topic Re: System Management Homepage ver 2.0 in Server Management - Systems Insight Manager

System Management Homepage ver 2.0

Marc Pellerin — Fri, 03 Jun 2005 09:01:20 GMT

Good day,

Now that the newly System Management Homepage ver 2.0 past of the ProLiant Support Pack 7.30 support OS authentication Login.

Is there a way to limit the Access/Login to one perticular OS user ?

Thanks in advance for any info...

Marc

Re: System Management Homepage ver 2.0

Rich Purvis — Fri, 03 Jun 2005 11:25:08 GMT

Well, right now under Windows you will always have the "Administrator" OS group as a default group to have admin access to the SMH. The reason is so that for misconfigurations or other issues there would always be a group that would have access. So the only way to get what you are looking for would be to have a single ID in the Administrator group. Not really a solution that would appeal to most people - so I would say that there is not a good solution for what you are looking for right now.

-Rich

Re: System Management Homepage ver 2.0

Marc Pellerin — Fri, 03 Jun 2005 13:10:24 GMT

Thanks Rich,

Well not to exited to read that. It will be so nice to have more flexibility regarding account management under SMH. If HP cannot provide more flexibility our organization wont be able to perform the upgrade. Instead of group validation HP should concentrate on OS user validation. On the other hand. Is there any online utility to update the local account password on the old HP Insight Management Agent ver 7.00, like HPONCFG do for ILO ? We want to write up a script to auto-update the password on the old Insight Management Agent ver 7.00 if we cannot move ahead... Thanks for any info.

Re: System Management Homepage ver 2.0

Rich Purvis — Fri, 03 Jun 2005 16:02:43 GMT

Well, for pre-7.20 agent/management applications the easiest way to propagate a change in passwords would be through the distribution of a known good .acl file. This is described in this document:

http://h200005.www2.hp.com/bc/docs/support/SupportManual/c00293377/c00293377.pdf

On page 1-13 talks about how to do this for systems prior to SMH 2.0.

Or if you use HPSIM or IM7 there is a feature that allows you to "group" configure lists of servers and change their agent settings including the SMH passwords.

-Rich

Re: System Management Homepage ver 2.0

Rich Purvis — Fri, 03 Jun 2005 16:12:16 GMT

Marc,
As far as flexibility you can create a group called MySMHAdmins and add any number of OS users to it - 1 to however many you want. You can then make that the group with Admin access to SMH - the problem will be however that the Administrator group will always have default access. If you really just want one ID to have access then that is where it gets problematic. There are issues trying to maintain lists of single users so there are drawbacks in either method.

-Rich

Re: System Management Homepage ver 2.0

Marc Pellerin — Tue, 07 Jun 2005 09:19:55 GMT

Thanks

Now

Is there anyway to set up SMH for local access only ?

On another word....disabling port 2381 for outside users.

If there is, we would not have to present the login screen.

If you are on the console, you can get in without being challende with a password (local access - administrators).

Thanks for any info. I am not giving up that easy.

Marc

Re: System Management Homepage ver 2.0

Rich Purvis — Tue, 07 Jun 2005 09:45:51 GMT

Marc,
You can configure the SMH to only allow local access by binding to the loopback ip address, 127.0.0.1

The SMH allows you to configure it to only respond to certain IP addresses as added security, if you bind it to the loopback it will only be accessible from the local system. That probably is not the same thing as "disabling" 2381 but it is as close as you can get right now.

-Rich

Re: System Management Homepage ver 2.0

Marc Pellerin — Tue, 07 Jun 2005 10:04:57 GMT

Rich,

You made my day....

You got a 10 for that one....

Case close

Marc