[OpenAFS] Windows client options

Jeffrey Altman jaltman@secure-endpoints.com
Sun, 19 Dec 2010 10:53:56 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7BF8C73356E6B86EBBB68E5F
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 12/19/2010 10:09 AM, Jaap Winius wrote:
> Hi folks,
>=20
> So far, I've been able to get Linux clients to work perfectly with my
> MIT Kerberos V / OpenLDAP / OpenAFS servers. No need to create any loca=
l
> accounts: anyone with a network account can login to any workstation an=
d
> none of their personal files are stored locally.
>=20
> I hope I'm wrong, but the same doesn't seem to be possible with Windows=

> clients. I've been experimenting with a WinXP (SP3) Pro test machine
> running Kerberos for Windows 3.2.2 and OpenAFS for Windows 1.5.7800. It=

> seems to work fine, as I can authenticate and access all of my files on=

> the network. However, I still have to start by logging in to a local
> Windows account.
>=20
> Is it possible to configure a Windows XP client for single-sign-on, so
> that locally no pre-existing account or knowledge of any users is
> required? If so, can it also be set up so that the user's home
> directories are stored in OpenAFS?
>=20
> Thanks,
>=20
> Jaap

OpenLDAP is not a replacement for Active Directory.  You either need to
manage local Windows accounts that are mapped to Kerberos identities for
logon or you need to use Active Directory (or an Active Directory
equivalent) to manage the accounts for you.

In either case, once you have accounts defined for users those accounts
can have roaming profiles stored in AFS.

Jeffrey Altman


--------------enig7BF8C73356E6B86EBBB68E5F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJNDiqVAAoJENxm1CNJffh4R0gH/2IT9mQveaDaVZd462tmsiL7
g/5E6LfR5nY9izHvhV3TG/HnH2Khwik7+PgleJ6NdJ6W8KcnEn6pVDfdZqAfMfgI
Ut5rOsnitS3cpF10RPEK3lcj3QS46JpLhabW6/abQhSKYmn3WI3dkwAv5Iz5PdXU
WNVjCld6xIrDurZHkXlCLhcd7oWHe7bbJJfHfQgqbmOvcpICv70rN4I+96gwmar7
sdRxw/rQJDbkoz79no6lSyNXBZ8wIESJwzhvxHR/cuRnVoUTvc0+vgJkZztLW/zy
eem1218eKSq59WS57eoU0Fi9hOSk3nuahKWgB3wvDvXyLi4nRkRlBDYxHoAhTlw=
=OUSw
-----END PGP SIGNATURE-----

--------------enig7BF8C73356E6B86EBBB68E5F--