On 12/19/2010 10:09 AM, Jaap Winius wrote: > Hi folks, > > So far, I've been able to get Linux clients to work perfectly with my > MIT Kerberos V / OpenLDAP / OpenAFS servers. No need to create any local > accounts: anyone with a network account can login to any workstation and > none of their personal files are stored locally. > > I hope I'm wrong, but the same doesn't seem to be possible with Windows > clients. I've been experimenting with a WinXP (SP3) Pro test machine > running Kerberos for Windows 3.2.2 and OpenAFS for Windows 1.5.7800. It > seems to work fine, as I can authenticate and access all of my files on > the network. However, I still have to start by logging in to a local > Windows account. > > Is it possible to configure a Windows XP client for single-sign-on, so > that locally no pre-existing account or knowledge of any users is > required? If so, can it also be set up so that the user's home > directories are stored in OpenAFS? > > Thanks, > > Jaap
OpenLDAP is not a replacement for Active Directory. You either need to manage local Windows accounts that are mapped to Kerberos identities for logon or you need to use Active Directory (or an Active Directory equivalent) to manage the accounts for you. In either case, once you have accounts defined for users those accounts can have roaming profiles stored in AFS. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
