On 10/26/2010 6:48 AM, Lars Schimmer wrote: > Hi! > > Due to some problems while migrating from 2003 to 2008 I need to redo my > complete AD. > Biggest problem beside the work to setup all users is: > creating new afs credential and set it up in the OpenAFS Fileservers. > > Is there any guide/step-by-step available now? > I once did it and did not documented it well :-(
Unless someone like yourself wrote one and placed it in the wiki or updated the admin guide, the answer would be 'no'. > > So far I know: 0. Enable support for single DES in AD > 1. create user afs in AD, user cannot change pass, passwd never expires > 2. setspn afs afs/cgv.tugraz.at > 3. ktpass -out NAME.out.txt -princ [email protected] \ > -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST Use MIT kvno tool to request a service ticket for afs/[email protected]. That will report the kvno. Or you can examine the user account object in AD. > 4. on fileservers: asetkey add 3 NAME.out.txt afs/cgv.tugraz.at replace "add 3" with "add <kvno>" > 5. restart fileservers. restart not required. touch the server CellServDB file. > But as ktpass does not set the kvno in AD, how do I get the kvno? > > And do I miss a point? > > > MfG, > Lars Schimmer _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
signature.asc
Description: OpenPGP digital signature
