9 Replies Latest reply on Sep 28, 2017 8:23 AM by Bill Robinson

    No Authorization to access host

    Suraj Mane
      Share This:

      Currently I'm using BMC Server Automation server console 8.5. After I added servers in serverlist when I go to verify server it shows message 'no authorization to access host'.

        • 1. Re: No Authorization to access host
          Suraj Mane
          09/26/17 14:20:34.478 ERRORrscd -  M0690 2360 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
          • 2. Re: No Authorization to access host
            Bill Robinson

            please attach (adv editor) the full rscd log from the time you ran the verify.

             

            what role and user in bsa is running the verify ?

            what is in the exports file ?

            what is in the users file ?

            what is in the users.local file ?

            • 3. Re: No Authorization to access host
              Suraj Mane

              USERS.LOCAL

               

              #

              #  Copyright (c) 2001-2012 BladeLogic, Inc.

              #       -- All Rights Reserved --

              #

              # This file contains a list of user permission overrides. The permissions

              # defined in this file will override any associated permissions defined in the

              # "exports" or "users" file.

              #

              # Please read the BMCBladeLogicAdministration.pdf for details on how to use this

              # file.

              #   

              BLAdmins:BLAdmin

              nouser

               

               

               

              USERS

               

              #

              #  Copyright (c) 2001-2012 BladeLogic, Inc.

              #       -- All Rights Reserved --

              #

              # This file contains a list of user permission overrides. The permissions

              # defined in this file will override any associated permissions defined in the

              # "exports" file.

              #

              # Please read the BMCBladeLogicAdministration.pdf or "users" man page for details

              # on how to use this file.

              #

              BLAdmins:BLAdmin rw,map=Administrator

              nouser

               

               

              EXPORTS

               

              #

              #  Copyright (c) 2001-2012 BladeLogic, Inc.

              #       -- All Rights Reserved --

              #

              #  This file is read by the "rscd" to determine permissions for the given host.

              #

              # Please read the BMCBladeLogicAdministration.pdf or "exports" man page for details

              # on how to use this file.

              10.41.15.14 rw,map=Administrator

              • 4. Re: No Authorization to access host
                Suraj Mane

                RSCD log

                 

                09/27/17 15:55:44.112 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): FIPS Enabled
                09/27/17 15:55:44.115 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Agent version is 8.5.00.416
                09/27/17 15:55:44.118 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): The operation completed successfully. 
                09/27/17 15:55:44.120 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Platform Details: x86_64;M0690;6.1;WindowsNT;7601;x86_64
                09/27/17 15:55:44.126 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: **** RSCD started (app) ****
                09/27/17 15:55:44.131 INFO rscd -  M0690 10852 SYSTEM (Not_available): (Not_available): User Privilege Mapping enabled.
                09/27/17 15:55:44.133 INFO rscd -  M0690 10852 SYSTEM (Not_available): (Not_available): The following local user will be used by the agent for user privilege mapping: BladeLogicRSCD
                09/27/17 15:56:29.868 INFO rscd -  M0690 1556 SYSTEM (Not_available): (Not_available): FIPS already enabled
                09/27/17 15:56:29.874 ERRORrscd -  M0690 1556 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:29.875 WARN rscd -  10.41.15.14 1556 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:56:37.981 ERRORrscd -  M0690 11072 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:37.983 WARN rscd -  10.41.15.14 11072 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:56:41.534 ERRORrscd -  M0690 12260 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:41.536 WARN rscd -  10.41.15.14 12260 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:56:41.548 ERRORrscd -  M0690 12384 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:41.550 WARN rscd -  10.41.15.14 12384 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:56:49.765 ERRORrscd -  M0690 7788 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:49.767 WARN rscd -  10.41.15.14 7788 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:56:49.796 ERRORrscd -  M0690 9416 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:56:49.798 WARN rscd -  10.41.15.14 9416 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 15:57:56.400 ERRORrscd -  M0690 12260 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: M0690\RS
                09/27/17 15:57:56.402 WARN rscd -  10.41.15.14 12260 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user
                09/27/17 16:05:44.629 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 16:15:44.671 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 16:25:44.673 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 16:35:44.674 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 16:45:44.675 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 16:55:44.677 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:05:44.678 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:15:44.679 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:25:44.680 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:35:44.680 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:45:44.681 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 17:55:44.683 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                09/27/17 18:05:44.684 INFO rscd -  M0690 8512 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.
                • 5. Re: No Authorization to access host
                  Suraj Mane

                  BLAdmin  is current user which is used to verify the servers

                  • 6. Re: No Authorization to access host
                    Bill Robinson

                    the order of processing the rsc files is exports, users.local and then users.  you should not put 'nouser' in users local because that means if the incoming user/role is not listed in users.local then processing stops and you are denied access.  you also don't have a correct mapping entry in users.local - the line 'BLAdmins:BLAdmin' is not complete.

                     

                    exports also has incorrect syntax:

                    10.41.15.14 rw,map=Administrator

                    'map' is for users/users.local, user= is for exports.  and it's a terrible idea to do user mapping in exports.

                     

                    your users.local should have this:

                    BLAdmins:BLAdmin rw,map=Administrator

                    your exports file should have this:

                    10.41.15.14 rw

                    and your users file should be populated from an acl push job and contain the 'nouser' entry.

                    • 7. Re: No Authorization to access host

                      Users.local file is missing the mapping:

                       

                      BLAdmins:BLAdmin rw,map=Administrator

                      • 8. Re: No Authorization to access host
                        Suraj Mane

                        Now Export file contains

                         

                        * rw,user=Administrator

                         

                        User.local

                        BLAdmins:BLAdmin rw,map=Administrator

                         

                        and no any entry in users file.

                         

                        After these changes I restarted RSCD service and verified the server again but getting same error.

                         

                        Please let me know, is any entry missing in the above files.

                        • 9. Re: No Authorization to access host
                          Bill Robinson

                          does 'Administrator' exist as a local user on the target ?