5 Replies Latest reply on Mar 27, 2008 10:10 AM by captmiddy

    Can't log into Web interface - either local or Kerberos accounts

    aseering Novice

      I've just installed VMware Server 2 Beta (and it was rather painful; a bunch of programs failed to find their own libraries, so I had to do some ugly things to my library path...).  I'm now trying to log into the Web interface.

       

      I've installed VMware Server onto a server that allows login to both local user accounts, and remote user accounts using Kerberos authentication (and network home directories, among other things).  If I try to log in as a local user, I get "Access Denied".  If I try to log in as a Kerberos user, I get "Login failed due to a bad username or password."

       

       

       

      Anyone have any idea what's up?  I would expect at least local auth to work (though I do ultimately need Kerberos support)...

       

       

       

       

       

      (EDIT: Sorry: I'm running Linux, Debian Etch amd64)

        • 1. Re: Can't log into Web interface - either local or Kerberos accounts
          Paul Thomas Master

           

          You have to login using your linux root account and password.  This is a restriction in the beta release of the software.  If you run it on windows you have to enable and use the windows administrator account.

           

           

           

           

           

          Paul

           

           

          • 2. Re: Can't log into Web interface - either local or Kerberos accounts
            aseering Novice

             

            Ah, ok; thanks!

             

             

            I don't suppose you know if  either a future beta or a future trial version will be released, that removes this restriction?  I'd really like to use VMware Server 2, but we have an interesting multiuser setup; if I can't test it, I can't upgrade...

             

             

            • 3. Re: Can't log into Web interface - either local or Kerberos accounts
              captmiddy Enthusiast

              Actually you do not have to be root, you can use any single principle on your machine to login to the admin interface.  This user must be a name that can be found in the password file and you have to modify an XML file to change who the admin will be.  I changed it from root to myself.  I am hopeful that it will soon be possible to plug the web interface into LDAP using the Tomcat features to do this itself rather than managing the user interface through a disconnected XML file. Maybe a nice little manage users interface to go on top of that.  Right now, if one of the servers is hung, I am the only person who can reboot it, and this is a problem as I have a couple dozen people using the virtual machines, now if only I could get the money to move to ESX.

               

              It dawned on me that i forgot how to change the name from root to some other user.  The file is /etc/vmware/hostd/authorization.xml.  You will see root as the username in there, change it to some other username. 

               

              For example:

               

               

              Trying to add an entry for 11 does not work for me.

               

              Message was edited by: captmiddy - Added file information.

              • 4. Re: Can't log into Web interface - either local or Kerberos accounts
                aseering Novice

                 

                Hm...  "must be a name that can be found in the password file" -- that's a really annoying restriction; most users on this system aren't in the password file.  Maybe Server 2 won't be the way to go for us...

                 

                 

                • 5. Re: Can't log into Web interface - either local or Kerberos accounts
                  captmiddy Enthusiast

                  You may want to try it with a kerberos principle, but I couldn't get it to work with an LDAP user, but then I had some problems with getting PAM to behave with LDAP anyway.  Again, it is still restricted to just 1 username.  This is okay for the first Beta and removing the requirement to use the root account made me happy at least.