Installing Open AFS Client for Windows 2000/XP/2003

---

Contents: Installation | Configuration | Permissions | Troubleshooting | Mount Point Problems | Notes

---

The AFS Client provides direct access to your AFS (Andrew File System) file space from your PC. You can use your AFS filespace as another disk where you can save your PC files, or make them available to share with others. For example, you can create Web pages on your PC and then drag the generated files into your web folders in your AFS home folder (public_html).

Installation

Note: You need to have administrative privileges on your computer in order to install the AFS Client.

1. Obtain the AFS client install from the web:
   www.openafs.org
   then navigate to -
   Downloads -> Latest Release -> Windows 2000/XP/2003 (OpenAFS x.xx.xx -> Visit Release Page -> OpenAFSforWindows-x-x-xxxx.msi

   Save to your local harddrive

   Note: Please download the .msi file and not the .exe file.
   Your version will be whatever is current.

   

   Double-click the .msi file that you downloaded. A setup program will guide you through the installation.
   
   

   • Then Select Components screen is displayed next.
     
     
     • In the Components box, make sure that AFS Client is checked. (If you check the AFS Supplemental Documentation box, the AFS Administration Reference and AFS Administration Guide files will be added to the AFS online documentation set. These are not end-user documents.)
       
       
     • The Destination Folder box shows the default drive and directory where the selected components will be installed. Click Browse to change the default drive or directory.
       
       
     • Click Next to continue with the installation.
       
       
     

   • Choose the CellServDBPackaged Installation File as shown below.

   
   • You will need to enter a valid cell name. Enter fnal.gov as shown below. Please ensure the name is lower case.

     Also take the Recommended installation options as shown

     
   • After the selected files have been installed, you will be prompted to restart your computer. Select Yes and then click Finish. Your computer will be shut down and then restarted.
     

     

Return to top

---

Configuration

A. Start AFS Service

After you reboot, you should see the AFS icon, which looks like a padlock (). It is located in the system tray in the lower right section of the screen.

The red X next to the padlock indicates that the AFS Client Service is not running - you have not authenticated and do not have an AFS token. The service can be started by completing the following steps:

1. Double click on the AFS icon in the system tray.
   
   
2. Then Click on the Obtain New Tokens
   
   
   
3. Fill in your
   • User Name:
     
   • Password:  (this is your FNALU password)
     then click OK

   

   You will receive the following that you are currently logged on.

   

   The red X adjacent to the AFS icon will disappear.

   Now that the AFS Client service has started, you are able to mount AFS directories by mapping drive letters to paths in AFS.

   To map additional drive letters on your computer to paths in AFS:

   1. Go to your Start -> Programs -> OpenAFS -> OpenAFS Configure

      

      
      
   2. Click on Drive Letters then Add to map Drive Letters
      
   3. Enter the AFS Path: then Enter a description (up to 12 characters) for the AFS path.
      
      

   

   
   
   Note: The following example shows how to mount a user's backup of their home directory.
   Daily backups of the entire Fermilab cell are available from
   \afs\fnal.gov\files\backup

   

   4. The AFS service is now ready to use. Go to Windows Explorer and use your AFS-mapped drives like any other drive on your computer.
      

   Return to top

   ---

   Directory Permissions via Access Control Lists (ACLs)

   There is an ACL for every directory in AFS. The ACL specifies protection at the directory level (not file level). Each entry in an ACL consists of a username or an AFS protection group paired with a set of permissions (e.g., read, write).
   The permissions granted in a directory's ACL represent the maximum permissions. If a file in the directory has more restrictive permissions set, the user is limited by the restrictions on the file. If a file has more lenient permissions set, the user is limited by his ACL entry.
   1. Right click on one of the AFS mounts that you have and navigate to AFS
      
   

   then to Access Control Lists . . .

   

   ACL rights include:

   l

   lookup rights (permission to examine the ACL and traverse the directory (needed with most other access rights)).

   i

   insert rights (add new files or sub-directories)

   d

   delete rights (remove file (s) in directory)

   a

   administrator rights (allows user to change the ACL for a directory; note that you always have this right for your home directory even if you accidentally remove this ACL.)

   r

   read rights (allows user to look at the directory's contents and to read the data in the files contained in the directory)

   w

   write rights (allows user to modify the contents of the files in the directory and to change the UNIX mode bits with the command chmod)

   k

   lock rights (allows user to run programs that need to flock files in this directory; see the man pages for flock)

   Rights may also be referred to by special names that designate commonly-assigned combinations of rights. These are called combination rights. The defined combination rights are:

   write

   all rights excluding a (i.e. rlidwk)

   read

   l and r rights only (i.e. rl)

   all

   all rights (i.e. rlidwka)

   none

   no rights; this removes the group's or user's entry from the ACL entirely

   Return to top

   ---

   Troubleshooting

   If you encounter problems . .

   • Is the AFS service started?

   Start AFS Service:

   1. To check whether the AFS Service is started, click Start > Settings > Control Panel > Administrative Tools > Services.
      
      
   2. Locate the entry for OpenAFS Client Service on the Computer Management screen. If the status the Status column is not Started, double-click on the AFS Client entry.
      
      Note: You need to have administrative privileges in order to start the service.

      

   ---

   Mount Point Problems

   When you try to look at mount points and you see no folders . . .
   A bug affecting new installations of 1.3.75/76 has been found which will result in the creation of incorrect mountpoints in the freelance root.afs volume for the default cell.
   If "fs lsmount \\afs\all\" lists a volume name of "root" instead of "root.cell", you have been affected by the bug. To correct the problem, execute the following commands to create the proper mountpoints:
   1. fs rmmount \\afs\all\ fs rmmount \\afs\all\.
   2. fs mkmount \\afs\all\ root.cell fs mkmount \\afs\all\. root.cell -rw
   This bug will be corrected in a forthcoming 1.3.77 release. There are no differences between 1.3.76 and and 1.3.77 other then a correction to this problem. It only affects new installations. Once you are bitten by the bug you must generate the proper mountpoints using the commands listed above regardless of whether or not you upgrade or downgrade.

   ---

   Notes

• The AFS drive descriptions in Windows Explorer may be cryptic (for example, 'auto1'). If you are using Windows 2000 or Windows XP, you can change the name of the AFS drives using Windows Explorer the same as you would any other folder.
• Additional information may be found at Unix at Fermilab, Chapter 9: The AFS File System
• You may be able to use AFS as a means of file transfer while using your ISP from home. Start your AFS client and transfer files up to AFS at home, then when at the lab mount the volume and you are able to access file(s).

Return to top

---

last modified 10/27/2005    email helpdesk@fnal.gov