Hi, Our school currently uses a Samba3+OpenLDAP+Heimdal combo to hold the authentication+account databases. OpenAFS works problem-less with this setup (once I allowed weak crypto in Heimdal). Sooner or later we will need to upgrade to Samba4 (which uses an Active Directory like database (and Heimdal internally)). To test the effect of the upgrade on OpenAFS I've configured a Windows 2008R2 based Active Directory and a Debian (Squeeze) box (going to act as the OpenAFS pt- vl- and dafs- server for the testcell) I've followed http://workshop.openafs.org/afsbpw06/talks/shadow-AD.pdf in creating the KeyFile. Everything went file until I've tried to obtain afs tokens (I have successfully got krb5 tickets for krbtgt but not for afs) with both aklog and afslog (from Heimdal), they gives:
aklog: Couldn't get kzs.ad AFS tickets: aklog: unknown RPC error (-1765328370) while getting AFS tickets and afslog: krb5_afslog(<default cell>): KDC has no support for encryption type I've tried to make the Windows2008R2 KDC accept the requested enctype with KdcUseRequestedEtypesForTickets as described in: http://support.microsoft.com/default.aspx?scid=kb;en-us;833708 but the enctype problem remains. :-( Thank you! Geza _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
