I did that ! But unless, I give the "administrator" role to the newly created user OR /etc/security/access.conf is modified, it says "Invalid user/password". Let's say if I create a new role by just selecting Host --> CIM --> CIM Interactions. From the permissions tab, assigned the new role to the new user created. However wbemcli showed invalid username/password. If the user is assigned with "Administrator" role, it works fine as expected.
I also see that when /etc/security/access.conf is modified from '-' to '+' for the specific user, wbemcli started working for this user. I dont think /etc/security/access.conf editing is supposed to be done manually. Anything missing here ?
When access.conf is not modified
~# wbemcli -dx ec -noverify https://<user>:<password@<ESXi IP>/root/cimv2
To server: <?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0"><SIMPLEREQ><IMETHODCALL NAME="EnumerateClasses"><LOCALNAMESPACEPATH><NAMESPACE NAME="root"></NAMESPACE><NAMESPACE NAME="cimv2"></NAMESPACE></LOCALNAMESPACEPATH>
<IPARAMVALUE NAME="DeepInheritance"><VALUE>TRUE</VALUE></IPARAMVALUE>
<IPARAMVALUE NAME="LocalOnly"><VALUE>FALSE</VALUE></IPARAMVALUE>
<IPARAMVALUE NAME="IncludeQualifiers"><VALUE>FALSE</VALUE></IPARAMVALUE>
<IPARAMVALUE NAME="IncludeClassOrigin"><VALUE>TRUE</VALUE></IPARAMVALUE>
</IMETHODCALL></SIMPLEREQ>
</MESSAGE></CIM>
From server: WWW-Authenticate: Basic realm="cimom"
From server: Server: sfcHttpd
From server: Content-Length: 0
*
* wbemcli: Http Exception: Invalid username/password.
*
~#
With access.conf modified
~# wbemcli -dx ec -noverify https://<user>:<password@<ESXi IP>/root/cimv2
<ESXi IP>:5989/root/cimv2:CIM_RoleBasedAuthorizationService
<ESXi IP>:5989/root/cimv2:OMC_ProcessorRealizes
<ESXi IP>:5989/root/cimv2:VMware_Battery
....
~#
Any clues ? Thanks much for the help!