Mike Bydalek wrote:
One of the caveats to using the Kerberos logins is that you need a
local account, which contains a local profile.
Uhh, you do NOT need local accounts. You can use an Active Directory
Domain and correctly set a domain trust to the MIT Realm. Such a trust
exists between UIUC.EDU (MIT) -> AD.UIUC.EDU (MS AD) -> ACM.UIUC.EDU
(MIT). These AD accounts also have the user accounts setup to have
@UIUC.EDU principals for each account in order for the trust to work. I
didn't set that part up, so I'm not sure how to do it, but it is
possible.
Perhaps I am not understanding your setup though. To you WANT to use
local accounts? Do you have Active Directory setup already?
All I want to do is just have one additional drive map to
/afs/.../home/%USERNAME% when a user logs in, and redirect the desktop
and "My Documents" (Start with the basics).
I use group policy (setup through AD) to perform "folder redirection"
(Policy -> User configuration -> Folder Redirection) to
\\AFS\acm.uiuc.edu\user\%USERNAME%\Desktop paths. It seems to work the
majority of the time for most users. (I think you need to set
system:anyuser l in the directory, but I could be wrong.)
If users are in the appropriate group, they obtain tokens at login
through the OpenAFS integrated login functionality and the
desktop/documents gets redirected when they login.
You can also use group policy to set login scripts (and possibly even
have said login script in AFS.)
<<CDC
--
Christopher D. Clausen
[EMAIL PROTECTED] SysAdmin
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
