On 12/07/2012 3:35 PM, Andrew Deason wrote:
On Thu, 12 Jul 2012 11:16:55 -0400
Qing Chang<[email protected]> wrote:
As recommended, you should create an AFS service principal as
afs/DOMAIN@REALM, eg, afs/sri.utoronto.ca. IPA does not allow a
service principal to be created if there is no corresponding host
principal. Hence, I have to have this: afs/openafs.sri.utoronto.ca,
where openafs.sri.utoronto.ca is the FQDN of the server. OpenAFS seems
to be happy with this,
I forgot to mention... if it wasn't clear, this means that your cell
name will be openafs.sri.utoronto.ca, not sri.utoronto.ca. That's not a
problem if you're okay with that, but it may look a little funny; it's
like having an email address like<[email protected]>. It
also may be a little confusing, since if you ever have more than one
server for the cell, afs/openafs.sri.utoronto.ca will be used by several
servers with different FQDNs, not just openafs.sri.
I haven't used IPA, but I assume you could create a host principal for
sri.utoronto.ca and then just not use it, to get around that
restriction. But that's not required.
thank you very much Andrew, at least I know I am not fighting 2 battles at once.
I was thinking of doing just that but settled on creating a CNAME as openafs for
the host smb1 that is also a test Samba server. I hope this is not causing the
error
message in /usr/afs/logs/FileLog:
Wed Jul 11 15:45:27 2012 afs_krb_get_lrealm failed, using
openafs.sri.utoronto.ca.
I'll do that when this moves to production...
Qing
