[OpenAFS] AFS mount drive order at w2k logon
Rodney M Dyer
rmdyer@uncc.edu
Wed, 10 Sep 2003 16:14:06 -0400
Mr. Walter,
At 06:09 PM 9/10/2003 +0200, you wrote:
>Hi,
>
>I am confronted to a minor problem. I am trying to store Nt profiles on an AFS
>based filesystem. It seems that the drive mounting and/or AFs authentication
>occurs *after* the client machine tries to get the profile, mapped to
>U:\some\path\NtProfile.
In order to make roaming profiles work with AFS you need to setup what is
called a "global network drive". A global network drive is a drive that is
mounted by the operating system when the machine boots and continues to
remain mounted until the machine is rebooted. The global drive is actually
mounted by user SYSTEM. The SYSTEM user is the user that system services
run as (most of the time).
There are several ways to create a global drive.
1. If if works, you can have the OpenAFS client service mount a global
drive when the service starts up. I say "if it works" because I don't
think this option is yet a part of OpenAFS. It is there in the afs_config
program, but I don't think it works. Maybe others can speak up for me. At
our site, we don't use the AFS global drive config, we use the next option.
2. If you are running a Win2k AD environment, you can setup a group policy
called "workstation startup script" that will cause a process to run when
the client reboots. We use this method at our site. This is my prefered
method because it allows the administrator complete control over how the
drive is mounted at machine startup.
See Appendic C "XP Workstation Boot Script "mosaicd.cmd" " in "The
Integration of Kerberos V5, AFS, and Windows XP using the AFSLogonShell" at
my site...
http://www.coe.uncc.edu/~rmdyer
3. You can setup a service to mount the global network drive for you. You
can use the SRVANY.EXE program from the NT/2K resource kit to do
this. Basically you would setup srvany.exe so that it fires off a script
when srvany starts up at boot. Once the script is done, you can stop the
service. It's basically a one-shot service, set to auto-start at
reboot. The script you would run would be similar to the one described in
2 above.
If you are running Windows XP SP1, you will need to make a registry change
to make roaming profiles work. Microsoft changed filesystem profile
validation. See...
"Windows XP Service Pack 1 breaks roaming profiles with AFS" in "The
Integration of Kerberos V5, AFS, and Windows XP using the AFSLogonShell" at
my site...
http://www.coe.uncc.edu/~rmdyer
Once a global drive exists, you just setup the roaming profile path to
point down the global drive to the users profile. Such as...
N: (global drive)
"n:\uncc\usr2\rmdyer\xp_profile" (user's profile path)
You also need to make sure you use AFS logon authentication so that the
user gets an AFS token at logon.
There is at least one known bug caused by using a global system drive. The
Microsoft Windows Media Player 9 will crash when directed out to a global
network drive if the user's desktop is redirected (via folder redirection)
to the user's AFS home directory. The reason for this is because the
global drive isn't mounted as the user's system, so there are some security
problems that my occur.
Another minor annoyance is that the global drive, and all other subst'ed
drives off of the global drive, appear in the explorer interface with the
following volume designator..."Disconnected Network Drive". This is not a
problem however because the drive is in fact connected, it just wasn't
connected as the user.
Also, you will find that folder syncronization no longer needs to be done
with global drives. Again, this is because the drive is not monted as the
user.
Your mileage may vary. We've used roaming profiles under AFS for the last
5 years with few problems. We now use the global drive for folder
redirection too.
Good luck,
Rodney
Rodney M. Dyer
Windows Systems Programmer
Mosaic Computing Group
William States Lee College of Engineering
University of North Carolina at Charlotte
Email: rmdyer@uncc.edu
Web: http://www.coe.uncc.edu/~rmdyer
Phone (704)687-3518
Help Desk Line (704)687-3150
FAX (704)687-2352
Office 267 Smith Building