- Community Home
- >
- Servers and Operating Systems
- >
- ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Discovery with restricted root access.
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-01-2012 04:57 AM
06-01-2012 04:57 AM
Discovery with restricted root access.
Hello
We are trying to discover a linux host in an environment where, for security reasons, the "powers that be" have forbidden and therefore disabled remote root login by ssh. I guess this may be a common issue.
The server does have the Proliant Support Pack installed and the firewall ports have been opened to allow access to the SMH.
The discovery as one would expect is somewhat incomplete. It does see the SMH and SNMP (although it fails to find a matching SNMP System Type Manager rule for sysObjID). It completes with the following major error: -
Major: The system cannot be identified properly for HP SIM to manage;
unable to get one or more of the following: model, serial number or
unique identifier (UUID). For management processors, verify the
system is running the latest firmware. For Linux based operating
systems, you must have dmidecode installed, enable the
PermitRootLogin and PasswordAuthentication in sshd, and use root
sign-in credential. For HP-UX, verify the sign-in credential. For
Windows, check if WMIMapper is configured correctly on the CMS and
verify the sign-in credential.
The powers that be are willing to type in the root password for the pupose of importing the management server certificate so that a trust relationship can be built between it and the SMH. I had hoped that this would allow the manager to gather all the extra information it needed to make a fuller discovery of the system. Sadly this was not the case, a subsequent discovery of the server did not gleen any further information depite the existence of a trust relationship between the SMH and the Manager.
We can trick the discovery by manualy entering the serial number of the server using "Edit System Properties" and then discovering the iLO. Information gleened from the iLO is then used to further populate the information held about the server. At this point the picture looks good but I suspect that the communication between host and manager is not working correctly, for instance the status of the SMH (currently major) is not being relected in the manager.
Most recently we have looked at "privilege elevation" using sudo, sadly we suspect that discovery is not coded to be able to use the "priviledge escalation" settings.
So, has anyone got any suggestions? Is there something we have overlooked? or are we destined never to be able to get this to work properly without using direct root credentials?
Any help or suggestions most welcome.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-22-2012 06:05 PM
07-22-2012 06:05 PM
Re: Discovery with restricted root access.
- Most recently we have looked at "privilege elevation" using sudo, sadly
- we suspect that discovery is not coded to be able to use the "priviledge
- escalation" settings.
Sadly I suspect you're correct. :-(
I wanted to discover Llinux systems using a non-root user account with Privilege Elevation (sudo) but, while I could see SIM 7.0 login to the clients using the non-root account, there was never a sign of sudo (or other logging stubs I put in its place in my debugging) being invoked.
Root user or nothing, I believe.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-30-2012 02:57 AM
08-30-2012 02:57 AM
Re: Discovery with restricted root access.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP