Difference between revisions of "User:Djgreen/AFS Installation"
Jump to navigation
Jump to search
m (New page: Installing AFS clients for Vista machines without the use of WolfCall. *Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html **Install, selecting "Complete" when prompted....) |
m |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Installing AFS clients for Vista machines without the use of WolfCall. | + | Installing AFS clients for Vista machines without the use of WolfCall. Instructions made while installing on a Vista Enterprise workstation (32bit). |
*Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html | *Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html | ||
Line 5: | Line 5: | ||
*Download OpenAFS 1.5.27 from http://www.openafs.org/windows.html | *Download OpenAFS 1.5.27 from http://www.openafs.org/windows.html | ||
**Install, selecting "Typical" when prompted. | **Install, selecting "Typical" when prompted. | ||
− | **This will install the loopback adapter + the NetID credentials utility. | + | **This will install the loopback adapter + the NetID credentials utility connection. |
*Reboot when requested. | *Reboot when requested. | ||
+ | |||
+ | *At login, you'll receive the following error "Integrated Login failed: Decrypt integrity check failed". Click OK. | ||
+ | *The "Obtain New AFS Tokens" window will pop up. Close it. | ||
+ | **I believe this popup can be prevented if you click the "Prevent AFSCreds.exe from starting automatically when you log in to Windows" option in the Network Identity Manager Configuration in the "AFS" section. Will need to test this later. OK, unchecking that doesn't help. Still need to find a way to disable that popup. | ||
+ | *Open the Network Identity Manager. | ||
+ | *Options>AFS>Click "OpenAFS Control Panel". | ||
+ | *Change the Client Configuration Cell Name from 'openafs.org' to 'eos.ncsu.edu'. (Note: if you use 'unity.ncsu.edu' you'll see the error message Integrated Login Failed: Cannot resolve network address for KDC in requested realm). | ||
+ | |||
+ | *Replace the contents of C:\Windows\krb5.ini with the following: | ||
+ | <pre> | ||
+ | [realms] | ||
+ | EOS.NCSU.EDU = { | ||
+ | admin_server = kerberos-master.ncsu.edu:749 | ||
+ | default_domain = eos.ncsu.edu | ||
+ | } | ||
+ | |||
+ | [logging] | ||
+ | default = FILE:/var/adm/krb5.log | ||
+ | |||
+ | [libdefaults] | ||
+ | ticket_lifetime = 24000 | ||
+ | default_realm = EOS.NCSU.EDU | ||
+ | default_tkt_enctypes = des-cbc-crc | ||
+ | default_tgs_enctypes = des-cbc-crc | ||
+ | dns_lookup_kdc = true | ||
+ | dns_lookup_realm = false | ||
+ | |||
+ | [domain_realm] | ||
+ | .ncsu.edu = EOS.NCSU.EDU | ||
+ | ncsu.edu = EOS.NCSU.EDU | ||
+ | </pre> | ||
+ | *Exit from the Network Identity Manager and then restart it. | ||
+ | *In the Configuration, Identities, you should see unityid@EOS.NCSU.EDU. Select this, then the AFS tab. | ||
+ | *Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'. | ||
+ | *Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that). | ||
+ | *If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". To remove this, uncheck the "Obtain AFS tokens when logging into Windows" option on the AFS Client Configuration. | ||
+ | *If you check the "Obtain new credentials at startup (if none are present)" option on the 'General' section of the Network Identity Manager Configuration, it will prompt you to give your Unity password once you've logged in. Not integration with the Gina, but better to show this than have the user try to get to their J/K drives later and not be authenticated. |
Latest revision as of 14:09, 27 November 2007
Installing AFS clients for Vista machines without the use of WolfCall. Instructions made while installing on a Vista Enterprise workstation (32bit).
- Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html
- Install, selecting "Complete" when prompted.
- Download OpenAFS 1.5.27 from http://www.openafs.org/windows.html
- Install, selecting "Typical" when prompted.
- This will install the loopback adapter + the NetID credentials utility connection.
- Reboot when requested.
- At login, you'll receive the following error "Integrated Login failed: Decrypt integrity check failed". Click OK.
- The "Obtain New AFS Tokens" window will pop up. Close it.
- I believe this popup can be prevented if you click the "Prevent AFSCreds.exe from starting automatically when you log in to Windows" option in the Network Identity Manager Configuration in the "AFS" section. Will need to test this later. OK, unchecking that doesn't help. Still need to find a way to disable that popup.
- Open the Network Identity Manager.
- Options>AFS>Click "OpenAFS Control Panel".
- Change the Client Configuration Cell Name from 'openafs.org' to 'eos.ncsu.edu'. (Note: if you use 'unity.ncsu.edu' you'll see the error message Integrated Login Failed: Cannot resolve network address for KDC in requested realm).
- Replace the contents of C:\Windows\krb5.ini with the following:
[realms] EOS.NCSU.EDU = { admin_server = kerberos-master.ncsu.edu:749 default_domain = eos.ncsu.edu } [logging] default = FILE:/var/adm/krb5.log [libdefaults] ticket_lifetime = 24000 default_realm = EOS.NCSU.EDU default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc dns_lookup_kdc = true dns_lookup_realm = false [domain_realm] .ncsu.edu = EOS.NCSU.EDU ncsu.edu = EOS.NCSU.EDU
- Exit from the Network Identity Manager and then restart it.
- In the Configuration, Identities, you should see unityid@EOS.NCSU.EDU. Select this, then the AFS tab.
- Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'.
- Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that).
- If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". To remove this, uncheck the "Obtain AFS tokens when logging into Windows" option on the AFS Client Configuration.
- If you check the "Obtain new credentials at startup (if none are present)" option on the 'General' section of the Network Identity Manager Configuration, it will prompt you to give your Unity password once you've logged in. Not integration with the Gina, but better to show this than have the user try to get to their J/K drives later and not be authenticated.