Re: [condor-users] Shadow Exception!

[Colin Stolley <stolley@xxxxxxxxxxx>]

> 10/10 18:58:45 (7.0) (888): perm::NetGetDCName() failed: DCNotFound (domain
> looked up: VORDEFINIERT)
> 10/10 18:58:52 (7.0) (888): perm::NetGetDCName() failed: DCNotFound (domain looked up: NT-AUTORITAT)
> 10/10 18:58:59 (7.0) (888): DoDownload: Permission denied to write file C:\BATCH\fort.19!

So here's what's happening. The shadow is looking at a file to write
output to, and since the shadow runs as local system (in 6.4.7, but no
longer in 6.5.x and above), we can't just write out the file since that
would be a security hole. So we invoke a set of functions to determine
if the submitting user has permission to write to the file in question.

What's going wrong according to your log file is the Primary Domain
Controller (PDC) can not be located for the domains, VORDEFINIERT or
NT-AUTORITAT.

My guess is these groups are equivalent to the English domains,
NT-AUTHORITY and BUILTIN, which are not global domain groups, and hence,
its no surprise that we can't find the PDC for them.

I have checked the code, and I can confirm that this is a bug in our
handling of non-English, well-known group names. Thanks for finding it! We
will have it fixed for 6.6.1. In the mean time, you can get around it
by explicitly granting your account read/write access to this file, or
grant some other group besides NT-AUTHORITAT or VORDEFINIERT read/write
access to the file.

Colin Stolley
UW Madison Condor Team
Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>