[OpenAFS] AFS tokens when logging in on Windows clients

John Perkins john@cs.wisc.edu
Wed, 15 Feb 2012 16:18:09 -0600

We've found our Windows 7 systems are reliable about obtaining kerberos 
tickets when users login at our site (all user accounts are 
authenticated against an MIT kerberos KDC during login).

Obtaining AFS tokens at the same time is not as reliable.  Going into 
Network Identity Manager and renewing credentials typically will obtain 
tokens.  Running aklog will obtain tokens.  90-95% of the time tokens 
are obtained.  This is with 
set to "0".

I'm experimenting with setting the LogonOptions setting to "1" to see if 
that clears up this issue.  If having LogonOptions set to "1" is still 
necessary to reliably get AFS tokens generated at login time, I'm 
surprised we saw it work so often in the past with this registry key set 
to "0".

Any other suggestions to ensure users receive AFS tokens at login time?