Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
- Date: Tue, 15 Nov 2011 22:00:18 +0100 (CET)
- From: Sukender <suky0001@xxxxxxx>
- Subject: Re: [Condor-users] Privileges problems on non-English edition of Windows Vista/7 (was:Privileges problems on family edition of Windows Vista/7?)
Hi Ziliang, hi all,
Thank you for taking care of my problem! ^^
1) I use the service mode (MSI installer).
2) And anyway my account is part of "Administrators" group.
3) That's amazing: I was heading towards such a hypothesis just before I read your mail. And yes! I experience trouble with Condor on French distributions (See "Tests" below).
I strongly suspect Condor to look for a "SYSTEM" account, which is a mistake for Vista/Seven since names are localized (http://msdn.microsoft.com/en-us/library/ms143504.aspx). Indeed, SYSTEM account appears to be called "AUTORITE NT\Système" (or simply "Système") in French distributions of Vista/7. And if I remember well, SYSTEM is simply "SYSTEM" under XP FR (where I had no issues)...
A quick look at Condor's code seems to confirm this:
7.7.2/src/condor_utils/uids.cpp, line 656, function is_root() tests username against "SYSTEM" string:
if( !strcasecmp(user, "SYSTEM") ) {
root = 1;
}
I'm currently testing if the underlying my_username() function returns a localized string or not. If so, Condor code will have to be patched, either to return a non-localized name, or to test against localized "SYSTEM" name.
I'll mail as soon as I have news for this ^^
Tests
-----
Note: EN stands for "English", FR stands for "French"
Summary of tests on various Windows platforms:
1. "Work" - 7 Family FR : Error on SYSYEM account
2. "Home" - XP Pro FR SP3 : All ok
3. "Serv" - Server 2008 R2 EN : No issue with SYSTEM, but with temporary profiles (cannot open session)
4. "Prod" - 7 Pro FR : Error on SYSYEM account
My previous hypothesis ("Family ed. is an issue for SYSTEM account") is invalidated by test 4.
Cheers,
Sukender
----- Mail original -----
De: "Ziliang Guo" <ziliang@xxxxxxxxxxx>
À: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
Envoyé: Mardi 15 Novembre 2011 18:59:31
Objet: Re: [Condor-users] Privileges problems on family edition of Windows Vista/7?
1) Are you trying to run Condor as a service or are you running the
Condor master under your own user account?
2) If running under your own user account, does your account have
admin privileges.
3) If you are running Condor as a service, is the version of Windows
you are trying to run it on a non-English version?
On Tue, Nov 15, 2011 at 5:26 AM, Sukender <suky0001@xxxxxxx> wrote:
> Hi everyone,
>
> 1. It seems I can't run Condor properly on a Family edition of Windows (Vista/Seven): Condor daemons complain about SYSTEM privileges.
> Did anyone successfully ran Condor on such a configuration? If so, how?
>
> 2. I tried the same on a Windows Server 2008 R2. There is no privileges issues anymore, but jobs are never run and logs did not tell me much about the problem.
> Can anyone help ?
>
> Details follow...
>
>
> Versions tested: 7.7.2 and 7.6.4
> Architecture : X86_64
>
> I just tried to setup a personal Condor on a Windows 7 machine, and it systematically fails for some critical operations:
> - "condor_store_cred add" always fail, complaining about privileges ("Operation failed. Target daemon is not running as SYSTEM.")
> - Jobs (vanilla) stay forever in the queue ("Request has not yet been considered by the matchmaker.")
> The ShadowLog also complaints about permissions ("init_user_ids: failed because user switching is disabled", see below).
> Of course, I double checked that the MSI installer properly set the service as using "LOCAL SYSTEM" user... and of course, I tried to delete/reinstall multiple times.
>
> What is very strange is that personal Condor worked perfectly on Windows XP (Pro, SP3, and after calling "condor_store_cred add").
>
> I also tried to setup a Condor manager on a Windows Server 2008 R2. It works a bit better, but that's not 100%:
> - Pool is created, and call to "condor_store_cred add" succeeded (ShadowLog is ok).
> - My "Windows 7 Family" machine has been reconfigured to join the pool and is visible when typing "condor_status"
> - Neither the "Windows Server" nor the "Windows 7" can submit jobs successfully. They stay in the queue forever (but maybe for different reasons). "-analyze" says "Reject your job because of their own requirements".
> - "Windows 7" 's ShadowLog still says "init_user_ids: failed because user switching is disabled" (which seems coherent!)
> - "Windows Server" 's ShadowLog is ok, but SchedLog shows strange things about job submitted from the other machine ("condor_read() failed..." "Response problem from startd when requesting claim..." "Failed to send REQUEST_CLAIM..."), and nothing about the job submitted locally.
>
> My ShadowLog (Windows 7 machine), complaining about privileges:
> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
> 11/15/11 11:44:58 (6.0) (5588): init_user_ids() failed as user Sukender
> 11/15/11 11:44:58 (6.0) (5588): init_user_ids: failed because user switching is disabled
> 11/15/11 11:44:58 (6.0) (5588): WriteUserLog::initialize: init_user_ids() failed!
> 11/15/11 11:44:58 (6.0) (5588): Failed to initialize user log to C:/Temp\condor_job_test.log
> 11/15/11 11:44:58 (6.0) (5588): Job 6.0 going into Hold state (code 22,0): Failed to initialize user log to C:/Temp\condor_job_test.log
> 11/15/11 11:44:58 (6.0) (5588): RemoteResource::killStarter(): DCStartd object NULL!
> 11/15/11 11:44:59 (6.0) (5588): SetEffectiveOwner(Sukender) failed with errno=13: Permission denied.
> 11/15/11 11:44:59 (6.0) (5588): Failed to update job queue!
> 11/15/11 11:44:59 (6.0) (5588): ERROR "Failed to initialize user log to C:/Temp\condor_job_test.log" at line 855 in file c:\condor\execute\dir_3188\userdir\src\condor_shadow.v6.1\baseshadow.cpp
>
> Cheers,
>
> Sukender
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
>
--
Condor Project Windows Developer
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/