[OpenAFS] updating win2003 AD server to 2008(RC2)-64bit - any tips?

Lars Schimmer l.schimmer@cgv.tugraz.at
Thu, 27 Aug 2009 08:33:18 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeffrey Altman wrote:
> Lars Schimmer wrote:
>> Hi!
>>
>> We are still running a Win 2003 AD server as krb5 auth server and
>> managing the AD user profiles (which resist inside of OpenAFS).
>>
>> I think about updating to Win2008 RC2 server (and clients from WinXP t=
o
>> Windows7 - available in MSDNAA for 1 week now).
>=20
> Availability in MSDN is for developers to have access to the final
> builds in order to finish testing functionality and certification
> of their products.  It is not intended for production use.

Right, pre-releases like RC and beta versions are not for production use.
Windows Server 2008 R2 is yet still in beta or RC state - but server
2008 is production ready and I think aobut "why use 2008 if 2008 R2 will
be available soon". Translation of system will take some more time at all.

> Until the official release date I would not deploy these OS images
> in a production environment.  Most vendors (including OpenAFS) have
> not announced releases that are 100% compatible with Windows 7.

Windows 7 was official released (at least to MSDN and MSDNAA and system
builders). The image in MSDNAA is the official release version of
Windows 7 - I do not see any reason why not deploy it in a production
enviroment (after testing it).


> Windows 7 requires multiple data stream support in order to be able
> to execute programs and data files that contain scripts.  (.EXE, .CHM,
> Office docs, ...)  AFS does not support multiple data streams and
> therefore there is no "Zone.Identifier" stream.   You should
> perform broad testing of your apps on Win7 in order to determine what
> works.

The streams strikes back again. Did not know Windows 7 depending on
streams in filesystem.
So far I determined some small problems only.
Most annoying one is: some .exe does not run out of OpenAFS space, some
others do. Alternative streams could be a good explanation to this
behaviour.

Btw, any plans about multiple streams in OpenAFS? I know that point was
in discussion, once.

>> But our server is yet 32bit, the 2008RC2 will be 64bit.
>> Anyone got any information about compatibility with Server 2008 and/or
>> 64bit server with (old) clients 32bit, krb5 and OpenAFS ?
>=20
> You can mix 64-bit server with 32-bit clients.
>=20
> Single DES encryption is disabled by default in 2008 R2.  You will
> need to re-enable DES encryption in order to use 2008 R2 Active
> Directory as a krb5 KDC for use with OpenAFS.

Thank you. That was one of the points I wanted to know ahead of testing
it - I guess you saved me some hour of work.

With all this in mind - I guess I set up a second public win7 test
system for our users and play with a testing ground with win 2008
server. After Win 2008 R2 has gone released - switch AD over and
afterwards maybe Win7.

> Jeffrey Altman


MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqWKK4ACgkQmWhuE0qbFyPpeQCdHlo9zyY3BzfdMgplrZL7Jzr4
figAnR7Bu1IDsEolnnS4CRJSGIrkEs3D
=3Dithp
-----END PGP SIGNATURE-----