[OpenAFS] Roaming Windows Profiles

Rodney M Dyer rmdyer@uncc.edu
Wed, 05 Feb 2003 16:41:47 -0500 

James,

Sure, we've been doing roaming profiles since the first Transarc AFS client 
was introduced on NT 4.0.  Over the summer of '02 we migrated to Windows XP 
and are still doing roaming profiles and folder redirection without 
problem.  We also knitted together Kerberos 5 and AFS for single-sign-on 
with few problems, ah hem...so far.  Btw, we are pure Windows 2x/XP 
architecture environment.  (Get rid of Win9x versions, not worth the 
trouble to keep.)

A windows profile is just a single directory store of information.  You can 
pretty safely store the profile in the user's UNIX home directory.  We just 
called ours "xp_profile".  When you logon, Windows sucks the profile 
directory and everything in it to the local machine.  When you logout, 
everything that changed is sync'ed back to AFS space.

When our XP clients boot, they link a global network drive "N:" to the top 
of our AFS filespace.  That drive is available to all users when they logon 
to the box.  We setup an active directory domain and supplied it with 
account names of our UNIX users.  In each user's account on the active 
directory we set the profile path to point down the global drive link to 
the user's home directory profile.  When the user's logon to the XP 
clients, the AFS client authenticates them to the AFS file space, this 
allows the XP box to grab the profile and pull it local.  (i'm actually 
fibb'ing a bit here, we do it a little differently now that we are Kerb 5.)

I'm going to be putting together a fully documented solution document for 
our AFS/Kerberos 5 environment if I ever get the time.  It has really 
worked out well.

Let me know if you need anything specific and I may be able to help you.

Rodney

Rodney M. Dyer
x86 Systems Programmer
College of Engineering Computing Services
University of North Carolina at Charlotte
Email rmdyer@uncc.edu
Phone (704)687-3518
Help Desk Line (704)687-3150
FAX (704)687-2352
Office  267 Smith Building

At 11:44 AM 2/5/2003 -0800, you wrote:
>I had looked into doing roaming Windows profiles and ran out of steam after
>my initial analysis.
>Basically it came down to the following technical problems:
>1. Where can you safely store the profile
>2. What makes up a profile for XP,W2k, NT, 98
>3. Properly configuring Windows to pick up the profile
>4. Fetching the profile during GINA when the user space has not started and
>therefore the SMB protocol can't determine who the user is for
>authenication.
>
>If you have any wisedom on any of these issues it would be greatly
>appreciated.
>
>James
>"Integrity is the Base of Excellence"
>
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info