[OpenAFS] OpenAFS 1.7.8 Windows 7 User Profiles
Sat, 07 Apr 2012 08:12:40 +0200
Thanks for your answer. Problem solved ("don't check security settings
for profile" was the missing part).
>> If I manually copy (as testuser) the Default User.v2 profile to
>> \\afs\cellname\user\home\path\.Wprofile\Roaming.V2 it gets ignored with
>> the same error message in the eventlog.
>> Please advise how to debug this.
> Could the user after logon access the profile path in OpenAFS?
> Could the AD Server (samba 4) access that path without having tokens?
Yes but not needed
> Is the roaming profile in windows clients "new" or "old"?
> (e.g. remove the roaming profile from within system settings - profile tab)
> Is the Samba 4 really production ready as a AD server for windows 7?
Really good question, all the tests show that yes it is (ironically it
is less than W2Kx (for now) for linux clients (have to manually add
The biggest missing part being replication of sysvol share between DCs
(FRS (2000 and 2003) or/and DFSR (2008 2008R2))
> Sorry to be less helpful, but the first three problems were our biggest
> problem with that issue.
> For us: win 2008r2 AD & krb5 server with all users, win 7 64 clients,
> users roaming profiles in OpenAFS.
> Win XP profiles in \\AFS\.cgv.tugraz.at\home\username\winprofile\
> Win 7 Profiles in \\AFS\.cgv.tugraz.at\home\username\winprofile.V2\
> Both are volumes with seperate Quota, same ACLs.
> Those path are set in AD as windows profile path.
> Our AD server has IP ACL rl for the whole path and write ACL for the
> winprofile(.V2) folders.
Why is that needed?
In my tests (after first successful attempt) profile loading/saving
works well without the AD server having any special right to the profile
path (it is testuser rlidwka, and nothing else)
> Clients do have obtain tokens on login enables and that does work quite
> For Win XP we needed to disable security checking for the profiles, IMHO
> we disabled this on the AD for Windows 7.
> Lars Schimmer