What you want to do is configure AFS to use Active Directory as the Kerberos 5 server for authentication. There was a talk on this very subject at the AFS & Kerberos Best Practice Workshop given by Derrick Brashear (Thursday at 13:30 second talk)
http://www.pmw.org/afsbpw06/workshop.html#16 AFSIDs will be automatically issued the first time the Windows client obtains an AFS token for the user if they have not already been created manually. If you want to have the user's home directories in AFS, you will have to do so manually. I'm not aware of anyone who has written any scripts/tools for Active Directory to create AFS volumes in response to AD account creation. Jeffrey Altman Sean Kennedy wrote: > List, > > First up, forgive me if this is an obvious question; I'm still wrapping > my head around how afs works. > > What I'd like to do is have openafs auth against my AD domain, going so > far as to dynamically create afs accounts based off of AD accounts. Is > this possible? > So in my ideal setup, I wouldn't have to pre-create a user for afs if > they already exist in my AD tree. Instead, on first log in, the account > is automatically created. Further, the username/password info would be > taken directly from the AD tree. This way, when a password changes, it > doesn't need to be changed in the afs tree as well. > > I could get by with having to hand create the accounts in afs if I could > get auth working against AD. > Thanks in advance for your help! > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info
smime.p7s
Description: S/MIME Cryptographic Signature
