+ All Categories
Home > Documents > New A c tiv e D ir e c to r y a s A F S Õ K D...

New A c tiv e D ir e c to r y a s A F S Õ K D...

Date post: 17-Oct-2020
Category:

Documents
Upload: others
View: 0 times
Download: 0 times
Download Report this document
Share this document with a friend
23
Active Directory as AFS’ KDC Derrick Brashear June 14, 2006
Transcript
Page 1: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Active Directory as AFS’ KDC

Derrick BrashearJune 14, 2006

Page 2: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Step 1: Active Directory

• Become an admin in your Active Directory domain.

• Manage users.

Page 3: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 4: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 5: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 6: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 7: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Make users

• Here, I created myself.

Page 8: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 9: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 10: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

And services

• Now, create AFS.

• You will be remapping to a principal later, so don’t worry about the name you use here.

Page 11: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 12: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 13: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Bind and Export

• Bind a Kerberos principal name

• Export a keytab

• ktpass is in the Support Tools directory on your Windows 2003 media.

Page 14: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 15: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Try It

• Make sure your new realm is in krb5.conf on client(s).

• kinit as a client and see what happens.

Page 16: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 17: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 18: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Add to Keyfile

• Copy the keytab you got with ktpass to the AFS server.

• Use asetkey to add the key.

Page 19: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 20: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Ready to go!

• At this point, tokens you get with aklog are all you need.

Page 21: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.
Page 22: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Consider disabling PACs

• http://support.microsoft.com/kb/832572/en-us

Page 23: New A c tiv e D ir e c to r y a s A F S Õ K D Cworkshop.openafs.org/afsbpw06/talks/shadow-AD.pdf · 2006. 6. 14. · Successfully mapped afs/adtest . dementia.org to afs—adtest.

Active Directory as AFS’ KDC

[email protected]


Recommended
Afs presentation

Afs presentation

Education

AFS report

AFS report

Documents

: AFS 2018/19 2018fP11 , ' AFS 1 06 2019 fP ( Greta ...

: AFS 2018/19 2018fP11 , ' AFS 1 06 2019 fP ( Greta ...

Documents

AFS Federhenn Maschinen GmbH · AFS. Federhenn Maschinen GmbH. ... bead cutting table FM 3004 ... AFS Federhenn Maschinen GmbH ...

AFS Federhenn Maschinen GmbH · AFS. Federhenn Maschinen GmbH. ... bead cutting table FM 3004 ... AFS Federhenn Maschinen GmbH ...

Documents

Presentaton AFS

Presentaton AFS

Documents

AFS OverView

AFS OverView

Documents

afs sohail

afs sohail

Documents

Afs conference report

Afs conference report

Documents

AFS engels

AFS engels

Documents

2020 AFS POLICY PRIORITY ISSUES AFS Policy Priority... · 2020-01-09 · 2020 AFS POLICY PRIORITY ISSUES AFS is your voice in Washington, D.C. AFS works to advance legislation and

2020 AFS POLICY PRIORITY ISSUES AFS Policy Priority... · 2020-01-09 · 2020 AFS POLICY PRIORITY ISSUES AFS is your voice in Washington, D.C. AFS works to advance legislation and

Documents

Afs Final Ppt

Afs Final Ppt

Documents

AFS l AFS la production About… - eu2005.lu

AFS l AFS la production About… - eu2005.lu

Documents

AFS Questions

AFS Questions

Documents

Cosplaycon AFS

Cosplaycon AFS

Documents

AFS Scholarship

AFS Scholarship

Documents

IDfusion An Open-Architecture for Kerberos based Authorizationworkshop.openafs.org/afsbpw06/talks/wettstein-idfusion-slides.pdf · IDfusion An Open-Architecture for Kerberos based

IDfusion An Open-Architecture for Kerberos based Authorizationworkshop.openafs.org/afsbpw06/talks/wettstein-idfusion-slides.pdf · IDfusion An Open-Architecture for Kerberos based

Documents

Afs Project

Afs Project

Documents

AFS PERMANENT SHUTTERING SYSTEM AFS LOGICWALL

AFS PERMANENT SHUTTERING SYSTEM AFS LOGICWALL

Documents