Josh Fiske <[email protected]> wrote:
I've been doing alot of research recently... We have an old (circa
2003) AFS cell and are looking at replacing those aging servers. For
our new implementation, I hope to (read as: "have received an edict
that we must...") be able to use Active Directory as the
authentication source. Initially, I began the new server
installation following the Quick Start guide[1], but it still uses
kaserver (krb4)...so that was right out.
Can anyone point me towards some detailed documentation on the
subject? If no documentation exists, might someone be able to help
step me through the process? If the latter, I would be happy to
create detailed (step-by-step) documentation of the setup to share
with the community (perhaps as an update to the Quick Start
guide[1]).
Please ask questions in the #openafs IRC channel on freenode.
Basically, you use ktpass.exe to create an afs/[email protected] (after
marking the user account DES only within AD) service principal for use
by AFS and then import this keytab into the AFS KeyFile using asetkey.
Note that this only uses AD for authentication. You still need to add
users to PTS for authorization to AFS.
You can try and look at:
https://w3.physics.uiuc.edu/physwiki/doku.php?id=pcs:unix:afs
Note that I did not write that, but I do use AD.UIUC.EDU for several AFS
cells. I also would not have used ktutil when asetkey works just fine.
<<CDC
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
