[OpenAFS] Re: Win2K AFS server, setup SL4.5 test-cell server
then migrate...
Harald Barth
haba@kth.se
Sun, 31 Aug 2008 11:39:36 +0200 (CEST)
> For making a new cell/server IBM AFS doc instructs to start
> 'kaserver' which I get the impression is now verboten?
> Is that the only part of the IBM AFS doc that
> is to be ignored? Or most/all?
Just replace the "ka" stuff with a Kerberos server (for example AD) of
your choice.
> Can the KeyFile copied from the orig Win2K AFS server
> be used on an different afs-realm SL4.5 test box?
That _may_ work.
> If not, our microsoft KDC admin will have to to do something
> on the KDC for a different AFS cell - correct?
> That's the kind of PITA it was hoped to avoid by mirroring an
> existing AFS server & not making a new cell.
I don't know what the smaller PITA is in your case. I'd make a new
afs/cellname@REALM principals. There is a description how to do that
with a Win AD.
> Assuming the same KeyFile can be used,
>
> root@vlad> bos setcellname localhost test.phy -noauth
> root@vlad> bos listhosts localhost -noauth
> Cell name is test.phy
> Host 1 is <name of our REAL afs-cell server>
>
> Why is it listing the afs server in our official AFS cell?
The client programs still think they are in "oldcell". Change ThisCell
or use the -cell argument.
> It has nothing to do with cell test.phy!
> Is it because of the copy of KeyFile from the other machine?
No, there is no cell name in the KeyFile.
Harald.