<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.ecxmsonormal, li.ecxmsonormal, div.ecxmsonormal
{mso-style-name:ecxmsonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.ecxmsochpdefault, li.ecxmsochpdefault, div.ecxmsochpdefault
{mso-style-name:ecxmsochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.ecxmsohyperlink
{mso-style-name:ecxmsohyperlink;}
span.ecxmsohyperlinkfollowed
{mso-style-name:ecxmsohyperlinkfollowed;}
span.ecxhtmlpreformattedchar
{mso-style-name:ecxhtmlpreformattedchar;}
span.ecxemailstyle20
{mso-style-name:ecxemailstyle20;}
p.ecxmsonormal1, li.ecxmsonormal1, div.ecxmsonormal1
{mso-style-name:ecxmsonormal1;
mso-margin-top-alt:auto;
margin-right:0in;
margin-bottom:0in;
margin-left:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.ecxmsohyperlink1
{mso-style-name:ecxmsohyperlink1;
color:blue;
text-decoration:underline;}
span.ecxmsohyperlinkfollowed1
{mso-style-name:ecxmsohyperlinkfollowed1;
color:purple;
text-decoration:underline;}
span.ecxhtmlpreformattedchar1
{mso-style-name:ecxhtmlpreformattedchar1;
font-family:Consolas;}
span.ecxemailstyle201
{mso-style-name:ecxemailstyle201;
font-family:"Calibri","sans-serif";
color:#1F497D;}
p.ecxmsochpdefault1, li.ecxmsochpdefault1, div.ecxmsochpdefault1
{mso-style-name:ecxmsochpdefault1;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle34
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Here’s the documentation I was referring to,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L79<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It states, <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># There are special groups of:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># .reseller_admin = can do anything to any account for this auth<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># .admin = can do anything within the account<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># If neither of these groups are specified, the user can only access containers<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'># that have been explicitly allowed for them by a .admin or .reseller_admin.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adrian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Khaled Ben Bahri [mailto:khaled-bbk@hotmail.com] <br><b>Sent:</b> Friday, January 27, 2012 2:14 PM<br><b>To:</b> Smith, Adrian F<br><b>Cc:</b> openstack@lists.launchpad.net<br><b>Subject:</b> RE: [Openstack] Creating account and user in swift<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Hi,<br><br>.admin is not indicated to mention that the user is an admin for swift??<br>I think that we can create users who are not from the admin group<br><br>I changed that line to mention the name of account at the end of line but it still the same error<br>user_newaccount_user1 = passuser1 <a href="https://proxy_ip:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_newaccount</a><br><br>It still give the same error<br><br>can any one help me<br><br>Khaled<o:p></o:p></span></p><div><div class=MsoNormal align=center style='text-align:center'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><hr size=2 width="100%" align=center id=stopSpelling></span></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From: Adrian_F_Smith@Dell.com<br>To: khaled-bbk@hotmail.com<br>CC: openstack@lists.launchpad.net<br>Date: Fri, 27 Jan 2012 11:19:57 +0000<br>Subject: RE: [Openstack] Creating account and user in swift<o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’m guessing the problem is that the user isn’t a member of the “.admin” group. This is a requirement to perform operations on the root URL.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>To include the user in this group add .admin like this,</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>user_newaccount_user1 = passuser1 .swift <b>.admin</b> <a href="https://PROXY_IP:8080/v1/AUTH_system">https://PROXY_IP:8080/v1/AUTH_system</a></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adrian</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net [mailto:openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net] <b>On Behalf Of </b>Khaled Ben Bahri<br><b>Sent:</b> Friday, January 27, 2012 10:45 AM<br><b>To:</b> openstack@lists.launchpad.net<br><b>Subject:</b> [Openstack] Creating account and user in swift</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p></div></div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Hi folks,<br><br>I installed swift with "tempauth" authentication subsystem <br>To create a user I have to write a new line in the proxy-server.conf on the section [filter:temauth] like this :<br>user_system_root = testpass .admin <a href="https://PROXY_IP:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>as i inderstood, the format is actually :<br>user_<account>_<user> = <key> [group] [other options] [storage_url]<br><br>I added a new user in new account <br>user_newaccount_user1 = passuser1 .swift <a href="https://PROXY_IP:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>After that, to get an x url for this user by executing this command<o:p></o:p></span></p><pre>curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' <a href="https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0">https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0</a><br><br>When i want to check that I can HEAD the new account, I got the error 403 <br><br><br><br><br>root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' <a href="https://x.x.x.x:8080/v1/AUTH_system" target="_blank">https://x.x.x.x:8080/v1/AUTH_system</a><br>* About to connect() to x.x.x.x port 8080 (#0)<br>* Trying x.x.x.x... connected<br>* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)<br>* successfully set certificate verify locations:<br>* CAfile: none<br> CApath: /etc/ssl/certs<br>* SSLv3, TLS handshake, Client hello (1):<br>* SSLv3, TLS handshake, Server hello (2):<br>* SSLv3, TLS handshake, CERT (11):<br>* SSLv3, TLS handshake, Server finished (14):<br>* SSLv3, TLS handshake, Client key exchange (16):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSL connection using AES256-SHA<br>* Server certificate:<br>* subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd<br>* start date: 2012-01-26 18:17:34 GMT<br>* expire date: 2012-02-25 18:17:34 GMT<br>* SSL: unable to obtain common name from peer certificate<br>> GET /v1/AUTH_system HTTP/1.1<br>> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18<br>> Host: x.x.x.x:8080<br>> Accept: */*<br>> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658<br>> <br>< HTTP/1.1 403 Forbidden<br>< Content-Length: 157<br>< Content-Type: text/html; charset=UTF-8<br>< Date: Fri, 27 Jan 2012 10:00:57 GMT<br>< <br><html><br> <head><br> <title>403 Forbidden</title><br> </head><br> <body><br> <h1>403 Forbidden</h1><br> Access was denied to this resource.<br /><br /><br><br><br><br> </body><br>* Connection #0 to host x.x.x.x left intact<br>* Closing connection #0<br>* SSLv3, TLS alert, Client hello (1):<br><br><br><br>Can any one please know any thing about this<br><br>Best regards<br>Khaled<o:p></o:p></pre><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p></div></div></div></div></div></body></html>