I received an interesting e-mail yesterday from a check_esxi_wbem user. Prior the release of ESXi 4.1 it was possible to create a read-only user which was used to run the plugin, e.g.:
https://192.168.1.4 someuser somepassword dell
Since the ESXi 4.1 release an error "Authorization failed" is now returned. Here's a work-around, how to use a user which is not root. Note: In any case, using the root-user will still work!
- In the vSphere client select the ESXi host, open "Local Users&Groups" tab
- Add a new user with the following or similar details:
User: nagios, UID: 1001, Name: Nagios User, Password: Test-12345, Add to group root
It is necessary that the password contains at least one capital letter, at least one lower case letter and at least a number. The password has also a minimal and maximum length. If the password is not good, you'll get an error message. And yes, unfortunately it is necessary to add the new user to the group 'root'. The other groups won't work. But that doesn't mean that the new user now has root rights. SSH is per default disabled in ESXi servers and even it it were enabled, the following entry was added into the /etc/passwd file:
And once again, this only affects check_esxi_wbem plugin-users which don't use the root-user to query the vSphere CIM.