openafs.dk - Getting started with Andrew File System and OpenAFS

OpenAFS on Microsoft Windows

You need to install two components: Kerberos (for authentication) and OpenAFS. In this guide we will install Heimdal Kerberos, since this is the recommendation from the OpenAFS project, but it is possible to use MIT Kerberos also (In that case see openafs.org for more information).

Based on: http://techbase.msu.edu/article.asp?id=7861

Step 1: Install Heimdal Kerberos

Download Heimdal Kerberos for Windows from the bottom of this page https://www.secure-endpoints.com/heimdal/#download (as linked from the official site at http://www.h5l.org/binaries.html#win ). Normally you would choose the “(64-bit and 32-bit)” version.

  • Run the installer
  • Click “Next, next, next, install”, wait a bit and Heimdal is installed.
  • Go to My Computer and in the file path at the top, type:
  • On Windows Vista/7: C:\ProgramData\Kerberos\
  • On Windows XP: C:\Documents and Settings\All Users\Application Data\Kerberos

  • Right click the file “krb5.conf” and open it with Notepad (Select a program from a list of installed programs).
  • Replace all text in the file with (substitute EXAMPLE.ORG with your Kerberos Realm (i.e. your cell name in UPPER CASE) and .example.org with our cell name prepended with a dot.).
[libdefaults]
default_realm = EXAMPLE.ORG
clockskew = 300
v4_instance_resolve = false

[domain_realm]
.example.org = EXAMPLE.ORG
  • If you get a permission denied error when you try to save and replace the existing file, do the following:
    • Save the file on your Desktop and close Notepad
    • Drage and drop (i.e. move) the file to the location where you just tried to save with Notepad
    • A dialog box asks for your confirmation where you click “continue”.

Step 2: Install OpenAFS

  • Scroll down to the OpenAFS for Windows 1.7.x download section and download the 64-bit MSI installer (or 32 bit if you have a 32 bit version of Windows. If in doubt see this page.).
  • Run the installer and click “Next” a few times.
  • At Chose Setup Type click on the Custom icon.

  • At Custom Setup scroll down to Authentication for AFS. Click on the arrow pointing down and select Entire feature will be installed on local hard drive.

  • At Configure AFS Client enter your cell name in the “Default Cell” field. In this example example.org and select the options as on the picture.

  • At Options for AFS Credentials select the options as shown.

  • Click Next, click Install, click Finish.
  • Important on 64-bit systems (almost all computers today): If you installed OpenAFS with the 64-bit MSI Installer you also need to install the “32-bit tools MSI Installer”, which you will find on http://www.openafs.org/windows.html too (the link is just below the “64-bit MSI Installer”). The download page also says it very clear: “Both installers must be installed on 64-bit systems.”.
  • Reboot your computer.

Log in to AFS

  • In the process bar you may click the little arrow pointing upwards and choosing the lock icon.

  • Click on Obtain New Tokens

  • Enter the following information and click ok:
    • AFS Cell: Your cell. In this example example.org
    • User Name: Your username followed by @ and the cell name in UPPER CASE (called a Kerberos REALM). In this example john@EXAMPLE.ORG.
    • Password: Passphrase for your user.

  • You should now have access to your AFS cell for some period of time (typically 12 or 24 hours).
  • A network drive calles AFS should show up under e.g. “My Computer”

  • Your default cell is available as a folder and foreign cells (e.g. if you log into another cell) is available if you enter the address in the address bar in the top of e.g. “My Computer” and hit enter.
    • An example could be:
      \\AFS\su.se

Note: For Windows8

After logging in to AFS, the Network folder might not display your AFS folder by itself. You can check if you have connecting by pressing the address bar in the top of e.g. “My Computer” and entering:

\\AFS\your.domain.se

.

If you have connection you will have to do the following for it to be displayed in Windows Pathfinder:

  • Open Windows Pathfinder (This is done by opening any folder, e.g. “My Computer”) and go to “Network”, typically shown in the bottom left corner of the pathfinder.
  • Then this message should be displayed:

  • Press the message that popped up from the top. Then press “Turn on network discovery and file sharing”

  • You will then be prompted with the following message, press “Yes, turn on network discovery and file sharing for all public networks” (Note: This makes all your publicly shared files on your local PC available for any network you log on to from now on. - This is however not a security risk unless you have made your files public yourself, as all files are private by default.)

  • After the system is done refreshing you should now see a screen like this:

  • This means you now can navigate directly to the folder in your AFS system.
  • If you still can't see your AFS system, you might need to refresh the folder.
  • Right-click in the folder, and press “Refresh”

Optional: Create a shortcut

Shortcut on your desktop

  • On your desktop right click and choose “new” → “Shortcut”
  • Go to “Network” → “AFS” and go to e.g. your home folder and select that
  • Choose a name

Map a drive letter

  • Go to “My Computer”
  • Right click on “Network”
  • Choose “Map network drive…”
  • Choose a drive letter
  • Browse for a folder (“Network” → “AFS” and go to e.g. your home folder and select that)
QR Code
QR Code client:windows (generated for current page)