[OpenAFS] OpenAFS Login Script under Windows XP

Angelo Torres angelo@cede.psu.edu
Tue, 6 Jul 2004 12:25:46 -0400 (EDT) 

Hey everyone.

I am administering a lab of Windows XP Professional workstations. I would
like to use OpenAFS 1.3.65 to allow users to login and have a network
drive assigned to their home folder stored under AFS. The goal is to have
users authenticate through Kerberos and have access to all of their AFS
space with only one login prompt.
We have a working solution under Windows 2000 using OpenAFS 1.3.63. The
login script calls unlog, ms2mit, aklog, and finally 'net use W:
\\afs\cede.psu.edu\<directory>'. Under XP and OpenAFS 1.3.65, the 'net
use' command fails immediately with the error: "System Error 53: The
network path was not found."
The strange thing is that if you map a drive with the AFS client (Drive
Letters -> Add) then go to My Computer to see if it mapped successfully,
My Computer will stop responding for 2 to 3 minutes but then the drive
will show up! Furthermore, any subsequent 'net use' commands that map
within the \\afs\cede.psu.edu\ folder succeed.
Here is a step by step walkthrough of this scenario:
1) Cold Boot with no Drive Mappings specified in the OpenAFS client.
2) Login. No AFS drives present in My Computer and 'net use' commands to
any \\afs\cede.psu.edu path fails. (Login script fails) Keep in mind we
have all our tokens.3) Use the OpenAFS client to map a drive to
/afs/cede.psu.edu/users/k/r/krbtest. My computer locks up for about 2 to 3
minutes then the 'auto1' title shows up on the correct AFS folder. Any
subsequent 'net use' commands succeed.4) Logout then immediately Login. The login script succeeds and 'net use'
works fine.5) Use the OpenAFS client to remove the drive we mapped in Step 3.
6) Logout then immediately Login. The login script still succeeds and 'net
use' still works.7) Shutdown and Login. No drives get mapped.

Is it possible that OpenAFS 1.3.65 is doing some type of lazy evaluation
for the \\afs path that it wasn't doing in 1.3.63? Should I be providing
some option flag to the OpenAFS client so that my login script works
correctly?
If anyone has any advice or recommendations on how I can get this single
sign-on setup to work I would be very grateful.
Thanks,
Angelo Torres
Network Administrator
Center for Engineering Design and Entrepreneurship
The Pennsylvania State University