I am trying to install Hbase on a VM under Windows 7.
I followed the instructions and everything is OK until i do the ssh-host-config.
I see the following:
>Should privilege separation be used? Yes
>new local account ‘sshd’? Yes
>Do you want to install sshd as a service? Yes
>Enter the value of CYGWIN for the daemon?[] just <enter>
>Do you want to use a different name? No
>create new privileged user account ‘cyg_server’ account? Yes
>Please enter the password:
>Reenter:
>User has been created
>System error 1376 has occurred
>The specified local group does not exist.
>Adding user cyg_server to local group root failed
>Please add cyg_server to local group before
You can check what that lame error means, with:
$ NET HELPMSG 1376
The specified local group does not exist.
The problem seem to be that the script is not giving the new user account "Administrator" group membership. You can check this with: net user cyg_server from a normal windows command shell (CMD). Make sure the line reads:
Local Group Memberships *Administrators *Users
If it doesn't, you need to open the Windows control panel and navigate to User Accounts.
There you will find a new account called "Privileged server", which is the cyg_server account. You need to change the account type of that from Standard to Administrator.
Now restart sshd and check that it's running with:
$ cygrunsrv.exe --query sshd
Service : sshd
Display name : CYGWIN sshd
Current State : Running
Controls Accepted : Stop
Command : /usr/sbin/sshd -D
However, this is probably not the end of the story as these accounts cannot be used to login with, if they do not have a password assigned. You need to create (and add to /etc/passwd) a new account with remote login rights. And don't forget to check account password expiration...
Related
I want to install a TeamCity BuildAgend as a user. When entering my user credentials here:
I always get this error:
NOTE: My account (user) is Administrator with full permission!
How can I do this?
The error message says it does not have "enough rights to run as a service",
this is slightly different from just being an administrator.
Go to Control Panel> Administrative Tools> Local Security Policy.
Select Local Policies> User Rights Assignment.
Scroll down through the list of policies and look for Log on as a service.
Add the account you're using to the list of accounts with this right.
That should in theory be all you need to allow the service to run under that user.
The best powershell command that I have found for this is:
Grant-Privilege -Identity $SERVICE_USERNAME -Privilege SeServiceLogonRight
Requires use of the Carbon framework.
I'm a Windows 10 Home user and the steps above did not work for me, but the following did:
Enable gpedit.msc by running the batch file as explained here under Method 1: https://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/
Run gpedit.msc
Go to Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Double-click Log on as a service
On the window that appears, click Add User or Group...
Enter your username and click the Check Names button
Your name will be modified, adding the machine name as the prefix. Click OK
Click OK on the Log on as a service Properties window to apply the change.
It is a little bit of a pain, but after doing that, I was able to continue installing TeamCity
I am trying to install an Admin Workstation with a demo database for Maximo 7.5 on Windows Server 2008 R2.
I downloaded two files, 1) MAM_LAUNCHPAD_7.5_EIMG_1_OF_2_REF.zip and 2) MAM_LAUNCHPAD_7.5_EIMG_2_OF_2_REF.zip .
I extracted the contents into the same folder and ran launchpad64 as Administrator.
When I click on Verify installation requirements, I get an error in the command prompt box that says:
CTGIN8125E : Administrative priviliges are required to execute this script.
Please any key to continue . . .
I believe it has to do with running cscript.exe that is normally in c:
\windows\system32
My security role is Domain User, but was able to add myself in the Administrators role. I would think with Administrators role, I would have full privileges.
I have the video of some the steps I performed here
Create a local user on the server
Give that local user Administrator role
Log locally into the server as that local user: server\local_user
right click on launchpad64 as run as Administrator
You should be able to Verify installation requirements now.
When I execute the command "iisreset" through an ssh terminal on a remote windows machine, I get the following error:
Attempting stop...
Restart attempt failed.
Access denied, you must be an administrator of the remote computer to use this
command. Either have your account added to the administrator local group of
the remote computer or to the domain administrator global group.
When I type whoami, it shows that I am the administrator. My cygwin ssh session is running as the "cyg_server" user who has admin privileges.
My ssh server is configured with privilege separation and allows me to login as administrator.
When I run the command locally, it works fine. The problem is execution through ssh.
I've also used process monitor to see what's going on, but it does not indicate the problem.
That is pretty strange because I am able to do admin-only operations in remote ssh such as:
echo "hi">/cygdrive/c/x.txt
rm /cygdrive/c/x.txt
Turning off UAC did not make a difference.
Any ideas?
I had a similar problem: unable to start/stop services using net start/net stop from a remote password-less (public/private key) SSH user. Attempting to start/stop the service was resulting in a "System Error 5 has occurred. Access is denied." error).
I had to install Cygwin's LSA authentication package (see http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview) in order for (I presume) setuid to work properly for password-less logins.
The problem should go away once LSA is installed on the Cygwin/SSH host and the machine has been rebooted.
I got scared of the LSA package mentioned in #user3609241's answer because of this sentence in the LSA docs:
as soon as the LSA encounters serious problems (for instance, one of
the protected LSA processes died), it triggers a system reboot.
But, those same docs point to a very easy way to "runas" SYSTEM - just use the at command:
$ date
Mon, Jan 12, 2015 8:17:35 PM
$ at 20:18 iisreset
Added a new job with job ID = 1
$ at
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Today 8:18 PM iisreset
It works, at the cost of having to wait up to 59 seconds.
(wrapping the above sequence of commands in a simple-to-call script is left as an exercise to the reader; our management util is written in Perl so it was pretty straightforward).
Run the Cygwin terminal as administrator
I'm writing a script that periodically checks that certain services are running on remote workstations. I'm having a devil of a time getting an "SC \workst1 query" command working from one test machine to another. Both machines are running XP pro SP3. Neither is part of a domain. Both are in the same workgroup, and the administrator accounts have the same passwords.
I keep getting the "[SC] OpenSCManager FAILED 5: Access is denied" message, from either workstation to the other. I have tried using elevated privileges on both. Windows firewall software is turned off. There are no messages are showing up in the Event security logs. When (as administrator) I try going to "Computer Management" -> "connect to another computer" and access the remote services I get "Error 5 Access is denied".
I can set up a filesystem share between the two machines successfully, and "net use \workst1\IPC$ /user:Administrator" completes successfully, but the SC query still fails. I'm using IP addresses and not hostnames in these commands, but that doesn't help. I don't know what else to try. Thanks for the help.
Try to run the commans as a Administrator
start-> (type cmd in search box), right click on cmd, Run as a administrator -> execute your command
You must have administrative rights on the remote machine.
Moreover you must access the drive before calling "sc".
This can be achieved in command line using
net use \\remotemachine\admin$ <password> /user:<username>
admin$ is a hidden shared drive accessible to administrators that "sc" uses to control services.
I was having the same issue today trying to check if a service is enabled remotely.
I could solve the issue modifying the User Account Control for remote restrictions in windows:
To disable UAC remote restrictions, follow these steps:
Click Start, click Run, type regedit, and then press ENTER.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
If the LocalAccountTokenFilterPolicy registry entry does not exist,
follow these steps:
On the Edit menu, point to New, and then click DWORD Value. Type LocalAccountTokenFilterPolicy, and then press ENTER.
Right-click LocalAccountTokenFilterPolicy, and then click Modify. In the Value data box, type 1, and then click OK.
Exit Registry Editor.
More information about this solution in this site.
Your user should be remote, from Manage and Local users and groups
The UAC issue is obvious you have to pull down the lever for UAC setting
Also while installing the services you can use the following command
SC create SERVICENAME DisplayName= "DISPLAYNAME" binPath= "PATH OF EXE" start= disabled type= share
I have three server, we will call them Ebonroc, Anzu and Onyx.
All Three are running the same version of Redhat and the same version of cPanel/WHM.
Onyx is a remote server and the other two are local.
When I try and copy and account using the WHM "Copy an Account From Another Server" tool from Onyx to Ebonroc it fails with only this error. (Unable to get user id for user $Username at /usr/local/cpanel/scripts/pkgacct line 155. Command failed with exit status 255).
If I copy the same account from Onyx to Anzu it will work, and it will also work if i then copy the same account from Anzu to Ebonroc after it has been transferred to Anzu but it will never work from Onyx to Ebonroc.
Both Ebonroc and Anzu are behind the same firewall and i do not see anything being blocked during either servers attempts.
Does anyone have an idea why I can’t transfer between Onyx and Ebonroc?
You should double check that the account name (cPanel username) is exist in the server Onyx.
try grep user_name /etc/trueuserdomains
And see that that account exists. If you sure that the account user_name is exists, then try taking the backup of the account manually
/scripts/pkgacct user_name
If you are still getting error as mentioned above, then check /etc/passwd file
grep user_name /etc/passwd
You should see a line starting like as below
user_name:x:uuu:ggg::/home/user_name:/bin/bash
Instead of /bin/bash you may see /usr/local/cpanel/bin/noshell if you haven't enabled the shell access for the account
uuu >> userID
ggg >> groupID
If you are not getting any o/p for the "grep user_name /etc/passwd", Then the account isn't created correctly.
If the account doesn't created correctly, cPanel can't detect the corresponding details.
Let us know with your results.