[OpenAFS] Openafs 1.4.7, Active Directory 2003 user could not access AFS home directory

[Wenping Yang]

Derrick Brashear wrote:
> On Wed, Oct 15, 2008 at 1:57 PM, Wenping Yang <yangw3@umdnj.edu> wrote:
>   
>> Derrick Brashear wrote:
>>     
>>> is MESH.UMDNJ.EDU in krb.conf on the AFS servers?
>>>
>>>
>>>       
>> No, MESH.UMDNJ.EDU is not on AFS servers. I saw a message talking about
>>  adding "-realm" in AFS fileserver, but I am not sure how to make it work
>> for two realms.
>>     
>
> put it in /usr/afs/etc/krb.conf (or equivalent) on the fileservers, or
> it's not going to work.
>
>   

Hi Derrick,

Thank you for your quick response. I am sorry for having made some 
confusion here. Actually realm MESH.UMDNJ.EDU is in my krb5.conf file. 
The AFS fileserver I referred to is AFS fileserver daemon. Currently it 
is running as

/usr/afs/bin/fileserver

I wonder if it needs to be changed to

/usr/afs/bin/fileserver -L -realm REALM-NAME

if so, how to deal with two realms here? Thanks.


Here is my krb5.conf file:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MED.UMDNJ.EDU
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
 noaddresses = false

[realms]
 MED.UMDNJ.EDU = {
  kdc = RArwjmsIST1.umdnj.edu:88
  admin_server = RArwjmsIST1.umdnj.edu:749
  default_domain = med.umdnj.edu
 }
 MESH.UMDNJ.EDU = {
  kdc = RArwjmsIST2.umdnj.edu:88
  admin_server = RArwjmsIST2.umdnj.edu:749
  default_domain = mesh.umdnj.edu
 }

[domain_realm]
 .med.umdnj.edu = MED.UMDNJ.EDU
 med.umdnj.edu = MED.UMDNJ.EDU
 .mesh.umdnj.edu = MESH.UMDNJ.EDU
 mesh.umdnj.edu = MESH.UMDNJ.EDU

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf