[OpenAFS] Setting up a new Win 2008r2 AD as krb5 server for OpenAFS

Lars Schimmer l.schimmer@cgv.tugraz.at
Tue, 26 Oct 2010 12:48:33 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Due to some problems while migrating from 2003 to 2008 I need to redo my
complete AD.
Biggest problem beside the work to setup all users is:
creating new afs credential and set it up in the OpenAFS Fileservers.

Is there any guide/step-by-step available now?
I once did it and did not documented it well :-(

So far I know:
1. create user afs in AD, user cannot change pass, passwd never expires
2. setspn afs afs/cgv.tugraz.at
3. ktpass -out NAME.out.txt -princ afs@CGV.TUGRAZ.AT \
       -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST
4. on fileservers: asetkey add 3 NAME.out.txt afs/cgv.tugraz.at
5. restart fileservers.
But as ktpass does not set the kvno in AD, how do I get the kvno?

And do I miss a point?


MfG,
Lars Schimmer
- --=20
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzGsgEACgkQmWhuE0qbFyN8ZACfZs152v1XWXlTT0OCaAjnC6Fl
FEUAn1AyscOcjpT/7GlS9uAeQyM22Fw+
=3D9at0
-----END PGP SIGNATURE-----