[wpkg-users] WPKG and Vista UAC
Vladimír Pšenička
vladimir.psenicka at prodeco.cz
Fri May 23 13:07:29 CEST 2008
So local setting done with wpkg service are ok (no errors) on Vista,
example:
> <package
> id="firewall - vnc"
> name="Open port TCP 5900 on Windows"
> revision="4"
> reboot="false"
> notify="false"
> priority="100"
> execute="once">
>
> <install cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\netsh.exe" netsh firewall add portopening TCP 5900 VNC enable subnet' />
>
> <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\netsh.exe" netsh firewall delete portopening TCP 5900' />
>
> </package>
so I tested same settings on XP machine and doesn't work either
log from samba machine:
> [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146)
> error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
> [2008/05/23 12:32:45, 3] smbd/process.c:process_smb(1110)
> Transaction 111 of length 86
> [2008/05/23 12:32:45, 3] smbd/process.c:switch_message(914)
> switch message SMBtconX (pid 5113) conn 0x0
> [2008/05/23 12:32:45, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/05/23 12:32:45, 2] smbd/service.c:make_connection_snum(569)
> guest user (from session setup) not permitted to access this share (install)
> [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146)
problem is that guest user cannot access share, so I added "guest ok =
yes" to smb.conf, before this I had Domain Admin account in WPKG execute
context user, so access to share wasn't problem, but Vista with UAC
didn't work (need to elevate user rights).
Final I have:
---
WPKG path user: domain user
WPKG execution context user: SYSTEM
"guest ok = yes" in smb.conf in share definition on samba machine
---
and everything works fine on XP and Vista with UAC
Thank you for your help
Tomasz Chmielewski napsal(a):
> Vladimír Pšenička schrieb:
>> Yes samba share, samba version is 3.0.24, I dont have ACL support
>> enabled. But WPKG path user (domain user) can access samba share (read)
>> without problem.
>
> Check your Samba logs.
>
> The easiest way would be to:
>
> Set them to "log level = 3". Make the log size of 1000.
>
> Clear the log (but not remove it!) for the given workstation - from bash
> prompt, do:
>
> # >/var/log/samba/log.workstation_name
>
> Then, from a cmd.exe window do (started as Administrator):
>
> net stop "WPKG service"
> net start "WPKG service"
>
>
> Check Samba log for that workstation, it will give you some hint on
> where you connect to, with what credentials, and why it fails (or
> succeeds).
>
>
--
Vladimir Psenicka
IT system engineer
Prodeco a.s.
More information about the wpkg-users
mailing list