On a related note, if anyone has a document on setting up 2008 AD to pass through all authentication requests to MIT krb5 that would be extremely welcome here.
There are docs at mircosoft on doing this with win2k or something, and i've been told that other sites (umich) do this, but we're not windows experts and our efforts up to now have failed. thanks danno On Oct 26, 2010, at 6:48 AM, Lars Schimmer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > Due to some problems while migrating from 2003 to 2008 I need to redo my > complete AD. > Biggest problem beside the work to setup all users is: > creating new afs credential and set it up in the OpenAFS Fileservers. > > Is there any guide/step-by-step available now? > I once did it and did not documented it well :-( > > So far I know: > 1. create user afs in AD, user cannot change pass, passwd never expires > 2. setspn afs afs/cgv.tugraz.at > 3. ktpass -out NAME.out.txt -princ [email protected] \ > -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST > 4. on fileservers: asetkey add 3 NAME.out.txt afs/cgv.tugraz.at > 5. restart fileservers. > But as ktpass does not set the kvno in AD, how do I get the kvno? > > And do I miss a point? > > > MfG, > Lars Schimmer > - -- > - ------------------------------------------------------------- > TU Graz, Institut für ComputerGraphik & WissensVisualisierung > Tel: +43 316 873-5405 E-Mail: [email protected] > Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkzGsgEACgkQmWhuE0qbFyN8ZACfZs152v1XWXlTT0OCaAjnC6Fl > FEUAn1AyscOcjpT/7GlS9uAeQyM22Fw+ > =9at0 > -----END PGP SIGNATURE----- > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
