[OpenAFS] Windows Logon Scripts
Mike Bydalek
mbydalek@contentconnections.com
Tue, 06 Dec 2005 12:52:33 -0700
Christopher D. Clausen wrote:
> Mike Bydalek wrote:
>> One of the caveats to using the Kerberos logins is that you need a
>> local account, which contains a local profile.
>
> Uhh, you do NOT need local accounts. You can use an Active Directory
> Domain and correctly set a domain trust to the MIT Realm. Such a
> trust exists between UIUC.EDU (MIT) -> AD.UIUC.EDU (MS AD) ->
> ACM.UIUC.EDU (MIT). These AD accounts also have the user accounts
> setup to have @UIUC.EDU principals for each account in order for the
> trust to work. I didn't set that part up, so I'm not sure how to do
> it, but it is possible.
>
> Perhaps I am not understanding your setup though. To you WANT to use
> local accounts? Do you have Active Directory setup already?
No, I don't *want* to use local accounts at all, but I don't want to use
AD either as I do *not* want a Windows Domain.
I guess the best thing to do would be to use Samba to manage all of the
Windows machines as this will give me everything I need (esp. with
security).
Thanks for all the suggestions.
-Mike