[OpenAFS] New setup. Strange permission denied! For *some* of my users. :(

Michael Joyner ᏩᏯ mjoyner@vbservices.net
Sat, 09 May 2009 11:29:03 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA8A98DEBFFAEB08044203202
Content-Type: multipart/alternative;
 boundary="------------020804090700080909050707"

This is a multi-part message in MIME format.
--------------020804090700080909050707
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Derrick Brashear wrote:
> 2009/5/8 Michael Joyner =E1=8F=A9=E1=8F=AF <mjoyner@vbservices.net>:
>  =20
>> New setup. Strange permission denied! For *some* of my users. :(
>>
>> New afs server at afs01 in a brand new cell. Ubuntu 9.04 X64. Used the=
 new
>> cell scripts, etc.
>> Likewise installed.
>> pts added selected users based on likewise UIDs
>> created user volumes
>> created and fs setcacl user volumes
>> user #1 can login to client station, do a kinit, aklog and access file=
s.
>> user #2 can login to client station, do a kinit, aklog and can NOT acc=
ess
>> files. :(
>> (User #2 tried even as a loop backed client on the server!)
>> tokens command reports back correct UID for user.
>> klist output looks correct.
>> groups shows user gets a PAG.
>> user #2 is treated as a guest?
>> I verified fs listacl settings.
>> I verified ptx examine settings.
>> I made sure UIDs matched up between Likewise, filesystem, pts and fs
>> listacl.
>> My kerb5 servers are W2K8.
>> What do I need to do to try and locate the issue?
>>    =20
>
> what format are the usernames? dots? slashes? other special characters?=

> also, same client station for both?
>
>
>
>  =20
Yes, there are dots. no slashes or other special characters.

--=20
LyX: http://www.lyx.org/ OpenOffice: http://www.openoffice.org/
Inkscape: http://www.inkscape.org/ Scribus: http://www.scribus.net/
GIMP: http://www.gimp.org/ PDF: http://www.pdfforge.org/


--------------020804090700080909050707
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content=3D"text/html;charset=3DUTF-8" http-equiv=3D"Content-Type"=
>
</head>
<body bgcolor=3D"#ffffff" text=3D"#000000">
Derrick Brashear wrote:
<blockquote
 cite=3D"mid:db6e3f110905090758y6d135e8cofef97e35a1205d52@mail.gmail.com"=

 type=3D"cite">
  <pre wrap=3D"">2009/5/8 Michael Joyner =E1=8F=A9=E1=8F=AF <a class=3D"m=
oz-txt-link-rfc2396E" href=3D"mailto:mjoyner@vbservices.net">&lt;mjoyner@=
vbservices.net&gt;</a>:
  </pre>
  <blockquote type=3D"cite">
    <pre wrap=3D"">New setup. Strange permission denied! For *some* of my=
 users. :(

New afs server at afs01 in a brand new cell. Ubuntu 9.04 X64. Used the ne=
w
cell scripts, etc.
Likewise installed.
pts added selected users based on likewise UIDs
created user volumes
created and fs setcacl user volumes
user #1 can login to client station, do a kinit, aklog and access files.
user #2 can login to client station, do a kinit, aklog and can NOT access=

files. :(
(User #2 tried even as a loop backed client on the server!)
tokens command reports back correct UID for user.
klist output looks correct.
groups shows user gets a PAG.
user #2 is treated as a guest?
I verified fs listacl settings.
I verified ptx examine settings.
I made sure UIDs matched up between Likewise, filesystem, pts and fs
listacl.
My kerb5 servers are W2K8.
What do I need to do to try and locate the issue?
    </pre>
  </blockquote>
  <pre wrap=3D""><!---->
what format are the usernames? dots? slashes? other special characters?
also, same client station for both?



  </pre>
</blockquote>
<font face=3D"Aboriginal Sans">Yes, there are dots. no slashes or other
special characters.</font><br>
<br>
<pre class=3D"moz-signature" cols=3D"72">--=20
LyX: <a class=3D"moz-txt-link-freetext" href=3D"http://www.lyx.org/">http=
://www.lyx.org/</a> OpenOffice: <a class=3D"moz-txt-link-freetext" href=3D=
"http://www.openoffice.org/">http://www.openoffice.org/</a>
Inkscape: <a class=3D"moz-txt-link-freetext" href=3D"http://www.inkscape.=
org/">http://www.inkscape.org/</a> Scribus: <a class=3D"moz-txt-link-free=
text" href=3D"http://www.scribus.net/">http://www.scribus.net/</a>
GIMP: <a class=3D"moz-txt-link-freetext" href=3D"http://www.gimp.org/">ht=
tp://www.gimp.org/</a> PDF: <a class=3D"moz-txt-link-freetext" href=3D"ht=
tp://www.pdfforge.org/">http://www.pdfforge.org/</a>
</pre>
</body>
</html>

--------------020804090700080909050707--

--------------enigA8A98DEBFFAEB08044203202
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoFoT8ACgkQtX52dpJWQ8cBQQCePB1kzm2y1Wr2izCRunFHgl1d
jqAAn2I5STyAzTm1HmbgTcSsGPoMG3t7
=wnPv
-----END PGP SIGNATURE-----

--------------enigA8A98DEBFFAEB08044203202--