Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

At IU, how do I install and configure OpenAFS on my Windows workstation for use with the RFS?

To access your account on the Research File System (RFS) at Indiana University from a Windows Vista, XP, or 2000 workstation, download and install Kerberos for Windows and the OpenAFS client. Each program requires a separate package (i.e., they are not bundled together). To install the software, you will need to log into the workstation with an account that has administrative rights.

On this page:

Installing Kerberos for Windows

Kerberos for Windows lets you authenticate to the ADS.IU.EDU Kerberos realm. To install the program:

  1. Download Kerberos for Windows at MIT Kerberos for Windows 2.6.5.

  2. Click MITKerberosForWindows-2.6.5.exe and install the program after the download is complete. You will be prompted to select the language for the installer and a location for the program. When you see the License Agreement window, click I Agree.

  3. In the Choose Components window, make sure the KfW Client and KFW Documentation options are selected.

  4. You will see a window that asks you to choose a method for installing the Kerberos configuration files. Select Download from web path and enter the following URL: http://storage.iu.edu
  5. In the Leash Ticket Manager Setup window, retain the default settings, and click Install. Kerberos for Windows will install the software.

You can now move on to the installation of the OpenAFS client for Windows.

Note: MIT Kerberos for Windows 3.0 was released in December 2005, but is not supported at IU at this time.

Installing OpenAFS for Windows

The OpenAFS client for Windows allows your Windows Vista, XP, or 2000 workstation to communicate with the AFS server. To install the client:

  1. Go to OpenAFS for Windows.

    Scroll down and click 32-bit EXE installer for individual installations. Download and run the installation program. You will be asked to select an installer language.

  2. In the Choose Components window, select Supplemental Documentation. Make sure the AFS Client and MS Loopback Adapter options are selected.

  3. Select a location to install OpenAFS.

  4. In the CellServDB Configuration window, choose the location of the CellServDB file by selecting Download from web address. In the box below the selection, enter: http://storage.iu.edu/CellServDB.txt
  5. In the Client Cell Name Configuration window, set the AFS cell name to IU.EDU . Leave the other client options at their default values.

  6. Retain the default options in the AFS Credentials Configuration window. Click Install.

The OpenAFS client will now install the software. You will be prompted to reboot your workstation when the process is complete.

After the workstation has rebooted, you will need to log back in as administrator. The OpenAFS client will display the Obtain New AFS Tokens window. This feature is not relevant to RFS access at IU, and you should close the window.

Note: At IU, AFS tokens are always obtained via the Leash Kerberos Ticket Manager. In a typical installation, only the shortcut to the Leash program is placed in the Startup folder. If the Obtain New Tokens window pops up whenever you start your computer, go to the Start menu and check the Startup folder under Programs. If you see the OpenAFS Client in the Startup folder, click the shortcut and select Delete. This will ensure that only the Leash login window is displayed when you access your workstation.

The Leash Kerberos Ticket Manager will start upon login and display a ticket initialization window. You should be able to initialize a ticket by entering your Network ID. The "Realm" drop-down box should say ADS.IU.EDU. If you are successful, the Leash icon (the dog head) on the Windows taskbar will turn green. You can view your current tickets and tokens by double-clicking the Leash icon. You should have a Kerberos 5 ticket and an AFS token. Next, you will need to do the following:

  1. Click the AFS icon in the Windows Taskbar. In the AFS Client window, click the Advanced tab.

  2. Select the Drive Letters tab and click Add. From the drop-down list, choose Drive Letter. The AFS path should be set to \afs\iu.edu\home\u\s\username (where  u  is the first letter of your username and  s  is the second letter, and username is your username).

Using Kerberos and OpenAFS

To verify that Kerberos and OpenAFS are working correctly, access the drive to which you mapped your RFS account (via My Computer, or by using the Run command from the Start menu). You should be able to perform the usual file- and folder-related operations.

After you've configured OpenAFS on your workstation, the behavior of the Kerberos Ticket Manager will depend on the nature of your subsequent logins. If you log into the ADS realm, you will see the ticket intialization prompt, which prompts you for your username and passphrase. If you log into the IU.EDU Kerberos realm, the Leash program will start and automatically issue your Kerberos ticket and AFS token.

Kerberos tickets and AFS tokens have a lifetime of ten hours. If your session exceeds ten hours, you can ensure continued access to RFS by clicking Action in the Leash Kerberos Ticket Manager menu and selecting Get Ticket(s)/Token(s).

Note: You will need to make a VPN connection to the Indiana University network if you wish to access your RFS account when you are away from the IU campus. You can disconnect from VPN once you have obtained your AFS token.

This is document arxq in domain all.
Last modified on November 02, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.