-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Today I did some tests on some workstations. I first deleted all old Kerberos for Windows <3.2 and the kerberos config. I deleted all documents and settings from the windows client and I installed OpenAFS 1.5.20. After some reboots I installed KfW 3.2 with the leash manager. I set in the options to disable krb4 plugin, set "obtain credentials automatic" and added the correct realm and server in the leash manager. I check against krb5 server from our Win 2003 AD domain. And I did NOT activate the "obtain token while login" in OpenAFS, I remember I should leave that action to the leash manager in which I activated the "obtain AFS token" function. After a reboot I tried to login with my testuser. The user has a roaming profile in AFS space (in AD server \\AFS\cgv.tugraz.at\profiles\testuser as path) and it should use that (it was used often before). But while trying to login, windows tells me, access denied to the afs path (??). So Win create the temp profile on HD and I see the leash manager which I opened and see "obtain credential while logigng in" NOT activated. What??. And so it didn´t get a token. On another machine I left the testuser profile (which is a roaming profile, but Windows XP copies it on disk and does not delete it) on client PC and while logging in as testuser, Win tells me "no roaming profile found" and loads it from HD. After logging in I got a ticket/token and can access AFS. I assume it to be the normal way (no KFW loaded/started while obtaining tickets). Is this the official way it should be? But after I activated the "obtain token with login" in AFS I could login as testuser on both clients and obtained my profile from the AD server. So I still need this option to use roaming profile on AFS space. MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcTT1mWhuE0qbFyMRAqGmAJ0RZfYDQyi8glGHN6LSl/qv182AQgCfRpPc n5kizrwTp+1cofI95VUhnuY= =MoJr -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
