[OpenAFS] access error with windows client

Dan Pritts danno@internet2.edu
Tue, 23 Sep 2003 17:21:24 -0400

i consistently have a similar problem with our windows XP professional
load on IBM thinkpads.  I haven't figured out what is wrong yet but 
I'm glad to hear someone else is seeing it :)

specifically, if i get tokens directly with the openafs client, things
work fine, but if i get a krb5 ticket first and "aklog", things do NOT work, 
even though the tokens command reports a token.


On Thu, Sep 18, 2003 at 04:35:49PM -0700, David Bear wrote:
> I've seen this on 3 separate occasions.  A user will log into windows,
> log into afs, (get tokens) then attempt to access the drive letter the
> afs maps and get an access denial.  This happens even when ACL's are
> set properly.  In all cases the base os has been windows 2000 and
> various patch levels, ie the patch de jour from microsoft (critical
> updates)
> When we attempt to analyze this we confirm:
> 1) acls are good -- user has rwldik on the directory
> 2) using tokens command the cache manager does indeed have tokens
> 3) we can browse parts of our afs tree that have 'rl' permission to
> system:anyuser.  
> 4) dropping tokens and getting them back via unlog and klog have NO
> affect .. the windows explorer is still denied access
> I've seen this behavior on openafs 1.2.10 and 1.2.8 (i think).  When I
> saw it with 1.2.8 and uninstalled afs and reinstalled 1.2.10.  which
> 'fixed' that machine.  But now I don't think its version specific.
> sadly, don't have any other log files.   any recommendations?  anyone
> else seen this?
> -- 
> David Bear
> phone: 	480-965-8257
> fax: 	480-965-9189
> College of Public Programs/ASU
> Wilson Hall 232
> Tempe, AZ 85287-0803
>  "Beware the IP portfolio, everyone will be suspect of trespassing"
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

dan pritts                                       danno@internet2.edu
systems administrator                            734/352-4953 office
internet2                                        734/834-7224 mobile