[OpenAFS] Windows client options

Jeffrey Altman jaltman@secure-endpoints.com
Sun, 19 Dec 2010 10:53:56 -0500

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 12/19/2010 10:09 AM, Jaap Winius wrote:
> Hi folks,
> So far, I've been able to get Linux clients to work perfectly with my
> MIT Kerberos V / OpenLDAP / OpenAFS servers. No need to create any loca=
> accounts: anyone with a network account can login to any workstation an=
> none of their personal files are stored locally.
> I hope I'm wrong, but the same doesn't seem to be possible with Windows=

> clients. I've been experimenting with a WinXP (SP3) Pro test machine
> running Kerberos for Windows 3.2.2 and OpenAFS for Windows 1.5.7800. It=

> seems to work fine, as I can authenticate and access all of my files on=

> the network. However, I still have to start by logging in to a local
> Windows account.
> Is it possible to configure a Windows XP client for single-sign-on, so
> that locally no pre-existing account or knowledge of any users is
> required? If so, can it also be set up so that the user's home
> directories are stored in OpenAFS?
> Thanks,
> Jaap

OpenLDAP is not a replacement for Active Directory.  You either need to
manage local Windows accounts that are mapped to Kerberos identities for
logon or you need to use Active Directory (or an Active Directory
equivalent) to manage the accounts for you.

In either case, once you have accounts defined for users those accounts
can have roaming profiles stored in AFS.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)