fantastic - It works !! I'ts like administering a windows-workstation - If you have a problem, wait some couple of time and if you are lucky it went away by itself ;-) ... and if not - do a new install - but thats a other story ;-)
Thnaks for the explanation - seems clear to me. I read about 400 Pages AFS-Dokumentation today - there was nothing told about that issue. Afs is really cool - but for a noob not the easiest to understand - particularly cause most of the dokumentation is in english - and my english issn't the best as you can probably read ;-) Thanks for the very,very fast response !! maybe wrong place here, but I need to setup a afs->Samba gateway as our workstations are all running windows and we have a samba server in our districts. is it a goot way I'm going or would you prefer something like "kstart" or so for the samba acess to afs !? we have a ADS where all our users are authenticating against from their windows side - and I dont wanne to create a pts-entry for every user we have. I would do the ACL over samba - so I think I can use that IP-Based ACL - or not? Any better suggestions or links to a "easy" How-To - maybe in German ;-))) ? Todd M. Lewis wrote: > > > It can take a couple of hours for file servers to become aware of IP group > members. The process is fundamentally different for authenticated users > vs. unauthenticated hosts, but think about it this way: if the file > servers were to check every access for changes in IP group memberships in > every directory, they would basically melt down your network and > performance would fall through the floor. Instead, they slowly over time > pick up those changes in what is generally an slow moving target set of > data, and after a couple of hours they have a pretty complete picture of > what IP entities are in which groups. > > Or think about it another way. When you become a member of a new group, > you (may) have to re-authenticate for the change to take effect for ACLs > in a given directory. Your group memberships are refreshed when you > authenticate. Hosts don't authenticate, so there's no event to trigger > refreshing their group memberships. So the file servers pick that up over > time. > > Or maybe I'm blowing smoke, but that's what I was told once. > -- > +--------------------------------------------------------------+ > / [EMAIL PROTECTED] 919-445-9302 http://www.unc.edu/~utoddl / > / Atheism is a non-prophet organization. / > +--------------------------------------------------------------+ > -- > +--------------------------------------------------------------+ > / [EMAIL PROTECTED] 919-445-9302 http://www.unc.edu/~utoddl / > / He who laughs last thinks slowest. / > +--------------------------------------------------------------+ > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > > -- View this message in context: http://www.nabble.com/Problem-with-IP-Based-ACLs-tf3684854.html#a10305210 Sent from the OpenAFS - General mailing list archive at Nabble.com. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
