Hi, >> This can only be true for 64 Bit Windows 7, because it is running on >> our Windows 7 pool with 32 Bit machines. Logging into the machines >> gets AFS token AND Kerberos ticket! > > Are you sure the Kerberos ticket is not coming from the MSLSA ?
Yes. The pool machines are domain members. Our domain is 'AD.UNI-PADERBORN.DE', our kerberos realm is 'UNI-PADERBORN.DE'. Both realms have all users with identical usernames and password. There is also a cross realm trust, but that should be unrelated in this case. I logon to the machine as AD\odenbach, so the Microsoft credential cache is filled with [email protected]. But the Network Identity Manager grabs the credentials and gets the ticket for [email protected]. So that is exactly the behaviour which I want to see. But it only works on 32 bit machines. Just to check I have now created a local account on a pool machine, same username and same password. If a logon to the machine using this local account, I do not get a MSLSA ticket (which is clear), but I do get an MIT Kerberos Ticket and an AFS Token. Renewable and everything. So what is the difference between 32 bit and 64 bit? Has Microsoft dropped some feature here? Christopher -- ====================================================== Dipl.-Ing. Christopher Odenbach Zentrum fuer Informations- und Medientechnologien Universitaet Paderborn Raum N5.122 [email protected] Tel.: +49 5251 60 5315 ====================================================== _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
