Fermilab Computing Division
Search

Network Identity Manager (NetIDMgr) FAQ

How do I access a webpage without NetIDmgr?
Please access the video to demonstrate the usefullness of NetIDmgr and certificates.
How do I add a NetIDmgr identity?
Please access the video to demonstrate the addition of a NetIDmgr identity.
Is there a list to which I can send questions about NetIDMgr?

Address questions to netid-users@fnal.gov.

Can I install NeIdMgr manually?

Installation files are located at \\pseekits\DesktopTools\NetIDMgr\Current. Install kfw first, then the kcaplugin.

NOTE: You will need to download the installation files locally. Then install from there.

You must be authenticated to the Fermilab domain and a member of the local Administrator group to complete the manual install.

If you are using AFS then you MUST install AFS first, then kfw and kcaplugin last.
When I log on, I receive this pop-up for credentials, what do I do?

Pop-up asking for credentials because your identities are not set to default correctly in NetIdMgr

If you receive a popup asking for new credentials, you may have user@FNAL.GOV is set as the Default. This configuration is incorrect. The correct configuration is user@FERMI.WIN.FNAL.GOV to be set as default identity.

Click the NetIdMgr icon in the system tray to open the main interface. Right click user@FERMI.WIN.FNAL.GOV and click Set as default from the popup menu.

Setting user@fermi.win.fnal.gov as the default

You'll need to ensure that you have the proper krb5.ini file (location c:\windows). Compare your krb5.ini with the file located here. If your file is not the same then rename your existing file to old, then download the updated one in your c:\windows directory.
I had a pop saying that my username@FERMI.WIN.FNAL.GOV has expired and I need to renew it. Is this a security problem?

Because your credentials had expired, you were not renewing them but getting new ones hence the need to re-enter your password. Your password is not being transferred across the network in the clear anymore than it would when you type it into the Windows login box.

If I don't use applications requiring my credentials, does NetIdMgr require that I resupply my credentials every 10 hours?

NetIdMgr will automatically renew your credentials until they expire (seven days after initially getting them. After seven days, NetIdMgr will prompt you to resupply your credentials to obtain new credentials.

Why do I get prompted to authenticate every time I mount a Windows share?

You may be logging in locally rather than to the domain when you log into Windows. When you log on locally, the domain knows nothing about you because you have not submitted any domain credentials.

If you have been manually entering your username/password in the NetIDMgr to obtain tickets and KCA certificates, the system will attempt to user your local NTLM credentials for all CIFS activity. Since this is not a domain NTLM credential, you will be prompted to authenticate to the domain each time.

If you log into the domain instead of locally, NetIDMgr will be able to provide you the Single Sign-On environment.

Can I test if NetIdMgr has properly configured my browser to use my KCA certificates?

NOTE: If you are using Mozilla-based products (including Mozilla, Firefox, Thunderbird and others), you will need to manually setup the Mozilla application to use your Windows My Certificates store.

Test your browser by using the Fermilab's browser KCA certificate test page. You can also test which certificate your browser sends by default.

Why do I see two certificates in Internet Explorer?

Internet Explorer shows your credentials for both username@FERMI.WIN.FNAL.GOV and username@FNAL.GOV. We are currently working on making it easier for you to differentiate them.

AFS and NetIdMgr

Which version of AFS works with NetIdMgr?

AFS v. 1.5.1900 or 1.5.2100.
NetIdMgr does not work with older versions which may be installed at Fermilab.

Why can't I use my AFS token for FERMI.WIN.FNAL.GOV?

AFS servers must be upgraded to work with NetIdMgr. This was scheduled for sometime summer 2007.

Why did I lose my AFS-based drive mappings?

You need to map your network drives from Windows. You will need to uncheck your drive letter from within the AFS interface, then remap your AFS-based drives in Windows Explorer.

Why can't I obtain AFS tokens?

At the present time, you may obtain your AFS tokens through FNAL. If you are having problems getting AFS tokens, then you may be trying to obtain them through FERMI.WIN.FNAL.GOV.

You need to remove the option from your FERMI.WIN.FNAL.GOV identity to ensure that your tokens are being obtained through FNAL.GOV.

Access identities through the NetIDMgr interface by using the Options -> Identities pulldown.

Access the username@FERMI.WIN.FNAL.GOV Identity and chose the AFS tab. As seen in the illustration below, Obtain AFS credentials is checked.

You will need to highlight the Cell - fnal.gov and select Delete. You will be deleting this identity.

After the identity is deleted, then uncheck Obtain AFS credentials, then click Apply, OK

You can then go back to your main NetIDMgr interface and verify that your AFS credentials are being obtained through FNAL.

If you are still not able to obtain AFS credentials, then right click on your user@FNAL.GOV identity and choose Obtain new credentials. You will be prompted for your kerberos password. You will then see your AFS credentials appear.
How do I renew my AFS tokens using NetIdMgr?

Click the NetMgrId icon in the system tray to bring up the NetIdMgr main interface.

Select the identity that you want to renew from the list.

Click the Credential menu, click Renew, then click Renew username@...

NetIdMgr interface showing renewing credentials

The credentials for the selected identity will be renewed.

How do I change my passwords

Click the NetMgrId Credential Menu item to access Change Password.

Select the password that you want to change from the dropdown list.

Enter your Current Password and New Password as requested.

You'll receive notification that your password has been changed

Written from Windows XP Professional. Information compiled and maintained by CSI Group.
Last modified on 2007 May 24.
Address comments about this page to netid-users@fnal.gov.