Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

Using check_esxi_wbem with non-root user in ESXi 4.1
Wednesday - Oct 27th 2010 - by - (8 comments)

I received an interesting e-mail yesterday from a check_esxi_wbem user. Prior the release of ESXi 4.1 it was possible to create a read-only user which was used to run the plugin, e.g.:

https://192.168.1.4 someuser somepassword dell

Since the ESXi 4.1 release an error "Authorization failed" is now returned. Here's a work-around, how to use a user which is not root. Note: In any case, using the root-user will still work!

- In the vSphere client select the ESXi host, open "Local Users&Groups" tab
- Add a new user with the following or similar details:
User: nagios, UID: 1001, Name: Nagios User, Password: Test-12345, Add to group root
It is necessary that the password contains at least one capital letter, at least one lower case letter and at least a number. The password has also a minimal and maximum length. If the password is not good, you'll get an error message. And yes, unfortunately it is necessary to add the new user to the group 'root'. The other groups won't work. But that doesn't mean that the new user now has root rights. SSH is per default disabled in ESXi servers and even it it were enabled, the following entry was added into the /etc/passwd file:

/etc/passwd:
nagios:x:1001:0:nagios user:/home/nagios:/sbin/nologin

And once again, this only affects check_esxi_wbem plugin-users which don't use the root-user to query the vSphere CIM.

 

Add a comment

Show form to leave a comment

Comments (newest first):

Ian Miller wrote on Aug 15th, 2016:
Just a quick note to say that the method below (adding manually to /etc/group), works for me with a read-only user on ESXi 6.0 u2. Great!

Andreas wrote on Jun 15th, 2016:
works here on 5.1 with a non-root user and with ReadOnly role:

I added the user manually to the root-group via ssh to the server by editing the /etc/group file:

~ # egrep icinga /etc/passwd
icinga:x:1000:1000:Nagios:/:/bin/sh
~ #
~ # egrep icinga /etc/group
root:x:0:root,icinga
icinga:x:1000:
~ #


Andreas

guly from Italy wrote on Mar 27th, 2014:
did anyone configure 5.1 with non-root user?

Leonardo Lage from Brazil wrote on Feb 21st, 2013:
The solution is very simple. You need create user normally. You cant set group, no problem.

goes to permisstion tab, and click add permission.

selece the user you like to grant administration privilegies, and select administrator privilege role.

The best option probably is create a role only with sensors permisions, but I not know to create it yet.

Leo




Kim wrote on Jan 14th, 2013:
vsphere 5.1 does not support localgroup, what is a option to use another user account to query the esxi cim? I do not want to use root user and password on nagios.

Leonardo Lage from Brazil wrote on Dec 26th, 2012:
Hello,

Now on vsphere 5.1 not have more root group, what is a option to use another user to your plugin check esxi? I not like to use root user and pass on nagios.

Thank you

Mircea Vutcovici wrote on Jun 20th, 2011:
The root group is mapped to Administrator role in ESX. This means that nagios user will have access to all operations over ESX server. If you change to a limited role and even to a clone of Administrator role it will not work. It is working only with the built in Administrator role. The group can be any group, but that group must be mapped to Administrator role.

Philippe Barsalou wrote on Jun 16th, 2011:
Thanks. Solved my issue.


Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

7367 Days
until Death of Computers
Why?