I have a Java application which I want to run it using the JavaService wrapper.
The service works well when the -user parameter is not used (using the defaul user as local system).
For permissions reasons, I need use the administrator user as a owner of service, but the following message apears when I start it.
Translate: It can not start the service due to error in the login.
The service.exe install command is the following:
JavaService.exe -install "ServiceName" "%JAVA_HOME%\bin\client\jvm.dll" -start "ServiceClass" -user ".\Administrador" -password "1234"
UPDATE:
If I change the user of the service using the services.msc console, the result is the same.
My problem is solved.
The Error message 1069 was caused then this user doesn't have permisions to logon as a service.
To add this permision follow the steps:
Open the ocal security settings (start -> run -> secpol.msc) if is not domain or setting the Default Domain Controller GPO is a Domain server.
Expand Local Policies, and then click User Rights Assignment
In the right pane, right-click Log on as a service, and then click Add User or Group
Related
I've installed the latest RabbitMQ server (rabbitmq-server-3.3.0-1.noarch.rpm) on a fresh Centos 5.10 VM according to the instructions on the official site.
I've done this many times before during development and never had any issues. However, this time I cannot log into the management web interface using the default guest/guest user.
In the logs, I see the following:
=ERROR REPORT==== 4-Apr-2014::00:55:15 ===
webmachine error: path="api/whoami"
"Unauthorized"
What could be causing this?
It's new features since the version 3.3.0
http://www.rabbitmq.com/release-notes/README-3.3.0.txt
server
------
...
25603 prevent access using the default guest/guest credentials except via
localhost.
If you want enable the guest user read this or this RabbitMQ 3.3.1 can not login with guest/guest
# remove guest from loopback_users in rabbitmq.config like this
[{rabbit, [{loopback_users, []}]}].
# It is danger for default user and default password for remote access
# better to change password
rabbitmqctl change_password guest NEWPASSWORD
If you want create a new user with admin grants:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Now you can access using test test.
If you still can't access the management console after a fresh install, check if the management console was enabled. To enable it:
Go to the RabbitMQ command prompt.
Type:
rabbitmq-plugins enable rabbitmq_management
Something that just happened to me and caused me some headaches:
I have set up a new Linux RabbitMQ server and used a shell script to set up my own custom users (not guest!).
The script had several of those "code" blocks:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Very similar to the one in Gabriele's answer, so I take his code and don't need to redact passwords.
Still I was not able to log in in the management console. Then I noticed that I had created the setup script in Windows (CR+LF line ending) and converted the file to Linux (LF only), then reran the setup script on my Linux server.
... and was still not able to log in, because it took another 15 minutes until I realized that calling add_user over and over again would not fix the broken passwords (which probably ended with a CR character). I had to call change_password for every user to fix my earlier mistake:
rabbitmqctl change_password test test
(Another solution would have been to delete all users and then call the script again)
If on Windows and installed using chocolatey make sure firewall is allowing the default ports for it:
netsh advfirewall firewall add rule name="RabbitMQ Management" dir=in action=allow protocol=TCP localport=15672
netsh advfirewall firewall add rule name="RabbitMQ" dir=in action=allow protocol=TCP localport=5672
for the remote access.
I also couldn't log in to Rabbit's web interface. in my case, cookies were disabled in the browser for this web interface. I allowed cookies to be saved and rebooted chrome. and I was able to log in again.
If you are in Mac OS, you need to open the /usr/local/etc/rabbitmq/rabbitmq-env.conf and
set NODE_IP_ADDRESS=, it used to be 127.0.0.1. Then add another user as the accepted answer suggested.
After that, restart rabbitMQ, brew services restart rabbitmq
I have a server on remote where i am logged by ssh. I have unzip it the glassfish v 3.1.2 and follow the steps http://bbissett.blogspot.com.es/2012/01/asadmin-with-remote-glassfish.html until the part where enters in the link of admin(port 4848) There I am redirect by the browser to the web where the login loader (ip-glassfish-installed:4848) starts spinning and nothing happens.
The log I got in the server is "User [] from host localhost does not have administration access|#]" But I have changed the admin password and login with it. So I dont understand in first instance why I got the user empty. Also, although I think is not related, says that the certificate has expired.
You need to enable remote adminstration. Here are couple of other useful links that provide help in that direction:
http://www.adam-bien.com/roller/abien/entry/enabling_remote_administration_for_glassfish
https://blogs.oracle.com/quinn/entry/securing_adminstration_in_glassfish_server1
The problem is that the user I logged in the remote machine by ssh did not have the right permission to execute the domain, even after doing "sudo su". If I enter in the remote machine with the root user everything works fine, or using "sudo su -" after login with the normal user.
In my system, I want to have only the administrator account to access the specific folder.
So when client login as himself, click the open file link, I want it switch to the admin account temporary to open the files. After closing the openning file, the account goes back to the original account of the client.
I find it can be done in C# in ASP.NET by this link:
How do I change the logged in user to another?
Wondering if we can do that in Java?
You can perform a task as a different user by calling RUNAS via Runetim.exec()
RUNAS USAGE:
RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
/user:<UserName> program
RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
/smartcard [/user:<UserName>] program
RUNAS /trustlevel:<TrustLevel> program
/noprofile specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile specifies that the user's profile should be loaded.
This is the default.
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote
access only.
/savecred to use credentials previously saved by the user.
This option is not available on Windows 7 Home or Windows 7 Starter Editions
and will be ignored.
/smartcard use if the credentials are to be supplied from a
smartcard.
/user <UserName> should be in form USER#DOMAIN or DOMAIN\USER
/showtrustlevels displays the trust levels that can be used as arguments
to /trustlevel.
/trustlevel <Level> should be one of levels enumerated
in /showtrustlevels.
program command line for EXE. See below for examples
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user#domain.microsoft.com "notepad \"my file.txt\""
http://ss64.com/nt/runas.html
If you're using Java EE I think you could use the #RunAs annotation (but I haven't tried):
http://docs.oracle.com/javaee/6/api/javax/annotation/security/RunAs.html
Edit:
And here is a link to more about JAAS "doAs", but I haven't studied it yet:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
I want to reload nginx when I send a http request to the web application. So In the web application's servlet, I execute the nginx reload command. The Java code is :
"Runtime.getRuntime().exec("/etc/init.d/nginx reload").waitFor();". I have tried it but it has no use. But if I login the server as user root, then execute the Java code above, it works!
So I guess the reason is that the tomcat user has no authority to reload nginx. The tomcat process is running as user tomcat6. The nginx master process is running as user root and the nginx worker processes are running as user www-data. How could I solve this problem? Thanks.
My environment :
OS:Ubuntu 10.04
tomcat: 6.0.24
nginx: 1.2.2.
Tomcat and nginx are both installed via the Ubuntu's way "apt-get".
You can use sudo command. Also you can grant corresponding authorities to tomcat user. Also you can perform su to change user to some that have corresponding authorities and then perform nginx reload. Actually there are a lot of different ways to solve this issue.
I think that it will be better to write and test some script which can reload nginx from tomcat user session and use it for reloading instead of /etc/init.d/nginx reload command.
Unable to connect with sql server with servlet.
its on tomcat 7 which says
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection conn = DriverManager.getConnection ("jdbc:sqlserver://;integratedSecurity=true");
Getting error:
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'MYDOMAIN\SUMIT-PC$'.
SUMIT-PC is my computer's name.
it should be 'MYDOMAIN\SUMIT SINGH'
This means that your tomcat is running under LocalSystem account in domain-based network. If you want to make tomcat to use your login propagation - you should to tune up it to impersonate logged on user and your tomcat and sql server(or workstation for windows 2003 domains) should be trusted for delegation on domain level, and user MYDOMAIN\SUMIT SINGH should be also not denied for delegation on domain level.
or
implement your own impersonation inside the server process - this requires you to know user's password
Today I got the same issue. In my machine, it was Tomcat 8.5 and I have installed tomcat as a windows service. (installed using apache-tomcat-8.5.40.exe)
Press the Win + R keys on your keyboard, to open the Run window. Then, type services.msc and hit Enter or press OK.
Right click on Tomcat service and select Properties. In that dialog box go to Log On tab and select This Account under Log on as option. Fill your username, password as well. Then click OK.
Then restart the service!!!