I am in BL8.0 SP6, environment is Linux 32bit and I try to setup authentication between appserver and agent using a certificate.
I did all three steps mentioned in the administration guide (generating the certificate, adding the passphrase to the appserver's securecert-file and adding the SHA1-fingerprint to the agents certs/bladmin-file). To allow the root-users to connect from the appserver to the agent I added "root rw,map=root" to the users.local-file of the agent.
When I now try to invoke some command like "nexec -i -l blrscd80 /bin/bash" I get
- in the agent's rscd.log:
01/04/11 08:13:40.655 WARN rscd - 192.168.187.121 5843 0/0 (root): nexec: Certificate check failed
- on the appservers's commandline:
Not authorized to run this command
Added info: when I invoke "agentinfo blrscd80" I get:
Agent Release : 188.8.131.522
Hostname : blrscd80
Operating System: Linux 2.6.18-164.el5
User Permissions: 0/0 (root/root)
Security : Protocol=5, Encryption=TLS1 with X.509 Certificates
Host ID : A8C0CBBB
# of Processors : 1
License Status : Licensed for NSH/CM - Expires Tue May 17 23:06:36 2011
This seems to be ok.
Does anyone have an idea what caused this error?
Nachricht geändert durch Reinhard Vielhaber - added "agentinfo"-output
The solution was very simple. The documentation describes the way to allow client-connections for the "bladmin"-user. But I invoked the "nexec"-command as "root"...
After creating a certificate for "root" and changing "bladmin" to "root" in the secadmin- and putcert-commands, I was able to connect in a secure manner.