[OpenAFS] Not solved correct, system:anyuser still needed

Lars Schimmer l.schimmer@cgv.tugraz.at
Mon, 18 Feb 2013 13:11:05 +0100 

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2NTGEGKRWRBGDQIDUSPUL
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 2013-02-18 09:46, Lars Schimmer wrote:
> On 2013-02-15 15:28, Lars Schimmer wrote:
>> Hi!
>>
>> Does anyone use windows 8 clients and windows roaming profiles in
>> OpenAFS filespace?
>>
>> 1. I cannot get Windows 8 to get access to the roaming profile, althou=
gh
>> path is set to system:anyone write
>> OpenAFS 1.7.2119 (today).
>> roaming profile path set via system group policy to:
>> \\AFS\.cgv.tugraz.at\home\win8\schimmer.V2
>>
>> System log shows: access denied.
>> Tested with some other users, some get a token on login ,some not. But=

>> all get a temp roaming profile.
>=20
> Ok, solved. I did messed up the setting in the group policy. Thank you,=

> Jeffrey for the Tip with Process Monitor Boot Logging.
> Now User can login with "new" profile and data is saved into correct pl=
ace.
> I just need to create a third windows profile for each user (windows XP=
,
> Windows 7, Windows 8).

Only partly solved.
I do not know why, but the roaming profile folder does need
system:anyuser rl  ACLs to work under Windows 8.
Setting the Domain Controller System on rl ACL does not work, it needs
system:authuser.

If I remove the system:anyuser ACL, windows 8 denies my access to the
profile path and logs in with local cached profile and does not write
back on logout any data to OpenAFS path.
If I set system:anyuser rl  on my profile path, Windows 8 does load
profile from OpenAFS path and saves back data on logout to that path,
and all files do have the correct UserID.

I do use Windows 8 64bit, OpenAFS 1.7.2119 and "obtain tokens on login".
It looks like windows tries to lookup profile ahead of obtaining tokens.

Anyone using Win8 on OpenAFS roaming profiles at all yet?

> MfG,
> Lars Schimmer
>=20


MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723




------enig2NTGEGKRWRBGDQIDUSPUL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlEiGlkACgkQmWhuE0qbFyMelQCfcZ1Ap9Gf4z3vUXuZCCwUuR5I
kEIAn3BVvYcIrFDbgzHYeWaCAqNG5kZK
=lomA
-----END PGP SIGNATURE-----

------enig2NTGEGKRWRBGDQIDUSPUL--