[OpenAFS] access error with windows client

David Bear David.Bear@asu.edu
Thu, 18 Sep 2003 16:35:49 -0700

I've seen this on 3 separate occasions.  A user will log into windows,
log into afs, (get tokens) then attempt to access the drive letter the
afs maps and get an access denial.  This happens even when ACL's are
set properly.  In all cases the base os has been windows 2000 and
various patch levels, ie the patch de jour from microsoft (critical

When we attempt to analyze this we confirm:
1) acls are good -- user has rwldik on the directory
2) using tokens command the cache manager does indeed have tokens
3) we can browse parts of our afs tree that have 'rl' permission to
4) dropping tokens and getting them back via unlog and klog have NO
affect .. the windows explorer is still denied access

I've seen this behavior on openafs 1.2.10 and 1.2.8 (i think).  When I
saw it with 1.2.8 and uninstalled afs and reinstalled 1.2.10.  which
'fixed' that machine.  But now I don't think its version specific.

sadly, don't have any other log files.   any recommendations?  anyone
else seen this?

David Bear
phone: 	480-965-8257
fax: 	480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
 "Beware the IP portfolio, everyone will be suspect of trespassing"