Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-02-16 Thread Måns Nilsson
Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date: Sat, Feb 15, 2020 at 07:02:08PM -0500 Quoting Jeffrey Altman (jalt...@secure-endpoints.com): > I believe in your scenario, treating both realms as local is sufficient. Yes. Thanks for confirming my understand

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-02-15 Thread Jeffrey Altman
On 2/15/2020 5:09 PM, Måns Nilsson wrote: >> You only would create a system:authuser@smab4.realm group and then >> create @samb4.realm entries if you were treating the two sets of >> identifies as unique. > > My first impression is that this is something one does only if there is no > other >

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-02-15 Thread Måns Nilsson
Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date: Sat, Feb 15, 2020 at 04:11:46PM -0500 Quoting Jeffrey E Altman (jalt...@auristor.com): > On 2/15/2020 7:55 AM, Måns Nilsson wrote: > > Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-02-15 Thread Jeffrey E Altman
On 2/15/2020 7:55 AM, Måns Nilsson wrote: > Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date: > Mon, Jan 20, 2020 at 04:42:24PM -0500 Quoting Jeffrey E Altman > (jalt...@auristor.com): >> No need for cross-realm.  Create an afs/cell@SAMBA4.REALM se

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-02-15 Thread Måns Nilsson
Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date: Mon, Jan 20, 2020 at 04:42:24PM -0500 Quoting Jeffrey E Altman (jalt...@auristor.com): > No need for cross-realm.  Create an afs/cell@SAMBA4.REALM service principal > with a kvno > that differs from the

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-01-22 Thread Dirk Heinrichs
Am 19.01.20 um 22:53 schrieb Måns Nilsson: This means, that I'd like to cross-realm ("AD Trust", but not entirely) between my Heimdal realm (where I run the AFS cell) and the Heimdalish Kerberos that is part of Samba 4. I went this route a few years ago, in my own home network. However, I

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-01-20 Thread Jeffrey E Altman
No need for cross-realm.  Create an afs/cell@SAMBA4.REALM service principal with a kvno that differs from the afs/cell@HEIMDAL.REALM service principal and add the key to your AFS servers as well as adding both realm names to the AFS servers' krb.conf. On 1/19/2020 4:53 PM, Måns Nilsson wrote:

[OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

2020-01-19 Thread Måns Nilsson
I'm running a very small site (home) with family members accessing computing resources. Now, some users are requesting windows clients, and since I'm not trusting them I decided to make my own life more complicated by running an Active Directory site, but I'm too cheap to buy real Windows Server