- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: WORKAROUND FOUND: Forbidden to access SMH on C...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 05:31 AM - edited 05-03-2012 05:36 AM
05-03-2012 05:31 AM - edited 05-03-2012 05:36 AM
Hi all,
I just installed a new XenServer 6.0.2 onto a DL380 G6 and added the "HP SNMP Agents for Citrix XenServer 9.0" supplemental pack. It all installed without errors but I am not able to access the system management homepage (SMH) using https://servername:2381
I get the well-known certification warning that's normally is not a problem but after that it says: "Forbidden. You don't have permission to access / on this server."
The logfile /var/spool/opt/hp/hpsmh/logs/error_log says "(13)Permission denied: access to / denied", but I can't see anything in the configuration of SMH that would explain this behavior:
smhconfig -V ------------------------------------- -------HP SMH Current Settings------- ------------------------------------- anonymous-access = false box-item-order = status box-order = status config-level = Informational custom-ui = false disable-sslv2 = true ssl-cipher-suite = ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM:SSLV2?:+EXP:-LOW:+eNULL httpd-error-log = false iconview = false ip-binding = false ip-restricted-logins = false localaccess-enabled = false localaccess-type = Anonymous log-level = error autostart = false timeoutsmh = 30 port2301 = false allow-default-os-admin = true reject-prog-admin-login = true rotate-logs = 0 rotate-logs-size = 5 session-maximum = 128 session-timeout = 15 trustmode = TrustByCert ui-timeout = 120
Allowing "anonymous-access" or disabling iptables also did not help. The accessing client is in the same subnet as the XenServer.
Does anybody have a hint for me?
Thank you very much!
ulli.
Solved! Go to Solution.
- Tags:
- SMH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2012 09:26 AM - edited 05-04-2012 09:33 AM
05-04-2012 09:26 AM - edited 05-04-2012 09:33 AM
SolutionThe HP support helped me find a workaround: XenServer version 6.0.2 sets a different permission to /. Instead of 755 (drwxr-xr-x) as it was in 6.0 it is 700 (drwx------) in 6.0.2 and with this setting the apache that serves the SMH is somehow not allowed to access the needed files anymore.
Execute the following command to determine the permissions of your root dir:
ls -ld /
If it shows
drwx------ 24 root root 4096 Feb 5 16:41 /
executing the follow command will set permissions so the apache will be able to access the SMH files again and serve them to your webbrowser:
chmod 755 /
Yet I am wondering if it is wise to expand everyones rights on / and that Citrix will surely have had a good reason to set the permission this way. Also I cannot comprehend why the apache would need access to / when all of the served data resides somewhere down the path of /opt/hp/hpsmh. Can it be that the apache config of the HP Agents is not as secure and tested as one may want to believe? The problem with the apache is that the system administrator is not allowed to edit the apache config for it is overwritten by the settings made with smhconfig every time you restart the hpsmhd. too bad :-(
If anybody has an opinion about this, please share it...
Thank you and have a pleasant weekend!
ulli.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2012 07:02 AM
05-17-2012 07:02 AM
Re: WORKAROUND FOUND: Forbidden to access SMH on Citrix XenServer
Hi,
thanks a lot for the post. It help me from frustration :)
We have some Xenservers instaled with the 1st version of Xenserver 6.02 (before it was upgraded with hotfixes) and there the permission are correct - 755.
But on the new updated 6.02 version we face the same issue ...
I will check with Citrix if they have some conlusion.
Regards,
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2012 03:54 AM
07-16-2012 03:54 AM
Re: WORKAROUND FOUND: Forbidden to access SMH on Citrix XenServer
Hi...
we are currently having the ame issue, PLUS we cannot even get SNMP wotking on the XenServer machine.
We are unable to discover using SNMP, despite the agent being installed, FW ports opened locally on the XenServer.
We have the root access for SSH, so we can discover basic info.....however we are unable to test traps from it, or load the SMH.
can you either: help with the configuration of the agent, OR tell me the benefit of using the HP SIM Agent on the XenServer, as we already have the blade enclosure fully discovered.... will the events fro teh enclosure be detailed enough to alert of any significant HW failure on the XenServer blade ?
thanks
Sven.