[OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 29 Sep 2010 09:34:12 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF5B39358CD518F236DAFF2BF
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/28/2010 11:46 AM, Claudio Prono wrote:

> So, the problem is really when i log of from the Client, and OpenAFS
> can't write on the home dir into the AFS...
>=20
> But the permissions are right, as u can see...
>=20
> fs listacl claudio/
> Access list for claudio/ is
> Normal rights:
>   system:administrators rlidwka
>   system:anyuser rlidwka
>   claudio rlidwka
>=20
> fs listacl .msprofile/
> Access list for .msprofile/ is
> Normal rights:
>   system:administrators rlidwka
>   system:anyuser rlidwka
>   claudio rlidwka

With these permissions you do not require tokens to write to the volume
so lack of tokens is not your problem.

> But, when i am going to disconnect, the client can't write the
> profile.... Now i think can be a problem of OpenAFS, stopping services
> too early and makes AFS inaccessible too early... but i don't have the
> idea of how to resolve it (if it is the problem)...... I know the
> afslogon.dll have a special code can detect if the system is into a
> domain or not...  but how i can see if it works also into a samba+ldap
> domain?

The AFS service is not started as part of logon or shutdown as part of
logoff.   Your problem is elsewhere.

I would suggest that you start your debugging on the AFS file server
using a combination of audit log data and tcpdump.

=46rom Windows you want to use SysInternals' Process Monitor to log file
access from boot to a file and simply let it record all of the data for
an entire logon / logoff session.



--------------enigF5B39358CD518F236DAFF2BF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJMo0BXAAoJENxm1CNJffh49lQIANbXwBbD1hxxnWPB1u+3QjcN
3II5v3B1KXgUFV1E4w4lGsDMlUXGuCwJYz+lQ0M2I2QHRXPRsDMxH9hrFPTI2iSG
aJk1KBe+k32d8Bptb16Q1E/JwVPy7JPGy2+ddhtS4MtYYlraLQqMujCHDd2i//rs
u3zb2ZVYuqoGGc2E+JKV94UDF0N70JAE1n10UYOYNGVxCUhjA3wP0IXf4MJVk4zy
XrowuePK4dP0JZe2okNQlfNCAvu3Mkr0PG3umJvY+J73jGKHHGF0iOiUMOY3akl3
SeERmSpOEDydpWi9VJaCOwQQFBe2utQqE8+jXC0cD/TgTwjekSUA0GvkyBvZfOA=
=ysCu
-----END PGP SIGNATURE-----

--------------enigF5B39358CD518F236DAFF2BF--