[OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....
Jeffrey Altman
jaltman@secure-endpoints.com
Fri, 17 Sep 2010 12:21:36 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE978D2A1D2D2C7F76D6FE9E9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 9/17/2010 11:06 AM, Claudio Prono wrote:
>=20
>>> Now, the question is: how i can make Windows first write the updated
>>> profile, then drop tickets?
>>>
>>> The ACL system:anyuser all for the profile folder is not a good solut=
ion...
>>>
>>> Any hint?
>>> =20
>>
>> The afslogon.dll has special code in it that has to detect that the
>> profile is redirected into AFS. This is based on the assumption that=
a
>> domain is in use. The additional case for a non-domain profile in AF=
S
>> would have to be added.
>>
>> Jeffrey Altman
>>
>> =20
> Just an idea... why don't put an option inside the AFS control panel to=
> override the domain detection ? Not all the users using a roaming
> profile use a Domain.... Something like "roaming profile active" in the=
> AFS control panel....
>=20
> Anyway, now how i can override that detection of the afslogon.dll ? Any=
> trick to cheat the afslogon.dll auto detection?
>=20
> Cordially,
>=20
> Claudio Prono.
Claudio:
It would be more work to implement a cheat than to do the correct thing
for your configuration. Someone can write a patch for afslogon and
submit it to gerrit.openafs.org.
What needs to be implemented is the Local Profile in AFS case both for
NPLogonNotify() and AFS_Logoff_Event(). If the profile is not remote,
then a search for a profile in AFS should not be queried via AD (LDAP)
but instead through the GetUserProfileDirectory() API.
If you read the OpenAFS for Windows Release Notes, you can use the
LogoffPreserveTokens registry value to force the AFS tokens to be held
after logoff. However, doing so retains the tokens until they expire.
Jeffrey Altman
--------------enigE978D2A1D2D2C7F76D6FE9E9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJMk5WSAAoJENxm1CNJffh4k18H/iPkyCza0w+vIGlm9RopEXzU
FmTV89GMTkL1OUN2vEUoBe8mkU6rmZ6ym6xx3ewQp753ayxwtPE5Zlc1EnX7OV/W
qAHqX9lrA962cmm0WAEn6Lt4zw/beUV4sq3P+vuZTAgjzFuM2j99WjX8MLukd0U6
PzidYBJgb/jGbpT2Co+CY57CHd3cp5z7c4UnE4E8emXCM79w6lFKCyOBKaVArOP4
oK3MaJW7zsW+yjrkPWFI4zt7+hJC6FnF4lrazU5+pblc/jA3LJISYDb8Xk1L1bI+
nwqq/Hwo71h8fnM5/oLcn9IuO6rRqCe2FVdNrDalpruUuN8BGd9erGoJbbfLAnQ=
=oWrO
-----END PGP SIGNATURE-----
--------------enigE978D2A1D2D2C7F76D6FE9E9--