[OpenAFS] AFS client -> Windows server w/AD & KDC -> Linux AFS
Thu, 26 May 2011 08:43:03 -0500
> On 26.05.2011 12:31, Mickey Lane wrote:
> > Hi,
> > I want an AFS client (Windows or Linux) to get kerberos credentials
> from a Windows Server and use them to access AFS servers on a Linux
> machine. The Linux machine does not have a KDC.
> > Although I haven't personally tried it, I'm under the impression this
> works without too many AD configuration issues with Server 2003.
> > I'm also under the impression it works with Server 2008 R2 once DES
> is enabled.
> > I currently have 2008 Standard (not R2) configured to provide tickets
> and I've moved the keytab to the Linux machine, etc. The process
> *appears* to work but the credentials are invalid. Kvno numbers are
> correct. I think the problem is improper encryption types.
> > I'm aware of a Microsoft update to 64-bit Server 2008 that is related
> to password corruption in this process.
> > My question: Has anyone ever made this work on Server 2008 Standard
> (not R2)?
Lars Schimmer wrote:
> I know it works on Win 20008 Standard, but I do run 2008R2 for AD
> services including krb5 auth for users on linux clients.
> My selfnotes are here to be read:
I have seen this document. It mentions "Server 2003 SP2" in the first few
lines so I didn't pay much attention to it as I was/am interested in Server
Under the section for 2008 R2, the instruction to add a registry value
KdcUseRequestedEtypesForTicket definitely helped with the encryption types
on Server 2008 (not-R2).
Now I appear to have kvno issues again. On both Linux and Windows clients:
host/server64.mickeylane.com@MICKEYLANE.COM: kvno =3D 4
I use Network Identity Manager (NIM) to get credentials on a Windows 7
The property page for afs/test.mickeylane.com@MICKEYLANE.COM
shows kvno #5. The page for krbtgt/MICKEYLANE.COM@MICKEYLANE.COM
shows kvno #2.