2 Replies Latest reply on Jan 19, 2010 12:20 PM by Chris NameToUpdate

    RBAC?

      I'm trying to create a Role for provisioining new machines.  BLAdmin can provision servers on this system with no problem.  When I go to provision with the WinProv role, I get an error as soon as I click "Finish" on the "Provision Now" dialoge process.  The error reads: "fileExists failed: No authorization to access host"

       

      The device has Anonymous and Everyone set to "Device.*" when it is sitting in the PM "Imported" window.

      On the Server ACL page (7 of 8), it lists BLAdmins and WinProv as having Server.*

       

      The role has(as of my last test) the following permissions in RBAC.

       

      BatchJob.Execute, ModifyTargets, Read

      BLPackage.Read

      CustomSoftware.Read

      DeployJob.Cancel, Execute, ModifyTargets, Read

      DepotFile.Read

      DepotFolder.Read

      Device.*

      JobFolder.Read

      NSHScript.Read

      NSHScriptJob.Cancel, Execute, ModifyTargets, Read

      PropertyInstance.Read

      ProvisionConfig.*

      ProvisionJob.*

      Server.* (As troubleshooting, would like to pare down when fixed)

      ServerGroup.Read

      SystemPackage.*

      SystemPackageFolder.*

      SystemPackageType.*

      WindowsSoftware.Read

       

      When I click "Finish" to try to kick off the provision job, the target server still sits at "BMI Awaiting Next State" and does not progress whatsoever prior to the PM throwing the "fileExists" error.

       

      I see no applicable errors in the PXE or TFTP.log files.

        • 1. Re: RBAC?

          Check the rscd log on the app server/file server. Also check the appserver console log

          1 of 1 people found this helpful
          • 2. Re: RBAC?

            Excellent tip.  I started digging around in appserver, console and RSCD logs on the appserver, fileserver and then finally the provisioning server itself.  I finally found something pertinent on the provisioning server.  The RSCD log had the following line:

             

            "...: CM: Failed to map user to local user"

             

            I started digging around, and sure enough my WinProv role has not had ACLs published on the provisioning server.  A quick ACL push later and my provisioning job is up and running.  TYVM!