[OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 17 Sep 2010 08:49:31 -0400 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig417B1E7037598191386D4393
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/15/2010 10:45 AM, Claudio Prono wrote:
> Hello all,
>=20
> I am testing a solution like: OpenAFS with kerberos, Windows XP with
> Integrated logon and roaming profile.
>=20
> OpenAFS works, Kerberos works, integrated logon works... The profile on=

> AFS not.
>=20
> I have manually copied the profile in a directory on AFS like
> "msprofile", edited the windows registry at key:
>=20
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList and changed the key ProfileImagePath to
> \\afs\mediaservice-test.pri\users\claudio\msprofile
>=20
> Deleted the local profile, rebooted the machine, logged in as claudio..=
=2E
> and...a new local profile was created!!! If i check the registry key, i=
t
> is changed again to the default (something like %SystemDrive%\Documents=

> and Settings\claudio.TESTAFS)...
>=20
> What i am doing wrong? What is the best solution?
>=20
> Cordially,
>=20
> Claudio Prono.

Claudio:

I cannot tell you what you are doing wrong because I do not know what is
failing yet.   The logon process is extremely complicated and without
identifying which of the many Windows operations is failing, it is
impossible to provide advice as to what should be altered.

You are not using Active Directory to provide the profile location
information which is going to complicate manners.  The first thing you
need to identify is what paths are actually being accessed and which are
failing.  You can do this using the SysInternals Process Monitor tool.
Configure it to log all file system activity starting from boot to a
file.  Be sure to give it a disk with lots of open space.

You can obtain the tool from
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

After you have a failed logon attempt, you can search the log data for
the path that you believe it should be attempting to access.  You can
also search for the new profile path that is created and work backwards
through the log seeking AFS file path operations that fail.  Note that
all FASTIO operations will fail and that is normal.

Jeffrey Altman



--------------enig417B1E7037598191386D4393
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJMk2PeAAoJENxm1CNJffh403EH/jMRwYuIgxD+06D6GfL0bVMe
5a/4QKIiZIlusomJzue+ZNj6EKCEWZoHoDYrtfYoGiMG74M9MAOVoEO4xe+EoaI/
0sL3FA/croVbcOFyLU/fYmXPGxRKr4+C+tnAHkYFW5zJhA9JTZjShoYPilzwnLWw
QW9OvXLJyEN7jaHdH+qucNRzJOWRc6r3VvIgY5EQqxaBc7cKmuGLTNEWh0XsTk9Q
XOE8NIp9v5dn7AhzbJuya6ziUlNKbzsvXTCGJoGCT21Mol4ijfey3y+0uY6u482T
BXy5SalDqVjhto5UW8thpXie+IEc1EXcWBzPztcX7ervleKS1dIguuFLAvYMoaM=
=txwx
-----END PGP SIGNATURE-----

--------------enig417B1E7037598191386D4393--