User:Djgreen/AFS Installation

Installing AFS clients for Vista machines without the use of WolfCall. Instructions made while installing on a Vista Enterprise workstation (32bit).

• Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html
  • Install, selecting "Complete" when prompted.
• Download OpenAFS 1.5.27 from http://www.openafs.org/windows.html
  • Install, selecting "Typical" when prompted.
  • This will install the loopback adapter + the NetID credentials utility connection.
• Reboot when requested.

• At login, you'll receive the following error "Integrated Login failed: Decrypt integrity check failed". Click OK.
• The "Obtain New AFS Tokens" window will pop up. Close it.
  • I believe this popup can be prevented if you click the "Prevent AFSCreds.exe from starting automatically when you log in to Windows" option in the Network Identity Manager Configuration in the "AFS" section. Will need to test this later. OK, unchecking that doesn't help. Still need to find a way to disable that popup.
• Open the Network Identity Manager.
• Options>AFS>Click "OpenAFS Control Panel".
• Change the Client Configuration Cell Name from 'openafs.org' to 'eos.ncsu.edu'. (Note: if you use 'unity.ncsu.edu' you'll see the error message Integrated Login Failed: Cannot resolve network address for KDC in requested realm).

• Replace the contents of C:\Windows\krb5.ini with the following:

[realms]
 EOS.NCSU.EDU = {
  admin_server = kerberos-master.ncsu.edu:749
  default_domain = eos.ncsu.edu
 }

[logging]
 default = FILE:/var/adm/krb5.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = EOS.NCSU.EDU
 default_tkt_enctypes = des-cbc-crc
 default_tgs_enctypes = des-cbc-crc
 dns_lookup_kdc = true
 dns_lookup_realm = false

[domain_realm]
 .ncsu.edu = EOS.NCSU.EDU
 ncsu.edu = EOS.NCSU.EDU

• Exit from the Network Identity Manager and then restart it.
• In the Configuration, Identities, you should see unityid@EOS.NCSU.EDU. Select this, then the AFS tab.
• Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'.
• Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that).
• If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". To remove this, uncheck the "Obtain AFS tokens when logging into Windows" option on the AFS Client Configuration.
• If you check the "Obtain new credentials at startup (if none are present)" option on the 'General' section of the Network Identity Manager Configuration, it will prompt you to give your Unity password once you've logged in. Not integration with the Gina, but better to show this than have the user try to get to their J/K drives later and not be authenticated.