[OpenAFS] Re: OpenAFS and AD trusts
Andrew Deason
adeason@sinenomine.net
Tue, 19 Jul 2011 14:24:04 -0500
On Tue, 19 Jul 2011 14:56:01 -0400
"Danko Antolovic" <dantolov@indiana.edu> wrote:
> You are correct, there is no dantolov@RESOURCE.NET; there is
> dantolov@IU.EDU, and there is also a local user dantolov with AFS ID
> 2. I did not see dantolov@iu.edu as a member of
> system:authuser@iu.edu at any time. Are you saying that the presence
> of the local user is the problem?
No, but it's probably making this more confusing.
> [root@afs1c afs]# aklog -d -c afs1.bedrock.iu.edu
> Authenticating to cell afs1.bedrock.iu.edu (server afs1.bedrock.iu.edu).
> Trying to authenticate to user's realm IU.EDU.
> Getting tickets: afs/afs1.bedrock.iu.edu@IU.EDU
I thought your afs service principal was
afs/afs1.bedrock.iu.edu@RESOURCE.NET ? This is making aklog think you
are not a foreign user, and so it's not trying the automatic
registration thing.
--
Andrew Deason
adeason@sinenomine.net