[OpenAFS] Re: OpenAFS and AD trusts
Andrew Deason
adeason@sinenomine.net
Fri, 15 Jul 2011 15:17:35 -0500
On Fri, 15 Jul 2011 15:58:12 -0400
"Danko Antolovic" <dantolov@indiana.edu> wrote:
> If I understand the documentation correctly, there needs to be one
> group, named precisely system:authuser@FOREIGN.REALM, which will
> contain all the users from foreign realms:
>[...]
> http://docs.openafs.org/AdminGuide/ch02s03.html
The "FOREIGN.REALM" part of that is in italics on that page, which means
it is not a literal string, but should be replaced. You need to put the
name of the foreign realm in the place of FOREIGN.REALM. There is one
such group for each foreign realm you grant access to, and granting
rights to it grants rights to everyone in that particular foreign realm.
> Also, on a naïve note, how do you create a group with the ownership
> "system"? I am working as an admin, of course, but pts creategroup
> throws up the message "Badly formed name (group prefix doesn't match
> owner?)" regardless of what I do.
pts creategroup system:authuser@whatever -owner system:administrators
--
Andrew Deason
adeason@sinenomine.net