[OpenAFS] Windows client options

Jaap Winius jwinius@umrk.nl
Sun, 19 Dec 2010 17:58:29 +0100

Quoting Jeffrey Altman <jaltman@secure-endpoints.com>:

> OpenLDAP is not a replacement for Active Directory.  You either need to
> manage local Windows accounts that are mapped to Kerberos identities for
> logon or you need to use Active Directory (or an Active Directory
> equivalent) to manage the accounts for you.
> In either case, once you have accounts defined for users those accounts
> can have roaming profiles stored in AFS.

Quoting Lars Schimmer <l.schimmer@cgv.tugraz.at>:

> Sure it is. Just enter the path to the profile like
> \\AFS\cgv.tugraz.at\home\user\winprofile
> and enable "pbtain tokens at login" for the workstation.
> Be sure for AD server can access the path to the user profile (l ACL
> should be enough). ...

Okay, it sounds like Active Directory would be the best solution.  
However, seeing as this is strictly an Open-Source project (apart from  
those few Windows clients running a couple of proprietary apps), I  
would not be able to use any Windows servers for that. I guess it  
would have to be Samba. Still doable?

Quoting Lars Schimmer <l.schimmer@cgv.tugraz.at>:

> This will set the profile path to a AFS path and all data will be read
> and saved into AFS space for the user.
> But it does not work like linux homes.
> 1. A local profile will be written to disk every time a user log in
> 2. the profile will be copied from server to client on login
> 3. while logged in, files will be written to local disc
> 4. on logout, files will be synced from local disc into AFS space

That sounds good enough for me. Just as long as new user accounts  
don't have to be created on every new Windows workstation, and that I  
don't have to start installing Windows server machines.