[OpenAFS] Documentation or howto for Active Directory as KDC
Silvia Roedelsperger
Silvia.Roedelsperger@KOM.tu-darmstadt.de
Fri, 07 Nov 2008 09:36:48 +0100
Hi,
first I want to thank you for the link. We'll try it out, if we have
some time :-)
You've asked, if it's the same realm:
Yes, (unfortunately) it's the same realm name for both.
Greetings, Silvia
Douglas E. Engert schrieb:
>
>
> Silvia Roedelsperger wrote:
>> Hi,
>>
>> i've got a question.
>>
>> Does anyone know a documentation or a howto on using Active Directory
>> (Windows 2008 Server) as the KDC in an OpenAFS installation?
>
> John Spoko Jr wrote this up:
> http://www.openafs.org/pipermail/openafs-info/2007-January/025039.html
>
> The case 1 looks good.
>
> You may also want the AD admin to set the userAccountControl flag
> 0x2000000 in the afs account so the MS PAC will be not be sent in the
> ticket.
> The PAC can be large 12K, and since AFS does not use it, it can reduce
> the size of tickets/tokens from 13K to about 400 bytes.
> See:
> http://support.microsoft.com/kb/832572
>
>>
>> Our test environment for the OpenAFS server ist running on a Debian
>> Etch machine.
>>
>> I just found this old thread from 2004:
>> http://www.openafs.org/pipermail/openafs-info/2004-June/013771.html
>>
>> Unfortunately, this thread doesn't helped me very much.
>>
>> To have two Kerberos-servers (on the one hand the Windows 2008 Server,
>> on the other Hand a MIT-Kerberos Server at the Debian machine) with
>> the same user-accounts doesn't make very much sense to me.
>
> Same realm names? Or not?
>
>>
>> Thanks in advance! :-)
>>
>> Greetings, Silvia
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
>