[OpenAFS] updating win2003 AD server to 2008(RC2)-64bit - any tips?

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 26 Aug 2009 13:50:08 -0700

Lars Schimmer wrote:
> Hi!
> We are still running a Win 2003 AD server as krb5 auth server and
> managing the AD user profiles (which resist inside of OpenAFS).
> I think about updating to Win2008 RC2 server (and clients from WinXP to
> Windows7 - available in MSDNAA for 1 week now).

Availability in MSDN is for developers to have access to the final
builds in order to finish testing functionality and certification
of their products.  It is not intended for production use.

Until the official release date I would not deploy these OS images
in a production environment.  Most vendors (including OpenAFS) have
not announced releases that are 100% compatible with Windows 7.

Windows 7 requires multiple data stream support in order to be able
to execute programs and data files that contain scripts.  (.EXE, .CHM,
Office docs, ...)  AFS does not support multiple data streams and
therefore there is no "Zone.Identifier" stream.   You should
perform broad testing of your apps on Win7 in order to determine what

> But our server is yet 32bit, the 2008RC2 will be 64bit.
> Anyone got any information about compatibility with Server 2008 and/or
> 64bit server with (old) clients 32bit, krb5 and OpenAFS ?

You can mix 64-bit server with 32-bit clients.

Single DES encryption is disabled by default in 2008 R2.  You will
need to re-enable DES encryption in order to use 2008 R2 Active
Directory as a krb5 KDC for use with OpenAFS.

Jeffrey Altman