On 26.10.2010 14:51, Jeffrey Altman wrote: > On 10/26/2010 6:48 AM, Lars Schimmer wrote: >> Hi! >> >> Due to some problems while migrating from 2003 to 2008 I need to redo my >> complete AD. >> Biggest problem beside the work to setup all users is: >> creating new afs credential and set it up in the OpenAFS Fileservers. >> >> Is there any guide/step-by-step available now? >> I once did it and did not documented it well :-( > > Unless someone like yourself wrote one and placed it in the wiki or > updated the admin guide, the answer would be 'no'.
Looks like we are one out of 10 running this setup worldwide. I try to document my steps well and put it up later on. >> So far I know: > > 0. Enable support for single DES in AD > >> 1. create user afs in AD, user cannot change pass, passwd never expires >> 2. setspn afs afs/cgv.tugraz.at >> 3. ktpass -out NAME.out.txt -princ a...@cgv.tugraz.at \ >> -crypto DES-CBC-CRC +rndPass -DesOnly /ptype KRB5_NT_SRV_HST > > Use MIT kvno tool to request a service ticket for > afs/cgv.tugraz...@cgv.tugraz.at. That will report the kvno. > Or you can examine the user account object in AD. > >> 4. on fileservers: asetkey add 3 NAME.out.txt afs/cgv.tugraz.at > > replace "add 3" with "add <kvno>" > >> 5. restart fileservers. > > restart not required. touch the server CellServDB file. > Thank you. Those were the information I needed. Will try and report back. MfG, Lars Schimmer -- ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: l.schim...@cgv.tugraz.at Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info