Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

At IU, how do I install and configure OpenAFS on my Windows workstation for use with the RFS?

To access your account on the Research File System (RFS) at Indiana University from a Windows 7, Vista, or XP workstation, download and install Kerberos for Windows and the OpenAFS client. Each program requires a separate package (i.e., they are not bundled together). To install the software, you will need to log into the workstation with an account that has administrative rights.

On this page:

Installing Kerberos for Windows

Kerberos for Windows lets you authenticate to the ADS.IU.EDU Kerberos realm. To install the program:

  1. Download Kerberos for Windows at MIT Kerberos for Windows 3.2.2.

  2. Click kfw-3-2-2.exe and install the program after the download is complete. You will be prompted to select the language for the installer and a location for the program. When you see the License Agreement window, click I Agree.

  3. In the Choose Components window, make sure the KfW Client and KFW Documentation options are selected.

  4. You will see a window that asks you to choose a method for installing the Kerberos configuration files. Select Download from web path and enter the following URL: http://storage.iu.edu
  5. In the Leash Ticket Manager Setup window, retain the default settings, and click Install. Kerberos for Windows will install the software.

You can now move on to the installation of the OpenAFS client for Windows.

Installing OpenAFS for Windows

The OpenAFS client for Windows allows your Windows 7, Vista, or XP workstation to communicate with the AFS server. To install the client:

  1. Go to OpenAFS for Windows.

    Scroll down and click 32-bit EXE installer for individual installations. Download and run the installation program. You will be asked to select an installer language.

  2. In the Choose Components window, select Supplemental Documentation. Make sure the AFS Client and MS Loopback Adapter options are selected.

  3. Select a location to install OpenAFS.

  4. In the CellServDB Configuration window, choose the location of the CellServDB file by selecting Download from web address. In the box below the selection, enter: http://storage.iu.edu/CellServDB.txt
  5. In the Client Cell Name Configuration window, set the AFS cell name to IU.EDU . Leave the other client options at their default values.

  6. Retain the default options in the AFS Credentials Configuration window. Click Install.

    The OpenAFS client will now install the software. You will be prompted to reboot your workstation when the process is complete. The Leash Kerberos Ticket Manager will start upon login and display a ticket initialization window.

  7. Initialize a ticket by entering your Network ID. Make sure the "Realm" drop-down box says ADS.IU.EDU.

    If you are successful, the Leash icon (the dog head) on the Windows taskbar will turn green. You can view your current tickets and tokens by double-clicking the Leash icon. You should have a Kerberos 5 ticket and an AFS token.

  8. Map a drive using your AFS path; see At IU, using Windows, how do I access a shared resource on another Windows computer?

    For example:

    \\afs\iu.edu\home\u\s\username

    Replace  u  with the first letter of your username,  s  with the second letter of your username, and username with your username.

    If you have a project directory and would like to map it this way, use:

    \\afs\iu.edu\home\projects\projectname

    Replace projectname with the name of the RFS project space.

Instructions for 64-bit Windows 7

Users of 64-bit Windows 7 will have to install 64-bit versions of Kerberos and OpenAFS:

  1. Use the Windows Control Panel to uninstall both Kerberos for Windows and the OpenAFS client. If you are given an option to keep the configuration, do so. Reboot your machine if necessary.

  2. Download and install 64-bit Kerberos for Windows, found at: http://www.secure-endpoints.com/binaries/mit-kfw-3-2-2/kfw-amd64-3-2-2.msi
  3. Download and install the 64-bit OpenAFS client for Windows, found at: http://dl.openafs.org/dl/openafs/1.5.78/winxp/openafs-en_US-64bit-1-5-7800.msi

Note: For help configuring 64-bit Kerberos and OpenAFS, email Research Storage.

Using Kerberos and OpenAFS

To verify that Kerberos and OpenAFS are working correctly, access the drive to which you mapped your RFS account (via Windows Explorer, or by entering Run in the Windows 7 or Vista Start menu search field, or clicking Run from the Windows XP Start menu). You should be able to perform the usual file- and folder-related operations.

After you've configured OpenAFS on your workstation, the behavior of the Kerberos Ticket Manager will depend on the nature of your subsequent logins. If you log into the ADS realm, you will see the ticket initialization prompt, which prompts you for your username and passphrase.

Kerberos tickets and AFS tokens have a lifetime of ten hours. If your session exceeds ten hours, you can ensure continued access to RFS by clicking Action in the Leash Kerberos Ticket Manager menu and selecting Get Ticket(s)/Token(s).

Note: To access your RFS account when you're away from the Indiana University campus, you need a VPN connection to the IU network. You can disconnect from the VPN once you have your AFS token.

This is document arxq in domain all.
Last modified on February 16, 2011.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.