[OpenAFS] 1.5.20,KfW 3.2, Win 2003 Server, Profile im AFS Problem

Lars Schimmer l.schimmer@cgv.tugraz.at
Thu, 14 Jun 2007 14:30:45 +0200

Hash: SHA1


Today I did some tests on some workstations.
I first deleted all old Kerberos for Windows <3.2 and the kerberos
config. I deleted all documents and settings from the windows client and
I installed OpenAFS 1.5.20.
After some reboots I installed KfW 3.2 with the leash manager.
I set in the options to disable krb4 plugin, set "obtain credentials
automatic" and added the correct realm and server in the leash manager.
I check against krb5 server from our Win 2003 AD domain.

And I did NOT activate the "obtain token while login" in OpenAFS, I
remember I should leave that action to the leash manager in which I
activated the "obtain AFS token" function.

After a reboot I tried to login with my testuser. The user has a roaming
profile in AFS space (in AD server \\AFS\cgv.tugraz.at\profiles\testuser
as path) and it should use that (it was used often before).
But while trying to login, windows tells me, access denied to the afs
path (??). So Win create the temp profile on HD and I see the leash
manager which I opened and see "obtain credential while logigng in" NOT
activated. What??. And so it didn=B4t get a token.

On another machine I left the testuser profile (which is a roaming
profile, but Windows XP copies it on disk and does not delete it) on
client PC and while logging in as testuser, Win tells me "no roaming
profile found" and loads it from HD. After logging in I got a
ticket/token and can access AFS.

I assume it to be the normal way (no KFW loaded/started while obtaining
Is this the official way it should be?

But after I activated the "obtain token with login" in AFS I could login
as testuser on both clients and obtained my profile from the AD server.

So I still need this option to use roaming profile on AFS space.

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org