Active IQ Unified Manager Discussions

Why is the Operations Manager {DFM} interface didn't keep sessions?

eduard_abrahamyan
6,379 Views

I have installed DFM on a server.

If I login to the server with remote connection and then start DFM web interface I can brouse between pages.

If I connected by brouser from my computer remoutly to DFM web interface, I must do relogin for each pges.

1. http://server.com:8080

2. login

3. click on backup tab

4. login

5. click on restore tab

6. login ....

here is the example after few steps and relogin between each of staps..

-------------------

Permission denied

You do not have the capability to perform the DFM BackupManager Restore operation on filerhostname:/folder_u01/u01.Log in as an administrator to try again.

-------------------

I have been login by domin credentiol.

Question:

how to do keep alive the session in DFM if I konnect remoutly to service?

thanks in advance

8 REPLIES 8

agireesh
6,379 Views

Hi Eduard,

From your post I can guess that your are login in operation manager as a non-admin or non-root user that doesn’t has any capability to perform any action on the operation manager, Even though your user doesn’t has “GlobalRead” permission on operation manager due to that you are seeing login page when you clicking on some link . Could you please tell me what are the roles and capabilities you assign to your user.

Regards,

Gireesh

eduard_abrahamyan
6,379 Views

Hi Gireesh

Thanks for replay

My user have GlobalFullControl role and have same issue.

the goals is to give access for remote connetion to DFM web interface to the SubgroupBackupReadRestore role users.

that kind of users and GlobalFullControl users have same issue with login each time after click on some link inside of DFM interface.

How the autontification to interface is done? Is there sessions mechanismus?

with regards.

agireesh
6,379 Views

Could you please share the output of below commands:

dfm user role list <user-name>

and

dfm role list –x <role-name>

role-name is listed in output of “dfm role list <user-name>” command. if this command list more than one role then please share the output of command for each role.

Regards,

Gireesh

pradeepl
6,379 Views

Hi,

which version of dfm are you using?

Regards

Pradeep L

eduard_abrahamyan
6,379 Views

the version is: 4.0.0.6953 (4.0)

---------

View Administrator 

                             
Administrator or Windows Group Name[domainname]\[username]   
RolesGlobalFullControl    
Email Address   
Pager Address   

----------------

View Role
Role NameGlobalFullControl
DescriptionManage everything in DataFabric Manager
Capabilities
ResourceOperations
GlobalDFM.Core.Control, DFM.Core.Delegate
Inherit Capabilities from other Roles
RolesGlobalBackup, GlobalRestore, GlobalMirror, GlobalRead, GlobalSAN, GlobalEvent, GlobalAlarm, GlobalQuota, GlobalSRM, GlobalWrite, GlobalDelete, GlobalExecute, GlobalConfigManagement, GlobalDataSet, GlobalPerfManagement, GlobalSDFullControl, GlobalProvisioning, GlobalFailover, GlobalStorageService

agireesh
6,379 Views

Could you please check the log message in audit.log. What are you getting in audit.log when you performing an action that show the permission denied…?

If possible could you please share your log messages in audit.log for permission denied.

Regards,

Gireesh

eduard_abrahamyan
6,379 Views

Hello.

sorry for late respond.

See bellow the audit log part.

As i understood the problem caused because of changing/flapping  firewall/proxy IP during connection. (IP1, IP2)

If I connect to DFM page from same network the log-out wasn't caused.

I think the problem have been solved.

=== audit start ===

Nov 28 08:52:26 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:dfm report view suite:

Nov 28 08:52:29 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:http://DFMServerIP:8080/dfm/edit/login?:

Nov 28 08:52:59 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm user login username=DOMAIN\USER01 password=******:Logged in as <B>DOMAIN\USER01</B>.<BR>

Nov 28 08:52:59 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view suite:

Nov 28 08:53:05 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view summary group=0:

Nov 28 08:53:07 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm graph volume-usage-vs-total-1d 0 width=290 height=120 group=0:

Nov 28 08:53:14 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP2]:dfm report view appliances group=0:

Nov 28 08:53:16 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:dfm report view appliances group=0:

Nov 28 08:53:18 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:http://DFMServerIP:8080/dfm/edit/login?:

Nov 28 08:53:39 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm user login username=DOMAIN\USER01 password=******:Logged in as <B>DOMAIN\USER01</B>.<BR>

Nov 28 08:53:39 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view appliances group=0:

Nov 28 08:53:40 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP2]:dfm report view appliances group=0:

Nov 28 08:53:54 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:dfm report view summary group=0:

Nov 28 08:53:55 [dfm:NOTIC]: Unknown:WEB:in:[IP2]:dfm graph volume-usage-vs-total-1d 0 width=290 height=120 group=0:

Nov 28 08:53:58 [dfm:NOTIC]: Unknown:WEB:in:[IP1]:http://DFMServerIP:8080/dfm/edit/login?:

Nov 28 08:54:14 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm user login username=DOMAIN\USER01 password=******:Logged in as <B>DOMAIN\USER01</B>.<BR>

Nov 28 08:54:14 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view summary group=0:

Nov 28 08:54:16 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP2]:dfm graph volume-usage-vs-total-1d 0 width=290 height=120 group=0:

Nov 28 08:54:39 [dfm:NOTIC]: Unknown:WEB:in:[IP1]:dfm report view appliances group=0:

Nov 28 08:54:41 [dfm:NOTIC]: Unknown:WEB:in:[IP1]:dfm report view appliances group=0:

Nov 28 08:54:47 [dfm:NOTIC]: Unknown:WEB:in:[IP1]:http://DFMServerIP:8080/dfm/edit/login?:

Nov 28 08:55:06 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm user login username=DOMAIN\USER01 password=******:Logged in as <B>DOMAIN\USER01</B>.<BR>

Nov 28 08:55:06 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view appliances group=0:

Nov 28 08:55:07 [dfm:NOTIC]: DOMAIN\USER01:WEB:in:[IP1]:dfm report view appliances group=0:

Nov 28 08:55:14 [dfm:ERR]: DOMAIN\USER01:WEB:err:[IP2]:dfm report view appliance-details 75 group=0:You do not have the capability to perform the <B>DFM Database Read</B> operation on <B>FilerHostname1</B>.

=== audit END ===

eduard_abrahamyan
6,379 Views

May I ask to review the issue posted in

https://communities.netapp.com/thread/6279

"Restrict "Domain Admins" in Operations Manager"

by default Windows Administrators group members are superusers in DFM.

Is it passible to change it to and other croup and remove Administrators group.

Thanks in advance

Public