[OpenAFS] Integrated Windows Logon
Hugo Monteiro
hugo.monteiro@fct.unl.pt
Fri, 01 Apr 2011 20:00:56 +0100
On 04/01/2011 07:04 PM, Jeffrey Altman wrote:
> See appendix A.2.1 for details on specifying per logon domain
> configuration including the authentication realm.
>
Hi Jeffrey,
Actually that's where I started. I was trying to give access to two
different cells using the same krb realm.
Kerberos Realm is FCT.UNL.PT
AFS cells are fct.unl.pt, which is the default cell, and staff.fct.unl.pt
I added a new key
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\STAFF]
since the windows domain is called STAFF.
I then added the value Realm with the krb realm to be used which is
FCT.UNL.PT
Then i added the value TheseCells with staff.fct.unl.pt so i could get
tokens for the second cell
But then, after logon i would only get a token for the default cell.
Windows events showed the following:
Looking up TheseCells
...
Located TheseCells in hkDom size 18
...
Found TheseCells [staff.fct.unl.pt]
...
KFW_AFS_get_cred uname=[user@FCT.UNL.PT] smbname=[staff\user]
cell=[fct.unl.pt] code=[0]
...
KFW_AFS_get_cred uname=[user@FCT.UNL.PT] smbname=[staff\user]
cell=[staff.fct.unl.pt] code=[-1765328189]
So it does try to get the token, but it fails.
If i get new creds from NIM, it's able to get tokens for both cells.
Any help would be much appreciated.
Best Regards,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _