EDV:OpenAFS/Windows: Difference between revisions
 |
|||
(49 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
=== Generelle Installationsanweisungen und Anmerkungen: === |
=== Generelle Installationsanweisungen und Anmerkungen: === |
||
⚫ | |||
⚫ | |||
⚫ | |||
'''IMPORTANT:''' During the installation process you will be asked for the AFS-Cell: '''kip.uni-heidelberg.de''' |
|||
⚫ | |||
On Windows 10 you have to enable the version 1 of the SMB protocol by opening "Turn Windows features on or off" and selecting "SMB 1.0/CIFS File Sharing Support". (Bzw. "UnterstĂźtzung fĂźr die SMB 1.0/CIFS-Dateifreigabe" in der Box "Windows-Features", die Ăźber "Programme und Features" in der Systemsteuerung aufgerufen werden kann.) If the feature is not available in the features list you have to open the "PowerShell" as Administrator. There you have to install it with "Get-WindowsOptionalFeature âOnline âFeatureName SMB1Protocol" and activate it with "Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol" ([https://docs.microsoft.com/de-de/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 Microsoft Docs]). On Windows 10 it is also possible to install only "OpenAfs for Windows (32-bit binaries)" & "OpenAFS for Windows (64-bit)" - but during the installation off OpenAFS you have to add the features "Authentication for AFS" and "Client configuration tool" to the installaiton process. |
|||
If it's not possible to download the files from the fileserver you probably have to check this discussion: [https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/you-cant-access-this-shared-folder-because-your/01d15775-2cbe-41f8-beb8-84ce588b34ab "You can't access this shared folder because your organization's security policies block unauthenticated guest access"] |
|||
â [[EDV:OpenAFS/Windows/Windows 10 Home|Guide for Windows 10 Home]] |
|||
⚫ | |||
Beim Upgrade von Version kleiner / gleich 1.6.xx - bitte den alten Client deinstallieren! |
|||
Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter. |
Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter. |
||
Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX und zwar nach der Deinstallation des Clients, den |
Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX, und zwar nach der Deinstallation des Clients, den |
||
[http://www-01.ibm.com/support/docview.wss?uid=swg21240069 Loopbackadapter zu entfernen]. |
|||
⚫ | |||
Dies funktioniert am Besten Ăźber: |
|||
Eigenschaften des Loopbackadapters > Karteikarte Treiber > Deinstallieren/Entfernen |
|||
⚫ | |||
Installation ohne Kerberos/Heimdal: |
==== Installation des AFS Authentication Gui Tool, Installation ohne Kerberos/Heimdal: ==== |
||
Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das AFS Authentication Tool zu installieren. |
Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das ''AFS Authentication Tool'' zu installieren. |
||
HierfĂźr ist es notwendig die Installation manuell durchzufĂźhren und die Auswahl der einzelnen Programmteile wie folgt zu treffen: |
HierfĂźr ist es notwendig die Installation manuell/custom durchzufĂźhren, und die Auswahl der einzelnen Programmteile wie folgt zu treffen: |
||
[[image:afs_options.png| AFS Options]] |
<p style=margin-left:7%>[[image:afs_options.png| AFS Options]]</p> |
||
<br> |
|||
== Client-Software == |
== Client-Software == |
||
⚫ | |||
⚫ | |||
or use this |
|||
'''[[Media:Kip-afs_windows-installation.zip | KIP-AFS_Windows-Installation Script]]''' (.bat-script in .zip-file) |
|||
⚫ | |||
which automatically downloads, installs and configures all needed software for you. |
|||
⚫ | |||
{{Achtung| NOTE: The '''AFS-Cell is: kip.uni-heidelberg.de''' |
|||
Use only for a fresh installation, or uninstall the old client-software completely first! |
|||
⚫ | |||
⚫ | |||
Remove also the Loopback Adapter, if present in the Device Manager. |
|||
⚫ | |||
On Windows7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"}} |
|||
HowTo: [http://www-01.ibm.com/support/docview.wss?uid=swg21240069 Uninstalling the Microsoft Windows Loopback Adapter] |
|||
⚫ | |||
⚫ | |||
=== OpenAFS === |
=== OpenAFS === |
||
Line 34: | Line 61: | ||
==== Download for 32-bit Windows ==== |
==== Download for 32-bit Windows ==== |
||
* [http:// |
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-en_US-1-7-3100.msi 32-bit MSI installer] |
||
==== Downloads for 64-bit Windows ==== |
==== Downloads for 64-bit Windows ==== |
||
Line 40: | Line 67: | ||
Both installers must be installed on 64-bit systems |
Both installers must be installed on 64-bit systems |
||
* [http:// |
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-en_US-64bit-1-7-3100.msi 64-bit MSI installer] |
||
* [http:// |
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-32bit-tools-en_US-1-7-3100.msi 32-bit tools MSI installer] |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
For further information and latest releases see: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows (KFW)] |
For further information and latest releases see: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows (KFW)] |
||
Line 52: | Line 78: | ||
==== Download for 32-bit Windows ==== |
==== Download for 32-bit Windows ==== |
||
* [http:// |
* [http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi MIT Kerberos for Windows 32 Bit] |
||
==== Download for 64-bit Windows ==== |
==== Download for 64-bit Windows ==== |
||
On 64-bit Windows install '''both''' the 32-bit and 64-bit MSI packages |
|||
* [http:// |
* [http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi MIT Kerberos for Windows 64 Bit] |
||
⚫ | |||
* [http://www.secure-endpoints.com/binaries/mit-kfw-3-2-2/kfw-amd64-3-2-2.msi MIT Kerberos for Windows 64 Bit] |
|||
⚫ | |||
For further information and latest releases see: [http://www.h5l.org Heimdal Kerberos 5] |
For further information and latest releases see: [http://www.h5l.org Heimdal Kerberos 5] |
||
Line 72: | Line 95: | ||
* [http://www.secure-endpoints.com/binaries/heimdal/Heimdal-AMD64-full-1-5-100-930.msi Heimdal Kerberosn 64 Bit] |
* [http://www.secure-endpoints.com/binaries/heimdal/Heimdal-AMD64-full-1-5-100-930.msi Heimdal Kerberosn 64 Bit] |
||
For Heimdal Kerberos you need to install the Network Identity Manager |
For Heimdal Kerberos you also need to install the Network Identity Manager |
||
=== Network Identity Manager === |
=== >> Network Identity Manager === |
||
Network Identity Manager version 2.0 |
Network Identity Manager version 2.0 is its own distribution that upgrades the Network Identity Manager components installed by KFW (MIT-Kerberos). |
||
For further information and documentation see: [ |
For further information and documentation see: [https://www.secure-endpoints.com/netidmgr/v2/ Network Identity Manager Homepage] |
||
{{Achtung|{{IconAchtung}}This Download is only needed if you like |
{{Achtung|{{IconAchtung}}This Download is only needed if you like like to use Heimdal-Kerberos}} |
||
==== Download for 32-bit Windows ==== |
==== Download for 32-bit Windows ==== |
||
* [ |
* [https://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-i386-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (32-bit MSI)] |
||
==== Download for 64-bit Windows ==== |
==== Download for 64-bit Windows ==== |
||
* [ |
* [https://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-AMD64-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (64-bit MSI)] |
||
== Installation == |
== Installation == |
||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
⚫ | |||
[[Image:kip_afs_mit.PNG|right]] |
[[Image:kip_afs_mit.PNG|right]] |
||
=== Kerberos Setup === |
|||
⚫ | |||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
[[Image:kip_afs_mit2.PNG|right]] |
[[Image:kip_afs_mit2.PNG|right]] |
||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
[[Image:kip_afs_mit3.PNG|right]] |
[[Image:kip_afs_mit3.PNG|right]] |
||
When you use the Installation-Script, you can leave the Option: |
|||
If you select the |
|||
* Download from web path: |
|||
* "Use existing configuration files ..." |
|||
then the web path for the config file is: |
|||
checked, even if no previous Kerberos-Software-Setup has taken place. |
|||
⚫ | |||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
[[Image:kip_afs_mit4.PNG|right]] |
[[Image:kip_afs_mit4.PNG|right]] |
||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
[[Image:kip_afs1.PNG|right]] |
[[Image:kip_afs1.PNG|right]] |
||
=== OpenAFS for Windows Setup === |
|||
Related config files under: http://printer.kip.uni-heidelberg.de/afsconfig |
|||
* [http://printer.kip.uni-heidelberg.de/afsconfig/CellAlias CellAlias] |
|||
* [http://printer.kip.uni-heidelberg.de/afsconfig/CellServDB CellServDB] |
|||
⚫ | |||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
[[Image:kip_afs2.PNG|right]] |
[[Image:kip_afs2.PNG|right]] |
||
Important step here! Do NOT omit ;) |
|||
Set the Dafault Cell to: |
|||
'''kip.uni-heidelberg.de''' |
|||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
||
=== AFS setup on macos === |
|||
-> you can find a very good guide on the page of [http://computing.help.inf.ed.ac.uk/afs-mac-os-x The University of Edinburgh]. |
|||
== Client-Connection == |
== Client-Connection == |
||
Line 131: | Line 175: | ||
The folder can be any (accessible) path starting with '''\\afs''' |
The folder can be any (accessible) path starting with '''\\afs''' |
||
=== Examples: === |
|||
( the shortcut \\afs\kip is also possible ) |
|||
* for the top level view: '''\\afs\kip.uni-heidelberg.de''' |
* for the top level view: '''\\afs\kip.uni-heidelberg.de''' |
||
Line 141: | Line 186: | ||
You can map multiple folders to different drive letters, in order to organize a quick and convenient file access. |
You can map multiple folders to different drive letters, in order to organize a quick and convenient file access. |
||
⚫ | |||
⚫ | |||
" \\afs\kip\<your_location> " in the explorer address bar. |
|||
<br style="clear:both;" /> |
<br style="clear:both;" /> |
Latest revision as of 16:23, 19 January 2023
Generelle Installationsanweisungen und Anmerkungen:
Download: KIP-AFS_Windows-Installation Script (.bat-script in .zip-file)
This script will automatically download, install and configure all needed software for you.
IMPORTANT: During the installation process you will be asked for the AFS-Cell: kip.uni-heidelberg.de
On Windows > 7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"
On Windows 10 you have to enable the version 1 of the SMB protocol by opening "Turn Windows features on or off" and selecting "SMB 1.0/CIFS File Sharing Support". (Bzw. "UnterstĂźtzung fĂźr die SMB 1.0/CIFS-Dateifreigabe" in der Box "Windows-Features", die Ăźber "Programme und Features" in der Systemsteuerung aufgerufen werden kann.) If the feature is not available in the features list you have to open the "PowerShell" as Administrator. There you have to install it with "Get-WindowsOptionalFeature âOnline âFeatureName SMB1Protocol" and activate it with "Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol" (Microsoft Docs). On Windows 10 it is also possible to install only "OpenAfs for Windows (32-bit binaries)" & "OpenAFS for Windows (64-bit)" - but during the installation off OpenAFS you have to add the features "Authentication for AFS" and "Client configuration tool" to the installaiton process.
If it's not possible to download the files from the fileserver you probably have to check this discussion: "You can't access this shared folder because your organization's security policies block unauthenticated guest access"
Upgrade auf Version 1.7.XX:
Beim Upgrade von Version kleiner / gleich 1.6.xx - bitte den alten Client deinstallieren!
Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter. Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX, und zwar nach der Deinstallation des Clients, den Loopbackadapter zu entfernen. Dies funktioniert am Besten Ăźber:
Eigenschaften des Loopbackadapters > Karteikarte Treiber > Deinstallieren/Entfernen
Dieses Fenster findet man entweder im Gerätemanager, oder unter Eigenschaften von Netzwerk.
Installation des AFS Authentication Gui Tool, Installation ohne Kerberos/Heimdal:
Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das AFS Authentication Tool zu installieren. HierfĂźr ist es notwendig die Installation manuell/custom durchzufĂźhren, und die Auswahl der einzelnen Programmteile wie folgt zu treffen:
Client-Software
To access the AFS-Server you need to download and install the appropriate OpenAFS and Kerberos Software (sometimes tricky), or use this
KIP-AFS_Windows-Installation Script (.bat-script in .zip-file)
which automatically downloads, installs and configures all needed software for you.
NOTE: The AFS-Cell is: kip.uni-heidelberg.de
Use only for a fresh installation, or uninstall the old client-software completely first! Remove also the Loopback Adapter, if present in the Device Manager. On Windows7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator" |
HowTo: Uninstalling the Microsoft Windows Loopback Adapter
OpenAFS for Windows depends on a third party Kerberos 5 implementation for network authentication.
There are two supported options: MIT Kerberos for Windows and Heimdal Kerberos. For Windows7 64 Bit better use Heimdal Kerberos on all other Systems the MIT Kerberos works well.
OpenAFS
For the latest releases visit the Homepage OpenAFS for Windows
Download for 32-bit Windows
Downloads for 64-bit Windows
Both installers must be installed on 64-bit systems
>> Kerberos (MIT)
Kerberos for Windows already includes Network Identity Manager
For further information and latest releases see: MIT Kerberos for Windows (KFW)
Download for 32-bit Windows
Download for 64-bit Windows
>> Kerberos (Heimdal)
For further information and latest releases see: Heimdal Kerberos 5
Download for 32-bit Windows
Download for 64-bit Windows
For Heimdal Kerberos you also need to install the Network Identity Manager
>> Network Identity Manager
Network Identity Manager version 2.0 is its own distribution that upgrades the Network Identity Manager components installed by KFW (MIT-Kerberos).
For further information and documentation see: Network Identity Manager Homepage
This Download is only needed if you like like to use Heimdal-Kerberos |
Download for 32-bit Windows
Download for 64-bit Windows
Installation
Kerberos Setup
Example installation with MIT Kerberos for Windows
When you use the Installation-Script, you can leave the Option:
- "Use existing configuration files ..."
checked, even if no previous Kerberos-Software-Setup has taken place.
OpenAFS for Windows Setup
Related config files under: http://printer.kip.uni-heidelberg.de/afsconfig
Important step here! Do NOT omit ;)
Set the Dafault Cell to:
kip.uni-heidelberg.de
AFS setup on macos
-> you can find a very good guide on the page of The University of Edinburgh.
Client-Connection
After installing the AFS-Software you need to:
If the authentication was successful, you are able to access your data by
- Click: Start > Computer > Map network drive (in the tool-bar)
- In the "Map Network Drive window" choose an available drive letter from the drop-down list and type the name of the folder to map.
The folder can be any (accessible) path starting with \\afs
Examples:
( the shortcut \\afs\kip is also possible )
- for the top level view: \\afs\kip.uni-heidelberg.de
- for your Home directory: \\afs\kip.uni-heidelberg.de\user\<USERNAME>
Click the "Reconnect at logon" checkbox if this network drive should be mapped permanently.
You can map multiple folders to different drive letters, in order to organize a quick and convenient file access.
It is also possible to access the data temporary (on the fly) without dedicated drive-mapping by typing:
" \\afs\kip\<your_location> " in the explorer address bar.