EDV:OpenAFS/Windows: Difference between revisions

From KIP Wiki
⧟kip-jumptonavigation⧽⧟kip-jumptosearch⧽
 
(49 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=== Generelle Installationsanweisungen und Anmerkungen: ===
=== Generelle Installationsanweisungen und Anmerkungen: ===


Download: '''[[Media:Kip-afs_windows-installation.zip | KIP-AFS_Windows-Installation Script]]''' (.bat-script in .zip-file)
Upgrade auf Version 1.7.XX:

This script will automatically download, install and configure all needed software for you.

'''IMPORTANT:''' During the installation process you will be asked for the AFS-Cell: '''kip.uni-heidelberg.de'''

On Windows > 7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"

On Windows 10 you have to enable the version 1 of the SMB protocol by opening "Turn Windows features on or off" and selecting "SMB 1.0/CIFS File Sharing Support". (Bzw. "Unterstützung für die SMB 1.0/CIFS-Dateifreigabe" in der Box "Windows-Features", die über "Programme und Features" in der Systemsteuerung aufgerufen werden kann.) If the feature is not available in the features list you have to open the "PowerShell" as Administrator. There you have to install it with "Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol" and activate it with "Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol" ([https://docs.microsoft.com/de-de/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 Microsoft Docs]). On Windows 10 it is also possible to install only "OpenAfs for Windows (32-bit binaries)" & "OpenAFS for Windows (64-bit)" - but during the installation off OpenAFS you have to add the features "Authentication for AFS" and "Client configuration tool" to the installaiton process.

If it's not possible to download the files from the fileserver you probably have to check this discussion: [https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/you-cant-access-this-shared-folder-because-your/01d15775-2cbe-41f8-beb8-84ce588b34ab "You can't access this shared folder because your organization's security policies block unauthenticated guest access"]

→ [[EDV:OpenAFS/Windows/Windows 10 Home|Guide for Windows 10 Home]]

==== Upgrade auf Version 1.7.XX: ====

Beim Upgrade von Version kleiner / gleich 1.6.xx - bitte den alten Client deinstallieren!


Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter.
Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter.
Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX und zwar nach der Deinstallation des Clients, den Loopbackadapter zu entfernen.
Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX, und zwar nach der Deinstallation des Clients, den
[http://www-01.ibm.com/support/docview.wss?uid=swg21240069 Loopbackadapter zu entfernen].
Dies funktioniert am Besten ßber Eigenschaften des Loopbackadapters->Karteikarte Treiber->Deinstallieren/Entfernen. Dieses Fenster findet man entweder im Gerätemanager oder unter Eigenschaften von Netzwerk.
Dies funktioniert am Besten Ăźber:
Eigenschaften des Loopbackadapters > Karteikarte Treiber > Deinstallieren/Entfernen
Dieses Fenster findet man entweder im Gerätemanager, oder unter Eigenschaften von Netzwerk.


Installation ohne Kerberos/Heimdal:
==== Installation des AFS Authentication Gui Tool, Installation ohne Kerberos/Heimdal: ====


Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das AFS Authentication Tool zu installieren.
Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das ''AFS Authentication Tool'' zu installieren.
HierfĂźr ist es notwendig die Installation manuell durchzufĂźhren und die Auswahl der einzelnen Programmteile wie folgt zu treffen:
HierfĂźr ist es notwendig die Installation manuell/custom durchzufĂźhren, und die Auswahl der einzelnen Programmteile wie folgt zu treffen:


[[image:afs_options.png| AFS Options]]
<p style=margin-left:7%>[[image:afs_options.png| AFS Options]]</p>
<br>


== Client-Software ==
== Client-Software ==
To access the AFS-Server you need to download and install the appropriate '''OpenAFS''' and '''Kerberos''' Software (sometimes tricky),
[http://openafs.org/windows.html OpenAFS for Windows] depends on a third party Kerberos 5 implementation for network authentication.
or use this


'''[[Media:Kip-afs_windows-installation.zip | KIP-AFS_Windows-Installation Script]]''' (.bat-script in .zip-file)
There are two supported options: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows] and [http://www.secure-endpoints.com/heimdal/ Heimdal Kerberos]. For Windows7 64 Bit use Heimdal Kerberos on all other Systems the MIT Kerberos works well.


which automatically downloads, installs and configures all needed software for you.
To access the AFS-Server you need to download and install the appropriate '''OpenAFS''' and '''Kerberos''' Software (sometimes tricky),
{{Achtung| NOTE: The '''AFS-Cell is: kip.uni-heidelberg.de'''


Use only for a fresh installation, or uninstall the old client-software completely first!
or use this '''[[Media:Kip-afs_windows-installation.bat | KIP-AFS_Windows Installation Script]]''', which
automatically download, install and configure all needed software for you (recommended).


Remove also the Loopback Adapter, if present in the Device Manager.
On Windows7 you have to run this script with Administrator privileges: right click on the file and select "Run as administrator"


On Windows7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"}}


HowTo: [http://www-01.ibm.com/support/docview.wss?uid=swg21240069 Uninstalling the Microsoft Windows Loopback Adapter]



[http://openafs.org/windows.html OpenAFS for Windows] depends on a third party Kerberos 5 implementation for network authentication.

There are two supported options: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows] and [http://www.secure-endpoints.com/heimdal/ Heimdal Kerberos]. For Windows7 64 Bit better use Heimdal Kerberos on all other Systems the MIT Kerberos works well.


=== OpenAFS ===
=== OpenAFS ===
Line 34: Line 61:
==== Download for 32-bit Windows ====
==== Download for 32-bit Windows ====


* [http://dl.openafs.org/dl/openafs/1.7.11/winxp/openafs-en_US-1-7-1100.msi 32-bit MSI installer]
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-en_US-1-7-3100.msi 32-bit MSI installer]


==== Downloads for 64-bit Windows ====
==== Downloads for 64-bit Windows ====
Line 40: Line 67:
Both installers must be installed on 64-bit systems
Both installers must be installed on 64-bit systems


* [http://dl.openafs.org/dl/openafs/1.7.11/winxp/openafs-en_US-64bit-1-7-1100.msi 64-bit MSI installer]
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-en_US-64bit-1-7-3100.msi 64-bit MSI installer]


* [http://dl.openafs.org/dl/openafs/1.7.11/winxp/openafs-32bit-tools-en_US-1-7-1100.msi 32-bit tools MSI installer]
* [http://openafs.org/dl/openafs/1.7.31/winxp/openafs-32bit-tools-en_US-1-7-3100.msi 32-bit tools MSI installer]


=== >> Kerberos (MIT) ===

Kerberos for Windows already includes Network Identity Manager
=== Kerberos (MIT) ===
KFW 3.2.2 includes Network Identity Manager 1.3.1


For further information and latest releases see: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows (KFW)]
For further information and latest releases see: [http://web.mit.edu/kerberos/dist/index.html MIT Kerberos for Windows (KFW)]
Line 52: Line 78:
==== Download for 32-bit Windows ====
==== Download for 32-bit Windows ====


* [http://www.secure-endpoints.com/binaries/mit-kfw-3-2-2/kfw-i386-3-2-2.msi MIT Kerberos for Windows 32 Bit]
* [http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi MIT Kerberos for Windows 32 Bit]


==== Download for 64-bit Windows ====
==== Download for 64-bit Windows ====
On 64-bit Windows install '''both''' the 32-bit and 64-bit MSI packages


* [http://www.secure-endpoints.com/binaries/mit-kfw-3-2-2/kfw-i386-3-2-2.msi MIT Kerberos for Windows 32 Bit]
* [http://web.mit.edu/kerberos/dist/kfw/3.2/kfw-3.2.2/kfw-3-2-2.msi MIT Kerberos for Windows 64 Bit]


=== >> Kerberos (Heimdal) ===
* [http://www.secure-endpoints.com/binaries/mit-kfw-3-2-2/kfw-amd64-3-2-2.msi MIT Kerberos for Windows 64 Bit]

=== Kerberos (Heimdal) ===
For further information and latest releases see: [http://www.h5l.org Heimdal Kerberos 5]
For further information and latest releases see: [http://www.h5l.org Heimdal Kerberos 5]


Line 72: Line 95:
* [http://www.secure-endpoints.com/binaries/heimdal/Heimdal-AMD64-full-1-5-100-930.msi Heimdal Kerberosn 64 Bit]
* [http://www.secure-endpoints.com/binaries/heimdal/Heimdal-AMD64-full-1-5-100-930.msi Heimdal Kerberosn 64 Bit]


For Heimdal Kerberos you need to install the Network Identity Manager
For Heimdal Kerberos you also need to install the Network Identity Manager


=== Network Identity Manager ===
=== >> Network Identity Manager ===
Network Identity Manager version 2.0 will be its own distribution that upgrades the Network Identity Manager components installed by KFW (MIT-Kerberos).
Network Identity Manager version 2.0 is its own distribution that upgrades the Network Identity Manager components installed by KFW (MIT-Kerberos).


For further information and documentation see: [http://www.secure-endpoints.com/netidmgr/v2/index.html Network Identity Manager Homepage]
For further information and documentation see: [https://www.secure-endpoints.com/netidmgr/v2/ Network Identity Manager Homepage]


{{Achtung|{{IconAchtung}}This Download is only needed if you like to update the MIT-Kerberos from 1.3.x to 2.0.x or like to use the Heimdal-Kerberos}}
{{Achtung|{{IconAchtung}}This Download is only needed if you like like to use Heimdal-Kerberos}}


==== Download for 32-bit Windows ====
==== Download for 32-bit Windows ====


* [http://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-i386-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (32-bit MSI)]
* [https://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-i386-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (32-bit MSI)]


==== Download for 64-bit Windows ====
==== Download for 64-bit Windows ====


* [http://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-AMD64-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (64-bit MSI)]
* [https://www.secure-endpoints.com/binaries/netidmgr/v2/netidmgr-AMD64-rel-2_0_102_907.msi Network Identity Manager 2.0.102.907 (64-bit MSI)]


== Installation ==
== Installation ==
<br style="clear:both;" />
<br style="clear:both;" />
Example installation with MIT Kerberos for Windows
[[Image:kip_afs_mit.PNG|right]]
[[Image:kip_afs_mit.PNG|right]]
=== Kerberos Setup ===
Example installation with MIT Kerberos for Windows
<br style="clear:both;" />
<br style="clear:both;" />
[[Image:kip_afs_mit2.PNG|right]]
[[Image:kip_afs_mit2.PNG|right]]
<br style="clear:both;" />
<br style="clear:both;" />
[[Image:kip_afs_mit3.PNG|right]]
[[Image:kip_afs_mit3.PNG|right]]
When you use the Installation-Script, you can leave the Option:
If you select the
* Download from web path:


* "Use existing configuration files ..."
then the web path for the config file is:

checked, even if no previous Kerberos-Software-Setup has taken place.


http://printer.kip.uni-heidelberg.de/afsconfig/krb5.conf
<br style="clear:both;" />
<br style="clear:both;" />
[[Image:kip_afs_mit4.PNG|right]]
[[Image:kip_afs_mit4.PNG|right]]

<br style="clear:both;" />
<br style="clear:both;" />
[[Image:kip_afs1.PNG|right]]
[[Image:kip_afs1.PNG|right]]

=== OpenAFS for Windows Setup ===
Related config files under: http://printer.kip.uni-heidelberg.de/afsconfig
* [http://printer.kip.uni-heidelberg.de/afsconfig/CellAlias CellAlias]
* [http://printer.kip.uni-heidelberg.de/afsconfig/CellServDB CellServDB]
* [http://printer.kip.uni-heidelberg.de/afsconfig/ThisCell ThisCell]


<br style="clear:both;" />
<br style="clear:both;" />
[[Image:kip_afs2.PNG|right]]
[[Image:kip_afs2.PNG|right]]

Important step here! Do NOT omit ;)

Set the Dafault Cell to:

'''kip.uni-heidelberg.de'''

<br style="clear:both;" />
<br style="clear:both;" />

=== AFS setup on macos ===

-> you can find a very good guide on the page of [http://computing.help.inf.ed.ac.uk/afs-mac-os-x The University of Edinburgh].


== Client-Connection ==
== Client-Connection ==
Line 131: Line 175:
The folder can be any (accessible) path starting with '''\\afs'''
The folder can be any (accessible) path starting with '''\\afs'''


=== Examples: ===
Examles (''the shortcut \\afs\kip is also possible''):
( the shortcut \\afs\kip is also possible )


* for the top level view: '''\\afs\kip.uni-heidelberg.de'''
* for the top level view: '''\\afs\kip.uni-heidelberg.de'''
Line 141: Line 186:
You can map multiple folders to different drive letters, in order to organize a quick and convenient file access.
You can map multiple folders to different drive letters, in order to organize a quick and convenient file access.


It is also possible to access the data temporary (on the fly) without dedicated drive-mapping,


It is also possible to access the data temporary (on the fly) without dedicated drive-mapping by typing:
by typing \\afs\kip\.... location in the explorer address bar.
" \\afs\kip\<your_location> " in the explorer address bar.


<br style="clear:both;" />
<br style="clear:both;" />

Latest revision as of 16:23, 19 January 2023

Generelle Installationsanweisungen und Anmerkungen:

Download: KIP-AFS_Windows-Installation Script (.bat-script in .zip-file)

This script will automatically download, install and configure all needed software for you.

IMPORTANT: During the installation process you will be asked for the AFS-Cell: kip.uni-heidelberg.de

On Windows > 7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"

On Windows 10 you have to enable the version 1 of the SMB protocol by opening "Turn Windows features on or off" and selecting "SMB 1.0/CIFS File Sharing Support". (Bzw. "Unterstützung für die SMB 1.0/CIFS-Dateifreigabe" in der Box "Windows-Features", die über "Programme und Features" in der Systemsteuerung aufgerufen werden kann.) If the feature is not available in the features list you have to open the "PowerShell" as Administrator. There you have to install it with "Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol" and activate it with "Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol" (Microsoft Docs). On Windows 10 it is also possible to install only "OpenAfs for Windows (32-bit binaries)" & "OpenAFS for Windows (64-bit)" - but during the installation off OpenAFS you have to add the features "Authentication for AFS" and "Client configuration tool" to the installaiton process.

If it's not possible to download the files from the fileserver you probably have to check this discussion: "You can't access this shared folder because your organization's security policies block unauthenticated guest access"

→ Guide for Windows 10 Home

Upgrade auf Version 1.7.XX:

Beim Upgrade von Version kleiner / gleich 1.6.xx - bitte den alten Client deinstallieren!

Ab Version 1.7.X arbeitet der AFS Client fĂźr Windows mit einem nativen Filesystem Treiber und nicht mehr wie bisher Ăźber die Funktion SMB/Loopbackadapter. Deshalb ist es notwendig bei einem Upgrade des Clients auf Version 1.7.XX, und zwar nach der Deinstallation des Clients, den Loopbackadapter zu entfernen. Dies funktioniert am Besten Ăźber:

Eigenschaften des Loopbackadapters > Karteikarte Treiber > Deinstallieren/Entfernen 

Dieses Fenster findet man entweder im Gerätemanager, oder unter Eigenschaften von Netzwerk.

Installation des AFS Authentication Gui Tool, Installation ohne Kerberos/Heimdal:

Damit man auch ohne Kerberos oder Heimdal einen Token erzeugen kann, gibt es immer noch die MĂśglichkeit das AFS Authentication Tool zu installieren. HierfĂźr ist es notwendig die Installation manuell/custom durchzufĂźhren, und die Auswahl der einzelnen Programmteile wie folgt zu treffen:

AFS Options


Client-Software

To access the AFS-Server you need to download and install the appropriate OpenAFS and Kerberos Software (sometimes tricky), or use this

KIP-AFS_Windows-Installation Script (.bat-script in .zip-file)

which automatically downloads, installs and configures all needed software for you.

NOTE: The AFS-Cell is: kip.uni-heidelberg.de

Use only for a fresh installation, or uninstall the old client-software completely first!

Remove also the Loopback Adapter, if present in the Device Manager.

On Windows7 you need to run this script with Administrator privileges: right click on the file and select "Run as administrator"

HowTo: Uninstalling the Microsoft Windows Loopback Adapter


OpenAFS for Windows depends on a third party Kerberos 5 implementation for network authentication.

There are two supported options: MIT Kerberos for Windows and Heimdal Kerberos. For Windows7 64 Bit better use Heimdal Kerberos on all other Systems the MIT Kerberos works well.

OpenAFS

For the latest releases visit the Homepage OpenAFS for Windows

Download for 32-bit Windows

Downloads for 64-bit Windows

Both installers must be installed on 64-bit systems

>> Kerberos (MIT)

Kerberos for Windows already includes Network Identity Manager

For further information and latest releases see: MIT Kerberos for Windows (KFW)

Download for 32-bit Windows

Download for 64-bit Windows

>> Kerberos (Heimdal)

For further information and latest releases see: Heimdal Kerberos 5

Download for 32-bit Windows

Download for 64-bit Windows

For Heimdal Kerberos you also need to install the Network Identity Manager

>> Network Identity Manager

Network Identity Manager version 2.0 is its own distribution that upgrades the Network Identity Manager components installed by KFW (MIT-Kerberos).

For further information and documentation see: Network Identity Manager Homepage

Achtung.svgThis Download is only needed if you like like to use Heimdal-Kerberos

Download for 32-bit Windows

Download for 64-bit Windows

Installation


Kip afs mit.PNG

Kerberos Setup

Example installation with MIT Kerberos for Windows

Kip afs mit2.PNG


Kip afs mit3.PNG

When you use the Installation-Script, you can leave the Option:

  • "Use existing configuration files ..."

checked, even if no previous Kerberos-Software-Setup has taken place.


Kip afs mit4.PNG


Kip afs1.PNG

OpenAFS for Windows Setup

Related config files under: http://printer.kip.uni-heidelberg.de/afsconfig



Kip afs2.PNG

Important step here! Do NOT omit ;)

Set the Dafault Cell to:

kip.uni-heidelberg.de


AFS setup on macos

-> you can find a very good guide on the page of The University of Edinburgh.

Client-Connection

Kip afs login.PNG

After installing the AFS-Software you need to:

If the authentication was successful, you are able to access your data by

mapping a network drive:

  • Click: Start > Computer > Map network drive (in the tool-bar)
  • In the "Map Network Drive window" choose an available drive letter from the drop-down list and type the name of the folder to map.

The folder can be any (accessible) path starting with \\afs

Examples:

( the shortcut \\afs\kip is also possible )

  • for the top level view: \\afs\kip.uni-heidelberg.de
  • for your Home directory: \\afs\kip.uni-heidelberg.de\user\<USERNAME>

Click the "Reconnect at logon" checkbox if this network drive should be mapped permanently.

You can map multiple folders to different drive letters, in order to organize a quick and convenient file access.


It is also possible to access the data temporary (on the fly) without dedicated drive-mapping by typing: " \\afs\kip\<your_location> " in the explorer address bar.