Installing

Linux

Linux installations vary by distribution. Some distributions may include versions of OpenAFS either stock or as an add-on. Downloads are also available from the main www.openafs.org website.

For linux, be sure to use 1.6.5.2 or greater.

The OpenAFS download directories can function as a YUM repository if you create a yum repo config file pointing to the OpenAFS website. Attached is a sample repo yum repository config for OpenAFS 1.6.5 running on RHEL6 and a sample yum repository config for OpenAFS 1.6.5 running on Fedora. If these do not work, make sure that binaries have been published on the OpenAFS.org web site. If not, CNF may be able to supply you with pre-compiled binary RPMs. You will want to install the following RPMs:

openafs-compat
openafs-authlibs
openafs-server (if running an openafs server)
openafs-devel (if you want the devel libs)
openafs
dkms-openafs (if you want to dynamically build kernel modules ... you will also need the dkms rpm, available from multiple sources)
openafs-authlibs-devel (again, if you want the devel libs)
openafs-client (for running the openafs client)
openafs-docs
openafs-krb5
openafs-kernel-source (again, for devel purposes)

After installing AFS, make sure to set the cellname in your ThisCell file to cnf.cornell.edu . The location of the ThisCell file varies depending on your linux distribution. You should also consider increasing the cache size in the cacheinfo file from the default.

With each upgrade to your linux kernel, you will need a new OpenAFS kernel module. CNF recommends the use of DKMS to auto build new kernel modules. If using an RPM based distribution, openafs.org provides a dkms-openafs RPM.

Kerberos is also required on Linux and must be configured with a krb5.conf file. The exact format of your Kerberos configuration file may vary depending on if you are using MIT Kerberos or Heimdal Kerberos. Regardless, the following must be defined in your Kerberos config file:

[libdefaults]
allow_weak_crypto = true
 ticket_lifetime = 30d
 renew_lifetime = 30d
 forwardable = true
 renewable = true

[realms]
 CIT.CORNELL.EDU = {
  kdc = kerberos.cit.cornell.edu:88
  kdc = kerberos2.cit.cornell.edu:88
  admin_server = kerberos.cit.cornell.edu:749
  default_domain = cit.cornell.edu
 }

CNF.CORNELL.EDU = {
        kdc = hole.cnf.cornell.edu:88
        kdc = smoke.cnf.cornell.edu:88
        kdc = mist.cnf.cornell.edu:88
        admin_server = hole.cnf.cornell.edu:749
        default_domain = cnf.cornell.edu
}

CORNELL.EDU = {
  kdc = ad2.cornell.edu
  kdc = ad1.cornell.edu
  default_domain = cornell.edu
 }    

GUEST.CORNELL.EDU = {
    kdc = obsidian1.cit.cornell.edu:88
        kdc = obsidian2.cit.cornell.edu:88
    admin_server = obsidian1.cit.cornell.edu
    default_domain = guest.cornell.edu
}

[domain_realm]
 .cit.cornell.edu = CIT.CORNELL.EDU
 cit.cornell.edu = CIT.CORNELL.EDU
 .mail.cornell.edu = CIT.CORNELL.EDU
 mail.cornell.edu = CIT.CORNELL.EDU
.cnf.cornell.edu = CNF.CORNELL.EDU
 cnf.cornell.edu = CNF.CORNELL.EDU

If using MIT Kerberos, you must also set the following in your krb5.conf (Heimdal uses a different syntax for the capaths section):

[capaths]
CIT.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

GUEST.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

CORNELL.EDU = {
    CIT.CORNELL.EDU = .
    CNF.CORNELL.EDU = CIT.CORNELL.EDU
}

Windows

d/l MIT Kerberos for Windows (32 or 64-bit, depending on your windows os install) 4.0.1 from http://web.mit.edu/kerberos/dist/index.html
1. Do a Typical install
d/l 1.7.x MSI client installer (for Managed installations) from http://www.openafs.org/windows.html
1. If installing on 64-bit Windows, you will also need the 32-bit tools package. Install this doing a "Typical" install.
Set your computer not to go to sleep unless installing 1.7.x
run the openafs installer
1. Select a Custom install
2. Accept the defaults for which components to install unless...

1. 1. If installing 1.7.x, you will need to install the "Authentication" component -- not enabled by default in 1.7.x.
2. Change the cell name from openafs.org to cnf.cornell.edu
3. Accept defaults on the rest of the screens
4. Don't yet reboot (when prompted by the installer)
Run the attached .reg files to set OpenAFS registry settings
Copy the attached krb5.ini to c:\ProgramData\MIT\Kerberos (on XP, instead use C:\Documents and Settings\All Users\Application Data) overwriting the krb5.ini file that may be already there
- NOTE: If your organization also uses Kerberos, you will instead want to merge in the CNF krb5.ini with your organization's krb5.ini .
- Your local tech support or CNF Computing support can help you with this.
Firewall Configuration - Under Windows XP and newer, we recommend that you just use the built-in Windows firewall. For other firewalls:
1. SYMANTEC - If the Symantec Client Firewall is installed, you will need to add a rule allowing all traffic to/from 10.254.254.253
  - If, during the Symantec configuration process, you get a popup window about a script error, you have two choices:
    - Reinstall Symantec - this MAY fix the problem
    - Disable the Symantec firewall and enable the Windows firewall - consult CNF IT staff for help on doing this
    - If you would prefer to continue using the Symantec Client firewall, follow the below to allow AFS to work:

1. 1. 1. 1. Open Symantec Client Firewall
      2. Client Firewall - Configure
      3. Advanced Tab
      4. General Button
      5. Add a rule
      6. Permit
      7. Connection to and from other computers
      8. Only the computers and sites listed below: Add 10.254.254.253
      9. TCP and UDP and All types of communication
      10. Don't log anything
      11. Name the rule AFS Loopback Rule
      12. Check All Locations
      13. Finish
      14. Find the rule in the list of General Rules (it will be at the bottom) and repeatedly click "Move Up" to get the rule to the top of the list

NOW, REBOOT. After rebooting, your firewall may prompt you to allow the various afs applications access to the network. You should choose to Always Allow these.
OPTIONAL, set up a drive mapping (must be done AFTER REBOOTING)
1. Right click on My Network Places
2. Map drive
3. To follow the CNF convention, set the drive letter to X
4. Set the path to \\afs\cnf.cornell.edu
5. Choose to Reconnect the drives
6. Done

Mac OS 10.7 (Lion) / 10.8 (Mountain Lion) / 10.9 (Mavericks)

Install the Mountain Lion krb5.conf file to /private/etc/krb5.conf
1. The /private/etc folder is hidden... to get to it from the Finder...
2. From the "Go" menu choose "Go to Folder"
3. Type in /private/etc
4. You can now copy the krb5.conf file over... you will be prompted for administrator credentials
Install the Mountain Lion edu.mit.Kerberos file to /Library/Preferences/edu.mit.Kerberos
1. You may first have to delete any existing edu.mit.Kerberos file (Finder may not let you overwrite the existing file)
2. The deletion operation will require typing in an administrative username and password
3. Copying over the new file will require typing in an administrative username and password
Download OpenAFS 1.6.5 or greater from the openafs.org website (10.7 / 10.8) OR Download 1.6.5.2 for Mavericks from this link (10.9)
Run the OpenAFS package installer
1. Specify cnf.cornell.edu as the cell name and cnf as the cell alias
2. No reboot is necessary (unless you are running Mavericks, Mac OS 10.9) - AFS will start running when the installer finishes
TO show the AFS icon on the Desktop...
1. Finder - Preferences
2. General tab
3. Check "Connected Servers"
Download the gui AFSTokens app for SnowLeopard (afstokens-64bit.zip) from https://forge.cornell.edu/sf/projects/afs_tokens
1. File Releases tab
2. The AFSTokens app is no longer maintained, but is still the best way to obtain AFS tokens.
3. Obtaining tokens works under the latest version of Mac OS X Mavericks. However, deleting tokens crashes the app.
4. Viewing your AFS group membership works under the latest version of OS X Mavericks.

Page tree

Installing AFS

Installing

Linux

Windows

Mac OS 10.7 (Lion) / 10.8 (Mountain Lion) / 10.9 (Mavericks)