<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’m guessing the problem is that the user isn’t a member of the “.admin” group. This is a requirement to perform operations on the root URL.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>To include the user in this group add .admin like this,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>user_newaccount_user1 = passuser1 .swift <b>.admin</b> https://PROXY_IP:8080/v1/AUTH_system<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adrian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net [mailto:openstack-bounces+adrian_f_smith=dell.com@lists.launchpad.net] <b>On Behalf Of </b>Khaled Ben Bahri<br><b>Sent:</b> Friday, January 27, 2012 10:45 AM<br><b>To:</b> openstack@lists.launchpad.net<br><b>Subject:</b> [Openstack] Creating account and user in swift<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Hi folks,<br><br>I installed swift with "tempauth" authentication subsystem <br>To create a user I have to write a new line in the proxy-server.conf on the section [filter:temauth] like this :<br>user_system_root = testpass .admin <a href="https://PROXY_IP:8080/v1/AUTH_system">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>as i inderstood, the format is actually :<br>user_<account>_<user> = <key> [group] [other options] [storage_url]<br><br>I added a new user in new account <br>user_newaccount_user1 = passuser1 .swift <a href="https://PROXY_IP:8080/v1/AUTH_system">https://PROXY_IP:8080/v1/AUTH_system</a><br><br>After that, to get an x url for this user by executing this command<o:p></o:p></span></p><pre>curl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' <a href="https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0">https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0</a><br><br>When i want to check that I can HEAD the new account, I got the error 403 <br><br><br><br><br>root@ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' <a href="https://x.x.x.x:8080/v1/AUTH_system">https://x.x.x.x:8080/v1/AUTH_system</a><br>* About to connect() to x.x.x.x port 8080 (#0)<br>* Trying x.x.x.x... connected<br>* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)<br>* successfully set certificate verify locations:<br>* CAfile: none<br> CApath: /etc/ssl/certs<br>* SSLv3, TLS handshake, Client hello (1):<br>* SSLv3, TLS handshake, Server hello (2):<br>* SSLv3, TLS handshake, CERT (11):<br>* SSLv3, TLS handshake, Server finished (14):<br>* SSLv3, TLS handshake, Client key exchange (16):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSL connection using AES256-SHA<br>* Server certificate:<br>* subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd<br>* start date: 2012-01-26 18:17:34 GMT<br>* expire date: 2012-02-25 18:17:34 GMT<br>* SSL: unable to obtain common name from peer certificate<br>> GET /v1/AUTH_system HTTP/1.1<br>> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18<br>> Host: x.x.x.x:8080<br>> Accept: */*<br>> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658<br>> <br>< HTTP/1.1 403 Forbidden<br>< Content-Length: 157<br>< Content-Type: text/html; charset=UTF-8<br>< Date: Fri, 27 Jan 2012 10:00:57 GMT<br>< <br><html><br> <head><br> <title>403 Forbidden</title><br> </head><br> <body><br> <h1>403 Forbidden</h1><br> Access was denied to this resource.<br /><br /><br><br><br><br> </body><br>* Connection #0 to host x.x.x.x left intact<br>* Closing connection #0<br>* SSLv3, TLS alert, Client hello (1):<br><br><br><br>Can any one please know any thing about this<br><br>Best regards<br>Khaled<o:p></o:p></pre><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p></div></div></body></html>