[OpenAFS] openAFS on Vista

Lönroth Erik erik.lonroth@scania.com
Wed, 10 Jan 2007 16:54:18 +0100

It could also have been someone trying to access "Protected Content".


-----Original Message-----
From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org] On Behalf Of Jeffrey Altman
Sent: den 10 januari 2007 15:19
To: Jason Dorfman
Cc: openafs-info@openafs.org; Manjiri
Subject: Re: [OpenAFS] openAFS on Vista

Jason Dorfman wrote:
> Has anyone experienced the following problems using openAFS in Vista?
> With proper AFS tokens and Kerb5 tickets via NetIDmgr, I am unable to 
> traverse afs folders through a Windows explorer.  These are folders 
> which I have at least lookup ACL permissions, but getting 'access is 
> denied' when trying to access them.  This does not happen on my 
> parallel XP machine.  Even better, this does not happen from the Vista =

> command prompt.  From there, I am able to traverse those same folders 
> fine. This seems to be a function (or lack thereof) of Vista Explorer.

This is a known bug and Microsoft and Secure Endpoints are working on it.  The problem only affects directories that have "lookup" but not "read".  The Vista Explorer Shell calls more of the CIFS protocol than either XP or the command prompt.  Microsoft's theory is that at least of the undocumented data structures returned by OpenAFS are wrong. According to Microsoft, invalid responses from the file system driver are translated into STATUS_ACCESS_DENIED errors.

My theory is that the Explorer Shell is insisting that they be able to
(a) open the directory with read privilege and (b) be able to access extended attributes from the directory which don't exist.  As a result they are in fact receiving an STATUS_ACCESS_DENIED error.  They are simply interpreting it wrong.

As soon as there is a work around it will be added to the next revision.

Jeffrey Altman