On 6/1/2014 6:59 AM, Tomas Granat wrote: > Hi, > > We use openafs on windows with kerberos for authentication. We use > Network identity manager to handle all our kerberos and afs credentials. > > Now the problem. One user has a configuration ,in Network identity > manager, to get tokens for two afs cell on windows logon but this dont > work and he only gets tokens for the main afs cell. So he need to > manually obtain new credentials in "Network identity manager" to get > tokens for both cells and this works with no problems. > > Why wont this work on windows logon? The user says that this has worked > before on his computer. > > Best regards > /Tomas
The Network Identity Manager configuration is independent of the Windows Authentication Provider (aka Integrated Logon) configuration. Whereas NetIdMgr provides a nice GUI for specifying the bindings between AFS cells and Kerberos principals (aka identities) there is no such GUI for the Authentication Provider configuration. The Authentication Provider configuration registry keys are specified under HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider and are documented in the release notes which are installed on the local machine and can also be accessed via http://www.openafs.org/windows.html or http://docs.openafs.org See Section A.2.1 on Domain configuration and look for the "TheseCells" parameter. If this is not enough to point you in the correct direction, paid support is available. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
