Difference between revisions of "User:Djgreen/AFS Installation"
Jump to navigation
Jump to search
m |
m |
||
Line 42: | Line 42: | ||
*Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'. | *Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'. | ||
*Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that). | *Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that). | ||
− | *If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". | + | *If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". To remove this, uncheck the "Obtain AFS tokens when logging into Windows" option on the AFS Client Configuration. |
Revision as of 13:40, 27 November 2007
Installing AFS clients for Vista machines without the use of WolfCall. Instructions made while installing on a Vista Enterprise workstation (32bit).
- Download KFW 3.2.2 from http://web.mit.edu/kerberos/dist/index.html
- Install, selecting "Complete" when prompted.
- Download OpenAFS 1.5.27 from http://www.openafs.org/windows.html
- Install, selecting "Typical" when prompted.
- This will install the loopback adapter + the NetID credentials utility connection.
- Reboot when requested.
- At login, you'll receive the following error "Integrated Login failed: Decrypt integrity check failed". Click OK.
- The "Obtain New AFS Tokens" window will pop up. Close it.
- I believe this popup can be prevented if you click the "Prevent AFSCreds.exe from starting automatically when you log in to Windows" option in the Network Identity Manager Configuration in the "AFS" section. Will need to test this later.
- Open the Network Identity Manager.
- Options>AFS>Click "OpenAFS Control Panel".
- Change the Client Configuration Cell Name from 'openafs.org' to 'eos.ncsu.edu'. (Note: if you use 'unity.ncsu.edu' you'll see the error message Integrated Login Failed: Cannot resolve network address for KDC in requested realm).
- Replace the contents of C:\Windows\krb5.ini with the following:
[realms] EOS.NCSU.EDU = { admin_server = kerberos-master.ncsu.edu:749 default_domain = eos.ncsu.edu } [logging] default = FILE:/var/adm/krb5.log [libdefaults] ticket_lifetime = 24000 default_realm = EOS.NCSU.EDU default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc dns_lookup_kdc = true dns_lookup_realm = false [domain_realm] .ncsu.edu = EOS.NCSU.EDU ncsu.edu = EOS.NCSU.EDU
- Exit from the Network Identity Manager and then restart it.
- In the Configuration, Identities, you should see unityid@EOS.NCSU.EDU. Select this, then the AFS tab.
- Change the entry in Cell to 'bp.ncsu.edu', then click Add/Update. Repeat for 'unity.ncsu.edu'.
- Click OK. Now click the Yellow Sun icon near the top left to authenticate. Use your Unity paswd. You should now have credentials for all three cells. You will only have Kerb4 creds for EOS (don't worry about that).
- If you attempt to reboot/login, you'll get the following message: "Integrated Login Failed: Unknown code ___ 254". To remove this, uncheck the "Obtain AFS tokens when logging into Windows" option on the AFS Client Configuration.