[OpenAFS] Setting up a new Win 2008r2 AD as krb5 server for OpenAFS
Dan Pritts
danno@internet2.edu
Tue, 26 Oct 2010 09:53:34 -0400
On a related note, if anyone has a document on setting up 2008 AD to =
pass through all authentication requests to MIT krb5 that would be =
extremely welcome here.
There are docs at mircosoft on doing this with win2k or something, and =
i've been told that other sites (umich) do this, but we're not windows =
experts and our efforts up to now have failed.
thanks
danno
On Oct 26, 2010, at 6:48 AM, Lars Schimmer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Hi!
>=20
> Due to some problems while migrating from 2003 to 2008 I need to redo =
my
> complete AD.
> Biggest problem beside the work to setup all users is:
> creating new afs credential and set it up in the OpenAFS Fileservers.
>=20
> Is there any guide/step-by-step available now?
> I once did it and did not documented it well :-(
>=20
> So far I know:
> 1. create user afs in AD, user cannot change pass, passwd never =
expires
> 2. setspn afs afs/cgv.tugraz.at
> 3. ktpass -out NAME.out.txt -princ afs@CGV.TUGRAZ.AT \
> -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST
> 4. on fileservers: asetkey add 3 NAME.out.txt afs/cgv.tugraz.at
> 5. restart fileservers.
> But as ktpass does not set the kvno in AD, how do I get the kvno?
>=20
> And do I miss a point?
>=20
>=20
> MfG,
> Lars Schimmer
> - --=20
> - -------------------------------------------------------------
> TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
> Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>=20
> iEYEARECAAYFAkzGsgEACgkQmWhuE0qbFyN8ZACfZs152v1XWXlTT0OCaAjnC6Fl
> FEUAn1AyscOcjpT/7GlS9uAeQyM22Fw+
> =3D9at0
> -----END PGP SIGNATURE-----
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224