[OpenAFS] access error with windows client

Dan Pritts danno@internet2.edu
Thu, 16 Oct 2003 12:42:29 -0400


Hi, 

to follow up on the similar problems that I have had -

As you may recall, the basic problem was that if i got a kerberos
ticket, and did an "aklog", my tokens showed up in "tokens" output
but i was not able to write to AFS space.

i finally uninstalled AFS, kerberos, and wake, and deleted all the
related registry entries i could find, and reinstalled.  This seems to
have fixed things.

I didn't document my exact steps but i will go back and re-do my
work from our base image and document it, and post here & make
a note in the wiki.

regards
danno

On Thu, Sep 18, 2003 at 04:35:49PM -0700, David Bear wrote:
> I've seen this on 3 separate occasions.  A user will log into windows,
> log into afs, (get tokens) then attempt to access the drive letter the
> afs maps and get an access denial.  This happens even when ACL's are
> set properly.  In all cases the base os has been windows 2000 and
> various patch levels, ie the patch de jour from microsoft (critical
> updates)
> 
> When we attempt to analyze this we confirm:
> 1) acls are good -- user has rwldik on the directory
> 2) using tokens command the cache manager does indeed have tokens
> 3) we can browse parts of our afs tree that have 'rl' permission to
> system:anyuser.  
> 4) dropping tokens and getting them back via unlog and klog have NO
> affect .. the windows explorer is still denied access
> 
> I've seen this behavior on openafs 1.2.10 and 1.2.8 (i think).  When I
> saw it with 1.2.8 and uninstalled afs and reinstalled 1.2.10.  which
> 'fixed' that machine.  But now I don't think its version specific.
> 
> sadly, don't have any other log files.   any recommendations?  anyone
> else seen this?
> 
> -- 
> David Bear
> phone: 	480-965-8257
> fax: 	480-965-9189
> College of Public Programs/ASU
> Wilson Hall 232
> Tempe, AZ 85287-0803
>  "Beware the IP portfolio, everyone will be suspect of trespassing"
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


danno
--
dan pritts                                       danno@internet2.edu
systems administrator                            734/352-4953 office
internet2                                        734/834-7224 mobile