| |||
| |||
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Thursday, January 1, 1970, at 01:45 am, Michael Bartosh said goodbye to the 60's, and wrote:
In a correct configuration, the server knows it offers kerb auth, and the client gets an afpserver/email@hidden service ticket, which the server then doesn't consider valid. I haven't been able to get it to work, though (specifically with AD).So, where am i broken? Does the server's offering kerb depend on correct config of the service principal? I used
ktpass -princ afpserver/email@hidden -mapuser afp -pass password -out krb5.keytab
where afp is a valid user in the Users cn in the domain. (Just for reference, since there's a bug).
To overcome this, i set the home directories on the Xserve to mount via NFS, which seems to work fine - does this have any negative impact?
Security. Performance. Otherwise, no.
Just means i can go back when AFP works and say " now i'll make it faster AND more secure, for a nominal fee" ;-)
So, i now have to import all the users from AD into Open Directory (pretty simple), create their Mac homedirs (createhomedir -a) and keep them synched (some not too painful scripting). I end up with one set of users, one point of authentication, and two sets of homedirs - not necessarily a bad thing at many of my sites, where the goal is to keep the Macs mostly separate.
Why not simply use smb home dirs?
Where, on the W2K servers?
how does this automount on the client?
still guru pestering
matt jenns
| References: | |
| >Re: OS X - AD integration tentative solution? (From: email@hidden) |
| Home | Archives | FAQ | Terms/Conditions | Contact | RSS | Lists | About |
Visit the Apple Store online or at retail locations.
1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2007 Apple Inc. All rights reserved.
