I found a way to impersonate the service account and I get the same thing (my share is samba public read only on a linux box with no AD integration (restricted by IP in iptables). Pretty confident at this point it’s my lack of understanding/strategy on how to manage the config files. How you can run commands as windows local built-in accounts Create a temp service like so sc create testsvc binpath= "cmd /K start" type= own type= interact If you want to use the LocalService or NetworkService account instead run services.msc and set the Log On tab for the newly created service to This account: NT AUTHORITY\LocalService or NT AUTHORITY\NetworkService respectively. Then start the service sc start testsvc Depending on your UAC settings you may or may not get an interactive services detection dialog that you have to bring to the foreground and click on view. In the end it will bring up a cmd window that is running as the system or service account configured. When finished… sc delete testsvc ref: http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Ziliang Guo A couple of comments. What other people have said about user permissions for network mounted drives/directories is probably your main problem. The SYSTEM account that Windows services run under have explicitly restricted permissions when it comes to network mounted resources and is essentially never granted permission to use them by default. That was an intentional thing on MS' part, meaning network drivers accessible to regular users are not automatically accessible to the SYSTEM user account, even if the SYSTEM user account can do pretty much anything it wants on the local machine. The reason it works when you use regular user accounts is those accounts generally have the correct permissions associated with them. People who do put config/log/etc files on a network drive have generally had to remove all access protections on those files/directories in order to get HTCondor running as a service to be able to access them. A few others have gone to the trouble of explicitly adding permissions and the like, but that only works in an active domain environment. Also, when you start HTCondor from the command line (by starting condor_master or etc), you are not starting a service. HTCondor is capable of running as a regular process under a normal user account, but that is generally not the way you should be running it under Windows. On Tue, Jun 11, 2013 at 3:28 PM, Dunn, George Jr <dunng@xxxxxxxx> wrote: OK after some digging I found someone mention this: condor_master –f I tried that and get the following: ERROR: Can’t read config source /home/condor/condor_config.local So I changed the LOCAL_CONFIG_FILE in the global condor_config on the network share to /foo/bar/conf And now the message changed to ERROR: Can’t read config source /foo/bar/conf Yay! Its working (sort of). When I set the LOCAL_CONFIG_FILE to something that exists I get <DATE> Can’t open “/log/MasterLog” Now I am assuming that this is due to my LOCAL_DIR not being set to something sane for the environment (in this case tilde) What I am looking for is the best strategy with respect to config files to accomplish the following: 1) Mixed Linux and Windows machines in the same pool 2) Central global and local config files. Liking the idea of separating out the local_configs by OS and Arch. I am getting bits and pieces of this from various sources but I have not found anything that just spits out what I don’t understand. I will keep documenting as I find more. At the very least I hope my continued embarrassment of myself and my organization helps someone, sometime! From: Dunn, George Jr Hi Thanks. I don’t think this is the case as it is a read only guest access samba share that I use ALL the time as such so I would be really surprised if it was a permission issue on the file server side. I can just do start-run and type the unc as any user and it just loads with no questions asked. I guess what I really seem to want is a mechanism (script with needed vars?) whereby I can start the service (like running condor_master on linux) and hope there is better debug information being output. From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of O'Donnell, Michael Have you set up folder permissions so that system nt can read your config file. We use the same set up and in order to get this to work, I assigned machines (versus users) read access to the folder containing the configuration files. Try this and then see if your service will start. mike On Thu, Jun 6, 2013 at 6:06 AM, Dunn, George Jr <dunng@xxxxxxxx> wrote: Hi Again, I promise I will stop flooding the list soon! J I am trying to have a central condor_config for these windows machine with UNC path. I have a share setup with guest read only. IE I can open windows explorer and type in the the path and it loads without any prompting. I have tried: - Setting the System environment variable CONDOR_CONFIG to the unc path to the file. -Setting the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Condor] "CONDOR_CONFIG"="\\x.x.x.x\\<share>\\condor_config" In both cases I get an error 1067 in windows when trying to start the service but nothing that I can find in the condor logs. I was reading that it may be due to Local Service account not having network access but to test I created I local user with administrator access and I still get the same error. Has anyone seen this or better yet found a solution / work around ? Almost There! Eddie
|