- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Discovery with restricted root access.
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2012 04:57 AM
06-01-2012 04:57 AM
Discovery with restricted root access.
Hello
We are trying to discover a linux host in an environment where, for security reasons, the "powers that be" have forbidden and therefore disabled remote root login by ssh. I guess this may be a common issue.
The server does have the Proliant Support Pack installed and the firewall ports have been opened to allow access to the SMH.
The discovery as one would expect is somewhat incomplete. It does see the SMH and SNMP (although it fails to find a matching SNMP System Type Manager rule for sysObjID). It completes with the following major error: -
Major: The system cannot be identified properly for HP SIM to manage;
unable to get one or more of the following: model, serial number or
unique identifier (UUID). For management processors, verify the
system is running the latest firmware. For Linux based operating
systems, you must have dmidecode installed, enable the
PermitRootLogin and PasswordAuthentication in sshd, and use root
sign-in credential. For HP-UX, verify the sign-in credential. For
Windows, check if WMIMapper is configured correctly on the CMS and
verify the sign-in credential.
The powers that be are willing to type in the root password for the pupose of importing the management server certificate so that a trust relationship can be built between it and the SMH. I had hoped that this would allow the manager to gather all the extra information it needed to make a fuller discovery of the system. Sadly this was not the case, a subsequent discovery of the server did not gleen any further information depite the existence of a trust relationship between the SMH and the Manager.
We can trick the discovery by manualy entering the serial number of the server using "Edit System Properties" and then discovering the iLO. Information gleened from the iLO is then used to further populate the information held about the server. At this point the picture looks good but I suspect that the communication between host and manager is not working correctly, for instance the status of the SMH (currently major) is not being relected in the manager.
Most recently we have looked at "privilege elevation" using sudo, sadly we suspect that discovery is not coded to be able to use the "priviledge escalation" settings.
So, has anyone got any suggestions? Is there something we have overlooked? or are we destined never to be able to get this to work properly without using direct root credentials?
Any help or suggestions most welcome.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2012 06:05 PM
07-22-2012 06:05 PM
Re: Discovery with restricted root access.
- Most recently we have looked at "privilege elevation" using sudo, sadly
- we suspect that discovery is not coded to be able to use the "priviledge
- escalation" settings.
Sadly I suspect you're correct. :-(
I wanted to discover Llinux systems using a non-root user account with Privilege Elevation (sudo) but, while I could see SIM 7.0 login to the clients using the non-root account, there was never a sign of sudo (or other logging stubs I put in its place in my debugging) being invoked.
Root user or nothing, I believe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 02:57 AM
08-30-2012 02:57 AM