[OpenAFS] Windows client options

Lars Schimmer l.schimmer@cgv.tugraz.at
Sun, 19 Dec 2010 16:55:46 +0100

On 19.12.2010 16:09, Jaap Winius wrote:
> Hi folks,
> So far, I've been able to get Linux clients to work perfectly with my
> MIT Kerberos V / OpenLDAP / OpenAFS servers. No need to create any loca=
> accounts: anyone with a network account can login to any workstation an=
> none of their personal files are stored locally.
> I hope I'm wrong, but the same doesn't seem to be possible with Windows
> clients. I've been experimenting with a WinXP (SP3) Pro test machine
> running Kerberos for Windows 3.2.2 and OpenAFS for Windows 1.5.7800. It
> seems to work fine, as I can authenticate and access all of my files on
> the network. However, I still have to start by logging in to a local
> Windows account.
> Is it possible to configure a Windows XP client for single-sign-on, so
> that locally no pre-existing account or knowledge of any users is
> required? If so, can it also be set up so that the user's home
> directories are stored in OpenAFS?

Sure it is. Just enter the path to the profile like
and enable "pbtain tokens at login" for the workstation.
Be sure for AD server can access the path to the user profile (l ACL
should be enough).

This will set the profile path to a AFS path and all data will be read
and saved into AFS space for the user.
But it does not work like linux homes.
1. A local profile will be written to disk every time a user log in
2. the profile will be copied from server to client on login
3. while logged in, files will be written to local disc
4. on logout, files will be synced from local disc into AFS space

>From our point of view it works better with windows 7 than with windows
XP, but it depends on lots of facts.
It is wise to limit the size of the profile via AD.

> Thanks,
> Jaap

Lars Schimmer
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723