Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: CGI can access some network shares, but not others... |
|
Author |
|
Rblibit
Joined: 26 Aug 2010 Posts: 3 Location: FL
|
Posted: Sat 28 Aug '10 0:08 Post subject: CGI can access some network shares, but not others... |
|
|
This is a strange one. A CGI application (in C) that ran fine on IIS-5 and IIS-6 stopped working on IIS-7 after being moved to Windows Web Server 2008 and IIS-7. I took this opportunity to learn Apache since it appears to be much more logical to set up than IIS-7. I really like Apache! The documentation is excellent, too. After following all steps necessary to make it work, it did! - But not completely. It could access network shares on Linux machines, but not on the older windows servers (W 2000 server and W 2003 server). The CGI app reads a large DBS on Linux, and several text files on the Win Server boxes. All the shares are set to allow access to 'Everyone' and this includes the SAMBA shares.
But only the samba shares can be accessed by the CGI without error. All of the Windows network shares return Error 6 on fopen() which is Access Denied from my C library (the value in 'errno' upon failure).
I also read in the docs to try it by running httpd.exe in the foreground - and guess what? IT WORKS in the foreground logged on as the very user I have set up in the httpd.conf file. It reads all the shares, Windows boxes included, and functions 100% normally). But back installed as a service - only the Linux shares can be read.
Anyone ever seen this or anything like it? It is driving me crazy. The windows web site mentions some rather cryptic problems accessing older Lanman/SMB shares on Windows 2000 and 2003 server from Windows 7, Vista and 2008 server, but the registry changes they suggest do not help.
Any suggestions would be appreciated immensely! |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sat 28 Aug '10 1:28 Post subject: |
|
|
Start-> Control Panel -> Administrative Tools -> Services
Find Apache, right-click and select properties
Click "Log On" tab
Check "This Account"
Click Browse -> Advanced -> Find Now
Select Username from list
Click through both OK's
Enter Users password and confirm
Click Apply/OK
restart Apache service |
|
Back to top |
|
Rblibit
Joined: 26 Aug 2010 Posts: 3 Location: FL
|
Posted: Sat 28 Aug '10 4:57 Post subject: |
|
|
It restarts OK, but I get the same thing (And I really appreciate the help!). I can still read the SAMBA shares from the 2 Linux boxes, but I still get the Access Denied from the Windows shares (all shares are set to "Everyone has Total Control").
This must mean that Apache was properly changing user names from the default service login user to my Web user (named bizuser). I also went back and made certain that the bizuser is set to user level plus I checked again to see that I added the two additional rights that the Apache Docs mention (1) allow log on as service, and (2) Act as part of the OS, but maybe there is another "Right" that I need to add or something.
I have seen so many problem reports about Vista and W7 users not able to read Lanman/SMB shares on various W2000 and 2003 boxes - I wonder is there is some strange bug and I am just lucky enough to get it point blank right between the eyes <s>.
I guess I can run my sites in the foreground until I know for sure what the problem is, but that is not safe (or fun) - I can't imagine moving this into a production environment like that... <sigh>.
Let me know if you can think of anything else to try. I am desperate. And I want to use Apache so badly (after reading the docs three time) that I will put up with foreground ops for now!
I have a second instance of httpd.exe running on the same box (as a service) with about 30 virtual web sites on it, and they only need local disk access so they all run wonderfully! No complaints.
Thanks again,
Richard (Saturday late evening)
============================
Sunday morning:
It gets stranger. I came in this morning and wanted to get a "clean start" and rebooted the machine to make sure everything was set up as I thought it was, and I tried to restart the Apache Service and it would not start. It said see the Event logs (which I am combing through now).
It would not start until I removed the user name (biznet) from the "Log On" - "This Account" field in the service settings that you recommended I try last night (or yesterday). Now I am begin to wonder if I ever closed and saved the form when I entered it last night. Sometimes it does not pay to work really long hours on one problem... I get kind of a tunnel vision.
And that was one of the reasons I wanted to reboot - to make sure I had things set up as I suspected.
So what does it mean if the user name that I have in the Apache Config file can't be used as the name to Logon for the service? Is this the problem itself? I am still trying to find something useful int h event logs.
Event log says: Apache terminated with a service specific error 0x1.
OK - let me see where that leads.
Richard |
|
Back to top |
|
Rblibit
Joined: 26 Aug 2010 Posts: 3 Location: FL
|
Posted: Sun 29 Aug '10 1:18 Post subject: Solved! |
|
|
You pointed me in the right direction and I thank you immensely.
I am not sure why, but I had to delete the user and recreate it, and NOT let the Service Manager set the rights to "Log On as A service." I let it do it twice, and each time the service failed to start.
After creating a user, I ran the SecPol.msc and added the "Allow to Log On As A Service" and it worked perfectly. I dd NOT have to add the rights to "Operate as Part of the Operating System" for it to work.
I can't imagine it has anything to do with the stripped down capabilities of the Windows 2008 WEB server OS.
I am just very happy to be able to use Apache as a service with proper security without having to run it in the foreground!!!
One thing that bugs me - I assume that the User and Group Name in the CONF file are used in the Linux version to do what we did with the service Manager in Windows.
Thanks again, glsmith for the hint - It is much appreciated. Your line said to me "Get this to work with your user and you will have it solved." - and I did.
Richard |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 29 Aug '10 2:55 Post subject: Re: Solved! |
|
|
Rblibit wrote: | One thing that bugs me - I assume that the User and Group Name in the CONF file are used in the Linux version to do what we did with the service Manager in Windows. |
Yes, I do not know why it's in the Windows config ... a useless couple lines.
Glad you got it figured out and working under a user. |
|
Back to top |
|
|
|
|
|
|