At 06:23 AM 2/11/2008, Lars Schimmer wrote:
Ok, sorry, needed to snip thattext out, seems to be more or less the same like the PDF on best practice workshop 2005(or 2006?).

I believe the information you are refering to is from "AFS on Windows", 2004 workshop

As fas as I know, with Windows XP SP2, OpenAFS for Windows >1.5.28 and OpenAFS fileservers 1.4.6 I don't need most of that stuff. Oh, Compatible RUPSecurity set active, right.

Sorry, I forgot that small registry setting. Yes, if the XP client you are logging into will be downloading a profile from AFS, AND that client is a member of an Active Directory that is in a cross-realm trust relationship with another K5 KDC, then you will need this registry key...

"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" "AllowX-ForestPolicy-and-RUP" REG_DWORD 0x1

This setting was needed beginning with SP2.

I was told, it is ok, to set the path of user profile in Windows AD2003 Server to \afs\cgv.tugraz.at\home\user\win.profile and it works.

True. That is a UNC path and it should work with roaming profiles. It is when we use UNC paths with "Folder Redirection" that small problems show up. If the users Desktop for example has been redirected to AFS, then a file stored on the desktop might not immediately be displayed. This is some sort of signaling problem with the Explorer shell that apparently (correct me here if I'm wrong) fails to work properly with AFS because, as stated elsewhere, AFS doesn't currently support UNICODE CIFS.

Yes, we don't use freelance mode and our cell is in distributed cellservDB. Config of OpenAFS msi is to set default cell to ourr and use automatic logon to obtain ticket/tokens while login into AD.

So far it works with our users.

Maybe I miss some big point or your information is just kind aoutdated?

Sorry, in my email I got a bit overzealous in describing the profile and folder redirection problems/solutions that I used when I setup our environment initially. It isn't exactly outdated as much as it simply describes multiple ways of doing things, and the problems you might have related to the solutions.

Although the redirected folder option indeed looks nice. Need to test this.

Yes, this is the one thing I was trying to concentrate on. I did not make it clear that, in my opinion, your profiles are just too large. Profiles should not be much greater than 10 to 20 meg. But you are apparently not using "Folder Redirection", and you probably don't use the AD group policy setting to remove the local profile when your users logout. You probably also have only a single user at each client, and they don't move to other clients that often.

The reason I'm guessing about how you've got things setup is because if the profile is removed at logout, then that would mean that every time a user logs on then 400 meg of data would need to be downloaded to the local machine. I just can't imagine that. Even if your network is fast, that's going to take some time regardless of what cache size AFS uses. This is assuming of course that we are talking about different users, who all have > 100 MB profiles using the machine. If only one person ever uses the maching daily then I suppose a large AFS cache would work fine. However I tend to not trust caches for permanent daily data. I like to think of caches only for the purpose of storing transactional information, to speed it up. Even the callbacks of AFS timeout after 4 hours.

I would strongly urge you to setup "Folder Redirection" to help reduce your profile sizes.

Rodney
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to