• Home

  • Documents

  • New A c tiv e D ir e c to r y a s A F S Õ K D...
23
Active Directory as AFS’ KDC Derrick Brashear June 14, 2006

New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Active Directory as AFS’ KDC

Derrick BrashearJune 14, 2006

Page 2: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Step 1: Active Directory

• Become an admin in your Active Directory domain.

• Manage users.

Page 3: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 4: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 5: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 6: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 7: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Make users

• Here, I created myself.

Page 8: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 9: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 10: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

And services

• Now, create AFS.

• You will be remapping to a principal later, so don’t worry about the name you use here.

Page 11: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 12: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 13: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Bind and Export

• Bind a Kerberos principal name

• Export a keytab

• ktpass is in the Support Tools directory on your Windows 2003 media.

Page 14: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 15: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Try It

• Make sure your new realm is in krb5.conf on client(s).

• kinit as a client and see what happens.

Page 16: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 17: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 18: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Add to Keyfile

• Copy the keytab you got with ktpass to the AFS server.

• Use asetkey to add the key.

Page 19: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 20: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Ready to go!

• At this point, tokens you get with aklog are all you need.

Page 21: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest
Page 22: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Consider disabling PACs

• http://support.microsoft.com/kb/832572/en-us

Page 23: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest

Active Directory as AFS’ KDC

[email protected]


AFS Application

AFS Application

Documents
jportal derivate 00023628/afs-2002-345 - library.fes.delibrary.fes.de/afs/derivat_pdf/jportal_derivate_00023628/afs-2002... · 346 Forschungsberichte und Rezensionen eine verbreitete

jportal derivate 00023628/afs-2002-345 - library.fes.delibrary.fes.de/afs/derivat_pdf/jportal_derivate_00023628/afs-2002... · 346 Forschungsberichte und Rezensionen eine verbreitete

Documents
Implementing GRID interoperabilityworkshop.openafs.org/afsbpw06/talks/bracco-grid.pdf · G. Bracco, AFS & Kerberos Workshop Ann Arbor, June 12-16 2006 GRID interoperability The concept

Implementing GRID interoperabilityworkshop.openafs.org/afsbpw06/talks/bracco-grid.pdf · G. Bracco, AFS & Kerberos Workshop Ann Arbor, June 12-16 2006 GRID interoperability The concept

Documents
AFS on Windows - 2021 AFS Technologies Workshopworkshop.openafs.org/afsbpw15/talks/thursday/AFS-on... · 2015. 8. 20. · AFS on Windows Jeffrey Altman Your File System Inc. 2015

AFS on Windows - 2021 AFS Technologies Workshopworkshop.openafs.org/afsbpw15/talks/thursday/AFS-on... · 2015. 8. 20. · AFS on Windows Jeffrey Altman Your File System Inc. 2015

Documents
AFS Questions

AFS Questions

Documents
AFS report

AFS report

Documents
AFS AFS ––– Advanc Advanc Advances in Food Scienceses in

AFS AFS ––– Advanc Advanc Advances in Food Scienceses in

Documents
2020 AFS POLICY PRIORITY ISSUES AFS Policy Priority... · 2020-01-09 · 2020 AFS POLICY PRIORITY ISSUES AFS is your voice in Washington, D.C. AFS works to advance legislation and

2020 AFS POLICY PRIORITY ISSUES AFS Policy Priority... · 2020-01-09 · 2020 AFS POLICY PRIORITY ISSUES AFS is your voice in Washington, D.C. AFS works to advance legislation and

Documents
AFS Newsletter

AFS Newsletter

Documents
AFS l AFS la production About… - eu2005.lu

AFS l AFS la production About… - eu2005.lu

Documents
: AFS 2018/19 2018fP11 , ' AFS 1 06 2019 fP ( Greta

: AFS 2018/19 2018fP11 , ' AFS 1 06 2019 fP ( Greta

Documents
AFS introduction

AFS introduction

Technology
afs sohail

afs sohail

Documents
Presentaton AFS

Presentaton AFS

Documents
Open Source Software and its Role in Space Explorationworkshop.openafs.org/afsbpw06/talks/keynote_djbyrne.pdf · Open Source Software and its Role in Space Exploration AFS/Kerberos

Open Source Software and its Role in Space Explorationworkshop.openafs.org/afsbpw06/talks/keynote_djbyrne.pdf · Open Source Software and its Role in Space Exploration AFS/Kerberos

Documents
Afs annual

Afs annual

Documents
jportal derivate 00021433/afs-2006-rz-05 - library.fes.delibrary.fes.de/afs/derivat_pdf/jportal_derivate_00021433/afs-2006... · Seegers, Inszenierte Einigkeit. Herrschaftsrepräsentationen

jportal derivate 00021433/afs-2006-rz-05 - library.fes.delibrary.fes.de/afs/derivat_pdf/jportal_derivate_00021433/afs-2006... · Seegers, Inszenierte Einigkeit. Herrschaftsrepräsentationen

Documents
Negara AFS

Negara AFS

Documents
AFS Presentation125

AFS Presentation125

Documents
AFS 30.10.2016

AFS 30.10.2016

Education
AFS Pro700 Brochure AFS-8018-10

AFS Pro700 Brochure AFS-8018-10

Documents
Afs Project

Afs Project

Documents
AFS Scholarship

AFS Scholarship

Documents
Illustration AFS

Illustration AFS

Documents
SALAMAT AFS

SALAMAT AFS

Documents
AFS Federhenn Maschinen GmbH · AFS. Federhenn Maschinen GmbH. ... bead cutting table FM 3004 ... AFS Federhenn Maschinen GmbH

AFS Federhenn Maschinen GmbH · AFS. Federhenn Maschinen GmbH. ... bead cutting table FM 3004 ... AFS Federhenn Maschinen GmbH

Documents
Basic Frame - nic-inc.co.jp · 20 30 30 45 20 40 40 45 Basic Frame ベーシックフレーム AFS-1020-4 P52 AFS-1040-4 P52 AFS-1060-4 P52 AFS-2020-4 P53 AFS-2040-4 P53 AFS-2060-4

Basic Frame - nic-inc.co.jp · 20 30 30 45 20 40 40 45 Basic Frame ベーシックフレーム AFS-1020-4 P52 AFS-1040-4 P52 AFS-1060-4 P52 AFS-2020-4 P53 AFS-2040-4 P53 AFS-2060-4

Documents
AFS 2005_2

AFS 2005_2

Documents
Afs Sustav

Afs Sustav

Documents
Presentacion afs

Presentacion afs

Education