[OpenAFS] drive mappings with the windows xp client

Evan Knop jrh-afs@lore.dartmouth.edu
Thu, 07 Oct 2004 14:11:54 -0400 

Jeffrey Altman wrote:
> Then the problem is not in AFS but something in the Windows 
> configuration for your end user.
> 
> FYI: The Global Drive Mapping feature is going to be removed
> from OpenAFS at some point in the near future.  See ticket
> 15160 in the OpenAFS RT for a detailed explanation.  Basically
> Microsoft changed the internal workings of SMB drive mappings
> such that drive letters mapped by the LOCAL_SYSTEM account on
> XP and Terminal Server are dangerous.
> 
> The purpose of having Global Drive maps was so that profiles
> could be loaded out of AFS since AFS did not support UNC paths.
> Now that UNC paths are supported the need for Global Drives no
> longer exists and they should not be used.

I have two usage scenarios here which may be accounted for; my programming 
heritage is mostly Linux, but I've been pressed into work on the Windows 
client, as I'm the only one currently at Thayer with knowledge of both 
subject realms.

1)  I have been using this mechanism to access AFS files for use by 
"Scheduled tasks" as part of our account synchronization process.  It's 
nasty and ugly, and I'd love to replace parts of it, but it's also better 
than nothing, and I don't have a lot of time to work on any of it.  Will 
the UNC paths work when there are no users logged in, assuming that the 
path to the volume is readable by the machine (using IP-based ACLs)?


2)  We have several computer labs using the latest OpenAFS client.  After 
the change in 1.3.65-66 (or thereabouts), we have started using the "Global 
Drive" mapping to allow all our users (students, which change every 10 
weeks in some cases) to have a consistent drive mapping.  Is there a new 
recommended way of having this set up?  If so, what is it?  I'm new enough 
to managing Windows that I have no idea how this stuff works, and our 
Windows guys refuse to touch AFS, so I'm not quite sure where to go.


I'm sure some of this stuff is really basic and I'm just missing it, but 
I'd love to hear how other people are handling this.