OpenAFS Client for Windows (K5)

Getting Started

There are three components of a functional Windows OpenAFS client: Heimdal Kerberos 5, Network Identity Manager, and the OpenAFS client itself.  Before beginning, we recommend uninstalling any existing version of the OpenAFS client as well as any existing version of Kerberos (whether it's Heimdal Kerberos or MIT Kerberos).

Download Installers and Configuration Script

The first download is a zip file containing the Heimdal installer, the Network Identity Manager installer, and a VB script to help with configuration.  The second download is the actual OpenAFS client installer.

  1. Kerberos-Win64-.zip - extract the files from the zip archive before running them.
  2. OpenAFS Client

Installing Heimdal Kerberos 5

  1. Double click the Heimdal msi file that you extracted from the zip archive.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. License Agreement - Check "I accept..." and Click Next
  5. Custom Setup - Click Next
  6. Ready to install - Click Install
  7. Do you want to allow...? - Click Yes
  8. Completed - Click Finish

Installing Network Identity Manager

  1. Double click the netidmgr msi file that you extracted from the zip file.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. End-user License Agreement - Click "I accept..." and Click Next
  5. Choose Setup Type - Click Typical
  6. Ready to Install - Click Install
  7. Do you want to allow...? - Click Yes
  8. Completing... - Click Finish

Installing OpenAFS Client for Windows (requires REBOOT)

  1. Double click the yfs-openafs msi file you downloaded.
  2. Do you want to run this file? - Click Run
  3. Welcome to ... Setup Wizard - Click Next
  4. End-user License Agreement - Click "I accept..." and Click Next
  5. Choose Setup Type - Click IFS Based Client
  6. Configure AFS Client - change default cell to northstar.dartmouth.edu and then...
  7. The default cache size is 6+GB.  On a disk-constrained system you can optionally reduce the the cache size in kb e.g. to 500000 (~500MB) - Click Next
  8. Ready to Install - Click Install
  9. Do you want to allow...? - Click Yes
  10. Completing... - Click Finish
  11. Say yes to the Reboot prompt (the setup script will not run properly if you skip this step)

Run the Configuration Script

  1. Double click the Win-afssetup.vbs script that you extracted from the zip file.
  2. Do you want to allow...? - Click Yes

Creating your Kerberos Identity

  1. Open Network Identity Manager by clicking the 'yellow padlock', or the 'cube' icon in your System Tray.  It will already be running if you have rebooted since installing it.  If the system has not been rebooted since installing NIM you will need to start it manually.  The main window for NIM looks like this.
    NIM initial window
  2. From the Options menu, select Identities.  In the Configuration window that appears press Add new identity to open yet another window. 
    • If we have instructed you to use your NetID, use that for the Username and enter KIEWIT.DARTMOUTH.EDU for the Realm;  click Finish
    • If we have given you an AFS username, use that for the Username and enter RSTOR.DARTMOUTH.EDU for the Realm; click Finish

  1. In the Configuration window, select the new identity in the left frame and then the General tab along the top.  You need to check the box that says "Always show in the credential list".  Click Apply and then Ok to dismiss this window.
  2. Check all three boxes (Monitor, Renew and Pinned), click Apply. 
  3. Click the Kerberos v5 tab.
    • Click on Renewable for and drag it to the maximum 30 days; click Apply 
  4. Click on the AFS tab. Enter northstar.dartmouth.edu for the Cell; click Apply.
    • If we have instructed you to use your NetID, enter KIEWIT.DARTMOUTH.EDU for the Realm; click Add/Update then Apply
    • If we have given you an AFS username, enter RSTOR.DARTMOUTH.EDU for the Realm; click Add/Update then Apply
    • Leave Method as (Automatic); click Ok
  5. Back in the main window use the View menu to toggle on the "All identities" line.  Then use the Credential menu to select New credentials and finally Obtain new credentials for the identity you just created.  Enter your password and click Finish.  
  6. You have finished the one-time setup.  Subsequently you just need to repeat step 7, or select the identity and then click the icon with the yellow sunburst.

Basic Usage

  • Authenticating: To access your files in AFS, you first need to authenticate yourself.  This is called getting a token. The yellow padlock icon is the authentication tool and should be in the System Tray on your desktop. This brings up the list of identities you configured in Network Identity Manager. Click on the one you want to use (usually the only one), and click the icon with the yellow sunburst in upper left. This brings up a prompt for your password.  If the password is entered correctly, the identity gets a 'charged battery' icon. You can close the credential window now.
  • Token Expiration: AFS tokens last usually between 10 and 25 hours, but will be renewed automatically when close to expiring, as long as your computer is
    • not sleeping
    • on the network
    • not rebooted
  • UNC Paths: You use UNC paths to access files in AFS (e.g. type a UNC path into the address bar in Windows Explorer).  The most common example of a UNC path is
    \\afs\northstar.dartmouth.edu\users\u\username

    'username' is of course your RSTOR username. The 'u' in \u\ is the first letter of your RSTOR username.  If you are only using AFS for access to a data volume, the path will be formed from the volume owner's name and the project name, e.g. 

  • \\afs\northstar.dartmouth.edu\users\o\ownername.project
  • Creating a Mapped Drive: Not all software recognizes UNC paths.  In these cases you need to assign a drive letter to the UNC path.  This is called creating a mapped network drive and creates a per-user drive mapping which only exists when you are logged in.
  • Bring up an Explorer window by holding down the Windows key and pressing E.
    • Click Map Network Drive.
    • Choose a drive letter and enter the UNC path to a location in AFS.
    • Click Finish
  • You can make shortcuts to an AFS location using any standard Windows method.

Uninstalling the OpenAFS Client for Windows

To uninstall the OpenAFS client, use the "Uninstall OpenAFS" shortcut that the installer placed in your Start Menu (Apps Screen in Windows 8).  Or, you can run it directly like this:

  1. Bring up a Run window by holding down the Windows key and then pressing the R key.
  2. Type C:\Program Files\OpenAFS\uninstall.exe and hit <Enter>.
  3. Follow the prompts.

Details

Article ID: 67286
Created
Thu 11/15/18 3:41 PM
Modified
Thu 5/27/21 8:38 PM

Related Articles (1)