<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi Adrian,<br><br>When i add user in the same account of the admin,<br>I got this error when i tried to test the second user:<br>Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403 Forbidden<br><br>Khaled<br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">From: Adrian_F_Smith@Dell.com<br>To: khaled-bbk@hotmail.com<br>CC: openstack@lists.launchpad.net<br>Date: Fri, 27 Jan 2012 15:14:50 +0000<br>Subject: RE: [Openstack] Creating account and user in swift<br><br>
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML"><style>
.ExternalClass .ecxshape
{;}
</style><style>
.ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass div.ecxMsoNormal
{margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New Roman","serif";}
.ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink
{color:blue;text-decoration:underline;}
.ExternalClass a:visited, .ExternalClass span.ecxMsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
.ExternalClass p
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-family:"Times New Roman","serif";}
.ExternalClass pre
{margin-bottom:.0001pt;font-size:10.0pt;font-family:"Courier New";}
.ExternalClass p.ecxMsoAcetate, .ExternalClass li.ecxMsoAcetate, .ExternalClass div.ecxMsoAcetate
{margin-bottom:.0001pt;font-size:8.0pt;font-family:"Tahoma","sans-serif";}
.ExternalClass span.ecxHTMLPreformattedChar
{font-family:Consolas;}
.ExternalClass p.ecxecxmsonormal, .ExternalClass li.ecxecxmsonormal, .ExternalClass div.ecxecxmsonormal
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-family:"Times New Roman","serif";}
.ExternalClass p.ecxecxmsochpdefault, .ExternalClass li.ecxecxmsochpdefault, .ExternalClass div.ecxecxmsochpdefault
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-family:"Times New Roman","serif";}
.ExternalClass span.ecxecxmsohyperlink
{;}
.ExternalClass span.ecxecxmsohyperlinkfollowed
{;}
.ExternalClass span.ecxecxhtmlpreformattedchar
{;}
.ExternalClass span.ecxecxemailstyle20
{;}
.ExternalClass p.ecxecxmsonormal1, .ExternalClass li.ecxecxmsonormal1, .ExternalClass div.ecxecxmsonormal1
{margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New Roman","serif";}
.ExternalClass span.ecxecxmsohyperlink1
{color:blue;text-decoration:underline;}
.ExternalClass span.ecxecxmsohyperlinkfollowed1
{color:purple;text-decoration:underline;}
.ExternalClass span.ecxecxhtmlpreformattedchar1
{font-family:Consolas;}
.ExternalClass span.ecxecxemailstyle201
{font-family:"Calibri","sans-serif";color:#1F497D;}
.ExternalClass p.ecxecxmsochpdefault1, .ExternalClass li.ecxecxmsochpdefault1, .ExternalClass div.ecxecxmsochpdefault1
{margin-right:0in;margin-left:0in;font-size:10.0pt;font-family:"Times New Roman","serif";}
.ExternalClass span.ecxBalloonTextChar
{font-family:"Tahoma","sans-serif";}
.ExternalClass span.ecxEmailStyle34
{font-family:"Calibri","sans-serif";color:#1F497D;}
.ExternalClass .ecxMsoChpDefault
{font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;}
.ExternalClass div.ecxWordSection1
{page:WordSection1;}

</style><div class="ecxWordSection1"><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Here’s the documentation I was referring to,</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L79</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">It states, </span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"># There are special groups of:</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">#   .reseller_admin = can do anything to any account for this auth</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">#   .admin = can do anything within the account</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"># If neither of these groups are specified, the user can only access containers</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"># that have been explicitly allowed for them by a .admin or .reseller_admin.</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Adrian</span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p class="ecxMsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US"> Khaled Ben Bahri [mailto:khaled-bbk@hotmail.com] <br><b>Sent:</b> Friday, January 27, 2012 2:14 PM<br><b>To:</b> Smith, Adrian F<br><b>Cc:</b> openstack@lists.launchpad.net<br><b>Subject:</b> RE: [Openstack] Creating account and user in swift</span></p></div></div><p class="ecxMsoNormal"> </p><div><p class="ecxMsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Hi,<br><br>.admin is not indicated to mention that the user is an admin for swift??<br>I think that we can create users who are not from the admin group<br><br>I changed that line to mention the name of account at the end of line but it still the same error<br>user_newaccount_user1 = passuser1 <a href="https://proxy_ip:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_newaccount</a><br><br>It still give the same error<br><br>can any one help me<br><br>Khaled</span></p><div><div class="ecxMsoNormal" style="text-align:center" align="center"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><hr id="ecxstopSpelling" align="center" size="2" width="100%"></span></div><p class="ecxMsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From: Adrian_F_Smith@Dell.com<br>To: khaled-bbk@hotmail.com<br>CC: openstack@lists.launchpad.net<br>Date: Fri, 27 Jan 2012 11:19:57 +0000<br>Subject: RE: [Openstack] Creating account and user in swift</span></p><div><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m guessing the problem is that the user isn’t a member of the “.admin” group. This is a requirement to perform operations on the root URL.</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">To include the user in this group add .admin like this,</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">user_newaccount_user1 = passuser1 .swift <b>.admin</b> <a href="https://PROXY_IP:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_system</a></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Adrian</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p class="ecxMsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p class="ecxMsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US"> openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net [mailto:openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net] <b>On Behalf Of </b>Khaled Ben Bahri<br><b>Sent:</b> Friday, January 27, 2012 10:45 AM<br><b>To:</b> openstack@lists.launchpad.net<br><b>Subject:</b> [Openstack] Creating account and user in swift</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p></div></div><p class="ecxMsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></p><div><p class="ecxMsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Hi folks,<br><br>I installed swift with "tempauth" authentication subsystem <br>To create a user I have to write a new line in the proxy-server.conf on the section  [filter:temauth] like this :<br>user_system_root = testpass .admin <a href="https://PROXY_IP:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>as i inderstood, the format is actually :<br>user_<account>_<user> = <key>  [group] [other options] [storage_url]<br><br>I added a new user in new account <br>user_newaccount_user1 = passuser1 .swift <a href="https://PROXY_IP:8080/v1/AUTH_system" target="_blank">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>After that, to get an x url for this user by executing this command</span></p><pre>curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' <a target="_blank">https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0</a><br><br>When i want to check that I can HEAD the new account, I got the error 403 <br><br><br><br><br>root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' <a href="https://x.x.x.x:8080/v1/AUTH_system" target="_blank">https://x.x.x.x:8080/v1/AUTH_system</a><br>* About to connect() to x.x.x.x port 8080 (#0)<br>*   Trying x.x.x.x... connected<br>* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)<br>* successfully set certificate verify locations:<br>*   CAfile: none<br>  CApath: /etc/ssl/certs<br>* SSLv3, TLS handshake, Client hello (1):<br>* SSLv3, TLS handshake, Server hello (2):<br>* SSLv3, TLS handshake, CERT (11):<br>* SSLv3, TLS handshake, Server finished (14):<br>* SSLv3, TLS handshake, Client key exchange (16):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSL connection using AES256-SHA<br>* Server certificate:<br>*        subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd<br>*        start date: 2012-01-26 18:17:34 GMT<br>*        expire date: 2012-02-25 18:17:34 GMT<br>* SSL: unable to obtain common name from peer certificate<br>> GET /v1/AUTH_system HTTP/1.1<br>> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18<br>> Host: x.x.x.x:8080<br>> Accept: */*<br>> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658<br>> <br>< HTTP/1.1 403 Forbidden<br>< Content-Length: 157<br>< Content-Type: text/html; charset=UTF-8<br>< Date: Fri, 27 Jan 2012 10:00:57 GMT<br>< <br><html><br> <head><br>  <title>403 Forbidden</title><br> </head><br> <body><br>  <h1>403 Forbidden</h1><br>  Access was denied to this resource.<br /><br /><br><br><br><br> </body><br>* Connection #0 to host x.x.x.x left intact<br>* Closing connection #0<br>* SSLv3, TLS alert, Client hello (1):<br><br><br><br>Can any one please know any thing about this<br><br>Best regards<br>Khaled</pre><p class="ecxMsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></p></div></div></div></div></div></div>                                           </div></body>
</html>