[OpenAFS] Custom MSI Question

John Perkins john@cs.wisc.edu
Mon, 01 Feb 2010 11:11:47 -0600 

Hugh Caldwell wrote:
>
> Hello,
>
> I've been tasked with creating a custom msi for our organization and 
> have a question that I'm hoping the list can help me with.
>
> Basically I need to disable integrated authentication. I've discovered 
> that setting the 
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\LogonOptions=dword:00000000 
>
> disables the integrated authentication but a log on window still 
> appears when the users log on to the workstation. Toggling "Obtain AFS 
> tokens when logging into Windows" in the afs_config app stops this 
> behavior. Could someone tell me what settings are being adjusted by 
> the check box in the afs_config app?
>
> If that isn't clear this is the behavior that I'm seeing.
>
> Create and install an msi with the Logon Option set to 0.
> Logon to windows and the afs logon window pops up.
> Go into afs_config and enable the "Optain AFS tokens" checkbox.
> Log off and back on and get an authentication error.
> Go into afs_config and disable the "Optain AFS tokens" checkbox
> Log off and back on and no window pops up. This is the behavior that I 
> would like to have when my msi is first installed.
We make similar changes to our AFS installation at install time (along 
with setting the cell name, enabling dynroot, etc.).

I suggest you load a copy of Orca--available from Microsoft, I 
believe--and generate a transform for the AFS MSI package to change the 
LogonOptions registry key and any other registry settings you care to 
make.  If you want to make a transformed MSI, use msitran.exe to do that 
(also available from Microsoft).  Otherwise you can apply the transform 
at install time using msiexec:
    msiexec /i openafs-en_US-1-5-6900.msi /qn /log 
C:\temp\afs_install-1_5_6900.log TRANSFORMS=transform.mst
when you do the initial AFS installation.

If you have any other site configuration parameters to make, you may 
want to add those to the transform you generate.

--
=========================================================================
   John Perkins                   |   University of Wisconsin-Madison
   Researcher                     |   Department of Computer Science
   john@cs.wisc.edu               |   1210 W. Dayton St.
   608-262-0438/608-262-6626 FAX  |   Madison, WI  53706-1685
=========================================================================