Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

ID Command Fails Consistently in SFU 3.0

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> ID Command Fails Consistently in SFU 3.0 Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
ID Command Fails Consistently in SFU 3.0 - Apr. 22, '04, 11:13:37 AM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
Hello all:

I am a Windowx MCSE and I have a client who is using SFU to run a scipt (UNIX-based) on a Windows Oracle database.

This client consistently gets an error whenever he tries to use the "ID <username>" command. The server is a domain member and regardless of account (domain or local) he gets this error. The error is explained in this Knowledgebase article

http://support.microsoft.com/default.aspx?scid=kb;en-us;835349

The hotfix they suggested did not work. My "gut" tells me he is having a "user right" problem since the server has some applied. I have just recieved the call for this and it is pretty urgent so I have not yet "eyeballed" the machine.

I was hoping someone on this forum would be able to assist me or know off the top of their head the answer to my problem. Also, if you happen to knoe if this service requires any specific user rights I would appreciate it.

Thank You
Post #: 1
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 22, '04, 12:18:34 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
The patch/hotfix you refer to is for Interix 3.0.
The current release is 3.5. Which one is your customer using?

Also this hotfix refers to the subsystem stopping. Using id
isn't going to stop the system. What is the error message exactly?
What is the "status" value in the shell at return?
What is an example of the user input (verbatim) ? (<--this is important)

(in reply to Celestial)
Post #: 2
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 22, '04, 12:20:33 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
That KB article is completly void of any useful information.
It doesn't describe any of the scenarios or symptoms or any of the fixes that were put into the patch. So you have no idea what problems it will fix.
But on the plus side - it is the latest subsystem with all the latest fixes.

Let's see if I can summarize your problem:
- client is using Interix 3.0
- client installed the latest Interix 3.0 subsystem (7.0.1701.29) dated Feb 3, 2004
- client types "id username" and this latest Interix 3.0 subsystem still crashes. (ie the PSXSS.EXE program exits. It is no longer running on the system, right ?) At this point client has to reboot to restart Interix subsystem.

Are there any error messages at all ?
Either on the command line or in the Window's event logs.

Can you get explicit examples of the /bin/id command line that is causing he problem (what does the "username" argument look like )?

Can you get the output from the following commands :
$ uname -a
$ pdomain
$ pwd
$ id -D
$ id +Administrator


Any reason why the client is not using SFU/Interix 3.5 ?

(in reply to Celestial)
Post #: 3
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 22, '04, 12:44:16 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
quote:

This client consistently gets an error whenever he tries to use the "ID <username>" command. The server is a domain member and regardless of account (domain or local) he gets this error


What does "regardless of account" mean ? Are you refering to the "username" argument that is used in /bin/id ? Or are you suggesting that any account can try to execute /bin/id and it fails.

(in reply to markfunk)
Post #: 4
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 1:40:39 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
Here is the output of the commands. Also we cannot upgrade to 3.5 because this server is running Windows NT 4.0 and the client will not (at this point in time) upgrade to Windows 2000.

$uname -a
Interix cisgdm2 3.0 SP-7.0.1701.1 x86 Intel_x86_Family6_Model7_Stepping3
$pdomain
DIGPROD
$pwd
/dev/fs/C
$id -D
uid=197215(DIGSVR2+mlopez) gid=197642(DIGSVR2+None) groups=197345(DIGSVR2+None),
65767(+Everyone), 131939(BUILTIN+Administrators), 131357(BUILTIN+Users), 4095(C
urrentSession), 66048(+LOCAL), 66820(NT AUTHORITY+INTERACTIVE), 66827(NT AUTHORI
TY+Authenticated Users)
$id +SVRAdmin <======Renamed Administrator Account
Here is the output of the commands. Also we cannot upgrade to 3.5 because this server is running Windows NT 4.0 and the client will not (at this point in time) upgrade to Windows 2000.

$uname -a
Interix cisgdm2 3.0 SP-7.0.1701.1 x86 Intel_x86_Family6_Model7_Stepping3

$pdomain
DIGPROD

$pwd
/dev/fs/C

$id -D
uid=197215(DIGSVR2+mlopez) gid=197642(DIGSVR2+None) groups=197345(DIGSVR2+None),
65767(+Everyone), 131939(BUILTIN+Administrators), 131357(BUILTIN+Users), 4095(C
urrentSession), 66048(+LOCAL), 66820(NT AUTHORITY+INTERACTIVE), 66827(NT AUTHORI
TY+Authenticated Users)

$id +SVRAdmin <=======Renamed Administrator Account
uid=1049213(SVRAdmin) gid=10490(Domain Users) groups=1049089(Domain Users)

I ran all these commands as a LOCAL ADMIN and they worked. When I run these commands as a DOMAIN USER

(in reply to Celestial)
Post #: 5
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 1:41:36 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
DOMAIN USER the last command fails and the poxss.exe process fails.

(in reply to Celestial)
Post #: 6
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 2:03:06 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
> Also we cannot upgrade to 3.5 because...
Darn.

As user "DIGSVR2+mlopez", from a Win32 CMD.EXE, can you run:
net user SVRAdmin

Does it o/p okay? Or (hopefully) it gives some error message?

What happens when you do it by uid? So "id 197108" ?
(The id won't change even when the acct is renamed).

(in reply to Celestial)
Post #: 7
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 2:39:05 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
It enumerates the ID under local account and domain account. The domain account is in the "Administrators" local group so it is hard to understand why it is not working.

From the Domain account that is not working I can enumerate the Administrator account "net user SVRAdmin" and it can enumerate its own account using the following "net user domacct /DOMAIN"

(in reply to Rodney)
Post #: 8
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 3:26:11 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
quote:

$uname -a
Interix cisgdm2 3.0 SP-7.0.1701.1 x86 Intel_x86_Family6_Model7_Stepping3
$pdomain
DIGPROD
$id -D
uid=197215(DIGSVR2+mlopez) gid=197642(DIGSVR2+None) groups=197345(DIGSVR2+None), 65767(+Everyone), 131939(BUILTIN+Administrators), 131357(BUILTIN+Users), 4095(CurrentSession), 66048(+LOCAL), 66820(NT AUTHORITY+INTERACTIVE), 66827(NT AUTHORITY+Authenticated Users)

I'm confused. Are you running these commands on the same machine ?
Looks like you are running the commands on a machine called "cisgdm2", right ?
So then, what is "DIGSVR2" ? Is this another machine ? Or another domain ? or what ?

What is your NT OS network configuration ? A single NT server ?
Multiple NT servers in a "cluster" ?

Is this a single domain network ? (ie just DIGPROD). Or do you have multiple domains with trust relationships between them ?

quote:

$id +SVRAdmin <=======Renamed Administrator Account
uid=1049213(SVRAdmin) gid=10490(Domain Users) groups=1049089(Domain Users)

FYI: This doesn't look correct either. A domain Administrator account is supposed to have the id of 1049076. This is the original account that NT created when the domain was created. It had the name 'Administraotr'. The id number does not change regardless of what you've named it.
This account "+SVRAdmin" does not appear to be the 'domain Administrator'
It looks like SVRAdmin is an account you created afterwards.
Being in the Administrators account is not what we mean by "the Administrator account".
I don't think this has any bearing on the problem though. I point this out just for your information.

(in reply to Celestial)
Post #: 9
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 3:57:26 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
I apologize, this is my fault. I do not want to give you the exact server and domain names and I changed them. Of course, you guys caught me by the ID numbers. You are trying to help me and I appreciate it very much.

It is a NT 4.0 Cluster, it is not working on both nodes. it is in a nt 4.0 domain. I will run the commands and give you the EXACT output.

This is being run as a local admin account (mlopez) NOT Administrator (I do not have that password). NYPAdmin is the "Administrator" account.

$uname -a
Interix cisgdm2 3.0 SP-7.0.1701.1 x86 Intel_x86_Family6_Model7_Stepping3

$pdomain
CISGPROD

$pwd
/dev/fs/C

$id -D
I apologize, this is my fault. I do not want to give you the exact server and domain names and I changed them. Of course, you guys caught me by the ID numbers. You are trying to help me and I appreciate it very much.

It is a NT 4.0 Cluster, it is not working on both nodes. it is in a nt 4.0 domain. I will run the commands and give you the EXACT output.

This is being run as a local admin account NOT Administrator (I do not have that password).

$uname -a
Interix cisgdm2 3.0 SP-7.0.1701.1 x86 Intel_x86_Family6_Model7_Stepping3

$pdomain
CISGPROD

$id -D
uid=197618(CISGDM2+mlopez) gid=197121(CISGDM2+None) groups=197121(CISGDM2+None), 65792(+Everyone), 131616(BUILTIN+Administrators), 131617(BUILTIN+Users), 4095(CurrentSession), 66048(+LOCAL), 66820(NT AUTHORITY+INTERACTIVE), 66827(NT AUTHORITY+Authenticated Users)

$ id +NYPAdmin
uid=197108(CISGDM2+NYPAdmin) gid=197121(CISGDM2+None) groups=197121(CISGDM2+None
), 131616(+Administrators)

(in reply to markfunk)
Post #: 10
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 3:59:19 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
Sorry about the duplicate stuff. I am "remote controlling" the machine via mstsc and pcanywhere and cutting and pasting remotely between two remote control programs is hell.

(in reply to Celestial)
Post #: 11
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:08:08 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
Here is the response with local admin account (mlopez) of the domain user who cannot run the command (this user is in local Administrators group)

$ id +dfutter
uid=1049714(dfutter) gid=1049089(Domain Users) groups=1049089(Domain Users), 131
616(+Administrators)

(in reply to Celestial)
Post #: 12
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:18:14 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
I asked the UNIX Admin why "User Mapping" wasn't used and he said it wasn't necessary. Is that the case with domain accounts?

In either case user mapping is not being used in this scenario.

(in reply to Celestial)
Post #: 13
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:38:52 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
What is this group?

gid=197121(CISGDM2+None) groups=197121(CISGDM2+None),

That is the one difference I see between the dfutter account and the NYPAdmin account. I cannot login as that account but I assume that would work since the mlopez account works and it has that same group applied.

(in reply to Celestial)
Post #: 14
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:46:10 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
1) User Name Mapper is only useful if you're using NFS server or client. It is not necessary otherwise.

2) I'm pretty sure the problem is going to be caused by the NT cluster configuration. I don't think Interix 3.0 was ever tested in an NT4 cluster environment. The way to get this fixed is to go through Microsoft support. They are the only ones that can fix this type of problem. I don't see any obvious workaround for this.

What you need to convey to Microsoft support:
a) this is an NT4 cluster configuration
b) the exact "/bin/id username" command line that you use to crash psxss.exe and that you're doing this from a client machine that is a member of the domain. You want to specify what type of account this "username" is (any domain account, right ?)
c) what type of account (local or domain) that is logged into the client machine when the "/bin/id" is executed.

(in reply to Celestial)
Post #: 15
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:57:18 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
quote:

What is this group?

gid=197121(CISGDM2+None) groups=197121(CISGDM2+None),

All non-domain machines have a local user/group account database. The "None" group on machine "CISGDM2" is the default group for all users on that machine. You cannot change this. (at least not from the standard GUI tools).
This doesn't happen on domain accounts.

(in reply to markfunk)
Post #: 16
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 4:58:02 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
Thank you for all your help. This service is not clustered it just happens to run on a cluster. I am wondering if it is a file permission issue. I did a search and was re-directed to another thread in this forum.

http://www.interopsystems.com/tools/forum/tm.asp?m=1819

This sounds like a similar issue. They are using "Special Permissions" on the /user/bin subdirectory.

What Windows permissions should be applied to this subdirectory?

(in reply to markfunk)
Post #: 17
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 5:04:09 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
That thread had nothing to do with /usr/bin.
There were files that yankovic had placed on his system from
the Win32 side and thus the ACL's (permissions) on the files were weird.
When you install SFU all of the Interix file tree has the right permission
settings. So _not_ apply permission changes to the Interix tree using Win32.

(in reply to Celestial)
Post #: 18
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 5:06:55 PM   
Celestial

 

Posts: 16
Joined: Apr. 22, '04,
Status: offline
That is true but I cannot verify to you that an admin did not change the permission afterward.

Anyway I did a chmod 755 and IT WORKS!

You guys rock.

(in reply to Rodney)
Post #: 19
RE: ID Command Fails Consistently in SFU 3.0 - Apr. 26, '04, 5:06:58 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
What you are doing is not a file permission issue.
Your problem is that the subsystem crashes while executing the /bin/id command. The subsystem is never supposed to crash. This is a big-time bug. Similar to an NT blue screen. This is never supposed to happen.

The command /bin/id makes system calls to the subsystem which makes queries to the system/domain user/group databases so that the appropriate information can be returned.
Since you are the first person that I know of that is using NT clustering, and you're the only one that can crash the subsystem using /bin/id, I'm pretty sure this isn't a co-incidence.

If you want to understand the difference between "user", "+user" and "domain+user" and how "principal domains" work (see /bin/pdomain) then read about it all in the "Help for Services for UNIX" docs.

(in reply to Celestial)
Post #: 20
Page:   [1] 2   next >   >>
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> ID Command Fails Consistently in SFU 3.0 Page: [1] 2   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.094