Search this Site

Need Help?

Ask now! Live chat

Find someone in Computing

Request Help Now

Helpline: 646-2999

DartPulse Alerts

Overall System Status:

Upcoming Scheduled Outages

Quick Links

About Computing

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

Software & Computers

HomeSoftware & Computers > Data Storage >  AFS >

Installing OpenAFS Client on Windows

The Windows client from OpenAFS.org supports Windows XP/Vista/7 with the current release (as of Mar 2012). Older versions are still available, with reduced functionality. The features (1.7.x) release is recommended for Windows.

A complete installation of OpenAFS 1.5.x on 32-bit Windows  XP, with screen shots, is illustrated at poosticks.dartmouth.edu/rc/content/how-do-i-install-afs-32-bit-windows (Dartmouth users only). Concise instructions for experienced users are below.

How to Install OpenAFS on Windows

  1. Download OpenAFS for Windows and save to disk.  Local copies of the most recent versions which have been tested by Computing Services are maintained at the above link. OpenAFS.org may have newer versions, and has the release notes and other documentation. All older versions are also archived there, if needed.
  2. Follow the instructions for your version of windows. You must be logged in as an administrator.
    1. Double click the .msi file to start the installer.  You may need to right-click on the  file and 'Run as Administrator' on some systems, then proceed as below.
    2. Alternatively, use the Add/Remove Software control panel.
    3. Select Custom installation, and proceed as below.
  3. 1.7.x versions:
    1. Add the Authentication for AFS optional component.  This is essential at Dartmouth.
    2. Add the Client configuration tool component (optional)
    3. The Microsoft Loopback Adaptor is NOT required for 1.7 versions
  4. 1.6.x versions:
    1. Ensure the Microsoft Loopback Adaptor is included in the selection.  It will be grayed-out if already installed on the system
  5. For the Cell name, enter northstar.dartmouth.edu.
  6. Check Lookup Cells in DNS and Freelance mode. Do not check Integrated login.
  7. Check AFS crypt security; it encrypts all the file transfer traffic on the network. The authentication traffic is always encrypted. Crypt mode may have a performance impact.
  8. Leave all other settings at their default values, and let the installation proceed.
  9. Reboot to start the AFS client service.  
  10. The AFS credentials tool (icon is a padlock) will normally be placed on the toolbar, or can be found in Start: Programs: OpenAFS: Client: Authentication. Enter your AFS username and password at the prompts. A shortcut for this may appear directly in the Start menu.
  11. You may use UNC paths e.g. \\afs\northstar.dartmouth.edu\users\m\myname to directly access files in AFS, create shortcuts, or map network drives.  Here \m repressents the first letter of your AFS username
  12. If you wish to create mapped network drives,
    1. Windows XP/Vista:  use My Computer:Tools:Map Network Drive...  Enter the UNC path to a location in AFS - usually your home directory or a data volume, and an unused drive letter. This will create a per-user drive mapping, only in effect when you are logged in. For example: F: -> \\afs\northstar.dartmouth.edu\users\m\myname.  Not all software recognizes UNC paths. Often, another drive letter is assigned to the top level of AFS (\\afs\) to allow using other parts of our cell or foreign cells.
    2. Windows 7: use Start:Computer:Map Network Drive, and proceed as above.
  13. To change your AFS password, select Start: Run: and enter kpasswd AFSusername. You will be prompted for your current password, then the new one.
  14. Advanced client configuration can be made using the AFS Client Configuration tool found in the Control Panels, (if it was installed).

Top of page

Performance Tuning

The AFS client service must be started as administrator; subsequently, non-administrator accounts can use it, but cannot modify some settings. Advanced configuration parameters such as cache size and chunk size can only be modified by administrators. On a system used with a wired network connection, performance can usually be enhanced by increasing the chunk size value to 2048 or 4096 kB.  Most systems will benefit from increasing the cache size value from the default (approx. 98000) to somewhere between 200000 and 1000000.  The cache size is in kB, and is used to locally cache files stored in AFS. 32-bit Windows can not use a cache larger than 1200000 (1.2GB).  Consult Research Computing before changing the other parameters.

The CellServDB file must be present, but can be empty, as long as the Enable DNS option is selected. Using an empty CellServDB avoids all problems with it becoming out of date, and is adequate if only access to the local cell is needed.  [Temporary bug: v1.5.66 does NOT work with an empty CellServDB file]

Various OpenAFS command line utilities, as found on UNIX and Mac OS X, are included with the client and the location is automatically added to %PATH. Running a command window will give access to these utilities (kpasswd, fs, vos etc.).

To do a clean uninstall of AFS on Windows, use the uninstall program left in C:\Program Files\OpenAFS\  (logged in as administrator).

Top of page

Firewall Settings and Software Incompatibilities

The OpenAFS installer makes the necessary configuration rules for Windows Firewall, whether or not it is currently in use.  If a 3rd party firewall is in use, it must allow all traffic to and from the loopback adapter (which appears as a network interface called AFS) and should allow inbound UDP on port 7001.  All other network connections are client-initiated and usually allowed by default.

Important: Symantec EndPoint Protection (SEP Firewall).  Older versions can interact badly with OpenAFS. Symantec v11.0.4 and OpenAFS versions before 1.5.68 could in some circumstances corrupt your files. The Antivirus component of SEP does not seem to cause any problems. The current (2010/04 and later) versions of SEP and OpenAFS do not have problems.   If SEP Firewall is used, leave the "Browse files and printers on the network" setting ON (the default value) in the Network Threat Protection settings.  If that is disabled, SEP erroneously blocks AFS authentication traffic as well as the network browsing tools.

Windows 7 users need to install v1.7 or later, to avoid problems which may prevent OpenAFS client from functioning if the system has changed IP address for any reason (sleep/hibernate and change location, switch from wired to wireless, or run VPN). 

Top of page

2011/03/18 RB

Last Updated: 11/9/12