[OpenAFS] Re: OpenAFS and AD trusts

Danko Antolovic dantolov@indiana.edu
Wed, 21 Sep 2011 14:55:27 -0400 

Another facet of the foreign-realm groups: when creating a foreign-realm 
group, I had to give it an explicit owner.  The command  "pts 
creategroup" reports the id -206 for the newly created group, and so 
does  "pts  listentries"; command  "pts  examine"  shows the id -102, 
and the name of the existing group system:authuser.

I had completely removed the existing prdb.DB0, and was in the process 
of rebuilding it, when I noticed this anomaly. Does this mean that the 
foreign-realm group is screwed up, as before, or is there something 
wrong with "pts  examine" ?

Below are the instructions, in the sequence in which I issued them.

Danko


[root@afs1c afs]# pts creategroup  system:authuser@ads.iu.edu
pts: Badly formed name (group prefix doesn't match owner?) ; unable to 
create group system:authuser@ads.iu.edu

[root@afs1c afs]# pts creategroup -name  system:authuser@ADS.IU.EDU  
-owner  system:administrators
group system:authuser@ads.iu.edu has id -206

[root@afs1c afs]# pts  examine system:authuser
Name: system:authuser, id: -102, owner: system:administrators, creator: 
system:administrators,
  membership: 0, flags: S-M--, group quota: 0.

[root@afs1c afs]# pts  examine system:authuser@ads.iu.edu
Name: system:authuser, id: -102, owner: system:administrators, creator: 
system:administrators,
  membership: 0, flags: S-M--, group quota: 0.

[root@afs1c afs]# pts  listentries -groups
Name                          ID  Owner Creator
system:administrators       -204   -204    -204
system:backup               -205   -204    -204
system:anyuser              -101   -204    -204
system:authuser             -102   -204    -204
system:ptsviewers           -203   -204    -204
system:authuser@ads.iu.edu   -206   -204       2





Andrew Deason wrote:
> On Sun, 18 Sep 2011 13:30:02 -0400
> Danko Antolovic <dantolov@indiana.edu> wrote:
>
>   
>> [root@afs1c db]# prdb_check -verbose -database prdb.DB0.copy -uheader
>> Ubik Header
>>    Magic           = 0x354545
>>    Size            = 0
>>    Version.epoch   = 1316114301
>>    Version.counter = 2
>> Ubik header size is 0 (should be 64)
>> Database has 14 entries
>>
>> What do you suggest?
>>     
>
> Hmm, that's all it outputs? Don't worry about the 'size' thing; that
> check is just broken (should be fixed in gerrit 5466).
>
> If you just want it to be up and running, it's probably easiest to just
> delete the existing ptdb and start over from scratch (that is, with the
> ptdb, not with everything). Since the database is rather small, that
> shouldn't be too much of a problem.
>
> We'd also like to look at fixing whatever's wrong with the database
> though, so if you could at least save a copy of it as it exists now so
> we could take a look at it, that'd be great.
>
>