[OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

Måns Nilsson mansaxel@besserwisser.org
Sun, 19 Jan 2020 22:53:11 +0100 

--9amGYk9869ThD9tj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I'm running a very small site (home) with family members accessing
computing resources. Now, some users are requesting windows clients,
and since I'm not trusting them I decided to make my own life more
complicated by running an Active Directory site, but I'm too cheap to
buy real Windows Server licenses, so have opted for Samba 4.

Being the glutton for punishment I am, I want their home directories to
be their usual home directories in AFS.  This means, that I'd like to
cross-realm ("AD Trust", but not entirely) between my Heimdal realm (where
I run the AFS cell) and the Heimdalish Kerberos that is part of Samba 4.

I've found the windows documentation for setting up trust/cross-realm
to external realms, and I believe I've tried most permutations of those
commands, but no such luck.

It is really not entirely appropriate for this forum, but if anyone has
done this, they probably are here, so I'm asking anyway.  Any pointers?
For instance, is there a Samba-native command for cross-realm? All of my
testing has been from Windows clients using the management tools for AD,
and that won't work for this even if it works for an impressive amount
of other things.

Thanks,=20
--=20
M=C3=A5ns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE           SA0XLR            +46 705 989668
Hello.  Just walk along and try NOT to think about your INTESTINES
being almost FORTY YARDS LONG!!

--9amGYk9869ThD9tj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEpp2QVFhCcv+wDUfCDgtx4NP2G7QFAl4kz8EACgkQDgtx4NP2
G7SNoBAAinK9pelUPC0KkBbNKdkPpzmcF00vf+3FSFwY8khqWBRgod7EPy5y2Jnz
MX9duqCPq94d8EY9MyH+alN7C0cPxvBowWYBq/R4bctncyMAMc+gBaBsa4wUF3Ov
2DLp8mHEqRc7uJeg5oxaoGTSfx2RhKl6Yb8x3EXP5bTCp37EKtJlMd6pVyG5Lwyf
PYp3coZw3zeGjPnPx4NqHboI9fhadT9Fl2uSPwiIFYcTf8jk0EpbskKUTbse8zhp
1OPOy5y9ZxzbwenqYSt5NGiDinmMXu+8Db0orOrIRGg3YpsaE5fDgF4vUpFhm4ff
CWIk4dxDF15LA1371i5mlv87aiAZTTGePdy0lSELUXZ9q6zX+Mp8jOArYUVBipnF
5JxWLQmGENTKFgm98li+1j4B+J7o6e1UHJwNDIWtGuja9JHE8GOgiImn9gkpUdrh
ESMQqVxXhWS1uslcYUV1935Pj2VXVtLM0AfyOavY6A5yzCZIXHDYTBkz59Ze4WFQ
2KpiFbmffq24MY4zA6iq1drm+9DT1gUcAZlCvUCZHxxOZra8KmAELQv5MvfF2Fm8
gFUqzIvG/i+RhzeuSIn9URFdSragVpVR3iJlBiXdiVltbgM+3nKjB1uwYBexRfyB
VLTkkFu+tpiAq9q2yUSXmX7wacAKf0JKdIT3qRZrcIFHSrf9gj0=
=LqbT
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--