I tried that and I get.....
before LogonAsUser(): name = apache
The operation completed successfully.
Failed to logon as apache.
The Win32 error number is: 1
The Win32 error text is: Incorrect function
The Perl error number is: 0
The Perl error text is:
.............................
I am attempting to use this script via an apache web server that is running
as the "apache" user.
I have set all of the privileges as described in prior posts.
What is with the "Incorrect function" result?
I am using binary build 623 of activestate perl 5.6.0
Kevin Ailes
Administrator
OTTO Engineering
> -----Original Message-----
> From: Dean Theophilou [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 17, 2002 3:57 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Win32::Adminmisc
>
> Hmmm...I'm not really sure what's happening here. That the operation
> "completed
> successfully" is obviously wrong. How about trying something like this
> (which
> is borrowed from Win32 Perl Programming: The Standard Extensions, 2 ed.,
> by Dave
> Roth):
>
> use Win32::AdminMisc;
> use Win32;
>
> $! = $^E = 0;
> $name = Win32::AdminMisc::GetLogonName();
> print("before LogonAsUser(): name = $name\n");
>
> if (Win32::AdminMisc::LogonAsUser("",
> "bob",
> "welcome",
> LOGON32_LOGON_INTERACTIVE )) {
> $name = Win32::AdminMisc::GetLogonName();
> print("Successfully. After LogonAsUser(), name = $name\n");
>
> } else {
> print Win32::FormatMessage(Win32::GetLastError());
> print "Failed to logon as $name.\n";
> print "Currently logged on as: " . Win32::AdminMisc::GetLogonName();
> print "The Win32 error number is: ", int($^E), "\n";
> print "The Win32 error text is: $^E\n";
> print "The Perl error number is: ", int($!), "\n";
> print "The Perl error text is: $!\n";
>
> }
>
> Try that and see what error comes up.
>
>
> Dean
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 17, 2002 2:13 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Win32::Adminmisc
>
>
> Hello Dean,
>
> Thanks for your help.
> I tried as you mentionned in your message but it didn't work.
>
> Win32::FormatMessage(Win32::GetLastError()) ===> printed "The operation
> completed successfully"
> The errno $! was empty.
>
> Environment:
> - ActiveState Perl 5.005_03 build 522
> - Extension Win32::AdminMisc Perl 5.005 ActiveState Build (Last updated
> 20000117)
> - The user who runs the script is a domain administrator (Eric) and the 4
> privileges were set for him
> - The impersonated user is an end-user (Bob) in the same domain
>
>
> Here is the test script:
> ##############################################################
> use Win32::AdminMisc;
> use Win32;
>
> $name = Win32::AdminMisc::GetLogonName();
> print("before LogonAsUser(): name = $name\n");
>
> if (Win32::AdminMisc::LogonAsUser("",
> "bob",
> "welcome",
> LOGON32_LOGON_INTERACTIVE )) {
> $name = Win32::AdminMisc::GetLogonName();
> print("Successfully. After LogonAsUser(), name = $name\n");
>
> } else {
> print Win32::FormatMessage(Win32::GetLastError());
> print "Failed to logon: Errno=$!.\n";
> }
> ##############################################################
>
> Here is the output:
>
> before LogonAsUser(): name = Eric
> The operation completed successfully.
> Failed to logon: Errno=.
>
>
> Eric.
>
> -----Original Message-----
> From: Dean Theophilou [mailto:[EMAIL PROTECTED]]
> Sent: jeudi 17 janvier 2002 4:15
> To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> Subject: RE: Win32::Adminmisc
>
>
> Hello:
>
> Ok, let's start at the beginning. The user who will be running the
> script
> needs to have the following four privileges:
>
> Act as part of the OS
> Bypass traverse checking (this is usually a default privilege)
> Increase quotas
> Replace a process level token
>
> Note that these privileges ARE for the person who will be running
> the script;
> NOT the person you are trying to impersonate. The person you end of
> impersonating ("$UserID, $UserPassword", in your example below) does not
> need
> these privileges, for purposes of the LogonAsUser function, that is.
>
> After you make the call to LogonAsUser, make a call to
> Win32::AdminMisc::GetLogonName to check if the impersonation succeeded.
> If
> it
> did not succeed, get the last error and print it out to see what it says;
> do
> something like this:
>
> print Win32::FormatMessage(Win32::GetLastError());
>
> You might also want to print out the regular Perl error with $!.
> Anyway, give
> that a shot, and if it doesn't work, then let me know what error was
> produced.
> Good luck.
>
>
> Dean Theophilou
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> DePriest, Jason R.
> Sent: Wednesday, January 16, 2002 7:03 AM
> To: 'Dean Theophilou'; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> Subject: RE: Win32::Adminmisc
>
>
> I have tried LOGON32_LOGON_BATH and LOGON32_LOGON_INTERACTIVE with the
> same
> results.
>
> There must be something else we are overlooking.
>
> The system I am running the script on is a Windows NT 4.0 Server,
> Enterprise
> Edition member server of a Windows NT domain. The account I am trying to
> run the script as is in that Windows NT domain.
> The account has been made a member of the local administrator's group the
> server as well as a domain administrator on the domain.
> The account has also been individually assigned the rights that were
> detailed in previous emails to/from this list.
>
> Does that help any?
>
> -Jason
>
> > -----Original Message-----
> > From: Dean Theophilou [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, January 15, 2002 06:11 PM
> > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> > How about trying LOGON32_LOGON_INTERACTIVE as the fourth parameter of
> the
> > LogonAsUser function? This is what I use, so I know it works.
> >
> > Dean Theophilou
> >
> >
> > -----Original Message-----
> > From: DePriest, Jason R. [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, January 15, 2002 12:28 PM
> > To: 'Dean Theophilou'; DePriest, Jason R.; 'Ailes, Kevin';
> > Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> >
> > My biggest problem is this:
> >
> > <script>
> >
> Win32::AdminMisc::LogonAsUser($Domain,$UserID,$UserPassword,LOGON32_LOGON_
> > SERVICE);
> > $WhoAmI = Win32::AdminMisc::GetLogonName();
> > </script>
> >
> > $WhoAmI is invariably listed as the currently logged in user, whether
> > myself or "SYSTEM" when run as a scheduled task.
> >
> > The $UserID has been granted each right that you listed as the rights it
> > ~must~ have to work correctly.
> >
> > -Jason
> >
> > -----Original Message-----
> > From: Dean Theophilou [ <mailto:[EMAIL PROTECTED]>]
> > Sent: Tuesday, January 15, 2002 02:14 PM
> > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list
> (E-mail)
> >
> > Subject: RE: Win32::Adminmisc
> >
> > My suggestion is to keep the standard privileges for the Admin group and
> > the four required for the logonasuser function. The four required for
> the
> > function are:
> >
> >
> > 1) Bypass traverse checking
> > 2) Act as part of the OS
> > 3) Increase quotas
> > 4) Replace a process level token
> >
> >
> > Dean Theophilou
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [
> > <mailto:[EMAIL PROTECTED]>]On Behalf Of
> > DePriest, Jason R.
> >
> > Sent: Tuesday, January 15, 2002 12:04 PM
> > To: 'Dean Theophilou'; DePriest, Jason R.; 'Ailes, Kevin';
> > Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> >
> > I cannot speak for anyone else who has had this problem, but, yes the
> > account was made a member of the local administrators and domain
> > administrators group.
> >
> > I also added the following rights to the particular account:
> > Act as part of the operating system,
> > Bypass traverse checking (even though this was already granted to a
> group
> > it was in),
> > Increase Quotas,
> > Log on as a batch job,
> > Log on as a service,
> > Log on locally (even though this was already granted to a group it was
> > in), and
> > Replace a process level token.
> >
> > The problem still remained.
> >
> > -Jason
> >
> > -----Original Message-----
> > From: Dean Theophilou [ < <mailto:[EMAIL PROTECTED]>>]
> > Sent: Tuesday, January 15, 2002 01:10 PM
> > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> > Hello:
> >
> > Did you set the privileges required for the user you want to log
> > on as? For
> > example, if you are logged on as "Fred", and you want to switch to
> > "Wilma", then
> > Wilma must have the four privileges listed on p. 228 of Win32 Perl
> > Scripting:
> > The Administrator's Handbook, by Dave Roth.
> >
> >
> > Dean Theophilou
> > Genisar
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [ < <mailto:[EMAIL PROTECTED]>>]On Behalf
> Of
> >
> > DePriest, Jason R.
> > Sent: Tuesday, January 15, 2002 9:50 AM
> > To: 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> > I am one of the people who have had the same problem.
> >
> > It seems like, after logging on as the specified user, the script
> forgets
> > who it is logged in as and tries to run as SYSTEM or whatever...
> >
> > I was thinking that you might have to use
> > Win32::AdminMisc::CreateProcessAsUser along with
> > Win32::AdminMisc::LogonAsUser, but I didn't have the time nor the
> patience
> >
> > to try and figure out Win32::AdminMisc::CreateProcessAsUser.
> >
> > For my project, instead of creating a service like I was originally
> > planning
> > on, I used cygwin + cron to schedule the task and let cron run it in its
> > heightened context instead.
> >
> > -Jason
> >
> > -----Original Message-----
> > From: Ailes, Kevin [ < <mailto:[EMAIL PROTECTED]>>]
> > Sent: Tuesday, January 15, 2002 11:47 AM
> > To: Perl-win32-admin list (E-mail)
> > Subject: Win32::Adminmisc
> >
> >
> > I now realize that I need to set up the user account that the apache web
> > service runs under to have some advanced capabilities or use the
> > Win32::Adminmisc module to logon as a different user.(impersonate a user
> > with advanced privelages)
> >
> > Unfortunately for me, I can not get the logonasuser method to function
> > properly.
> >
> > I searched Dave Roth's web site for instructions. I found and set the
> > privelages for the apache web user account according to the faq.
> > No luck.
> >
> > I searched the usenet groups from google and found many references to
> the
> > same problem I am having, however there were no answers other than to
> set
> > the privelages on the user account.(which I have done.) I even
> restarted
> > the web server service. I haven't tried restarting the machine.....yet.
> >
> > I searched the Adminmisc newsgroup hosted by Dave's site. There were
> many
> >
> > un-answered questions regarding the logonasuser method failing in a
> > similar
> > manner to what I have described.
> >
> > Am I missing something here?
> >
> > Kevin Ailes
> > Administrator
> > OTTO Engineering
> >
> > _______________________________________________
> > Perl-Win32-Admin mailing list
> > [EMAIL PROTECTED]
> > < <http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin>>
> > _______________________________________________
> > Perl-Win32-Admin mailing list
> > [EMAIL PROTECTED]
> > < <http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin>>
> >
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
>
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
