[OpenAFS] Re: OpenAFS and AD trusts
Andrew Deason
adeason@sinenomine.net
Thu, 15 Sep 2011 12:11:31 -0500
On Thu, 15 Sep 2011 13:04:39 -0400
Danko Antolovic <dantolov@indiana.edu> wrote:
> Well yes, the group system:authuser@iu.edu does exist:
>
> [root@afs1c afs]# pts listentries -groups -noauth
> Name ID Owner Creator
> system:administrators -204 -204 -204
> system:backup -205 -204 -204
> system:anyuser -101 -204 -204
> system:authuser -102 -204 -204
> system:ptsviewers -203 -204 -204
> system:authuser@iu.edu -207 -204 2
Is the ptserver not afs1.bedrock.iu.edu ? That group does not exist for
me:
$ pts listent -gr -cell afs1.bedrock.iu.edu -noauth
Name ID Owner Creator
system:administrators -204 -204 -204
system:backup -205 -204 -204
system:anyuser -101 -204 -204
system:authuser -102 -204 -204
system:ptsviewers -203 -204 -204
> Also, system:authuser@iu.edu was created by 2, which is me as admin,
> so it was there before my aklog as foreign user. Is the foreign-realm
> group something that needs to be set in advance, or is that part of
> the automatic registration thing?
The group needs to be created in advance, but the foreign user does not.
--
Andrew Deason
adeason@sinenomine.net