3 Replies Latest reply on Mar 3, 2009 2:47 AM by Lee Harris

    NSH Proxy Authentication

      I've just enabled an NSH proxy server on one of our AppServers (not dedicated). I've done the stuff in the Admin Guide to setup the secure file on my Client, and to some extent it appears to work, in as much as if I launch NSH from my PC I get prompted to select from one of the numerous roles I have access to.


      So, I select BLAdmins, and then connect to managed servers, but on each one it appears that I am not mapped to "root" as I would expect.


      /usr/lib/rsc/users has mappings for NSH which map me to root, however, and for some weird reason I am mapped to my actual Unix level account (which is not the same as my Bladelogic login).

        • 1. Re: NSH Proxy Authentication
          Bill Robinson

          can you run nsh, be BLAdmins and run an 'agentinfo' against a server you should have root on?


          then post the secure from your client, and the exports, users, users.local and rscd.log from the target ?

          • 2. Re: NSH Proxy Authentication

            Actually, before I do that, I just noticed this....


            When I launch NSH this morning, I get this message...


            SSO Error: Could not find a credential in cache file "C:\Documents and Settings

            \\Application Data/BladeLogic/bl_sesscc" that matches the current authent

            ication profile

            Error in Initializing RBAC User and Role (SSO Proxy)

            Network Shell can be used for local access


            So... I ran this command from my client...


            blcred cred -acquire -profile "BL Production B" -loginconf "C:\Program

            Files\BladeLogic\OM\br\blclient_krb5.conf" -krb5conf "C:\Program Files\BladeLog



            (Where BL Production B is the auth profile name that connects me to the server I configured the NSH proxy on).


            And I get this in response...


            Terminating due to a runtime exception: Configuration Error:

            Line 0: expected , found


            Am I doing something wrong here, or did I find a bug?

            • 3. Re: NSH Proxy Authentication

              Actually I think I've just worked this out...


              Once I logged into CM and selected "Cache Session Credential" I am no longer getting that error when launching NSH.


              Also, I notice that the agentinfo shows user permissions of root/root...




              if I do this...


              nexec id


              it shows me also that I have a uid of 0.


              I think what's throwing me is that when I just run "id" its showing me who I am on my Windows laptop even when I've moved to a server by doing cd //server.domain.


              Message was edited by:

              Lee Harris