Currently we use ITHit Webdav Ajax Library to develop a new feature of our product. We intend to provide a link in web browser allowing user to open a document inside our webdav server.
In Windows it runs well but in Ubuntu, we face a problem with credentials. The ITHit applet always ask: 1.Webdav credentials 2.Sudo credentials.
If I log in the os by user in sudo group (suppose that is USER1), I can open/edit the document well when providing id/password of USER1 in step2. But if I log in by the user that does not belong to sudo group(suppose that is USER2), then in step2 I enter id/password of USER2, I can not open/edit the document. The exception I always see is: java.lang.RuntimeException: Could not mount webdav server, please verify provided credentials. I even grant permission for running mount & mount.davfs for USER2 but still get the same error.(Notice that with these permission, I log in as USER2 and can mount the webdav folder to a local folder manually successfully!)
I test www.webdavsystem.com/ajaxfilebrowser and face the same issue.
The question here is, why do you need the sudo credentials? As I understand, you need to create a local folder and mount it with the webdav folder containing the document that user wants to open. With that action, only mount or mount.davfs is enough. It is too risk to provide the sudo credentials to an applet.
WDYT?
From our experience to successfully mount and use WebDAV on Ubuntu you will need davfs2, not davfs. Unfortunately davfs2 requires sudo credentials.
Note that if you have KDE installed it would not ask for sudo credentials.
Related
I'm previewing Azure Labs (managed) which is in preview at this moment. I've followed a tutorial from Microsoft on how to get started.
I've created a classroom lab with 3 virtual machines, based of a default Ubuntu image from the Marketplace. I've copied/pasted the default credentials of that template which is used for all virtual machines in that classroom lab.
Then I published it, added a user, got a registration link and used that to register as that user (a so called student). I can see the VM I expected to see. I can start it, wait some 30 seconds and then I can click on the connect button to get the ssh connection details. I open terminal, paste the ssh connection details and I get a password challenge. Excellent! So far it all works as expected. But when I enter the password I copied from the default template, permission is denied. So I try again, denied. So I wait a minute (maybe the VM needs some more time to fully boot up), but permission denied.
The tutorial looks very easy to me, I choose a default Ubuntu 18.04 LTS image to be used. I even tried to create a new classroom lab, but during creation of that template, I choose to start it, connect to it and install additional software before publishing it. That worked (as I expected). But when I publish that classroom lab, register a student account and try to login to a VM in that classroom with the correct default credentials I used to install additional software, I too get permission denied.
I'm confused.
Anyone?
Thanks to D43m0n for the feedback from Microsoft. I have been having the same issue but on CentOS images.
It appears the provisioning of the student machines after the template is published locks the default user account. Creating a new user is not such a great workaround because students will have to change the SSH or RDP settings to connect. The issue also affects more than just Ubuntu. I am seeing it on the newer version of CentOS (7.8 and greater it looks like). I think it is for any images that use cloudinit for the provisioning of the student machines. The older CentOS images use WALinuxAgent and don't seem to have this issue.
I have worked around it unlocking the default user account in /etc/rc.d/rc.local so that is executed on boot. The rc file differs on other systems so check what it is for your flavour of linux.
usermod -U default_username
This has fixed the issue for me until Microsoft fix their provisioning.
thanks for posting! Were you able to connect to the template machine (Ubuntu) and then you weren't able to connect to the student machine (Ubuntu)? Could you copy the exact error message you're seeing?
We are aware of an issue with Ubuntu images--when you connect, the VM tells you to reset the password but doesn't provide a way to do so. We're working on a feature that will resolve this issue.
Is this what you're seeing?
You can use other flavors of Linux fine.
Let us know!
In the template-vm create a new user:
sudo adduser newuser #follow the agent
sudo usermod -aG sudo newuser
after that you can start your course vm's an login with that user.
It is suposed that every user in the VM created on the Google Cloud Platform has root permissions, but I haven't been able to do anything, because it says that my user has no permissions and I don't have any password, either for my user, or for root.
Is there any default password for root, or any way I could find it?
Thanks!
well i have virtual machine with ubuntu (i presume that it is the same for other linux distros as well) : login to your Google Cloud platform -> VM Instances -> click on you instance (virtual machine) , click on SSH button which is on left upper corner and for example pick a frist option Open in browser window.. when the windows opens you will be logged in as regular user with sudo permission. After that you can create users etc.. If you want to use other ssh client then go to
https://cloud.google.com/compute/docs/instances/connecting-to-instance#standardssh
it well written documentation.. the most "complicated" will be to create key pairs .. if you still have problems just ask :)
I am trying to access a static file on a Novell file server.
The drives are mapped on the IIS box. The application is using the the default application pool.
The path (not shown in Title above) is : \cms1\vol4\cms\008\docs\008\2011\Nov\0224294.pdf
If I enter the above path from the command line on the IIS box, it opens the PDF just fine. When accessed via IIS, I receive the error shown in the Title above.
I have researched numerous threads looking for an answer. Most of them suggest changing the properties of the application pool. I have modified it to use my User ID and Password, and confirmed this is the case by checking w3wp.exe, and it shows as running with my user ID. Any thoughts would be appreciated.
Thanks in advance!
Does your server have CIFS enabled? If it is just using NCP, then is Client32 installed on that machine so that NCP access will be enabled?
If you enable CIFS on the Netware or OES server then there is no need for Client32 on the IIS server. In either case, the service needs to try to connect to the share as a user with sufficient rights. I imagine the IIS_IUSRS account is not existing in the eDirectory tree.
Maybe that's more of a Linux question than an Adobe Air one, but there you go: I have an AIR 2 app that does auto-update in the background, with no need for user interaction. It uses Air's own ApplicationUpdater framework (the one that doesn't require a UI) - all goes well until the package gets downloaded and needs to be installed - at that point, the Air Installer prompts for SUDO password and won't proceed without some user interaction.
Is there any way to circumvent/avoid that?
I solved this by adding a rule to the sudoers file (/etc/sudoers)
<username> ALL=(root) NOPASSWD: /tmp/air.*/setup
This rule can enable the update to all users
ALL ALL=(root) NOPASSWD: /tmp/air.*/setup
Note that it could lead to some security issues but I think if you are going to use this as a Linux Kiosk it's going to work.
You could do that by rolling your own updating mechanism. Is not really that difficult, if you plan it correctly you don't even need to close the app.
We did so for an internal project, where we use git. Since I guess you can't rely on Git being available on the user's machine, you could check out the server, download a zip file, uncompress it and replace the contents of your app.
AIR doesn't sign or checksum the files it installs, you can safely replace them and re-load the app without problems.
HTH,
J
To debug some code, I would like to view the Windows event log of a remote machine (target is Windows2003). With mmc.exe I can add the event log for a remote machine, but only if I have sufficient permissions. For this remote machine, they do not want to give me permissions to log in remotely (or admin privileges for that matter). Is there a specific permission I can be given to view the event log and not much else?
On newer Windows versions (Windows 7, Windows Server 2008...) you can simply add the corresponding account to the built-in group Event Log Readers.
Source: Jane Lewis's Weblog on TechNet, Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008
This source also describes an alternative if you need more fine-grained control.
(The OP asked for Windows 2003, where this method doesn't work, but as Windows Server 2003 is no longer supported, people might be interested in this method.)
For the security log, users need the privilege "Manage auditing and security log"
For the system and applciation logs you should be able to read them as just a guest unless they have set the RestrictGuestAZccess value under the following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application
One Option is to get a local ID that is on the remote local admin group.
Next, from your system, map to a drive on the remote server using the new remote local ID.
Create a new MMC from the Windows Run start menu - by typing in MMC /a
Add the EventView Snap-in
When it prompts you for local or remote server - put in the Host name of the server that you mapped to.
Tip: Windows uses established secure connection - if it can. Hence the map a drive trick work VERY well.
Please Note: I use this trick with WMI query(s) - hence the query never fails do to a timeout issue.
Joshua Flanagan outlined a process to delegate rights through modifying the security descriptor of the event logs.
Please add the domain user (without admin rights) to the "Event Log Readers" group on the target server. Then, from the source server, you can use the standard user credentials to access and read the event logs on the target.
If you could enable web access to the server then you could use an eventlog viewer page that I published a while ago. This would allow the administrators to run the website with just enough permissions to see the eventlog without granting you an account to login...