OpenAFS Client for Windows (K5)

Getting Started

There are three components of a functional Windows OpenAFS client: Heimdal Kerberos 5, Network Identity Manager, and the OpenAFS client itself.  Before beginning, we recommend uninstalling any existing version of the OpenAFS client as well as any existing version of Kerberos (whether it's Heimdal Kerberos or MIT Kerberos).

Download Installers and Configuration Script

The first download is a zip file containing the Heimdal installer, the Network Identity Manager installer, and a VB script to help with configuration.  The second download is the actual OpenAFS client installer.

  1. Kerberos-Win64-.zip - extract the files from the zip archive before running them.
  2. OpenAFS Client

Installing Heimdal Kerberos 5

  1. Double click the Heimdal msi file that you extracted from the zip archive.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. License Agreement - Check "I accept..." and Click Next
  5. Custom Setup - Click Next
  6. Ready to install - Click Install
  7. Do you want to allow...? - Click Yes
  8. Completed - Click Finish

Installing Network Identity Manager

  1. Double click the netidmgr msi file that you extracted from the zip file.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. End-user License Agreement - Click "I accept..." and Click Next
  5. Choose Setup Type - Click Typical
  6. Ready to Install - Click Install
  7. Do you want to allow...? - Click Yes
  8. Completing... - Click Finish

Installing OpenAFS Client for Windows

  1. Double click the yfs-openafs msi file you downloaded.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. End-user License Agreement - Click "I accept..." and Click Next
  5. Choose Setup Type - Click IFS Based Client
  6. Configure AFS Client - change default cell to northstar.dartmouth.edu and then...
  7. ...change the cache size in kb to 500000 - Click Next
  8. Ready to Install - Click Install
  9. Do you want to allow...? - Click Yes
  10. Completing... - Click Finish
  11. Say yes to the Reboot prompt (the setup script will not run properly if you skip this step)

Run the Configuration Script

  1. Double click the Win-afssetup.vbs script that you extracted from the zip file.
  2. Do you want to allow...? - Click Yes

Creating your Kerberos Identity

  1. Open Network Identity Manager by clicking the yellow padlock icon AFS padlock icon in your System Tray.  The main window for NIM looks like this.
  2. From the Options menu, select Identities.  In the Configuration window that appears press the "Add new identity..." button to open yet another window.  Here you can enter your AFS username and the Realm which is RSTOR.DARTMOUTH.EDU. Click Finish to go back to the Configuration window.
  3. Back in the Configuration window, select the username@RSTOR.DARTMOUTH.EDU identity in the left frame and then the General tab along the top.  You need to check the box that says "Always show in the credential list".  Click Apply and then Ok to dismiss this window.
     
  4. Back in the main window use the View menu to toggle on the "All identities" line.  Then use the Credential menu to select "New credentials" and finally "Obtain new credentials" for username@RSTOR.DARTMOUTH.EDU".  Enter your password and click Finish.  
  5. You have finished the one-time setup.

Basic Usage

  • Authenticating: To access your files in AFS, you first need to authenticate yourself.  This is called getting a token. The yellow padlock iconAFS padlock iconis the authentication tool and should be in the System Tray on your desktop.
  • Token Expiration: AFS tokens last for 25 hours.  After that time you will need to obtain a new one using the same authentication tool.  You can also renew a token at any time which resets the 25 hour clock.
  • UNC Paths: You use UNC paths to access files in AFS (e.g. type a UNC path into the address bar in Windows Explorer).  The most common example of a UNC path is
    \\afs\northstar.dartmouth.edu\users\u\username
    'username' is of course your AFS username. The 'u' in \u\ is the first letter of your AFS username.
  • Creating a Mapped Drive: Not all software recognizes UNC paths.  In these cases you need to assign a drive letter to the UNC path.  This is called creating a mapped network drive and creates a per-user drive mapping which only exists when you are logged in.
  • Bring up an Explorer window by holding down the Windows keyWindows Logo Keyand pressing E.
  1. [Windows 8 only] From the File - Computer - View tabs at the top of the screen select "Computer".
  2. Click Map Network Drive [Windows 8 gives a drop-down list where you select Map Network Drive again].
  3. Choose a drive letter and enter the UNC path to a location in AFS.
  4. Click Finish

Uninstalling the OpenAFS Client for Windows

To uninstall the OpenAFS client, use the "Uninstall OpenAFS" shortcut that the installer placed in your Start Menu (Apps Screen in Windows 8).  Or, you can run it directly like this:

  1. Bring up a Run window by holding down the Windows keyWindows Logo Keyand then pressing the R key.
  2. Type C:\Program Files\OpenAFS\uninstall.exe and hit <Enter>.
  3. Follow the prompts.

Details

Article ID: 67286
Created
Thu 11/15/18 3:41 PM
Modified
Mon 7/20/20 4:25 PM

Related Articles (1)