The run as user option is the cleanest way of doing this but you say it isnt possible as you are running an NT domain.
Before they added this functionality we had a similar issue, to work around it we granted Read&Execute perms for the local "Users" group to cmd.exe and net.exe in %systemroot%\System32. Very easy to do across all machines with a quick script. We also added it to our machine build process.
This will then allow the local condor user accounts access to these binaries. The obvious downside is reduced security as you will have to supply a username and password along with the net use command.
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Judson, Ivan
Sent: 03 July 2007 17:06
Subject: [Condor-users] Questions on Windows Deployment
I’m deploying condor on our campus labs. It’s a windows based deployment.
I’ve been fighting job authentication issues, mostly because I have applications and data installed on a windows share, I think. Here’s what I’ve done and what’s happened. I’m currently stuck and wondering what the right way to solve this problem is.
Master/Execute/Submit running on XP box, all execute hosts running on XP. All machines are part of the NT domain (this makes user switching impossible, apparently).
Applications and data are housed on a share.
When condor jobs try to run, one of a two things happen:
1) If they run as the “transient” user (done by default), they have no access to the net.exe command, and therefore can’t mount the share.
2) After reading all about users and condor and windows, we’ve created the condor user, and it has the rights to mount the share, which works great except, because we’re part of the NT domain, condor daemons can’t run jobs as the condor user because user switching is disabled.
What’s the correct way to resolve this issue? I’m sure there’s some obvious solution that I’ve overlooked, I just need someone to tell me what it is …
Gloucester Research Limited believes the information provided herein is reliable. While every care has been taken to ensure accuracy, the information is furnished to the recipients with no warranty as to the completeness and accuracy of its contents and on condition that any errors or omissions shall not be made the basis for any claim, demand or cause for action.
The information in this email is intended only for the named recipient. If you are not the intended recipient please notify us immediately and do not copy, distribute or take action based on this e-mail.
All messages sent to and from this email address will be logged by Gloucester Research Ltd and are subject to archival storage, monitoring, review and disclosure.
Gloucester Research Limited, 5th Floor, Whittington House, 19-30 Alfred Place, London WC1E 7EA.
Gloucester Research Limited is a company registered in England and Wales with company number 04267560.