[OpenAFS] OpenAFS + Active Directory documentation
Christopher D. Clausen
Thu, 23 Apr 2009 18:45:13 -0500
Josh Fiske <email@example.com> wrote:
> I've been doing alot of research recently... We have an old (circa
> 2003) AFS cell and are looking at replacing those aging servers. For
> our new implementation, I hope to (read as: "have received an edict
> that we must...") be able to use Active Directory as the
> authentication source. Initially, I began the new server
> installation following the Quick Start guide, but it still uses
> kaserver (krb4)...so that was right out.
> Can anyone point me towards some detailed documentation on the
> subject? If no documentation exists, might someone be able to help
> step me through the process? If the latter, I would be happy to
> create detailed (step-by-step) documentation of the setup to share
> with the community (perhaps as an update to the Quick Start
Please ask questions in the #openafs IRC channel on freenode.
Basically, you use ktpass.exe to create an afs/cellname@AD.DOMAIN (after
marking the user account DES only within AD) service principal for use
by AFS and then import this keytab into the AFS KeyFile using asetkey.
Note that this only uses AD for authentication. You still need to add
users to PTS for authorization to AFS.
You can try and look at:
Note that I did not write that, but I do use AD.UIUC.EDU for several AFS
cells. I also would not have used ktutil when asetkey works just fine.