Look in the user ? in the 8.0 docs there is a section on this starting on p149
This is the first time we have spoken to the agent (hence we haven't pushed ACLs) so there isn't anything in the user file yet.
I still can't see anything regarding Automation Principles in the docs, Bill? That's all AD integration stuff from p149?
What doc version are you looking at? 8.0, 8.1 ?
8.0 (800-622) docs... in the administration guide?
The user guide.
That'll be why I couldn't find it!! Strange place for it to be.... definitely an Administration task!
I'm still unsure of what to initially put in the users.local file to add it into BladeLogic though?
Would it be....
1 of 1 people found this helpful
You don't need to put anything in users or users.local.
If you are attempting to test with any job that uses NSH (file deploy e.g.), you will need to set up and use an NSH proxy. Also, windows patch analysis jobs (and probably others) don't work properly with automation principals yet but I'm told they will after sp10 is available. If you test with a deploy or something that doesn't use nsh it should work without anything in users/users.local assuming you have set up the automation principal properly.
You don’t need to set the users.local if you decide to only use Automation Principals.
You can map Agent ACLS for a role by mapping it to the automation principal you created. Or you can use server properties to map depending on a per server basis.
If the automation principal doesn’t work, certain things fall back to the old legacy mechanism of user mapping and then the settings in the Users and users.local can make an impact.
But currently I get a "log in not allowed for user" error which must be something to do with the users.local file?
Do you know if BMC have definitely confirmed that windows patch analysis jobs dont work with automation principles? That would be very bad news for us....
Is there any other way of mapping to a domain user without using automation principles?
What version and SP are you using?
How are you designating the use of the automation principal for the target server? The role with which you are attempting to contact the target server needs to either map directly to the automation principal for all windows servers or map to a server property that can contain a reference to an automation principal instance. If this is not the case, then it falls back to using user mapping instead.
The domain user referenced in the automation principal also needs to be able to access the server as well (usually a member of the admins group either directly or indirectly).
I had a ticket with BMC support regarding Windows Patching jobs not working properly with automation principals and they said the only fix was to use sp10 agents once they are available.
I have set the BLAdmins role to use the automation principle for user mapping, so I'm fairly sure the Blade core side is OK.
The only info I think I need is just users.local file details:
BLAdmins:BLAdmin rw,map= ????????