[OpenAFS] Custom MSI Question
Mon, 01 Feb 2010 11:11:47 -0600
Hugh Caldwell wrote:
> I've been tasked with creating a custom msi for our organization and
> have a question that I'm hoping the list can help me with.
> Basically I need to disable integrated authentication. I've discovered
> that setting the
> disables the integrated authentication but a log on window still
> appears when the users log on to the workstation. Toggling "Obtain AFS
> tokens when logging into Windows" in the afs_config app stops this
> behavior. Could someone tell me what settings are being adjusted by
> the check box in the afs_config app?
> If that isn't clear this is the behavior that I'm seeing.
> Create and install an msi with the Logon Option set to 0.
> Logon to windows and the afs logon window pops up.
> Go into afs_config and enable the "Optain AFS tokens" checkbox.
> Log off and back on and get an authentication error.
> Go into afs_config and disable the "Optain AFS tokens" checkbox
> Log off and back on and no window pops up. This is the behavior that I
> would like to have when my msi is first installed.
We make similar changes to our AFS installation at install time (along
with setting the cell name, enabling dynroot, etc.).
I suggest you load a copy of Orca--available from Microsoft, I
believe--and generate a transform for the AFS MSI package to change the
LogonOptions registry key and any other registry settings you care to
make. If you want to make a transformed MSI, use msitran.exe to do that
(also available from Microsoft). Otherwise you can apply the transform
at install time using msiexec:
msiexec /i openafs-en_US-1-5-6900.msi /qn /log
when you do the initial AFS installation.
If you have any other site configuration parameters to make, you may
want to add those to the transform you generate.
John Perkins | University of Wisconsin-Madison
Researcher | Department of Computer Science
firstname.lastname@example.org | 1210 W. Dayton St.
608-262-0438/608-262-6626 FAX | Madison, WI 53706-1685