Hello,
It has been many years now since we first installed OpenAFS + KfW on our Windows XP clients and have been using it without any trouble. Sticking to the "if it ain't broken, don't fix it" principal we sticked with some 1.3.7x version of the OpenAFS client.
Today, as part of a general update, I decided it was time to move on, thinking the IFS redirector had more than enough time to mature. I went on installing Heimdal 1.5.1 binaries, along with NetIDMgr 2.0 and OpenAFS 1.7.26 (in that order) on an otherwise freshly installed WinXP computer which basically only had SP3 and whatever dependencies the CM2012 client brought along (Silverlight etc). Some domain-wide group policy has also been applied, but as this machine belongs to a TEST OU for the time being, they should be mostly harmless stuff. I quickly found about the missing 5-to-4 .DLLs NetIDMgr would require that was not present in Heimdal, complemented them from KfW3.2.2 and soon I was able to get tokens for my realm and browse the AFS filesystem.... ... with an administrator account. As soon as I logged on as a simple user, I could not get tokens anymore and the AFS padlock icon would appear broken. While hovering over, a tooltip saying "OpenAFS service cannot be reached" would come up. aklog from command prompt after grabbing tickets from my KDC would say: C:\Documents and Settings\kostas>aklog -d Authenticating to cell physics.auth.gr. Getting v5 tickets: afs/[email protected] Getting v5 tickets: [email protected] pioctl Redirector is ready pioctl NetbiosName = "AFS" pioctl filename = "\\AFS\all\_._AFS_IOCTL_._" About to resolve name [email protected] to id Id 10002 Set username to [email protected] Setting tokens. pioctl Redirector is ready pioctl NetbiosName = "AFS" pioctl filename = "\\AFS\all\_._AFS_IOCTL_._" aklog: Cache Manager is not initialized / afsd is not running while setting token for cell physics.auth.gr However, the afsd_service.exe process was running fine. Without logging off, I opened a new CMD window with administrator privileges and was able to get tokens alright and browse the filesystem from the privileged process, so the AFS is working alright.But at the same time, as the non-privileged user, I can't browse \\AFS\all, nor \\AFS\physics.auth.gr which is available even to non-logged users. When I try to do so, Windows responds with:
"\\afs\all is not accessible. You might not have permission to use this network resource. Contact your ... " However, I CAN browse \\afs and see the freelance generated root.cell It fells like this is a permission thingie, but I don't really know where to look at right now. Any insight you may have is much appreciated. Thanks, -Kostas
smime.p7s
Description: S/MIME Cryptographic Signature
