welcome: please sign in

Diff for "MemberManual/TransferringFiles/OpenAFS/Windows"

Differences between revisions 21 and 22
Revision 21 as of 2013-01-13 18:19:33
Size: 6084
Editor: ClintonEbadi
Comment: cat / someone needs to update this for windows7
Revision 22 as of 2014-03-13 19:19:09
Size: 3684
Editor: 99-42-124-84
Comment: Significantly updated this for Windows 7/OpenAFS 1.7 Still need to add some pictures and post-install config stuff.
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:

{{{#!wiki tip
These instructions are not tested with Windows 7 or 8, and the procedure is very likely different. An intrepid member with either OS should update the docs.
}}}
Line 16: Line 12:
 1. Kerberos - [[http://web.mit.edu/Kerberos/dist/index.html|download page]]. We recommend downloading the "''Installer''" with the EXE extension.
 1. OpenAFS Client - [[http://www.openafs.org/pages/windows.html|download page]]. We recommend downloading the "''32-bit EXE installer for individual installations''".		  1. Heimdal Kerberos 1.6.x.x- [[https://www.secure-endpoints.com/heimdal/#download]]. - According to the OpenAFS guide, MIT Kerberos has stability issues on Windows 7/8.
 1. Network Identity Manager 2.0 = [[https://www.secure-endpoints.com/netidmgr/v2/index.html]]
 1. OpenAFS Client 1.7.x - [[http://www.openafs.org/pages/windows.html|download page]].
Line 21: Line 18:
First, install Kerberos. Here's some details to input at certain dialog prompts during the installation: First, install Kerberos. All defaults are appropriate.
Line 23: Line 20:
 1. '''Choose Components''' -- select only ''KfW client'' and ''KfW'' documentation.
 1. '''Kerberos Configuration''' -- the defaults are fine. Ensure "Use packaged configuration files for the ATHENA.MIT.EDU realm." is selected.
 1. '''Network Identity Manager Setup''' -- the defaults are fine but you can safely uncheck this as OpenAFS will automate Kerberos authentication.
 1. Proceed with the installation.		 Then, modify your krb5.conf (in `%SystemDrive%\ProgramData\Kerberos`) and add `allow_weak_crypto = true` under `[libdefaults]`.
Line 28: Line 22:
== Network Identity Manager ==

A Typical installation is appropriate. OpenAFS will install a plugin to this that will assist you in managing your AFS tokens.
 
Line 30: Line 28:
 1. '''Choose Components''' -- select only ''AFS Client''.
 1. '''CellServDB Configuration''' -- the defaults are highly recommended. Ensure "Use packaged CellServDB file." is marked.
 1. '''Client Cell Name Configuration''' -- For "Enter AFS cell name" use `hcoop.net`. The rest of the defaults are sound.
 1. '''AFS Credentials Configuration''' -- These defaults are good unless you would prefer to launch the AFS client manually.		  1. '''Choose Setup Type''' -- select ''IFS Based Client''.
 1. '''Configure AFS Client''' -- For "Default Cell" use `hcoop.net`. The rest of the defaults are sound.
Line 35: Line 31:

= Post-Install Configuration =
Assuming you allowed the AFS client to start at boot, you will be presented with the prompt below this paragraph. If you did not, then navigate into the Start Menu and open the AFS Client.

{{attachment:afs_obtain_new_afs_tokens.png}}

`hcoop.net` should be the AFS cell. Enter only your HCoop username (user@HCOOP.NET, the last part is all caps) and your Kerberos password. Press enter. If successful, you will notice that in your system tray a lock icon will be clearly visible without any red markings.

Now click on that lock and the following dialog should appear but tailored to your user credentials:

{{attachment:afs_show_tokens.png}}

Click on the ''Drive Letters'' tab and then click the ''Add'' button at the bottom of the dialog so that you see this:

{{attachment:afs_map_drive_letter.png}}

As the screen capture shows, you can enter in the location of your home directory. If your username is ''test'' then your AFS home directory is at `/afs/hcoop.net/user/t/te/test`. Click OK. Now go to ''My Computer'' and see if there is a new drive icon. It may well be named '''auto''n''''', where n is an integer. It may also be named whatever you provided to the ''Submount'' editbox (see above).

Now you should have access to AFS using explorer or any software such as text editors. You may have to reboot at least once to see your new drives.
Line 72: Line 49:
'''Vista Users''': It is better to click on the AFS Client ''Advanced Tab'' and then click on the ''Configure AFS Client'' button. User Access Control (UAC) will then be initiated so that you can stop and start the service under the ''General Tab''. UAC is new to OpenAFS Client as of version 1.5.26. If you still receive privilege errors, then run the AFS Client as Administrator.
Line 77: Line 52:
You may want to uninstall and reinstall OpenAFS and retry these installation directions. Check the Kerberos Network Identity Manager to be sure the realm is HCOOP.NET (yes, it must be ALL CAPS). In general, HCoop support cannot troubleshoot your system troubles, so please do not submit a Bugzilla ticket unless you're sure our servers are misbehaving. However, members in our IrcChannel will likely be happy to assist, though you may need to be patient while waiting for someone to respond. You may want to uninstall and reinstall OpenAFS and retry these installation directions. Check the Network Identity Manager to be sure the realm is HCOOP.NET (yes, it must be ALL CAPS). In general, HCoop support cannot troubleshoot your system troubles, so please do not submit a Bugzilla ticket unless you're sure our servers are misbehaving. However, members in our IrcChannel will likely be happy to assist, though you may need to be patient while waiting for someone to respond.

This is the chapter of the MemberManual that describes how to install the OpenAFS client on Windows.

Contents

  1. Software to Download
  2. Installation
    1. Kerberos
    2. Network Identity Manager
    3. OpenAFS
  3. Hints and Tips
  4. Troubleshooting
    1. AFS Worked, But Now it Doesn't
    2. AFS Never Worked!

Please note that OpenAFS runs a service so you must have a user account on Windows that allows management of services. For example, the powerusers group on Windows XP has such privileges but the default limited users account does not.

Software to Download

You will need to download the latest versions of the following software:

  1. Heimdal Kerberos 1.6.x.x- https://www.secure-endpoints.com/heimdal/#download. - According to the OpenAFS guide, MIT Kerberos has stability issues on Windows 7/8.

  2. Network Identity Manager 2.0 = https://www.secure-endpoints.com/netidmgr/v2/index.html

  3. OpenAFS Client 1.7.x - download page.

Installation

Kerberos

First, install Kerberos. All defaults are appropriate.

Then, modify your krb5.conf (in %SystemDrive%\ProgramData\Kerberos) and add allow_weak_crypto = true under [libdefaults].

Network Identity Manager

A Typical installation is appropriate. OpenAFS will install a plugin to this that will assist you in managing your AFS tokens.

OpenAFS

Install OpenAFS and input the following when the appropriate dialog prompts:

  1. Choose Setup Type -- select IFS Based Client.

  2. Configure AFS Client -- For "Default Cell" use hcoop.net. The rest of the defaults are sound.

  3. Proceed with the installation and reboot.

Hints and Tips

If you are using Explorer to view your AFS share, your right-click on file or folder context menu will have a new entry called AFS. Within this sub-menu, you will find tools that allow changing of Access Control Lists (permissions), creating new mount points, and more. With this context menu, it is possible that you won't have to ever use the command-line to manage your share!

Troubleshooting

AFS Worked, But Now it Doesn't

Sometimes when a computer goes to sleep and then resumes, the AFS service will not work. This may also be the case in other situations.

That said, the first step to solving AFS problems is to stop and start the AFS service using the AFS Client.

  1. Click on the lock icon in the system-tray.

  2. Click on the AFS Client Advanced Tab.

  3. Click on Stop Service and wait a few moments.

  4. Click Start Service.

  5. If necessary, re-log in using AFS Client.

You should now be ready to use your AFS shares. Again, please note that you must have appropriate privileges to stop and start services.

AFS Never Worked!

Please check your software and hardware firewall configurations. To be sure that your software firewall is not blocking the client, stop and restart the service. Your software firewall may then catch it and prompt. Although the service may start at boot, when you log-in, the software firewall may block it by default. Finally, ensure the following UDP ports are open: 7000-7007.

You may want to uninstall and reinstall OpenAFS and retry these installation directions. Check the Network Identity Manager to be sure the realm is HCOOP.NET (yes, it must be ALL CAPS). In general, HCoop support cannot troubleshoot your system troubles, so please do not submit a Bugzilla ticket unless you're sure our servers are misbehaving. However, members in our IrcChannel will likely be happy to assist, though you may need to be patient while waiting for someone to respond.

CategoryMemberManual CategoryNeedsWork

MemberManual/TransferringFiles/OpenAFS/Windows (last edited 2014-03-31 01:54:16 by MattCarberry)