Reporter : "not allowed for user admin VMWARE"

ShaunG
ShaunG
in VMware

Good Day,

When we try and create reports, we now get the following :

ACL      : not allowed for user admin VMWARE: VM, cluster_SLM-BDC01-GLD01-S-LINUX, SRV005361

ACL      : not allowed for user admin VMWARE: VM, cluster_SLM-CDC01-GLD01-S-LINUX, SRV005362

Thisis from LPAR2RRd after installing Xormon. Would Xormon installation mess with LPAR2RRD's reporting feature ?

Regards

Comments

  • Pavel
    Pavel

    do you have set any ACL for the user you use?

  • ShaunG
    ShaunG

    Good Day,

    I have found these files owned by xormon :

    # find /home/lpar2rrd/ -user xormon

    /home/lpar2rrd/lpar2rrd/etc/web_config/audit.log

    /home/lpar2rrd/lpar2rrd/etc/web_config/users-xormon.json

    Xormon Would not link to LPAR2RRD so we stopped / disabled it. For access to LPAR2RRD we have defined two AD Groups. One is an Admin Group and another is a User Group. I login to LPAR2RRD with my AD Account which is in the Admin Group. These groups are defined in the httpd.conf file and that works fine with regards logging in etc.

    The reporting feature is now creating PDF's that cannot be opened as it contains no pages according to error. There are no ACL's defined anywhere else.

    Regards

  • ShaunG
    ShaunG

    How to edit this file to grant admin access ?

    $ cat /home/lpar2rrd/lpar2rrd/etc/.web_config/users.json

    {

      "ACLimported" : false,

      "groups" : {

       "ReadOnly" : {

         "description" : "Member can see everything but nothing can change."

       },

       "admins" : {

         "ACL" : {

          "lpars" : {},

          "vms" : {},

          "solo" : {},

          "cgroups" : [

            "*"

          ]

         },

         "description" : "LPAR2RRD Administrators"

       }

      },

      "users" : {

       "admin" : {

         "last_login" : "",

         "active" : 1,

         "htpassword" : "$apr1$CSoXefyw$wGe9K7Ld5ClOEozE4zC.T1",

         "name" : "LPAR2RRD Administrator",

         "email" : "",

         "created" : "2017-09-22T13:39:47Z",

         "groups" : [

          "admins"

         ],

         "config" : {

          "db_width" : 120,

          "db_height" : 50,

          "timezone" : "",

          "db_items" : [],

          "locale" : "en-US",

          "menu_width" : 150

         },

         "updated" : "2017-09-22T13:39:47Z"

       }

      }

    }

  • Pavel
    Pavel

    do not edit it, it is a backup anyway, use UI --> settings --> users --> ACL

  • ShaunG
    ShaunG

    Good Day,

    We did try implement the follwoing :

    https://lpar2rrd.com/apache_auth.php

    ... but it voided our AD Group access so we unconfigured it. I am assuming since we implemebnted the above at a point it made changes that are not reversable when we unconfigured it ?

  • Pavel
    Pavel

    I do not understand that

  • ShaunG
    ShaunG

    Good Day,

    Currently we use AD LDAP Authentication. There is an Admin Group and a User Group. I am in the Admin Group and when I login I can see everything. If I try and run a report the following happens :

    reporter START : Thu Oct 12 13:16:08 2023

    load cfg    : /home/lpar2rrd/lpar2rrd/etc/web_config/reporter.json

    product    : LPAR2RRD

    user      : admin

    report name  : Lameez Request

    format     : PDF

    start time   : 1696575600, 09:00:00 06.10.2023

    end time    : 1696597200, 15:00:00 06.10.2023

    ACL      : not allowed for user admin VMWARE: VM, cluster_SLM-BDC01-GLD01-S-LINUX, SRV005361

    ACL      : not allowed for user admin VMWARE: VM, cluster_SLM-CDC01-GLD01-S-LINUX, SRV005362

    create PDF   : /home/lpar2rrd/lpar2rrd/reports/admin/Lameez_Request/Lameez_Request-20231012_131613.pdf

    remove dir   : /home/lpar2rrd/lpar2rrd/reports/admin/Lameez_Request/PDF-tmp

    emails found  : 1

    attachment   : Content-Type="application/pdf",filename="Lameez_Request-20231012_131613.pdf"

    send email to : group="admins" email="sanlam-linux@bcx.co.za" from="noreply@sanlam.co.za"

    download    : /home/lpar2rrd/lpar2rrd/reports/admin/Lameez_Request/Lameez_Request-20231012_131613.pdf

    stored report : /home/lpar2rrd/lpar2rrd/reports/admin/Lameez_Request/Lameez_Request-20231012_131613.pdf

    reporter END  : Thu Oct 12 13:16:15 2023

    Now we have no ACL's in LPAR2RRD ... it shows as follows :

    User management

    Apache authentication is not defined for this tool. Please follow online instructions to get it work.

  • Pavel
    Pavel

    are you running it from a cmd line like this: https://lpar2rrd.com/reporter-scripting.php

    are you under support? it is an enterprise version feature.

  • ShaunG
    ShaunG

    Good Day,

    No ... the free version where we are restricted to a single report. The report is configured and run from the WebUI.

    It has been working fine for many years but when we tried to implement ACL's briefly and it did not work so we rolled that back but it seems something remianed ? That is the issue.

    The original httpd.conf was put back and the .htpasswd files were removed.

    Regards

  • Pavel
    Pavel

    UI --> settings --> users --> ACL

    is there anything persist?

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion