If "LogonOptions" is set to 0, there is nothing configured to obtain AFS tokens. If tokens are obtained by Network Identity Manager, it will be when Network Identity Manager performs an auto-renewal which is not at a specific time. Obtaining AFS Tokens at logon time is performed by winlogon.exe/mpnotify.exe when it calls the NPLogonNotify() function of the afslogon.dll.
Jeffrey Altman On 2/15/2012 5:18 PM, John Perkins wrote: > We've found our Windows 7 systems are reliable about obtaining kerberos > tickets when users login at our site (all user accounts are > authenticated against an MIT kerberos KDC during login). > > Obtaining AFS tokens at the same time is not as reliable. Going into > Network Identity Manager and renewing credentials typically will obtain > tokens. Running aklog will obtain tokens. 90-95% of the time tokens > are obtained. This is with > HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\LogonOptions > set to "0". > > I'm experimenting with setting the LogonOptions setting to "1" to see if > that clears up this issue. If having LogonOptions set to "1" is still > necessary to reliably get AFS tokens generated at login time, I'm > surprised we saw it work so often in the past with this registry key set > to "0". > > Any other suggestions to ensure users receive AFS tokens at login time? > > John > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info
signature.asc
Description: OpenPGP digital signature
