[OpenAFS] Windows clients: suggestions?

Sensei senseiwa@tin.it
Wed, 28 Jul 2004 16:43:27 +0200


I succeeded to manage a redundant kerberized cell, and it's pretty cool!
Thanks for all the help.

Now it comes the hard part. For linux clients, it's pretty easy, using
pam should just work fine (except the ticket-token passing which
requests some tricks, I think). And... WINDOWS! That's awful.

What I'd like? Have users log in into the windows box, which
authenticate over our mit kdcs, and mount /afs/my.cell/usr/u/user01/ as
their "Documents and Settings\user01". Moreover, I'd like NOT to create
those profiles on the local machine. Hard. I know. I found some ways of
doing it:

1. Samba
I didn't try, because I'd like your suggestions. I'd have to create a
samba ``domain'' and use it as a gateway for my realm.

2. Wake
I tried it, but I don't find anything about an integrated login. It just
can handle tickets and tokens with a drive mapping.

3. OpenAFS+Kerberos
I tried, I cannot login with the latest release, there must be a bug (it
crashes), so I stepped back to 1.3.640 (or 650 i don't remember). There
seems no way of having profiles as I would.

4. pGina
I tried once the login over a kaserver, it worked but it created local
profiles. Moreover, I need kerberos, since I don't have a kaserver but
just two kdcs.

Anyone can help me? I have many ways in front of me, but I don't know
which one should work fine for me. Moreover... it should be an easy way,
since... you know windows users...

Sensei    <mailto:senseiwa@tin.it>
Error: Keyboard not found. Press F1 to continue...