[OpenAFS] Question Windows LogOn, krb5
Lars Schimmer
l.schimmer@cgv.tugraz.at
Fri, 11 May 2007 11:45:08 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I=B4ve got some questions about Win LogOn and obtaining tokens/tickets
while logon.
Our setup: 1 windows AD server (CGV is the domain name)
1 linux MIT krb5 server (REALM: CGV.TUGRAZ.AT)
OpenAFS Cell cgv.tugraz.at
Yes, two different krb5 server, it=B4s bad, I know.
Til yet (krb5 <3.1 and OpenAFS <1.5.16) everything went more or less
well. Win XP SPII clients are in the CGV domain, user logon and obtained
krb5 tickets for CGV.TUGRAZ.AT and a token for cgv.tugraz.at (win
profile is on AFS space).
I just installed krb5 2.x or 3.0, setup the REALM info in the
krb5.config in C:\WINDOWS to the linux MIT krb5 server and configure
OpenAFS to obtain tokens while logging in.
I was told the official way now is to obtain tickets/tokens via the
leash manager 3.2 and not via OpenAFS 1.5.x
Right now I expirienced some flaws while obtaining tickets/tokens (user
can change krb5 settings AFTER logon, but with not correct setting, they
can=B4t logon ??) or just not getting any tickets.
I assume the 2 krb5 servers (one AD server, one linux MIT) are the proble=
m.
Anyone got a hint/info about conifg this system the right way?
(no, not using only the win server or cross auth, I just think about the
clients).
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGRDsjmWhuE0qbFyMRAoEBAKCVompjH2ublme1c5P7SpHheGtUIgCdHHJq
b7n43jBByJNXOsiIo8GgkVQ=3D
=3DDWK4
-----END PGP SIGNATURE-----