[OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....
Claudio Prono
claudio.prono@atpss.net
Wed, 29 Sep 2010 15:49:22 +0200
This is a multi-part message in MIME format.
--------------090603070602000703080103
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Jeffrey Altman ha scritto:
> On 9/28/2010 11:46 AM, Claudio Prono wrote:
>
>
>> So, the problem is really when i log of from the Client, and OpenAFS
>> can't write on the home dir into the AFS...
>>
>> But the permissions are right, as u can see...
>>
>> fs listacl claudio/
>> Access list for claudio/ is
>> Normal rights:
>> system:administrators rlidwka
>> system:anyuser rlidwka
>> claudio rlidwka
>>
>> fs listacl .msprofile/
>> Access list for .msprofile/ is
>> Normal rights:
>> system:administrators rlidwka
>> system:anyuser rlidwka
>> claudio rlidwka
>>
>
> With these permissions you do not require tokens to write to the volume
> so lack of tokens is not your problem.
>
>
>> But, when i am going to disconnect, the client can't write the
>> profile.... Now i think can be a problem of OpenAFS, stopping services
>> too early and makes AFS inaccessible too early... but i don't have the
>> idea of how to resolve it (if it is the problem)...... I know the
>> afslogon.dll have a special code can detect if the system is into a
>> domain or not... but how i can see if it works also into a samba+ldap
>> domain?
>>
>
> The AFS service is not started as part of logon or shutdown as part of
> logoff. Your problem is elsewhere.
>
> I would suggest that you start your debugging on the AFS file server
> using a combination of audit log data and tcpdump.
>
> From Windows you want to use SysInternals' Process Monitor to log file
> access from boot to a file and simply let it record all of the data for
> an entire logon / logoff session.
>
>
>
You are right, the problem is when the Client exits, it tryies to write
to \\dc\user\profile and not into \\afs\domain\users\user .... but the
entry into the ldap is correct (homeDirectory:
/afs/mediaservice-test.pri/users/claudio)... so i don't know why it try
that.....
> ------------------------------------------------------------------------
>
> !DSPAM:1,4ca3408698321921154294!
--
--------------------------------------------------------------------------------
Claudio Prono OPST
System Developer
Gsm: +39-349-54.33.258
@PSS Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc
--------------090603070602000703080103
Content-Type: text/html; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
Jeffrey Altman ha scritto:
<blockquote cite="mid:4CA34054.8060101@secure-endpoints.com" type="cite">
<pre wrap="">On 9/28/2010 11:46 AM, Claudio Prono wrote:
</pre>
<blockquote type="cite">
<pre wrap="">So, the problem is really when i log of from the Client, and OpenAFS
can't write on the home dir into the AFS...
But the permissions are right, as u can see...
fs listacl claudio/
Access list for claudio/ is
Normal rights:
system:administrators rlidwka
system:anyuser rlidwka
claudio rlidwka
fs listacl .msprofile/
Access list for .msprofile/ is
Normal rights:
system:administrators rlidwka
system:anyuser rlidwka
claudio rlidwka
</pre>
</blockquote>
<pre wrap=""><!---->
With these permissions you do not require tokens to write to the volume
so lack of tokens is not your problem.
</pre>
<blockquote type="cite">
<pre wrap="">But, when i am going to disconnect, the client can't write the
profile.... Now i think can be a problem of OpenAFS, stopping services
too early and makes AFS inaccessible too early... but i don't have the
idea of how to resolve it (if it is the problem)...... I know the
afslogon.dll have a special code can detect if the system is into a
domain or not... but how i can see if it works also into a samba+ldap
domain?
</pre>
</blockquote>
<pre wrap=""><!---->
The AFS service is not started as part of logon or shutdown as part of
logoff. Your problem is elsewhere.
I would suggest that you start your debugging on the AFS file server
using a combination of audit log data and tcpdump.
>From Windows you want to use SysInternals' Process Monitor to log file
access from boot to a file and simply let it record all of the data for
an entire logon / logoff session.
</pre>
</blockquote>
You are right, the problem is when the Client exits, it tryies to write
to \\dc\user\profile and not into \\afs\domain\users\user .... but the
entry into the ldap is correct (homeDirectory:
/afs/mediaservice-test.pri/users/claudio)... so i don't know why it try
that.....<br>
<blockquote cite="mid:4CA34054.8060101@secure-endpoints.com" type="cite">
<pre wrap=""></pre>
<pre wrap="">
<hr size="4" width="90%">
!DSPAM:1,4ca3408698321921154294!</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--------------------------------------------------------------------------------
Claudio Prono OPST
System Developer
Gsm: +39-349-54.33.258
@PSS Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY <a class="moz-txt-link-freetext" href="http://atpss.net/disclaimer">http://atpss.net/disclaimer</a>
--------------------------------------------------------------------------------
PGP Key - <a class="moz-txt-link-freetext" href="http://keys.atpss.net/c_prono.asc">http://keys.atpss.net/c_prono.asc</a>
</pre>
</body>
</html>
--------------090603070602000703080103--