Christopher D. Clausen wrote:
Mike Bydalek wrote:
One of the caveats to using the Kerberos logins is that you need a
local account, which contains a local profile.
Uhh, you do NOT need local accounts. You can use an Active Directory
Domain and correctly set a domain trust to the MIT Realm. Such a
trust exists between UIUC.EDU (MIT) -> AD.UIUC.EDU (MS AD) ->
ACM.UIUC.EDU (MIT). These AD accounts also have the user accounts
setup to have @UIUC.EDU principals for each account in order for the
trust to work. I didn't set that part up, so I'm not sure how to do
it, but it is possible.
Perhaps I am not understanding your setup though. To you WANT to use
local accounts? Do you have Active Directory setup already?
No, I don't *want* to use local accounts at all, but I don't want to use
AD either as I do *not* want a Windows Domain.
I guess the best thing to do would be to use Samba to manage all of the
Windows machines as this will give me everything I need (esp. with
security).
Thanks for all the suggestions.
-Mike
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
