Error launching Application from NetWare CIFS/SMB store using Secure/Unsecure System User and Xtier Authentication

  • 3609941
  • 11-Sep-2007
  • 30-Apr-2012

Environment

Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Middle Tier
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Application Launcher (NAL)

Situation

ERROR: Could not launch program using %networkpath% (ID=5) Access is denied
  1. NAL workstation with Middle Tier (Xtier) authentication only.
  2. Middle Tier server is running on NetWare.
  3. NAL object Run Options for Application Path to File is defined as a UNC of an SMB drive on NetWare CIFS. For example: \\NW65-W\programs\test.exe.
  4. Run Options Environment Executable security level is set to Run as secure system user or Run as unsecure system user.
Error does not occur if:
  1. Launch as user, or
  2. Middle Tier server is running on a Windows Server in Windows Domain and devices in that domain launch from a Windows SMB share, or
  3. Devices using Novell client access NetWare volumes for system user launch.

Resolution

Copy the executable to the local drive, and run from there. Or use the Novell client to launch from a NetWare volume.

Additional Information

From ConsoleOne help: "The ZENworks Desktop Management Agent and Middle Tier Server do not support launching of applications from a network location".

Middle Tier operates as a webserver. All access is over HTTP (GET or PUT). You can download or upload from or to a webserver, but cannot launch directly from that location.

If Middle Tier server is running on a Windows server that is a member of the Windows domain, and the workstation is also a member of that domain, then Middle Tier server will use Windows APIs to authenticate that device to launch from the Windows SMB store if proper rights are set.

If the Middle Tier server is running on a NetWare server, it can't test Windows domain authentication rights for a device's rights to a CIFS/SMB/Netware store.

Why does it work as user but not as system user?

For User: The Middle Tier client has passed the request to the local workstation's Microsoft client. The login works correctly because the user is defined as having rights to the CIFS/SMB drive.

For System User: The Middle Tier client has passed the request to the local workstation's Microsoft client. The rights used are not those of the workstation (as would be the case with Novell client) because the Microsoft client doesn't understand NAL workstation objects, only Windows device objects.

Consider the documentation at
https://www.novell.com/documentation/zenworks7/dm7admin/index.html?page=/documentation/zenworks7/dm7admin/data/ahwfj9t.html#ahwe9f8

"If the workstation is not a member of Active Directory on the Windows server where it accesses files, then 'anonymous logon' permissions should be granted for files to be read there. Otherwise, folder and file rights assigned to everyone (guest)."

However, NetWare CIFS/SMB drives no longer allow anonymous rights. See KB 10089840 at
https://support.novell.com.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.