[OpenAFS] Re: OpenAFS and AD trusts
Andrew Deason
adeason@sinenomine.net
Mon, 10 Oct 2011 12:37:26 -0500
On Fri, 16 Sep 2011 15:13:02 -0500
Andrew Deason <adeason@sinenomine.net> wrote:
> But your cell looks like:
>
> $ pts examine system:authuser -cell afs1.bedrock.iu.edu -noauth
> Name: system:authuser, id: -102, owner: system:administrators, creator: system:administrators,
> membership: 0, flags: S-M--, group quota: 0.
> $ pts examine system:authuser@ads.iu.edu -cell afs1.bedrock.iu.edu -noauth
> Name: system:authuser, id: -102, owner: system:administrators, creator: system:administrators,
> membership: 0, flags: S-M--, group quota: 0.
>
> Note that both groups appear to be pointing at the same id, even
> though 'listent -groups' lists a different one, suggesting that the
> ptdb is corrupt, probably due to a name hash chain pointing at the
> wrong thing.
For some followup on this, this wasn't because the db was corrupt, but
because ads.iu.edu was in krb.conf when these were run, causing the
@ads.iu.edu to be stripped somewhere in this process.
There is some behavior here that is at best confusing that should be
fixed, but there wasn't any bug screwing up the entries or anything.
--
Andrew Deason
adeason@sinenomine.net