Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date:
Sat, Feb 15, 2020 at 07:02:08PM -0500 Quoting Jeffrey Altman
(jalt...@secure-endpoints.com):
> I believe in your scenario, treating both realms as local is sufficient.
Yes. Thanks for confirming my understand
On 2/15/2020 5:09 PM, Måns Nilsson wrote:
>> You only would create a system:authuser@smab4.realm group and then
>> create @samb4.realm entries if you were treating the two sets of
>> identifies as unique.
>
> My first impression is that this is something one does only if there is no
> other
>
Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date:
Sat, Feb 15, 2020 at 04:11:46PM -0500 Quoting Jeffrey E Altman
(jalt...@auristor.com):
> On 2/15/2020 7:55 AM, Måns Nilsson wrote:
> > Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?
On 2/15/2020 7:55 AM, Måns Nilsson wrote:
> Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date:
> Mon, Jan 20, 2020 at 04:42:24PM -0500 Quoting Jeffrey E Altman
> (jalt...@auristor.com):
>> No need for cross-realm. Create an afs/cell@SAMBA4.REALM se
Subject: Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD? Date:
Mon, Jan 20, 2020 at 04:42:24PM -0500 Quoting Jeffrey E Altman
(jalt...@auristor.com):
> No need for cross-realm. Create an afs/cell@SAMBA4.REALM service principal
> with a kvno
> that differs from the
Am 19.01.20 um 22:53 schrieb Måns Nilsson:
This means, that I'd like to cross-realm ("AD Trust", but not
entirely) between my Heimdal realm (where I run the AFS cell) and the
Heimdalish Kerberos that is part of Samba 4.
I went this route a few years ago, in my own home network. However, I
No need for cross-realm. Create an afs/cell@SAMBA4.REALM service
principal with a kvno
that differs from the afs/cell@HEIMDAL.REALM service principal and add
the key to your
AFS servers as well as adding both realm names to the AFS servers' krb.conf.
On 1/19/2020 4:53 PM, Måns Nilsson wrote:
I'm running a very small site (home) with family members accessing
computing resources. Now, some users are requesting windows clients,
and since I'm not trusting them I decided to make my own life more
complicated by running an Active Directory site, but I'm too cheap to
buy real Windows Server