By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,629 Members | 1,222 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,629 IT Pros & Developers. It's quick & easy.

HELP!! Accessing other machines with an IIS CGI script

P: n/a
Greetings,

I'm working on a CGI program that will run under MS IIS 5.0 and will
browse folders on three other machines, building HTML pages that will
provide links to these folders.

Essentially, the CGI will connect to each machine in turn, doing the
FindFirst/FindNext process based on the current criteria. It will
select certain files/folders, and build an HTML page as it goes.

The premise is fine. If I run the program from the command line, it
seems to work fine and I get my HTML code out. I can copy the code
into a separate file, open it in the browser, and all appears right
with the world.

However, when I try to run the CGI from the browser itself, I get all
kinds of problems. The first one I got was a 1312, "A specified logon
session does not exist. It may have already been terminated." After
doing some searching, I began to investigate impersonation of a logged
on user. This produces a different error: 1314, "A required privilege
is not held by the client."

I've been arguing with this now for several days and the frustration
level is beginning to get quite high. Has anyone else ever tried this?
I find it hard to believe that I'm the first to do this.

Of course, one of my problems is that I'm neither an IIS guru nor an
Admin guru. And we have neither here in the office.

I'm coding this in Python 2.4 and the Windows extensions. I have a
number of other CGI programs in Python running under IIS that work
correctly, but those only do database accesses. This one I'm trying to
put together is the first one to actually do file searches.

I have set the privileges for the logged on account on my IIS box for
SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
rebooted. To no avail. I'm not sure if there are additional
alterations that need to be done to the security policies or not.
Again, I'm not a guru.

If anyone can give me more information/guidance I would greatly
appreciate it. If you need more information from me, I will do my best
to provide it.

TIA,

Paul

Sep 14 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Without knowing what operation fails, it's kind of
difficult to give any meaningful answers.
At what point in the code do you get the error ?

If IIS runs under a local account, it might not have
permission to access the other machine, or to impersonate
a domain user.

You might want to set up auditing on the
folder you're trying to list, and see exactly what user
IIS is connecting as (or if it's connecting at all).

hth
Roger
"paulp" <pa*********@acs-inc.com> wrote in message news:11**********************@g47g2000cwa.googlegr oups.com...
Greetings,

I'm working on a CGI program that will run under MS IIS 5.0 and will
browse folders on three other machines, building HTML pages that will
provide links to these folders.

Essentially, the CGI will connect to each machine in turn, doing the
FindFirst/FindNext process based on the current criteria. It will
select certain files/folders, and build an HTML page as it goes.

The premise is fine. If I run the program from the command line, it
seems to work fine and I get my HTML code out. I can copy the code
into a separate file, open it in the browser, and all appears right
with the world.

However, when I try to run the CGI from the browser itself, I get all
kinds of problems. The first one I got was a 1312, "A specified logon
session does not exist. It may have already been terminated." After
doing some searching, I began to investigate impersonation of a logged
on user. This produces a different error: 1314, "A required privilege
is not held by the client."

I've been arguing with this now for several days and the frustration
level is beginning to get quite high. Has anyone else ever tried this?
I find it hard to believe that I'm the first to do this.

Of course, one of my problems is that I'm neither an IIS guru nor an
Admin guru. And we have neither here in the office.

I'm coding this in Python 2.4 and the Windows extensions. I have a
number of other CGI programs in Python running under IIS that work
correctly, but those only do database accesses. This one I'm trying to
put together is the first one to actually do file searches.

I have set the privileges for the logged on account on my IIS box for
SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
rebooted. To no avail. I'm not sure if there are additional
alterations that need to be done to the security policies or not.
Again, I'm not a guru.

If anyone can give me more information/guidance I would greatly
appreciate it. If you need more information from me, I will do my best
to provide it.

TIA,

Paul


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Sep 14 '05 #2

P: n/a
Thanks for the info. I'm going to repost this in comp.lang.python as well
as in a couple of MS IIS groups with some additional information (code
snippets and results).

Paul

"Roger Upole" <ru****@hotmail.com> wrote in message
news:11************@spool6-east.superfeed.net...
Without knowing what operation fails, it's kind of
difficult to give any meaningful answers.
At what point in the code do you get the error ?

If IIS runs under a local account, it might not have
permission to access the other machine, or to impersonate
a domain user.

You might want to set up auditing on the
folder you're trying to list, and see exactly what user
IIS is connecting as (or if it's connecting at all).

hth
Roger
"paulp" <pa*********@acs-inc.com> wrote in message news:11**********************@g47g2000cwa.googlegr oups.com...
Greetings,

I'm working on a CGI program that will run under MS IIS 5.0 and will
browse folders on three other machines, building HTML pages that will
provide links to these folders.

Essentially, the CGI will connect to each machine in turn, doing the
FindFirst/FindNext process based on the current criteria. It will
select certain files/folders, and build an HTML page as it goes.

The premise is fine. If I run the program from the command line, it
seems to work fine and I get my HTML code out. I can copy the code
into a separate file, open it in the browser, and all appears right
with the world.

However, when I try to run the CGI from the browser itself, I get all
kinds of problems. The first one I got was a 1312, "A specified logon
session does not exist. It may have already been terminated." After
doing some searching, I began to investigate impersonation of a logged
on user. This produces a different error: 1314, "A required privilege
is not held by the client."

I've been arguing with this now for several days and the frustration
level is beginning to get quite high. Has anyone else ever tried this?
I find it hard to believe that I'm the first to do this.

Of course, one of my problems is that I'm neither an IIS guru nor an
Admin guru. And we have neither here in the office.

I'm coding this in Python 2.4 and the Windows extensions. I have a
number of other CGI programs in Python running under IIS that work
correctly, but those only do database accesses. This one I'm trying to
put together is the first one to actually do file searches.

I have set the privileges for the logged on account on my IIS box for
SE_TCB_NAME, SE_CHANGE_NOTIFY_NAME and SE_ASSIGNPRIMARYTOKEN_NAME and
rebooted. To no avail. I'm not sure if there are additional
alterations that need to be done to the security policies or not.
Again, I'm not a guru.

If anyone can give me more information/guidance I would greatly
appreciate it. If you need more information from me, I will do my best
to provide it.

TIA,

Paul


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet

News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups ----= East and West-Coast Server Farms - Total Privacy via Encryption

=----
Sep 15 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.