fs.org on behalf
of Ken Hornstein
Date: Wednesday, August 24, 2022 at 9:22 PM
To: Benjamin Kaduk
Cc: Ben Huntsman , openafs-info@openafs.org
Subject: Re: [OpenAFS] Kerberos + Windows
>On Wed, Aug 24, 2022 at 04:53:11PM +, Ben Huntsman wrote:
>> ktpass /princ afs/mydomain@
working now!! Thank you all so much for the help!!
-Ben
From: Jeffrey E Altman
Sent: Wednesday, August 24, 2022 6:49 PM
To: Ben Huntsman; openafs-info@openafs.org
Subject: Re: [OpenAFS] Kerberos + Windows
On 8/24/2022 12:53 PM, Ben Huntsman
(b...@huntsma
On 8/24/2022 12:53 PM, Ben Huntsman (b...@huntsmans.net) wrote:
Here's some configuration info:
Let's say my cell is going to be mydomain.com. My Active Directory
is ad.mydomain.com, and my AFS service account is srvAFS.
When installing Active Directory for a domain "mydomain.com" it
On Wed, Aug 24, 2022 at 04:53:11PM +, Ben Huntsman wrote:
> ktpass /princ afs/mydomain@ad.mydomain.com /mapuser srvAFS /mapop add
> /out rxkad.keytab +rndpass /crypto all /ptype KRB5_NT_PRINCIPAL +dumpsalt
When the name of the AFS cell does not match the name of the kerberos
realm, the
ch!
-Ben
From: Ken Hornstein
Sent: Wednesday, August 24, 2022 11:42 AM
To: Ben Huntsman
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Kerberos + Windows
>I then created the service account srvAFS, and extracted a keytab on the
>Domain Controlle
>I then created the service account srvAFS, and extracted a keytab on the
>Domain Controller using the following command:
So I'm not the expert on how AD works, so I can't speak for what happens
if you create a service account called _one_ thing and then have a
different principal name. Like,
ch!!
-Ben
From: Jeffrey E Altman
Sent: Wednesday, August 24, 2022 5:02 AM
To: Ben Huntsman; openafs-info@openafs.org
Subject: Re: [OpenAFS] Kerberos + Windows
On 8/23/2022 9:24 PM, Ben Huntsman
(b...@huntsmans.net<mailto:b...@huntsmans.net>) wrote:
Hi guys-
On 8/23/2022 9:24 PM, Ben Huntsman (b...@huntsmans.net) wrote:
> Hi guys-
> Does anyone have a working krb5.conf that works with Windows 2012
> R2 or newer?
>
> The docs do show how to set up using the new scheme but assume
> Kerberos, not AD. I've tried a few different things but I can't
>The docs do show how to set up using the new scheme but assume
>Kerberos, not AD. I've tried a few different things but I can't seem
>to get default_tkt_enctypes and default_tks_enctypes set correctly.
In the normal course of things you never, ever want to put any entries
for
Hi guys-
Does anyone have a working krb5.conf that works with Windows 2012 R2 or
newer?
The docs do show how to set up using the new scheme but assume Kerberos, not
AD. I've tried a few different things but I can't seem to get
default_tkt_enctypes and default_tks_enctypes set correctly.
On Tue, Aug 16, 2022 at 04:43:19AM +, Ben Huntsman wrote:
> Hi guys-
>Does anyone have a recipe for making OpenAFS work with AD 2012 R2 or 2016
> as a KDC?
>
>I've seen a few articles on using it with 2008 R2, which mostly involve
> re-enabling des-cbc-crc on the AD side... Does
11 matches
Mail list logo