On Wed, 26 May 2004, lbramos wrote: > Hi, > > Now that i have afs running, is it possible to "add" LDAP and SMB?
yes, but why? see below > Or i have to do everything from scratch again? (please say no... :S) no, see below > Where can i look up for this? many places, the edu domains are a great resource for this sort of info. > For LDAP do i really need kerberos5? Or can i work with the original > version that comes with afs? no, see below. You are confusing things. OpenAFS does not come with LDAP. > Please let me know if you need more information. You choose OpenAFS instead of SMB. You can certainly run an SMB server on your network if you so choose. OpenAFS and SMB are not related. (not in a way that matters to your question) You can also run an LDAP server on your network. You can also run a Kerberos server on your network. For LDAP, you do not need kerberos. For kerberos, you do not need LDAP. However, Kerberos and LDAP can be made to interoperate in vary flexible ways. When you say "original version" do you mean to say "use the kaserver to authenticate users?" Do every_what_ by scratch again? If my answers seem cryptic it is because the questions that you are asking relate to about 40 different possible answers that you may desire. You need to separate the different functionalities of the different servers that you spoke of. Let me clarify: 1 - OpenAFS is a distributed file system, like CIFS but way more powerful. 2 - SMB (aka CIFS) is a networked file system. 3 - Kerberos is an authentication system. 4 - LDAP is a directory protocol. It's a glorified phone book. The real question you are driving at is, "How can I use all of these different protocols on my network?" Or perhaps, "Can these different protocols interoperate on my network?" To address the interoperability issue I can give you some examples. I do not use the OpenAFS native authentication called "kaserver". I use the MIT Kerberos V5 server for authentication. I have one OpenLDAP server running on my network but it is purely experimental at this time and none of my other systems interoperate with it. I don't run SMB at all on my network. Some users store Kerberos data in an LDAP directory. Some users might grant access to an LDAP directory based on a proper authentication via Kerberos. Windows Active Directory perform both LDAP and Kerberos functions. Based on AD authentication, Windows SMB servers grant access to clients. You have to first understand that each piece of software you asked about performs a specific function. Do you need that specific function on your network? Making all of this stuff interoperate is not a task for the faint hearted. It is extremely difficult. It requires a pretty good understanding of each individual component before you can really start making things interoperate in way that is useful to you. Later, Jason C. Wells _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
