[OpenAFS] Integrated Windows/AFS Login only for certain Group s

Knape, Dean Dean.M.Knape@NJIT.EDU
Thu, 8 Nov 2001 08:40:36 -0500


In the "Login" section of the "Additional Advanced Properties" section of
the "AFS Client Configuration" in the control panel, you can select to fail
logins silently.  That should do it for you.


-----Original Message-----
From: Paul T Hirose [mailto:pthirose@supreme.engr.ucdavis.edu]
Sent: Wednesday, November 07, 2001 7:46 PM
To: openafs-info@openafs.org
Subject: [OpenAFS] Integrated Windows/AFS Login only for certain Groups

Is there a way to have the "Obtain AFS Tokens When Logging in to Windows"
checkbox option *not* be for everyone who logs in to a Windows computer, but
rather be only for users in (or not in) a specific group?

Using either OpenAFS, or Transarc's AFS Client on Windows 2000 Pro w/SP2,
managed by a W2K Server using Active Directory.  We have a batch of users
some who exist in an AFS Cell and some who do not.  For those that do,
we've made sure their Windows username/password is the same as their
AFS username/password.

Right now, we have that "Obtain AFS Token when logging in to Windows"
checkbox checked, and it works great for our folks who do exist in AFS.
They can happily read/write to AFS space, as well as normal Windows
filespace.  For those who don't existin AFS space, they get an error msg
and then continue on.  We've currently told them to simply ignore that msg

Ideally, we'd like to have the auto-obtain AFS Token feature only come in
to play for the first group of people.  Alternatively, if the error
can be made removed and just quietly fail, that would also satisfy our
second group of folks.  Or, is there any way to obtain an AFS via some
login-script - which would probly require that script to have access to
the plaintext username/password that was entered during the login dialog?


Paul Hirose          : pthirose@ucdavis.edu : Sysadm Motto: rm -fr /my/life
1039 Academic Surge  : Programmer/Analyst   : Backup Motto  : rm -fr /
One Shields Avenue   : Fax   (530) 752-4465 :-------------------------------
Davis, CA 95616-8770 : Voice (530) 752-7181 : rec.pets.cat.anecdotes \(^_^)/
OpenAFS-info mailing list