Ok, my tests are going well. But...another problem is come out...
Now i have an OpenSUSE 11.3 with Samba, LDAP and OpenAFS as domain controller, for the roaming profiles of the users. All seemes to work fine but... When i exit for the Client, windows says to me the profile cannot be written.... I have checked the permissions, and are fine, i have checked the logs of samba, and no errors.... But i don't know why when i disconnect the user from the client, the profile can't be written...But the access to the AFS is good, when the Client is logged in.... BTW, the option of AFS "LogoffPreserveTokens" is active. Any hint to how to debug that situation? Cordially, Claudio Prono. Gémes Géza ha scritto: > 2010-09-18 08:16 keltezéssel, Gémes Géza írta: > >> 2010-09-17 18:21 keltezéssel, Jeffrey Altman írta: >> >> >>> On 9/17/2010 11:06 AM, Claudio Prono wrote: >>> >>> >>> >>>> >>>> >>>> >>>>>> Now, the question is: how i can make Windows first write the updated >>>>>> profile, then drop tickets? >>>>>> >>>>>> The ACL system:anyuser all for the profile folder is not a good >>>>>> solution... >>>>>> >>>>>> Any hint? >>>>>> >>>>>> >>>>>> >>>>>> >>>>> The afslogon.dll has special code in it that has to detect that the >>>>> profile is redirected into AFS. This is based on the assumption that a >>>>> domain is in use. The additional case for a non-domain profile in AFS >>>>> would have to be added. >>>>> >>>>> Jeffrey Altman >>>>> >>>>> >>>>> >>>>> >>>>> >>>> Just an idea... why don't put an option inside the AFS control panel to >>>> override the domain detection ? Not all the users using a roaming >>>> profile use a Domain.... Something like "roaming profile active" in the >>>> AFS control panel.... >>>> >>>> Anyway, now how i can override that detection of the afslogon.dll ? Any >>>> trick to cheat the afslogon.dll auto detection? >>>> >>>> Cordially, >>>> >>>> Claudio Prono. >>>> >>>> >>>> >>> Claudio: >>> >>> It would be more work to implement a cheat than to do the correct thing >>> for your configuration. Someone can write a patch for afslogon and >>> submit it to gerrit.openafs.org. >>> >>> What needs to be implemented is the Local Profile in AFS case both for >>> NPLogonNotify() and AFS_Logoff_Event(). If the profile is not remote, >>> then a search for a profile in AFS should not be queried via AD (LDAP) >>> but instead through the GetUserProfileDirectory() API. >>> >>> If you read the OpenAFS for Windows Release Notes, you can use the >>> LogoffPreserveTokens registry value to force the AFS tokens to be held >>> after logoff. However, doing so retains the tokens until they expire. >>> >>> Jeffrey Altman >>> >>> >>> >>> >> Sorry if that sounds stupid, but are currently the NPLogonNotify() and >> AFS_Logoff_Event() calls querry AD via LDAP? If so I suppose they aren't >> discovering a pre-AD (NT4, Samba3) redirected domain profile either? >> I've just planned to move the user profiles of our Samba3 domain to AFS :-(. >> >> Thanks >> >> Geza >> >> >> _______________________________________________ >> OpenAFS-info mailing list >> [email protected] >> https://lists.openafs.org/mailman/listinfo/openafs-info >> >> > Ok I've did an experiment: created a user lets call him testuser > redirected his profile (via the ldap backend of samba) to > \\afs\....\profiles\testuser > for that dir gived him rlidwk acl and, l to system:anyuser to the whole > path to that dir, and the profile seems to load and unload perfectly, > the profile path being updated as it should. > > Cheers > > Geza > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > > !DSPAM:1,4c94c09d22871620449902! > > > > -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc
