[OpenAFS] Not solved correct, system:anyuser still needed

Nathaniel Hatley nathaniel.hatley@gmail.com
Mon, 18 Feb 2013 23:46:07 -0500 

--f46d04462e0a10179e04d60c8561
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Good Evening,

Seeing this thread interested me as we'll theoretically be moving to
Windows 8 at UNC Charlotte in the 2014 time frame (application
compatibility issues not withstanding).  I took the time this evening to
integrate a Windows 8 build into our environment to determine if roaming
user profiles with folder redirection still work properly (I tested with
the developer preview last year).  After my initial tests, everything
appears in working order in regards to both roaming profiles and folder
redirection.  This was tested on Windows 8 Enterprise x64 with OpenAFS
1.7.2112.  Our group policy is still setup exactly as described in:
http://openafs.org/pages/newsletter/newsletter-2012-08-volume004-issue03.ht=
ml#appendix_b1__roaming_profile_

Please let me know if there is any additional information that I can give
that would be helpful in this circumstance.

Nathan Hatley


On Mon, Feb 18, 2013 at 7:11 AM, Lars Schimmer <l.schimmer@cgv.tugraz.at>wr=
ote:

> On 2013-02-18 09:46, Lars Schimmer wrote:
> > On 2013-02-15 15:28, Lars Schimmer wrote:
> >> Hi!
> >>
> >> Does anyone use windows 8 clients and windows roaming profiles in
> >> OpenAFS filespace?
> >>
> >> 1. I cannot get Windows 8 to get access to the roaming profile, althou=
gh
> >> path is set to system:anyone write
> >> OpenAFS 1.7.2119 (today).
> >> roaming profile path set via system group policy to:
> >> \\AFS\.cgv.tugraz.at\home\win8\schimmer.V2
> >>
> >> System log shows: access denied.
> >> Tested with some other users, some get a token on login ,some not. But
> >> all get a temp roaming profile.
> >
> > Ok, solved. I did messed up the setting in the group policy. Thank you,
> > Jeffrey for the Tip with Process Monitor Boot Logging.
> > Now User can login with "new" profile and data is saved into correct
> place.
> > I just need to create a third windows profile for each user (windows XP=
,
> > Windows 7, Windows 8).
>
> Only partly solved.
> I do not know why, but the roaming profile folder does need
> system:anyuser rl  ACLs to work under Windows 8.
> Setting the Domain Controller System on rl ACL does not work, it needs
> system:authuser.
>
> If I remove the system:anyuser ACL, windows 8 denies my access to the
> profile path and logs in with local cached profile and does not write
> back on logout any data to OpenAFS path.
> If I set system:anyuser rl  on my profile path, Windows 8 does load
> profile from OpenAFS path and saves back data on logout to that path,
> and all files do have the correct UserID.
>
> I do use Windows 8 64bit, OpenAFS 1.7.2119 and "obtain tokens on login".
> It looks like windows tries to lookup profile ahead of obtaining tokens.
>
> Anyone using Win8 on OpenAFS roaming profiles at all yet?
>
> > MfG,
> > Lars Schimmer
> >
>
>
> MfG,
> Lars Schimmer
> --
> -------------------------------------------------------------
> TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
> Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
>
>
>
>

--f46d04462e0a10179e04d60c8561
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Good Evening,<div><br></div><div style>Seeing this thread =
interested me as we&#39;ll theoretically be moving to Windows 8 at UNC Char=
lotte in the 2014 time frame (application compatibility issues not withstan=
ding). =A0I took the time this evening to integrate a Windows 8 build into =
our environment to determine if roaming user profiles with folder redirecti=
on still work properly (I tested with the developer preview last year). =A0=
After my initial tests, everything appears in working order in regards to b=
oth roaming profiles and folder redirection. =A0This was tested on Windows =
8 Enterprise x64 with OpenAFS 1.7.2112. =A0Our group policy is still setup =
exactly as described in:=A0<a href=3D"http://openafs.org/pages/newsletter/n=
ewsletter-2012-08-volume004-issue03.html#appendix_b1__roaming_profile_">htt=
p://openafs.org/pages/newsletter/newsletter-2012-08-volume004-issue03.html#=
appendix_b1__roaming_profile_</a></div>
<div style><br></div><div style>Please let me know if there is any addition=
al information that I can give that would be helpful in this circumstance.<=
/div><div style><br></div><div style>Nathan Hatley</div></div><div class=3D=
"gmail_extra">
<br><br><div class=3D"gmail_quote">On Mon, Feb 18, 2013 at 7:11 AM, Lars Sc=
himmer <span dir=3D"ltr">&lt;<a href=3D"mailto:l.schimmer@cgv.tugraz.at" ta=
rget=3D"_blank">l.schimmer@cgv.tugraz.at</a>&gt;</span> wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex">
On 2013-02-18 09:46, Lars Schimmer wrote:<br>
&gt; On 2013-02-15 15:28, Lars Schimmer wrote:<br>
&gt;&gt; Hi!<br>
&gt;&gt;<br>
&gt;&gt; Does anyone use windows 8 clients and windows roaming profiles in<=
br>
&gt;&gt; OpenAFS filespace?<br>
&gt;&gt;<br>
&gt;&gt; 1. I cannot get Windows 8 to get access to the roaming profile, al=
though<br>
&gt;&gt; path is set to system:anyone write<br>
&gt;&gt; OpenAFS 1.7.2119 (today).<br>
&gt;&gt; roaming profile path set via system group policy to:<br>
&gt;&gt; \\AFS\.<a href=3D"http://cgv.tugraz.at" target=3D"_blank">cgv.tugr=
az.at</a>\home\win8\schimmer.V2<br>
&gt;&gt;<br>
&gt;&gt; System log shows: access denied.<br>
&gt;&gt; Tested with some other users, some get a token on login ,some not.=
 But<br>
&gt;&gt; all get a temp roaming profile.<br>
&gt;<br>
&gt; Ok, solved. I did messed up the setting in the group policy. Thank you=
,<br>
&gt; Jeffrey for the Tip with Process Monitor Boot Logging.<br>
&gt; Now User can login with &quot;new&quot; profile and data is saved into=
 correct place.<br>
&gt; I just need to create a third windows profile for each user (windows X=
P,<br>
&gt; Windows 7, Windows 8).<br>
<br>
Only partly solved.<br>
I do not know why, but the roaming profile folder does need<br>
system:anyuser rl =A0ACLs to work under Windows 8.<br>
Setting the Domain Controller System on rl ACL does not work, it needs<br>
system:authuser.<br>
<br>
If I remove the system:anyuser ACL, windows 8 denies my access to the<br>
profile path and logs in with local cached profile and does not write<br>
back on logout any data to OpenAFS path.<br>
If I set system:anyuser rl =A0on my profile path, Windows 8 does load<br>
profile from OpenAFS path and saves back data on logout to that path,<br>
and all files do have the correct UserID.<br>
<br>
I do use Windows 8 64bit, OpenAFS 1.7.2119 and &quot;obtain tokens on login=
&quot;.<br>
It looks like windows tries to lookup profile ahead of obtaining tokens.<br=
>
<br>
Anyone using Win8 on OpenAFS roaming profiles at all yet?<br>
<br>
&gt; MfG,<br>
&gt; Lars Schimmer<br>
&gt;<br>
<br>
<br>
MfG,<br>
Lars Schimmer<br>
<span class=3D"HOEnZb"><font color=3D"#888888">--<br>
-------------------------------------------------------------<br>
TU Graz, Institut f=FCr ComputerGraphik &amp; WissensVisualisierung<br>
Tel: <a href=3D"tel:%2B43%20316%20873-5405" value=3D"+433168735405">+43 316=
 873-5405</a> =A0 =A0 =A0 E-Mail: <a href=3D"mailto:l.schimmer@cgv.tugraz.a=
t">l.schimmer@cgv.tugraz.at</a><br>
Fax: <a href=3D"tel:%2B43%20316%20873-5402" value=3D"+433168735402">+43 316=
 873-5402</a> =A0 =A0 =A0 PGP-Key-ID: 0x4A9B1723<br>
<br>
<br>
<br>
</font></span></blockquote></div><br></div>

--f46d04462e0a10179e04d60c8561--