[OpenAFS] Integrated Windows Logon
Hugo Monteiro
hugo.monteiro@fct.unl.pt
Mon, 09 May 2011 19:50:27 +0100
On 05/09/2011 07:14 PM, Jeffrey Altman wrote:
> On 5/9/2011 12:18 PM, Hugo Monteiro wrote:
>> ;; ANSWER SECTION:
>> oper.ci.fct.unl.pt. 86400 IN AFSDB 1 staff-afs1.ci.fct.unl.pt.
>> oper.ci.fct.unl.pt. 86400 IN AFSDB 2 staff-afs2.ci.fct.unl.pt.
> The domain of the servers are ".ci.fct.unl.pt.
>
>> the client krb5.ini file contains
>>
>> [domain_realms]
>> .fct.unl.pt = FCT.UNL.PT
> Therefore this requires an entry of
>
> .ci.fct.unl.pt = FCT.UNL.PT
>
> Jeffrey Altman
>
Hi Jeffrey,
I wrongfully assumed that by defining .fct.unl.pt i would be specifying
something like *.fct.unl.pt. I must say i found the docs ambiguous
regarding this matter.
The bad news is that even after i change that, i only get tokens for the
first cell at logon time. The good news is that right now i am able to
get the missing tokens by issuing aklog in the windows domain logon
script, which apparently runs only after the afs client has gotten the
tokens for the first cell. The problem is still there, but at least i
managed to go around it. A permanent fix would be nice though...
This is on a 32bit client install. I will only have the freshly
installed 64bit client tomorrow. I will keep you posted when i have more
info on that.
Thank you.
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _