From: Luke Cole <luke@(email surpressed).au> Subject: Win2K Submit Error Date: Fri, 20 Jan 2006 03:33:11 -0500 |
Msg# 1197 View Complete Thread (6 articles) | All Threads Last Next |
Hi Greg,We have encountered a problem submitting jobs from a Win2K host where the specified log directory is located on a share exported from our netapp filer. The Win2K host already has the share mapped (by the same user that the running rushd is owned by) and is accessible as usual via windows explorer etc. The exact error message we receive when submitting the job is:"rush: `rush -submit: Logdir '\\na2.fuel\red\blah\blah\blah': Logon failure: Unknown user name or bad password.'" The error does not occur if we redirect the logs to a non-netapp share. The error does not occur if we submit the job from a WinXP host. --- Luke Cole Systems Administrator / TD FUEL International 65 King St., Newtown, Sydney NSW, Australia 2042 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Win2K Submit Error Date: Fri, 20 Jan 2006 13:46:51 -0500 |
Msg# 1199 View Complete Thread (6 articles) | All Threads Last Next |
Luke Cole wrote: [posted to rush.general] Hi Greg,We have encountered a problem submitting jobs from a Win2K host where the specified log directory is located on a share exported from our netapp filer.The Win2K host already has the share mapped (by the same user that the running rushd is owned by) and is accessible as usual via windows explorer etc.The exact error message we receive when submitting the job is:"rush: `rush -submit: Logdir '\\na2.fuel\red\blah\blah\blah': Logon failure: Unknown user name or bad password.'"The error does not occur if we redirect the logs to a non-netapp share. The error does not occur if we submit the job from a WinXP host. Hi Luke, The issue occurring here is most likely this one: http://www.seriss.com/rush-current/rush/rush-admin-faq.html#ADMINFAQ-ENOENT Sounds like the user the "rushd" service is set up to "Log On As" doesn't have a valid account (or has a mismatching password) on the filer. Determine what user you have the rushd service configured to run as (let's say it's "render"), and then on that machine in a DOS window try: runas /user:render cmd ..this will open a new DOS window running as that user. Then try to access the filer with commands in that new DOS window: dir \\na2.fuel\red\blah\blah\blah ..and try a read\write test: echo x > \\na2.fuel\red\blah\blah\blah\foo.txt type \\na2.fuel\red\blah\blah\blah\foo.txt You should be able to replicate the problem that way. If none of that is it, what version of Rush are you running? -- Greg Ercolano, erco@(email surpressed) Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Cel: (Tel# suppressed) Fax: (Tel# suppressed) |
From: Luke Cole <luke@(email surpressed).au> Subject: Re: Win2K Submit Error Date: Sun, 22 Jan 2006 18:01:28 -0500 |
Msg# 1201 View Complete Thread (6 articles) | All Threads Last Next |
Hi Greg,
Yes - that seems to be it - I can't even do the directory listing: c:\blah> dir \\na2.fuel\red Logon failure: unknown user name or bad passwordMust be due to the way the render accounts are both setup - having a different password locally, to what has been set for that user on the netapp filer. I guess I will have to change them so that they both match. Having differing passwords works fine with Windows XP, so it must just be a Win2K specific "feature". Thanks for your assistance. Luke --- Luke Cole Systems Administrator / TD FUEL International 65 King St., Newtown, Sydney NSW, Australia 2042 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Win2K Submit Error Date: Sun, 22 Jan 2006 18:53:03 -0500 |
Msg# 1202 View Complete Thread (6 articles) | All Threads Last Next |
Luke Cole wrote: Yes - that seems to be it - I can't even do the directory listing: c:\blah> dir \\na2.fuel\red Logon failure: unknown user name or bad password Right -- sounds like some kind of issue with the user in question with respect to the file server. Must be due to the way the render accounts are both setup - having a different password locally, to what has been set for that user on the netapp filer. I guess I will have to change them so that they both match. Yes, that is how authentication is achieved; both server and client must agree on the same user/password combo. Otherwise a bad guy could make the same account name on a rogue notebook computer and gain access to the server. As designed, the idea is they can't access the server without the matching password. Having differing passwords works fine with Windows XP, so it must just be a Win2K specific "feature". I guess I'd be surprised if that were the case, given the above scenario; I don't see how security could be preserved with only a username. My guess is its failing over to guest access in that case. One thing you might check: make sure the XP is configured with the same WORKGROUP as the other machines. -- Greg Ercolano, erco@(email surpressed) Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Cel: (Tel# suppressed) Fax: (Tel# suppressed) |
From: Luke Cole <luke@(email surpressed).au> Subject: Re: Win2K Submit Error Date: Sun, 22 Jan 2006 19:22:28 -0500 |
Msg# 1203 View Complete Thread (6 articles) | All Threads Last Next |
Hi Greg, Having differing passwords works fine with Windows XP, so it must just be a Win2K specific "feature". The domain/workgroup must also come into it somehow as you suggest....I carried out some more tests: On the Win XP box (on the samba domain FUEL): c:\>runas /user:netrender cmd Enter the password for netrender: Attempting to start cmd as user "STUKA\netrender" RUNAS ERROR: Unable to run - cmd 1326: Logon failure: unknown user name or bad password.So, by default Win XP seems to be looking inside the local user database for the credentials...if I go: c:\>runas /user/:FUEL\netrender cmd Enter the password for FUEL\netrender: Attempting to start cmd as user "FUEL\netrender"And it works - launching the new cmd window - in this new window I try the directory listing: c:\blah> dir \\na2.fuel\red\ Logon failure: unknown user name or bad password.Which is now what we have learned to expect, because the netrender account on the filer has a different password. However, in our testing on Friday, we found that specifying a log directory on the filer would work on Win XP hosts (the share on the filer is already mapped on the Win XP host using different credentials - same username, but matched with the password of the account on the filer). I checked the user account manager in the control panel - it says it has a user netrender in the FUEL domain (rather than the local STUKA domain). Returning to my Win 2K box once again (also on the samba domain FUEL): c:\>runas /user:netrender cmd Enter the password for netrender: Attempting to start "cmd" as user "netrender"... And a new command shell is opened. c:\>runas /user:FUEL\netrender cmd Enter password for FUEL\netrender: Attempting to start "cmd" as user "FUEL\netrender"... And a new command shell is opened also.We already know that then going on to do the directory listing also generates the Logon failure message like the XP host, however our testing on Friday also showed that it won't let us use a log directory on the filer even when it is mapped to the host in the same way as on the XP host, using different credentials - same username, but matched with the password of the account on the filer, rather than on the domain). Examining the user account manager in the control panel shows the same thing as on the XP host - it has a user netrender in the FUEL domain (rather than the local LANCASTER domain). So I suppose the "problem" comes down to differences between the ways in which Win 2K and Win XP handle user authentication/drive mappings... --- Luke Cole Systems Administrator / TD FUEL International 65 King St., Newtown, Sydney NSW, Australia 2042 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Win2K Submit Error Date: Mon, 23 Jan 2006 04:59:24 -0500 |
Msg# 1204 View Complete Thread (6 articles) | All Threads Last Next |
Luke Cole wrote: Correct -- without a domain qualifier, it assumes the local machine. As you show below, to login as the domain user, you have to use the "DOMAIN\username" syntax for the runas command. c:\>runas /user/:FUEL\netrender cmd Enter the password for FUEL\netrender: Attempting to start cmd as user "FUEL\netrender"And it works - launching the new cmd window - in this new window I try the directory listing:c:\blah> dir \\na2.fuel\red\ Logon failure: unknown user name or bad password.
Sounds like the domain user FUEL\netrender is somehow unknown
or untrusted by your file server.
Since FUEL\netrender is a domain user, and if your server is
part of that domain, then the 'FUEL\netrender' user should have
the same password everywhere, and consistent access permissions.
Verify the Rushd service is set to run consistently as the domain
user "FUEL\netrender" on all machines in the "Services|Rushd|Log On As".
Or, configure all machines with a *local* 'netrender' user ('workgroup' style),
in which case make sure Rushd runs as that user on all machines, has the
same local password on each, and on the filer as well.
Examining the user account manager in the control panel shows the same thing as on the XP host - it has a user netrender in the FUEL domain (rather than the local LANCASTER domain). You can have both a local user 'netrender' and the FUEL\netrender domain user. Sometimes this is done to give the domain user local admin permissions by adding the local netrender user to the admin group. So I suppose the "problem" comes down to differences between the ways in which Win 2K and Win XP handle user authentication/drive mappings... It sounds odd.. I'm more apt to think there are differences in the user configs on the different machines, or domain membership issues. Either that, or its running XP Home Edition ;) (Home Edition has very dumbed down network file sharing capabilities; basically only guest access is allowed) -- Greg Ercolano, erco@(email surpressed) Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Cel: (Tel# suppressed) Fax: (Tel# suppressed) |