-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Thx for your answer. I´ve read the install notes. But as all clients and servers in the new cell are new (1.3.83+ versions), I never thought about any of that. Jeffrey Altman schrieb: | Do you have a cross realm trust configured between AD and the MIT KDC? How should I do this? Both realm are the same. I mean: first I setup the krb5 realm for our network, after that the AD. I thought it would be easy, just to use our DNS entry, because it´s easy and the same for Win and Linux machines. | Have you configured the workstation to know about the MIT KDC using KSETUP? I found something on the krb5 site. Yes, it knows the MIT, but after reboot I could only logon local or with the MIT KDC (with which login failed), the AD was gone... | Have you added both realms to the MIT krb5.ini file? There is only one realm. | Is there an appropriate domain/realm mapping in the MIT krb5.ini file | to allow the realm of the cell's VLDB servers to be determined correctly? That should be OK, as it works without "obtaining ticket/token via logon". | Is the afs/[EMAIL PROTECTED] principal in the MIT KDC configuration to only | include the DES-CBC-CRC enctype? Yes. Without it wouldn´t work at all on my clients. | Note: | | MIT KFW is not used to obtain Kerberos 4 tickets with OAFW. It only | obtains Kerberos 5 tickets. OK, I assumed something like that. In short: While logon to the Active Directoy the Clients get tickets from the Win Server with which they don´t get tokens. After destroying the ticket from the AD KDC and obtaining new tickets, the MIT leash manager got tickets from MIT KDC. I want them to get tokens for our cell, either obtaining tickets from MIT KDC instead of AD KDC or via the KDC tickets. | Please read afs-install-notes.txt. Read it. No solution found while reading... | Jeffrey Altman Cya Lars - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & Wissensvisualisierung Tel.: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] PGP-Key-ID: 0xB87A0E03 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: GnuPT-Light 0.3 by EQUIPMENTE.DE iD8DBQFDEdAuVguzrLh6DgMRArhTAJ9VgHToLJkVj50Eer3c/D3eHx42XgCdHjzk myrbBnVBIL57XCtg8/yaZwA= =O9Nz -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
