[OpenAFS] New setup. Strange permission denied! For *some* of
my users. :(
Michael Joyner ᏩᏯ
mjoyner@vbservices.net
Sat, 09 May 2009 11:29:03 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA8A98DEBFFAEB08044203202
Content-Type: multipart/alternative;
boundary="------------020804090700080909050707"
This is a multi-part message in MIME format.
--------------020804090700080909050707
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Derrick Brashear wrote:
> 2009/5/8 Michael Joyner =E1=8F=A9=E1=8F=AF <mjoyner@vbservices.net>:
> =20
>> New setup. Strange permission denied! For *some* of my users. :(
>>
>> New afs server at afs01 in a brand new cell. Ubuntu 9.04 X64. Used the=
new
>> cell scripts, etc.
>> Likewise installed.
>> pts added selected users based on likewise UIDs
>> created user volumes
>> created and fs setcacl user volumes
>> user #1 can login to client station, do a kinit, aklog and access file=
s.
>> user #2 can login to client station, do a kinit, aklog and can NOT acc=
ess
>> files. :(
>> (User #2 tried even as a loop backed client on the server!)
>> tokens command reports back correct UID for user.
>> klist output looks correct.
>> groups shows user gets a PAG.
>> user #2 is treated as a guest?
>> I verified fs listacl settings.
>> I verified ptx examine settings.
>> I made sure UIDs matched up between Likewise, filesystem, pts and fs
>> listacl.
>> My kerb5 servers are W2K8.
>> What do I need to do to try and locate the issue?
>> =20
>
> what format are the usernames? dots? slashes? other special characters?=
> also, same client station for both?
>
>
>
> =20
Yes, there are dots. no slashes or other special characters.
--=20
LyX: http://www.lyx.org/ OpenOffice: http://www.openoffice.org/
Inkscape: http://www.inkscape.org/ Scribus: http://www.scribus.net/
GIMP: http://www.gimp.org/ PDF: http://www.pdfforge.org/
--------------020804090700080909050707
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content=3D"text/html;charset=3DUTF-8" http-equiv=3D"Content-Type"=
>
</head>
<body bgcolor=3D"#ffffff" text=3D"#000000">
Derrick Brashear wrote:
<blockquote
cite=3D"mid:db6e3f110905090758y6d135e8cofef97e35a1205d52@mail.gmail.com"=
type=3D"cite">
<pre wrap=3D"">2009/5/8 Michael Joyner =E1=8F=A9=E1=8F=AF <a class=3D"m=
oz-txt-link-rfc2396E" href=3D"mailto:mjoyner@vbservices.net"><mjoyner@=
vbservices.net></a>:
</pre>
<blockquote type=3D"cite">
<pre wrap=3D"">New setup. Strange permission denied! For *some* of my=
users. :(
New afs server at afs01 in a brand new cell. Ubuntu 9.04 X64. Used the ne=
w
cell scripts, etc.
Likewise installed.
pts added selected users based on likewise UIDs
created user volumes
created and fs setcacl user volumes
user #1 can login to client station, do a kinit, aklog and access files.
user #2 can login to client station, do a kinit, aklog and can NOT access=
files. :(
(User #2 tried even as a loop backed client on the server!)
tokens command reports back correct UID for user.
klist output looks correct.
groups shows user gets a PAG.
user #2 is treated as a guest?
I verified fs listacl settings.
I verified ptx examine settings.
I made sure UIDs matched up between Likewise, filesystem, pts and fs
listacl.
My kerb5 servers are W2K8.
What do I need to do to try and locate the issue?
</pre>
</blockquote>
<pre wrap=3D""><!---->
what format are the usernames? dots? slashes? other special characters?
also, same client station for both?
</pre>
</blockquote>
<font face=3D"Aboriginal Sans">Yes, there are dots. no slashes or other
special characters.</font><br>
<br>
<pre class=3D"moz-signature" cols=3D"72">--=20
LyX: <a class=3D"moz-txt-link-freetext" href=3D"http://www.lyx.org/">http=
://www.lyx.org/</a> OpenOffice: <a class=3D"moz-txt-link-freetext" href=3D=
"http://www.openoffice.org/">http://www.openoffice.org/</a>
Inkscape: <a class=3D"moz-txt-link-freetext" href=3D"http://www.inkscape.=
org/">http://www.inkscape.org/</a> Scribus: <a class=3D"moz-txt-link-free=
text" href=3D"http://www.scribus.net/">http://www.scribus.net/</a>
GIMP: <a class=3D"moz-txt-link-freetext" href=3D"http://www.gimp.org/">ht=
tp://www.gimp.org/</a> PDF: <a class=3D"moz-txt-link-freetext" href=3D"ht=
tp://www.pdfforge.org/">http://www.pdfforge.org/</a>
</pre>
</body>
</html>
--------------020804090700080909050707--
--------------enigA8A98DEBFFAEB08044203202
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoFoT8ACgkQtX52dpJWQ8cBQQCePB1kzm2y1Wr2izCRunFHgl1d
jqAAn2I5STyAzTm1HmbgTcSsGPoMG3t7
=wnPv
-----END PGP SIGNATURE-----
--------------enigA8A98DEBFFAEB08044203202--