn.it
?- At the address alias activation you can find instructions to
create top domain mail address aliases (e.g: name@infn.it,
name.lastname@infn.it, etc.). Follow the instructions and pay
attention to the conflicts that may arise.
How do I read mail via web ?
- Web clients
are provided on our horizontal bar site (webmail).
They are SquirrelMail
(not supported) and RoundCube,
they provide access to mailboxes via WWW.
- At first login, users must configure at least their own
personal parameters. In Squirrelmail on the top of the
page you will find the Options
link that will take you to the configuration page. The
part that is advisable to edit immediately is the one called Personal
Information, in particular the Full
Name and E-mail
Address entries
. The latter must contain the standard INFN
address that you have been assigned to (usually in the form
Name.Surname@ca.infn.it).
- In RoundCube, you must define the default identity. After
login at the top right there is the entry
Settings
that takes you to the configuration page where you can find the tab
Identities
. With
a click
on the address already present (most probably wrong) a box appears
where you can enter the already mentioned standard INFN address.
- How
to transfer files from outside to our site ?
- To copy files from the outside to our site (Sezione di Cagliari) there
are various options:
1) You can use the port forwarding or
tunneling method.
2) The Mizar computer visible on the outside has a
volume called "/stage"
which can be used as an exchange area. For example:
scp
<your_files> Mizar.ca.infn.it:/stage/
<your_destination_files>
the file can then be transferred from Mizar elsewhere.
CAUTION
The following restrictions apply to the volume /stage
which has a capacity of 1TB:
a) there may be files no older than 7 days, all the
others will be automatically deleted.
b) files larger than 200GB will be deleted within 24
hours.
c) If the space is occupied at 90% for more than 24
hours, steps shall be applied a) by halving the maximum file
size and alternatively by decreasing the number of days in point b).
3) You can use the Seafile fileharing
system (similar to DropBox). Currently the quota associated with
users is 10GB but can be increased depending on the needs and total
availability.
- Port forwarding (or
tunneling)
- This technique is used to
establish a connection to a remote computer that we have access to
and use it to access other computers that are otherwise unreachable.
- The command
ssh
to get this type of connection is:
ssh -L
<local_port>:<unreachable_host>:<remote_port>username@<reachable_host>
- For example, we want to
access the
lxca.ca.infn.it
not
accessible computer outside the INFN
site, but we can access the frontier computer mizar.ca.infn.it
.
We execute the command:
ssh
-L 2222:lxca.ca.infn.it:22 myusername@mizar.ca.infn.it
- After logging in, the tunnel
is created. This session
should not be closed and should not be used. From
this moment on we can connect with any of the Sezione computers. In
this case:
lxca,
with
the command:
ssh
-p 2222 myusername@localhost
- you will be connected to
computer
lxca.ca.infn.it.
To
copy a file to lxca
we
use the command:
scp
-P 2222 filename
myusername@localhost:
- In the example we used the
port 2222 to be generic. We
could use any other port also the same 22.
The tunnel will be deleted when the session that created
the tunnel will be closed.
- This technique can also be used in other
areas. Many programs purchased by the INFN have network
licenses, which means that there is, somewhere in our organization, a
server that dispenses licenses on demand if such a request comes from
the networks assigned to INFN. An example is the Mathematica
program . If we are at home and want to
use the network license to use the program we have to make sure the
request (looks) coming from the Sezione network. We
must create a tunnel for the Mathematica program to access the
license server:
-
-
ssh -L 16286:mathlm.na.infn.it:16286 myusername@mizar.ca.infn.it
-
- This command creates the
tunnel with port 16286 (the port that uses Mathematica to obtain
licenses) and the Naples computer that manages the licenses (
mathlm.na.infn.it
)
when we log in mizar
. From
now on we can run the Mathematica
program on our computer. The program
must be given localhost
(or alternatively 127.0.0.1)
as the license server address .
- What is Netiquette?
- The term is a fusion between
the English word net
and the French etiquette
and is a set of rules and behaviors that all users in the network
should follow for a correct use of all Internet features (a kind of
Etiquette for the internet community). Obviously there
is no authority obliging them to follow these rules but only good
manners, common sense and respect for the neighbor. These
rules can be found on the RFC's
official website. The document number is
1855.
- How do I retrieve a file I
deleted by mistake?
- In the Sezione di Cagliari
there is a weekly (rotating) centralized backup system that saves
the incremental daily backup of the users home
directories at midnight about every
business day. The following conditions must be met for
the recovery of one or more files: the file must be present in the
backup of one of the previous 5 days, or it must be present in one
of the full backups that is done every Saturday night. One
of these backups becomes the monthly one and is available for a few
months. Who needs to retrieve a file send a mail to sysman@ca.infn.it.
- In some cases it may be
possible to retrieve deleted files on the same day and in some cases
even on the previous day, just change the current directory to /home/.snapshot/
<userdir> where there are 6 directories
(
named hourly.x
e nightly.x
) with snapshots
of the contents of the entire
home
directory
. You can view the date and time of such snapshots
with the command
-
[user@node ~]$ ls -lu /home/.snapshot/
total 96
drwxr-xr-x. 113 root root 12288 Jul 18 12:00 hourly.0
drwxr-xr-x. 114 root root 12288 Jul 18 08:00 hourly.1
drwxr-xr-x. 114 root root 12288 Jul 17 20:00 hourly.2
drwxr-xr-x. 114 root root 12288 Jul 17 16:00 hourly.3
drwxr-xr-x. 114 root root 12288 Jul 17 12:00 hourly.4
drwxr-xr-x. 114 root root 12288 Jul 17 08:00 hourly.5
drwxr-xr-x. 114 root root 12288 Jul 18 00:00 nightly.0
drwxr-xr-x. 114 root root 12288 Jul 17 00:00 nightly.1
-
- You have to choose one of these areas and move to your
directory.
- For example:
cd
/home/.snapshot/hourly.0/<userdir>.
At this
point you can search for the file to retrieve.
- How can I use printers of
the Sezione di Cagliari from Linux?
- This operating system uses CUPS
(Common Unix Printing System), to have a list of available printers
type the command:
lpstat -a.
To
print a file type command: lpr -Pprinter_name
file.
- The "
lpq
-Pprinter_name"
command provides
information about print jobs queued to the printer.
- The command "
lprm
job
" deletes the print job. The job
number can be deduced from the result of the previous command.
- If you get such "
Connection
refused
" or "Unable to
connect to server
" message, this
probably means that the cups server
is unreachable or incorrect. To overcome this, you
need to check the file /etc/cups/client.conf
(if it does not exist, you can create it) that should contain the "ServerName
cups.ca.infn.it
" line .
This file can only be edited if you have root
permissions. Disable the local cups server with the following
commands: systemctl stop cups
e systemctl
disable cups
.
- Alternatively, you can
designate the CUPS server in the command line using the options "
-H
cups.ca.infn.it
" or " -h
cups.ca.infn.it
" depending on the type of command.
For more extensive documentation, you can use the "man
lpr
", " man lpq
"
command.
- Other printing options can be
found on the lpr
standard options page .
There is also a command
a2ps
with which you can make very articulated prints. For
instructions type "man a2ps"
.
- Accessible printers are:
-
Tail |
Printer model |
Position |
xwc7830* |
WorkCentre 7830 (B/W) |
(Printer Room /1 floor) |
ph7500 |
Xerox Phaser 7500DT (color) |
(Printer Room /1 floor) |
xrx45* |
Xerox Phaser 4510DX |
(Block A /1 floor) |
ph5550* |
Xerox Phaser 5550DX |
(Block A /2 floor) |
Ph4510* |
Xerox Phaser 4510DX |
(Block C/2 floor) |
P2055 |
HP LaserJet P2055DN |
(Block A Mezzanine) |
In case there were printer
configuration problems with the CUPS system, try installing printers
on your local CUPS application on your computer, in which case you
will need administrator privileges (root). The procedure to
run is the same as that for the MAC operating system.
- (*) CAUTION
only these printers will accept PDF files in a direct way.
- How can
I use printers of the Sezione di Cagliari
from Windows?
- The way for direct printing
was chosen to print from Windows systems. So every
computer that wants to access printers must install their drivers
for each printer .
- This installation can be done
by connecting via web to the printer. On the home page
there is a link "
install printer drivers
"
(alternatively there may be a tab named
support ) that will take
you to the page where drivers can be chosen for your operating
system.
Each printer can be accessed through the respective link
as shown in the following table:
-
-
- Alternatively, you can
connect to the manufacturer's printer site where the support area usually
contains drivers. For Xerox
printers after choosing the model go in
Xerox
Global Driver --> Install from the Web
).
- Also for the HP manufacturer
the procedure is similar. Go to "
support
area
" choose the printer model and operating
system, and you will redirected to the download area. If
the printer is not on the US website try using the Italian site. We
recommend that you choose the "PCL5 / 6" or
"Postscript " drivers
.
- How can
I use printers of the Sezione di Cagliari
from Mac?
- For the configuration of
printers, you generally can apply the same guidelines for Linux. In
fact, Apple Macs use the same CUPS system for printer management.
However, it is recommended to configure printers by runnning a shell
program. Download the archive
mac_printers.zip
.
This will create the directory mac_printers
that contains the files "set_printers.sh"
and
"del_printers.sh"
. By
running the first script (in a shell terminal window) you configure
the printers, with the second one you delete them.
- Where is the software area
available at the INFN?
- There is a public folder that
can be accessed
\\storey\public
either by the Windows
network (Network / Map Network or Network Neighborhood) or by Mac
(from Finder using connect to
server) where there are folders with SW both free and acquired INFN.
- To access Linux from Samba you can use the following
command:
-
smbclient -N //storey/public
- At "
smb:/>
"
you can use the typical Linux commands "cd, ls, dir, pwd, etc." To
have the command list type " help
".
- To download a file, use the "
get
nome_file
"
- Or you mount the remote filesystem via NFS (you must be root
in this case) with the command:
-
-
mount -t nfs storey:/volume1/public /<mount_point>
-
- Remember at the end of the session to do:
umount
/<mount_point>
- How can I connect from home
(or usually from outside) to the computers in the Sezione?
- For safety reasons, access to
the local network of the Sezione must be made through the
"computer
mizar.ca.infn.it
"
to which you connect with the linux command:
ssh utente@mizar.ca.infn.it
.
- So all those who have to
connect to other computers at the local INFN site must first login
Mizar
and then connect to the computer of their own
interest.
-
Mizar
is a
frontier machine and limited resources (users directories are not
present) it exist for the sole purpose of accessing the local INFN
network. For no reason, the computer Mizar
should be used for other purposes (long
compilations, program runs, or any other activity that could degrade
its functionality).
- Alternatively you can use the
VPN connection. Refer to the section: How
do I link a VPN with the Sezione ?
- Graphic link via X11
- If you want to use Linux
graphics features (X11), the connection must be made with the "-X"
option
ssh -X utente@mizar.ca.infn.it
- You can concatenate the
graphical display with other sessions to other hosts with multiple
commands so "
ssh -X
" the last
session sends the graphic output to the first server.
- For users of the PUTTY
program
- Putty is a Windows
application for ssh
sessions . The equivalent -X option of
ssh is accomplished by enabling " X11
forwarding " in the
configuration (Connection / SSH / X11) and placing the
following address " 127.0.0.1:0
" in the row next to " X
Display location "
How do I use the Wi-Fi Trip / eduroam
connection? - In some areas of the building where the
Sezione di Cagliari is located, there is a wireless
infrastructure (Wi-Fi) for all the affiliates at the INFN. Wi-Fi
networks are announced with the names called SSID (ServiceSetIDentifier):
INFN-Web , INFN-dot1x
and eduroam. This
infrastructure is part of the TRIP
(The Roaming INFN Physicist) project that is intended to provide any
INFN employee access to GARR network in any INFN site.
- By connecting to the INFN-Web network you are automatically directed
(via Captive Portal) to a page where you can authenticate with an X.509
Personnel Certificate issued by the INFN
Certification Authority (or any other valid Certification
Authority) or with username and password
but in this case ONLY for the local users of the Sezione.
- By connecting to the INFN-dot1x network you will be authenticated with
the username and password
of the membership structure wherever you are. However,
this kind of connection requires a particular configuration of the
wireless network interface that you can find on the CCR
site (or in the
Windows group pages ).
- For OS Windows (versions below 10) you may need to
download the SecureW2
program to obtain from the Computer and
Networking service. To ensure proper operation of this
type of connection, it is advisable to check its operation before a
trip. However, due to particular local needs, it may
be possible for some sites to change both network names and some
configuration parameters. When connection problems
occur, you must contact a referral person for the network where you
are located.
- In the Physics Department building SSID eduroam is present
in many areas, if you want to use the Wi-Fi eduroam network you have
to select SSID eduroam (Education
Roaming), the profile for that
access is identical to that for INFN-dot1x .
- We remind you that the credential you are requested to
input are <ca-local-username>@ca.infn.it as user
input and <ca-local-password> as password input.
If you want to
configure the latest versions of MAC OS, you
need to create your profile(s) with a special "iPhone
Configuration Utility" program available on the Apple site or
download the
eduroam_dot1x_configuration file . This is a compressed file
to decompress.
- There is also an on-line auto-configuration
procedure on the CNAF site . A file is imported to
the MAC or mobile devices with IOS
- Eduroam on android
: select SSID and enter Phase 1 PEAP / TTLS and Phase 2 PAP, then
enter username@domain
(domain=ca.infn.it) and password.
- However, we recommend that you use the
automatic configuration system for all operating systems through the cat.eduroam.org
site.
- Eduroam is the secure, world-wide roaming access service developed for
the international research and education community. You can use your
institution credentials to access any world wide eduroam hotspot. The
Italian Eduroam Federation is
coordinated by the GARR. Here are some useful links for
eduroam:
- WARNING! There is a difference in treatment if a user
is connected via INFN-dot1x (or INFN-Web) and eduroam. The first
one can access the local network and INFN (computers and printers)
resources, while the latter will have no access.
-
- How do I request a personal certificate?
- There are two ways to do this:
- Use the
official service purchased by INFN DigiCert
. Only available if you already have access to the
INFN central portal.
- The procedure is simple to
have to connect to the site
http://www.digicert.com/sso
choose your "Identity Provider" in our case "INFN" and then goto
"start single sign-on". You will see the AAI INFN page
where you can enter your credentials. Once you return
to the Digicert page you can request the certificate, selecting it
as "Product" Premium and "Request Certificate". After
a few seconds the certificate will be ready for download.
- The CA Digicert Certificate
is available at this address.
Warning for this operation you can use only the
following browsers: Safari, IE, Firefox ESR and Firefox Portable
version.
- ATTENTION use the same
web browser with which the request was made. The validity
of the certificate is one year, just before the deadline you will
receive notices for renewal. If the certificate has
expired you need to repeat the entire procedure.
- How do I publish one or
more personal pages on the web?
- If a user wants to publish
their own pages, you can use the webca.ca.infn.it
computer service. Log on and transfer files to your
local home directory.
- In practice, you
create an HTML document with the name of
index.html
. Make sure all of
these documents are readable by everyone with the " chmod
o+r nomefile
" command.
- The link to
access this document will be
http://webca.ca.infn.it/<userid>
where userid is the username of the user. Notice
that disk quotas are enabled each user has a 1GB soft
limit and a hard
(1.3GB) over which you will receive error alerts.
- All those who use
or will use this system or a similar one will accept all the
rules contained in the Regulation
for Use of IT Resources in the INFN
and implicitly the following limitation of liability:
- " Content
published must relate to their own professional activity and
the activity carried out at INFN. The owner of the pages is
solely responsible for their content and will be held liable
for breach of applicable laws
."
- How can I place a password for accessing
my pages?
- To password protect the contents of a web
page (for example: pippo.html) follow these steps:
Copy simple-auth.tar
file and untar it. In the created simple_auth
directory
there are three files (bootstrap.min.css, password_protect.php,
style.css) modify, according to your needs, the lines of
password_protect.php containing $username = xxxx and $password = yyyyy
entries.
Change suffix to the name of the file containing the page in php
(example: change pippo.html in pippo.php) and place the
following rows in the top of the file
<?php
-
include("simple_auth
/ password_protect.php");
?>
Thus, when you access pippo.php
page you will be
asked username (xxxx) and password (yyyyy).
- What is Spam? What can I do to not
receive it? ( in
REVIEW contact computing service
)
- Spam means sending a large amount of
unwanted messages (usually commercial but not limited to). It can
be implemented with various types of media but it has become a serious
problem with the use of Internet mail.
- To limit the impact on the
user, there is a first filter on our mail server that blocks a
number of known computers that are used to generate spam. Subsequently,
users can further use a message filtering program
(spamassassin) to block messages that have passed the first barrier.
However, this system needs to be "trained" so that it can
more accurately discern between "good" mails and "bad" mails. To
do this, each user with a certain regularity should do the
following:
- 1) Classify "good" mail in
one or more folders
- 2) Create a folder where you
put all the spam you receive, for example you can call it Spam (that
folder must contain at least a thousand messages the first time you
do this procedure)
- 3) Log in to
helios
computer.
Change directory where you keep your mail folders
(usually mail)
- 4) Enter the command:
-
sa-learn --showdots --spam --mbox Spam
- 5) For each folder
containing "good" mail, you must launch the command:
-
sa-learn
--showdots --ham --mbox folder1
-
sa-learn --showdots --ham --mbox folder2
-
...
-
sa-learn --showdots --ham --mbox folderN
- 6) If everything is fine you
can delete the mails from the Spam folder.
-
- For more information on the
anti-spam program, type "
man sa-learn
".
- How do I make a VPN connection
with the "Sezione"
- The VPN (Virtual Private
Network) protocol allows you to connect to the LAN of the Sezione
di Cagliari so that it is recognized as part of the LAN
itself. This means having free access to almost all
services present in Sezione. This is useful
to avoid duplicate connections and access services as if you were on
the local network. This also enhances the security of
our LAN, as in this case interactive access (such as logins) to
internal computers can be completely eliminated or greatly reduced.
- The current configuration is
called split-tunneling which means that from an external computer
(outside the Sezione ) traffic to our networks will be
hijacked through a special (virtual) connection while the rest of
the traffic will be treated normally.
- Keep in mind that this type
of connection is NOT EFFICIENT for intense traffic (the connection
has an overhead), it is useful only in those cases where it is
advantageous to have a preferential path for your activities.
- To achieve this, you must
install a client
that provides this type of connection.
- Client for WINDOWS
- You must download and install
the OpenVPN
GUI (Download stable Installation
Package) program. To configure it, you must download
the Win.zip
file and unpack the files contained in it in the
following directory:
-
-
C:\Program
files\OpenVPN\config\
-
- At this point just launch
the program from the button
-
-
"start-> All programs->
OpenVPN GUI".
- A red icon appears in the
lower right of the system
tray. By clicking on
the right mouse button a menu appears; Two INFNCA1 and
INFNCA2 alternatives are shown, select one of the them and click on
"connect". You will be prompted for the username and
password for your INFN account. If everything is
successful, the bottom right icon from red will become green.
- For Windows
7/8/10 Professional 64bit you
must use the " OpenVpn
Portable for Windows 64bit " package
(you do not have to install it is a file that contains
a directory that can be placed in any location). This
directory contains the program to run OpenvpnPortable. It
must be run as Administrator (select
the program and press the right mouse button run / run as / as
Administrator).
- Client for LINUX
- You must download and install
OpenVPN. This and subsequent operations depend on the
Linux distribution that is being used and must be made with root
privileges (or sudo). First, install the
"epel-release" package (the name should change depending on the
version of linux) with "
yum (
or
apt-get) install epel-release
"
and then "yum
(or apt-get
)
install openvpn
".
- If you do not find the
package "
epel
" with the
above instructions you will need to search for your Linux
distribution in use.
- To configure you must
download the linux.zip
file and unpack (
unzip
linux.zip
) the files in the directory /etc/openvpn/
.
To launch the program, type (always as root or with the
prefix sudo
):
-
-
openvpn --config
/etc/openvpn/INFN_lnx.ovpn
or
alternatively
-
openvpn --config
/etc/openvpn/INFN2_lnx.ovpn
-
- You will be prompted for the
username and password for your INFN account.
Leave the window active for the duration of the VPN
session.
-
- Client for MAC
- For MacOS, download and
install the TunnelBlick
package (follow the link, use this version
only). Then download the Mac.zip
file and
unzip it. Launch Tunnelblick, drag and drop the
configuration files (
INFN_Mac.ovpn,
INFN2_Mac.ovpn
)
into the icon to the top right.
- After launching Tunnelblick
the icon appears at the top right, clicking on it you can open one
of the available connections, when the icon will turn from gray to
black the connection has been successfully.
- Mobile Devices
- For Android
mobile systems, you must download and install the OpenVPN
for Android package and
import the android.ovpn
configuration file. For IOS
(iPad / iPhone), you must install the program OpenVPN
and import configurations with the
file ios.ovpn
and and ios2.ovpn
, they specify the servers that provide the service.
- How do I synchronize the date
and time with the NTP service?
- The Network Time Protocol
(NTP) service has the ability to keep time synchronized with servers
that provide the exact date and time. This service is
practically enabled for any device that has the ability to be
connected to the network. For security reasons, the
time servers (outside the local network) that you can connect to
have been restricted to the following:
-
ntp.ien.it
ntp-1.infn.it
ntp-2.infn.it
ntp-3.infn.it
pool.ntp.org
time.windows.com
- How to use the local file
sharing service
- This service (experimental)
allows you to share files with various hardware objects (computers,
tablets, smartphones, etc.) by using the "Seafile" product installed
in our CED. All information can be found at http://www.seafile.com/en/home/.
Seafile clients can be downloaded from the download
area
http://www.seafile.com/en/download/
.
During the installation you will be asked to type in the server
name: https://thor.ca.infn.it
.
- The user authentication is
done via the official INFN mail address and password of the Sezione
di Cagliari.
- ATTENTION with
new seafile versions it may happen that new "folders" are not
synchronized in these cases, we recommend disabling server
certificate verification. This option is accessed as
follows: mouse click (right key) on the seafile icon, then
settings->tab
advanced
and select "do not
verify certificate...
"
- National Services INFN
- At the CCR
site you can find
useful news and tips to manage your computers. There
is also a
page listing the services the INFN
provides to its users. Some are oriented towards
end-user computing services.
Activating Microsoft products
- For the correct operation of the following procedures make sure that
the date, time and TimeZone are those of Rome.
- Windows
:
- The Windows 7, 8, 8.1, 10 OS that are installed using the
downloaded ISO from the Microsoft Volume Licensing Service Center
are enabled by following these steps:
- 1. Open a Command Prompt as
Administrator (Run as Administrator)
- 2. Type the following commands:
cscript
\windows\system32\slmgr.vbs /skms kms.infn.it
cscript \windows\system32\slmgr.vbs /ato
- If another medium is used, the two
commands above must be preceded by the following command:
cscript
\windows\system32\slmgr.vbs /ipk "code for SO"
- Where the CODE FOR SO is available on the Microsoft page:
-
http://technet.microsoft.com/en-us/library/jj612867.aspx
- Office:
-
cd "%ProgramFiles%\Microsoft
Office\OfficeXX"
cscript ospp.vbs /sethst:kms.infn.it
cscript ospp.vbs /act
- In some Office 64-bit installations you might find it in
the folder:
-
"%ProgramFiles(x86)%\Microsoft
Office\OfficeXX"
XX = 16 per Office 2016
XX = 15 per Office Professional Plus 2013
XX = 14 per Office Enterprise 2010
- Check for any changes to the CCR
site from where this information was duplicated.
- Office 365:
- INFN can also use the Microsoft Office
365 platform. CCR has provided instructions
to use it.
Project/Visio:
For the Microsoft Project software, a campus license
was purchased for all INFNs. For Microsoft Visio,
licenses are available for sites that have requested it. Go to this
page fro instructions.
- How do I use the
programs enabled only for INFN networks?
- You can do it in two ways: The first is to use a VPN connection with
the Sezione headquarters, the second is the one that uses
the port forwarding or
tunneling technique .
- How do I know how much disk
space I can use?
- Each user has a disk quota available, the default is 30GB.
The Linux command
-
quota
- verifies your quota its
output is
-
Disk quotas for user xxxx (uid nnn):
Filesystem blocks quota limit grace files
quota limit grace
nasca1:/vol/user
9831828 31457280 33554432 4294967295 4294967295
-
- The meaning of these numbers
is as follows: the column blocks
defines the current disk occupation (9831828 kb. 9.4GiB), the quota
column soft limit
(31457280 KB) is the allocated disk space (30GiB) while the column hard
Limit
(33554432KB = 32GiB) is the maximum allowed occupation beyond which
no write operation is allowed. In this case, the user
has 2GiB available before the restrictions apply. To
change the allocated quota, you have to ask the authorization of the
Director.
Please note that backing up account data that exceeds the 32GiB
quota is excluded from the backup system even if the quota is
authorized.
- For those who often go to
CERN
- The division
of computer science at CERN offers
its users information and recommendations that all concerned should
know. The site is safe
and full of suggestions for solving
various issues. Particularly interesting may be the file
transfer page .
-
- Active institutional
distribution lists
- List of distribution lists for the Sezione di
Cagliari currently active:
- 1)
dipendenti@lists.ca.infn.it
Employees
- 2)
ricercatori@lists.ca.infn.it
Researchers & Technologist (employees only)
3)
ricercatori2@lists.ca.infn.it
All researchers
- 4)
sezione@lists.ca.infn.it
Employees, researchers & associates
- 5)
coordinators@lists.ca.infn.it
Group Coordinators
- 6)
tta@lists.ca.infn.it
Technical, Technological & Administrative Personnel
- 7)
gruppo1@lists.ca.infn.it
personnel belonging to Group I
- 8) gruppo2@lists.ca.infn.it
personnel belonging to Group II
- 9)
gruppo3@lists.ca.infn.it
personnel belonging to Group III
- 10) gruppo4@lists.ca.infn.it
personnel
belonging to Group IV
- 11) gruppo5@lists.ca.infn.it
personnel
belonging to Group V
- 12) utenti@ca.infn.it
All users who have an account at the Sezione
- 13)
team_emergenza@lists.ca.infn.it
Emergency
Team
-
- CAUTION!! These are closed lists so the lists accept mails
to be distributed ONLY IF you are registered and the message comes
from the registered email address.
- How to install
anti-Virus/anti-Malaware TrendMicro ?
- The INFN National Computing
Committee has purchased a new antivirus which according to the AgID directives must be installed on
every INFN's Windows and MacOS computer.
Windows
version 64bit
Windows
version 32bit
Mac
OS Install
Mac
OS uninstall |
Run the program. if all goes well you will be asked to
restart. |
If instead there were problems, the typical one is you cannot
uninstall the antivirus already present, uninstall it manually,
reboot and proceed with the installation again. If the existing
antivirus is the old Sophos Antivirus this must be uninstalled
with the following program: SophosZap.zip
after
unpacking, run the sophosremoval.bat file
|
WARNING: This antivirus "TrendMicro"
has a centralized management console meaning that the user has a limited
number of permitted operations
- What are the usable
programs covered by the National Contract?
- The INFN National Committee
for Computing & Networking (CCR) has purchased licenses and has
concluded many contracts for general purpose SWs for the INFN.
This is the list of licensed SW: ESACOMP, CAMPUS_ADOBE,
ANSYS, NAG, NX-IDEAS, AUTODESK, ALFRES, MATHEMATICS, LABVIEW,
TrendMicro antivirus, COMSOL, GPFS, JIRA, CLIOSOFT, MICROSOFT, AFS,
SEEVOGH, SIMULINK, ADOBE_CONNECT, SECUREW2.
- In Sezione we can
use:
- Mathematica to use it you
need to instruct the program to use the network licenses provided by
the server
mathlm.na.infn.it
(At the launch of the
program choose: other ways to activate mathematica
-->> network license
, see also
tunneling)
- Microsoft Windows &
Office, AutoDesk, Matlab, LSF, Adobe. The SW is found
on
pandora.infn.it
some programs can also be found on our repository and
on the site of the CCR development
tools.
- How do I use Matematica program
?
- The Mathematica program is
licensed by a central server residing in Naples so to work it must
connect with this server. The following scenarios can be presented:
- If I am in the Sezione, I can install the
version of mathematica in our repository and activate the
license by choosing (on the first run) the "Other Ways to
Activate option" and entering the Naples server address
mathlm.na.infn.it
under the heading Connect to a Network License Server.
If I want to use the Mathematica
program installed on one of our servers I can choose to work on
the server and activate the graphic output on my computer (in
this case an X11
server installed on your computer is required) or use the
version of Mathematica installed on my computer (only as an
interface) and the remote server kernel engine.
- If I am outside the Sezione building
(for example at home) to use the network license I must ensure
that the request (it seems to) comes from the LAN of the Sezione
network. I need what's called port forwarding.
We need to create a predetermined path
so the Mathematica program can access the license server:
ssh
-L 16286: mathlm.na.infn.it: 16286 myusername@mizar.ca.infn.it
this command creates a
tunnel with port 16286 (the port Mathematica uses to obtain
licenses) and the Naples computer that manages the licenses (mathlm.na.infn.it
)
when we log in to mizar. From this moment we can run the
Mathematica program on our computer. The program must be
given local address localhost
or 127.0.0.1
as license server.
- How to make video / sound
conferences?
- There are various systems to
do this kind of activity. There is a videoconferencing
system in the meeting room, you can consult A.
Cardini's instructions
to use it. There
are also various software tools (eg: eZuce/Vibe SRN), you can find
more information on the Multimedia
Group site.
-
- What is the X11 system ?
- X Window System (known in
jargon as X Window, X11 or simply as X), in computer science, is a
widespread graphic manager, de facto standard for many Unix-like
systems (including Linux and FreeBSD). It was created by MIT in
1984. The latest version of the protocol, X11, was completed in
September 1987. The X.Org Foundation implements the X version 11
protocol in XOrg (Wikipedia).
All Unix systems have a version of this manager and there are
versions for Windows (X-Ming, X-Win32)
and MacOS (Xquartz).
For MacOS using Xquartz program it may be
necessary (if it does not work) to perform the following steps:
- Update XQuartz (Xquartz menu check for updates)
- At the command line, type:
defaults write
org.macosforge.xquartz.X11 enable_iglx -bool true
- reboot