Stephen,
At 05:00 PM 2/3/05, you wrote:
We've got a weird problem here...
...snipped for brevity...
Our users have roaming profiles and we're redirecting Desktop, My Documents, and Application Data into AFS via a mapped drive (U:\windows\username\...). The U: drive is mapped with a windows startup script (other scripts map other drives at startup and logon).
A few items of interest...
I also use a U: drive mount for folder redirection. However our U: drive is mounted during a AFSLogonShell script that runs before folder redirection is performed by Windows. When I was first investigating folder redirection, a drive mounted during a user logon script wouldn't work, because that was done after folder redirection had been setup by Windows. That being said, there were some complications with this method. Since the AFSLogonShell runs as user SYSTEM, the U: drive will be mounted with that account. We don't want the U: drive to remain mounted as the SYSTEM account once the user profile is downloaded and folders have been redirected. So, what we do is unmount the U: drive temporarily, after the folder redirection is in place, in the user logon script, and remount it as the user. We can only do this because we have a special service that allows unpriviledged user accounts to execute specific scripts as SYSTEM. The service simply listens for strings sent to a global named pipe and compares them to a registered list before executing them. With that service I unmount the U: drive. Then, back inside the user logon script, I remount the U: drive as the user. Yes, I know this seem cumbersome, and it is, but it works...for now.
Essentially here is the process sequence described above:
1. Windows authentication.
2. OpenAFS integrated logon authentication (afslogon.dll)
a. AFSLogonShell (child of afslogon.dll, running as SYSTEM)
1. Obtain user home path from UNIX passwd file.
set afs_homedir=/afs/uncc/usr/a/anyone
2. Create AFS submount share name.
afsshare %UserName% %afs_homedir%
3. Disable AFS client side caching.
fs cscpolicy all -disable
fs cscpolicy %UserName% -disable
4. Mount U: drive for user.
net use u: \\afs\%username%
5. Make sure all folders for redirection already exist.
6. Set registry "DisableFRAdminPin". (see below)
3. Windows profile download (I have no control).
4. Windows folder redirection (I have no control).
5. Group policy user logon script.
a. Unmount system U: drive (SYSTEM execution via service).
b. Remount U: as user.Now that the OpenAFS Windows client fully supports UNC paths I'm trying to find time to switch my folder redirection group policy setup to use "\\AFS\username" instead of the U: drive mount. However this will still be somewhat cumbersome because I create an AFS submount name for the user inside of the AFSLogonShell. I don't want to have to pre-create and manage thousands of submount entries in the registry. I simply want to create the submount share for the user at logon time. The AFS logon authenticator afslogon.dll doesn't currently do this.
As far as your problem is concerned, it sounds just like a problem I had last year when I was messing about with 1.3.71. Here are a few suggestions.
Make sure you are using 1.3.73 or above.
We also disable client side caching on all our AFS drives/directories.
fs cscpolicy all -disable
You will also find the following registry option useful. This registry option will prevent folder syncronization occuring on your AFS drive that is used for redirection...
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache" "DisableFRAdminPin" REG_DWORD 0x01
See... http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304624
Rodney
Rodney M. Dyer Windows Systems Programmer Mosaic Computing Group William States Lee College of Engineering University of North Carolina at Charlotte Email: [EMAIL PROTECTED] Web: http://www.coe.uncc.edu/~rmdyer Phone: (704)687-3518 Help Desk Line: (704)687-3150 FAX: (704)687-2352 Office: 267 Smith Building
_______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
