Using STAF:
I want to check if domain user "logtest1" can ping 10.33.79.20 by issuing the command below, but got the following error message. How to run a command for a specific user who are not an administrator using STAF PROCESS?
In order to be able to start a process under a different user on a Windows system, certain requirements must be met. In section "8.13.2 START" in the STAF User's Guide, the USERNAME option is described as the username under which the process should be started and it has the following note:
Note: The PROCESSAUTHMODE operational parameter must be enabled in the STAF configuration file on the system where the process is run under a different username. See 4.7, "Operational parameters" for more information on how to enable the PROCESSAUTHMODE operational parameter. There are additional requirements that must be met to run a process under a different username on a Windows system. See "Starting a Process Under a Different User on Windows" for more information in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I followed the instruction above and add test1 to Administrators Group and add test1 to "local Security Setting/Replace a process level toke. " in 10.162.13.31. And I got the following error messages while running the ping commands
And then Because test1 is a domain user,I also added user test1 to "Replace a process level token" Security Ploicy settings under "Default Domain Controller policy->Computer Configuration -> Policies -> Windows settings -> Security Settings->Local Policy -> User Rights Assignment->Replace a Process level token on the domain controller. I ran the same ping commands and got the same error message.
root@virtual-machine:~# staf 10.162.13.31 process list settings
Response
Default Stop Using Method : SigKillAll
Default Console Mode : New
Default Focus : Background
Process Auth Mode : Windows
Default Auth Username : <None>
Default Auth Password : <None>
Default Auth Disabled Action: Ignore
Default Shell : <None>
Default New Console Shell : <None>
Default Same Console Shell : <None>
On your Windows system, are you running STAFProc.exe as an administrator and has this administrator been given the "Replace a process level token" user right?
STAFProc.exe must be run as an administrator to start a process as another user. Otherwise, submitting a STAF PROCESS START request specifying the USERNAME/PASSWORD options to start a process as another user will fail with RC 10 with OS RC 1314 "A required privilege is not held by the client" even though you assigned the "Replace a process level token" user right to the administrator account.
This is talked about in section "Starting a Process Under a Different User on Windows" for more information in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER and it describes how you can run STAFProc.exe as an Administrator.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
hi ,
i want get the pid of the process .
i am using staf local process start command pgrep parms "-f zooKeeper"
where pgrep -f "name_of_the_process" gives the pid of that process ... but i am not getting the pid as i started zooKeeper using sudo command ,so i can only get the id if i run the above command with sudo along with i have to send the password of the superuser.How to achieve this ..
i wont run through command i will trigger this using java with staf submit2() method .
please help me ,
i just want to kill the process using it's pid which is not started by staf ,so i cannot use handles to stop process ...
hint:
pgrep -f "zooKeeper"
gives nothing
sudo pgrep -f "zooKeeper"
gives some pid after i typing the password of superuser
i want to kill process inn remote system too..
i am strucked please help me ....
Last edit: Achyuthapresksha AN 2018-05-26
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
Using STAF:
I want to check if domain user "logtest1" can ping 10.33.79.20 by issuing the command below, but got the following error message. How to run a command for a specific user who are not an administrator using STAF PROCESS?
root@machine:~# staf 10.160.247.151 process start shell command "ping -n 3 10.33.79.20" USERNAME "logtest1" password 'MMMMM1!' wait STDERRTOSTDOUT RETURNSTDOUT
Error submitting request, RC: 10
Additional info
Error starting the process. CreateProcessAsUser failed with OS RC 1314: A required privilege is not held by the client.
Logged on user must be an administrator with the following privilege(s): Replace a process level token
Thansk,
Last edit: Hello world 2017-11-02
In order to be able to start a process under a different user on a Windows system, certain requirements must be met. In section "8.13.2 START" in the STAF User's Guide, the USERNAME option is described as the username under which the process should be started and it has the following note:
Note: The PROCESSAUTHMODE operational parameter must be enabled in the STAF configuration file on the system where the process is run under a different username. See 4.7, "Operational parameters" for more information on how to enable the PROCESSAUTHMODE operational parameter. There are additional requirements that must be met to run a process under a different username on a Windows system. See "Starting a Process Under a Different User on Windows" for more information in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER.
I followed the instruction above and add test1 to Administrators Group and add test1 to "local Security Setting/Replace a process level toke. " in 10.162.13.31. And I got the following error messages while running the ping commands
And then Because test1 is a domain user,I also added user test1 to "Replace a process level token" Security Ploicy settings under "Default Domain Controller policy->Computer Configuration -> Policies -> Windows settings -> Security Settings->Local Policy -> User Rights Assignment->Replace a Process level token on the domain controller. I ran the same ping commands and got the same error message.
root@virtual-machine:~# staf 10.162.13.31 process list settings
Response
Default Stop Using Method : SigKillAll
Default Console Mode : New
Default Focus : Background
Process Auth Mode : Windows
Default Auth Username : <None>
Default Auth Password : <None>
Default Auth Disabled Action: Ignore
Default Shell : <None>
Default New Console Shell : <None>
Default Same Console Shell : <None>
root@virtual-machine:~# staf 10.162.13.31 process start shell command "ping -n 3 10.33.79.21" USERNAME "test\test1" password wwww wait STDERRTOSTDOUT RETURNSTDOUT
Error submitting request, RC: 46
Additional info
Error during process authentication for user name: test\test1
LogonUser failed with OS RC 1326: Logon failure: unknown user name or bad password.
root@virtual-machine:~# staf 10.162.13.31 process start shell command "ping -n 3 10.33.79.21" USERNAME "test1" password wwww wait STDERRTOSTDOUT RETURNSTDOUT
Error submitting request, RC: 10
Additional info
Error starting the process. CreateProcessAsUser failed with OS RC 1314: A required privilege is not held by the client.
Logged on user must be an administrator with the following privilege(s): Replace a process level token
Any configuration steps are missing?
Thanks,
Last edit: Hello world 2017-11-02
Last edit: Hello world 2016-05-04
On your Windows system, are you running STAFProc.exe as an administrator and has this administrator been given the "Replace a process level token" user right?
STAFProc.exe must be run as an administrator to start a process as another user. Otherwise, submitting a STAF PROCESS START request specifying the USERNAME/PASSWORD options to start a process as another user will fail with RC 10 with OS RC 1314 "A required privilege is not held by the client" even though you assigned the "Replace a process level token" user right to the administrator account.
This is talked about in section "Starting a Process Under a Different User on Windows" for more information in the STAF User's Guide at http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER and it describes how you can run STAFProc.exe as an Administrator.
hi ,
i want get the pid of the process .
i am using staf local process start command pgrep parms "-f zooKeeper"
where pgrep -f "name_of_the_process" gives the pid of that process ... but i am not getting the pid as i started zooKeeper using sudo command ,so i can only get the id if i run the above command with sudo along with i have to send the password of the superuser.How to achieve this ..
i wont run through command i will trigger this using java with staf submit2() method .
please help me ,
i just want to kill the process using it's pid which is not started by staf ,so i cannot use handles to stop process ...
hint:
pgrep -f "zooKeeper"
gives nothing
sudo pgrep -f "zooKeeper"
gives some pid after i typing the password of superuser
i want to kill process inn remote system too..
i am strucked please help me ....
Last edit: Achyuthapresksha AN 2018-05-26