Reply to Message

View discussion in a popup

Replying to:
krishnaprasad
Hot Shot
Hot Shot

I did that ! But unless, I give the "administrator" role to the newly created user OR /etc/security/access.conf is modified, it says "Invalid user/password". Let's say if I create a new role by just selecting Host --> CIM --> CIM Interactions. From the permissions tab, assigned the new role to the new user created. However wbemcli showed invalid username/password. If the user is assigned with "Administrator" role, it works fine as expected.

I also see that when /etc/security/access.conf is modified from '-' to '+' for the specific user, wbemcli started working for this user.  I dont think /etc/security/access.conf editing is supposed to be done manually. Anything missing here ?

When access.conf is not modified

~# wbemcli -dx ec -noverify https://<user>:<password@<ESXi IP>/root/cimv2

To server: <?xml version="1.0" encoding="utf-8" ?>

<CIM CIMVERSION="2.0" DTDVERSION="2.0">

<MESSAGE ID="4711" PROTOCOLVERSION="1.0"><SIMPLEREQ><IMETHODCALL NAME="EnumerateClasses"><LOCALNAMESPACEPATH><NAMESPACE NAME="root"></NAMESPACE><NAMESPACE NAME="cimv2"></NAMESPACE></LOCALNAMESPACEPATH>

<IPARAMVALUE NAME="DeepInheritance"><VALUE>TRUE</VALUE></IPARAMVALUE>

<IPARAMVALUE NAME="LocalOnly"><VALUE>FALSE</VALUE></IPARAMVALUE>

<IPARAMVALUE NAME="IncludeQualifiers"><VALUE>FALSE</VALUE></IPARAMVALUE>

<IPARAMVALUE NAME="IncludeClassOrigin"><VALUE>TRUE</VALUE></IPARAMVALUE>

</IMETHODCALL></SIMPLEREQ>

</MESSAGE></CIM>

From server: WWW-Authenticate: Basic realm="cimom"

From server: Server: sfcHttpd

From server: Content-Length: 0

*

* wbemcli: Http Exception: Invalid username/password.

*

~#

With access.conf modified

~# wbemcli -dx ec -noverify https://<user>:<password@<ESXi IP>/root/cimv2

<ESXi IP>:5989/root/cimv2:CIM_RoleBasedAuthorizationService

<ESXi IP>:5989/root/cimv2:OMC_ProcessorRealizes

<ESXi IP>:5989/root/cimv2:VMware_Battery

....

~#

Any clues ? Thanks much for the help!

Reply
0 Kudos