2010-09-18 08:16 keltezéssel, Gémes Géza írta: > 2010-09-17 18:21 keltezéssel, Jeffrey Altman írta: > >> On 9/17/2010 11:06 AM, Claudio Prono wrote: >> >> >>> >>> >>>>> Now, the question is: how i can make Windows first write the updated >>>>> profile, then drop tickets? >>>>> >>>>> The ACL system:anyuser all for the profile folder is not a good >>>>> solution... >>>>> >>>>> Any hint? >>>>> >>>>> >>>>> >>>> The afslogon.dll has special code in it that has to detect that the >>>> profile is redirected into AFS. This is based on the assumption that a >>>> domain is in use. The additional case for a non-domain profile in AFS >>>> would have to be added. >>>> >>>> Jeffrey Altman >>>> >>>> >>>> >>>> >>> Just an idea... why don't put an option inside the AFS control panel to >>> override the domain detection ? Not all the users using a roaming >>> profile use a Domain.... Something like "roaming profile active" in the >>> AFS control panel.... >>> >>> Anyway, now how i can override that detection of the afslogon.dll ? Any >>> trick to cheat the afslogon.dll auto detection? >>> >>> Cordially, >>> >>> Claudio Prono. >>> >>> >> Claudio: >> >> It would be more work to implement a cheat than to do the correct thing >> for your configuration. Someone can write a patch for afslogon and >> submit it to gerrit.openafs.org. >> >> What needs to be implemented is the Local Profile in AFS case both for >> NPLogonNotify() and AFS_Logoff_Event(). If the profile is not remote, >> then a search for a profile in AFS should not be queried via AD (LDAP) >> but instead through the GetUserProfileDirectory() API. >> >> If you read the OpenAFS for Windows Release Notes, you can use the >> LogoffPreserveTokens registry value to force the AFS tokens to be held >> after logoff. However, doing so retains the tokens until they expire. >> >> Jeffrey Altman >> >> >> > Sorry if that sounds stupid, but are currently the NPLogonNotify() and > AFS_Logoff_Event() calls querry AD via LDAP? If so I suppose they aren't > discovering a pre-AD (NT4, Samba3) redirected domain profile either? > I've just planned to move the user profiles of our Samba3 domain to AFS :-(. > > Thanks > > Geza > > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > Ok I've did an experiment: created a user lets call him testuser redirected his profile (via the ldap backend of samba) to \\afs\....\profiles\testuser for that dir gived him rlidwk acl and, l to system:anyuser to the whole path to that dir, and the profile seems to load and unload perfectly, the profile path being updated as it should.
Cheers Geza _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
