ARCHIVED: At IU, how do I install and configure OpenAFS on my Windows workstation for use with the RFS?

This content has been archived, and is no longer maintained by Indiana University. Resources linked from this page may no longer be available or reliable.
Note:
The Indiana University Research File System (RFS) will be decommissioned the week of January 2, 2017. Most RFS accounts (with few exceptions) are now read-only. For details, see ARCHIVED: About the retirement of the Research File System at IU.

To access your account on the Indiana University Research File System (RFS) from a Windows workstation, download and install MIT Kerberos for Windows and the OpenAFS client. Each program is a separate package; they are not bundled together. To install them, you will need to log into the workstation as an administrator.

Note:
For help navigating, see Getting around in Windows.

On this page:


Installing MIT Kerberos for Windows

Installing MIT Kerberos for Windows will enable authenticate to the ADS.IU.EDU Kerberos realm.

Note: The following installation instructions are for version 3.2.2, which is not the latest or current release. For information about other versions, see the MIT Kerberos Distribution page.

  1. Download the MIT Kerberos for Windows 3.2.2 installer (kfw-3-2-2.exe). When the download is complete, click the installer to start the installation.
  2. Follow the on-screen prompts to:
    1. Select a language.
    2. Start the MIT Kerberos for Windows 3.2.2 Setup Wizard.
    3. Accept the terms of the license agreement.
    4. Select the KfW Client and KfW Documentation components for installation.
    5. Select a destination folder for the installation; the default path is C:\Program Files (x86)\MIT\Kerberos.
  3. The Kerberos Configuration dialog box will prompt you to select a method for installing configuration files for the Kerberos client; select Download from web path and, in the corresponding text box, enter http://storage.iu.edu, and then click Next.
  4. Choose whether or not to autostart the Network Identity Manager whenever you log into Windows, and then click Install.
  5. When the installation is complete, click Finish to close the setup wizard.

Installing OpenAFS for Windows

The OpenAFS client for Windows allows your Windows workstation to communicate with the IU AFS cell servers. To install the OpenAFS client:

  1. On the OpenAFS for Windows page, scroll down and click 32-bit EXE installer for individual installations. Download and run the installation program. You will be asked to select an installer language.
  2. In the "Choose Components" window, select Supplemental Documentation. Make sure the AFS Client and MS Loopback Adapter options are selected.
  3. Select a location to install OpenAFS.
  4. In the "CellServDB Configuration" window, choose the location of the CellServDB file by selecting Download from web address. In the box below the selection, enter:
  5.   http://storage.iu.edu/CellServDB.txt
    
  6. In the "Client Cell Name Configuration" window, set the AFS cell name to IU.EDU. Leave the other client options at their default values.
  7. Retain the default options in the "AFS Credentials Configuration" window. Click Install.
  8. The OpenAFS client will now install the software. You will be prompted to reboot your workstation when the process is complete.

  9. After the install is complete, configure your Kerberos file (c:\Windows\krb5.ini) for IU:
    1. Use Run As Administrator to open Notepad (go to All Programs, then Accessories, right-click Notepad, and then select Run as Administrator), and then open:
    2.   c:\Windows\krb5.ini
      
    3. Copy the contents of the IU Kerberos configuration, paste it into c:\Windows\krb5.ini, replacing the entire file, and then save the file.
  10. Start the Network Information Manager (go to All Programs, then Kerberos, and then Network Identity Manager). It may appear as a small white cube in the notification area.
  11. Select Click here to obtain new credentials, and then enter your IU username.
  12. Make sure "Realm" is set to ADS.IU.EDU, and then enter your IU passphrase.
  13. Under "Options", choose Kerberos v5. The default realm should be ADS.IU.EDU.
  14. Click OK.
  15. Under "File", choose Properties, and then click Identity Configuration.
  16. On the left, click AFS, and then click OpenAFS Control Panel.
  17. For "Cell Name", enter iu.edu.
  18. On the AFS Cells tab, remove all cells (click the first cell, then Shift-click the last cell in the list, and then click Remove).
  19. Click Add. "AFS Cell" should be iu.edu.
  20. Add the following servers:

      rfsb1.rfs.iu.edu
      rfsi1.rfs.iu.edu
      rfsi2.rfs.iu.edu
    
  21. Click OK until all windows are closed, and then reboot your computer.
  22. You should see a login window for obtaining a new AFS token. Enter your IU username and passphrase.

You should now be able to map a drive to your directory in AFS (e.g., \\afs\iu.edu\home\d\v\dvader).

Instructions for 64-bit Windows 7

Users of 64-bit Windows 7 will have to install 64-bit versions of Kerberos and OpenAFS:

  1. Download and install 64-bit Kerberos for Windows, using the install package from Secure Endpoints Inc., and choose the default install.
  2. After the install is complete, configure your Kerberos file (c:\Windows\krb5.ini) for IU:
    1. Use Run As Administrator to open Notepad (go to All Programs, then Accessories, right-click Notepad, and then select Run as Administrator), and then open:
    2.   c:\Windows\krb5.ini
      
    3. Copy the contents of the IU Kerberos configuration, paste it into c:\Windows\krb5.ini, replacing the entire file, and then save the file.
  3. Download and install the 64-bit OpenAFS client for Windows, using the install package from OpenAFS.org, and choose the typical install:
    1. "Default cell" is iu.edu.
    2. Leave other entries and checkboxes as they are.
    3. Click Yes to indicate you will reboot your computer.
  4. After the install is complete, start the Network Information Manager (go to All Programs, then Kerberos, and then Network Identity Manager). It may appear as a small white cube in the notification area.
  5. Select Click here to obtain new credentials, and then enter your IU username.
  6. Make sure "Realm" is set to ADS.IU.EDU, and then enter your IU passphrase.
  7. Under "Options", choose Kerberos v5. The default realm should be ADS.IU.EDU.
  8. Click OK.
  9. Under "File", choose Properties, and then click Identity Configuration.
  10. On the left, click AFS, and then click OpenAFS Control Panel.
  11. For "Cell Name", enter iu.edu.
  12. On the AFS Cells tab, remove all cells (click the first cell, then Shift-click the last cell in the list, and then click Remove).
  13. Click Add. "AFS Cell" should be iu.edu.
  14. Add the following servers:

      rfsb1.rfs.iu.edu
      rfsi1.rfs.iu.edu
      rfsi2.rfs.iu.edu
    
  15. Click OK until all windows are closed, and then reboot your computer.
  16. You should see a login window for obtaining a new AFS token. Enter your IU username and passphrase.

You should now be able to map a drive to your directory in AFS (e.g., \\afs\iu.edu\home\d\v\dvader).

Using Kerberos and OpenAFS

To verify that Kerberos and OpenAFS are working correctly, access the drive to which you mapped your RFS account (via Windows Explorer, or by entering Run in the Windows 7 or Vista Start menu search field). You should be able to perform the usual file- and folder-related operations.

After you've configured OpenAFS on your workstation, the behavior of the Kerberos Ticket Manager will depend on the nature of your subsequent logins. If you log into the ADS realm, you will see the ticket initialization prompt, which prompts you for your username and passphrase.

Kerberos tickets and AFS tokens have a lifetime of ten hours. If your session exceeds ten hours, you can ensure continued access to RFS by clicking Action in the Leash Kerberos Ticket Manager menu and selecting Get Ticket(s)/Token(s).

Note:
To access your RFS account when you're away from the Indiana University campus, you need a VPN connection to the IU network. You can disconnect from the VPN once you have your AFS token.

This is document arxq in the Knowledge Base.
Last modified on 2018-01-18 14:56:24.

Contact us

For help or to comment, email the UITS Support Center.