Subscribe

HOSTS authentication problem

[ Edited ]

I'm trying to use host-based authentication (h

osts.equiv), but it's failing. I get the error:

"User  does not have capability to invoke API quota-report."

 

If it's not clear, there are two spaces after 'User', as if it were printing a null username. Sure enough, from the log:

Tue Oct 27 11:44:14 CDT [near19: useradmin.unauthorized.user:warning]: User '' denied access - missing required capability: 'api-quota-report'

 

Am I missing something?

Re: HOSTS authentication problem

Try adding the user name in your code. No need to set password, just the user.

For example, in perl use the following call:

$s->set_admin_user($user, $pw);

Re: HOSTS authentication problem

Already trying that:

        $s->set_admin_user("root", "");

Same error.

I thought perhaps it was because we do not have a user explicitly specified in our hosts.equiv file, but adding another line which explicitly specifies root doesn't change anything.

I've tried it on two filers, one running 7.2.2 and one running 7.3P6.

Re: HOSTS authentication problem

Try this code.. it works for me.

--

Nagendra K

Re: HOSTS authentication problem

Hmm.... Failed for me, but I did have to make one change, because my test filer doesn't have HTTPS set up. Does it work for you if you use HTTP transport instead of HTTPS?

Re: HOSTS authentication problem

Yes, it does. I just added the Server IP in /etc/hosts.equiv, then invoked this script without providing user name it worked.

Hosts.equiv file

Re: HOSTS authentication problem

I tried adding the ip instead of the hostname to the hosts.equiv

file, just in case that was the problem, but got the same result:

<results status="failed" reason="User  does not have capability to invoke API system-get-version." errno="13003"></results>
Failed: User  does not have capability to invoke API system-get-version.

Is there any sort of additional debugging I could enable?

Re: HOSTS authentication problem

Are logs indicating any errors?

Also, try adding " root" in /etc/hosts.equiv and invoke the script "perl hosts_ontapi_hosts.pl 10.73.69.216 root".

Re: HOSTS authentication problem

I see this in logs/ems:

<LR d="27Oct2009 13:50:33" n="jackson-960" t="1256669433" id="1250085766/25568" p="4" s="OK" o="api_mpool_00" vf="">
<useradmin_unauthorized_user_1
        username=""
        capability="api-system-get-version"/>
</LR>

Adding " root" to hosts.equiv didn't change anything. It looks like the problem is that it's not picking up the username for some reason. Is there some way to see if it's actually being sent?

Re: HOSTS authentication problem

It is quite difficult to debug this way. Try using zexplore to check things out. Meanwhile, can you send me the piece of code and the hosts.equiv file that you are using. Let me try that out and get back to you.