Restrict LDAP users on ZENworks Reporting

Ron van Herk

I like using ZENworks Reporting to generate custom reports for ZENworks Configuration Management or for ZENworks Service Desk but there has been one thing I found very annoying, the ability to manage LDAP users and the Roles within ZENworks Reporter. The ZENworks Reporter appliance configuration makes it very easy to add an LDAP source to …

+read more

The post Restrict LDAP users on ZENworks Reporting appeared first on Cool Solutions. Ron van Herk

Related:

  • No Related Posts

Enrolling existing devices to the Apple Device Enrollment Program for simplified provisioning with #ZENworks

jblackett

Introduction As I am sure you are aware, using the Apple Device Enrollment Program (DEP) to enroll devices simplifies the process of provisioning devices with ZENworks and allows you to perform over-the-air supervision of the device. Supervising an iOS device opens a variety of additional settings and profiles that can be applied to restrict the …

+read more

The post Enrolling existing devices to the Apple Device Enrollment Program for simplified provisioning with #ZENworks appeared first on Cool Solutions. jblackett

Related:

  • No Related Posts

Q3 2018 – #ZENworks Community Webinars Announcement

jblackett

I am pleased to announce the next quarter’s ZENworks Community Webinars. This quarter we are trying to broaden our webinars to look not only at ZENworks but also at solutions from our partners and other groups within Micro Focus we think might be interesting to you based on the problems they solve. We’ll be interested …

+read more

The post Q3 2018 – #ZENworks Community Webinars Announcement appeared first on Cool Solutions. jblackett

Related:

  • No Related Posts

“No Syslog box in the dropdown options”.configuring VNX block only array to send logs to syslog server

Article Number: 483920 Article Version: 3 Article Type: Break Fix



Unisphere for VNX

Customer could not get past step 2c in the attached document.

It was determined that they did not have a host agent installed on the appliance or workstation that they wanted to use as the syslog server. (It was also confirmed that they could not install a Host agent on the server due to security considerations.)

Install the appropriate host agent on the syslog server.

You can find the host agent with the following search:

Here’s a link with additional instructions:

https://support.emc.com/search/

Type in Unisphere Host Agent in the (Scope by Product) search box, leave ‘All support’ default in the ‘Scope by resource’ box and most importantly, click on the ‘Advanced Options’ tab over on the lower right. (otherwise a completely different and larger list will populate in findings as it doesn’t do a ‘full text’ search.)

search page screenshot

This search can be modified to find either Windows specific or Unix and other OS versions of the host agents as well. Here are some of the common ones:

ie;

Unisphere Host Agent for Windows 32 and 64-bit

Unisphere Host Agent (Linux x64)

Unisphere Host Agent for Linux x86

Unisphere Host Agent (Solaris x64)

Unisphere Host Agent (Solaris SPARC)

Unisphere Host Agent for AIX

Unisphere Host Agent for HP-UX

*Note: Purposely I left out the version number in all of these, and tested search functionality and they all pull up the latest and older versions of each type.

On a block only array, a host agent must be installed on the syslog server.


>> Here’s a questionnaire that you can provide to customer to determine their set up status:

1. Do you have a Host agent installed on the system (workstation) that you are going to be using as the Centralized Monitor station?

2. What is the Host agent type and version?

3. What is the OS and version on the Portal system or workstation (or VNX array) that you have designated?

4. Have you added the Portal IP address(es) to the Host Agent config file?

5. Could you verify that the other systems or workstations that you expect to see in the Available systems dropdown are not already functioning as portals? Can you also verify that they are running Unisphere for Windows?

6. *If* you are using VNX as the portal, do you have more than 20 hosts attached to the array? Note: the attached document states -> IMPORTANT: Do not use as a portal a VNX system that has more than 20 attached hosts.

.

Related:

  • No Related Posts

Re: Unable to change owner on Windows side

Bestowing ownership is something that Isilon does not support in the same way you would expect it to work on a Windows Server or VNX/NetApp filer. On those systems when you’re a member of the local administrators group, you are given a privilege that enables you to bestow ownership rights on a file. On Isilon with SMB Full Control, and NTFS Full Control, you can only set the owner to a specific person if you, yourself are the present owner. So what can you do instead? You already hit the nail on the head; the answer is run-as-root. Run-as-root treats the specific named user or group as if they are root over SMB, and grants them all the rights necessary to do this. This is why, during data migrations to Isilon our software, DobiMigrate creates hidden administrative shares at the root of each access zone, and only gives one user (the migration service account), access to that share with run-as-root rights, so that we can set proper permissions, and ownership.

I would only caution you here to be extremely selective with who you grant this access to, and also, don’t do it through the normal user shares. Create an administratively hidden share (put a “$” at the end of the name), at a level higher than where the users would connect.

~Chris Klosterman

Principal SE, Datadobi

chris.klosterman@datadobi.com

Related:

  • No Related Posts

Re: sudo file getting ovewritten

We have created a script that enables our ServiceDesk to close OPEN files on Isilon.

We did not want to use a root level account.

We created a custom Role=CloseSMB and gave it these privileges:

Console

Platform API

SSH

SMB

Namespace Traverse

Namespace Access

We created a local account called “Closer” and added it to our CloseSMB role.

The account could not run isi_for_array until we gave it some sudo rights and nopasswrd required

We added to sudo:

Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi

We added to all nodes in cluster.

The script worked.

I went in the GUI to check on CloseSMB privileges.

A few minutes later I was doing some more testing and the script failed.

Something took out our line:

Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi

How do we edit sudo and make it stick?

Elias

Related:

  • No Related Posts

Monitor Solution – What suite?

I need a solution

Hi All,

Can anyone confirm what suite the montioring solution is part of? We currently have asset management and the Client management. I dont think I can use monitoring solution with just these two.

If thats the case, is it possible to safely add it to my environment as a trial to see how it works? Remove afterwards if we dont need it? Looking at replacing nimsoft with it if displays similiar information.

Thanks!

0

1527501547

Related:

  • No Related Posts

Re: SNMP Trap when failure recovered

Hello guys,

I’m testing SNMP function of Scaleio Gateway software(v2.0.0.2) with 3node cluster.

According to User Guide document(p.530), Scaleio gateway sends a SNMP trap when system failure has been fixed.

>Open and closing alerts will consist of the same code and issue number, with the

>exception of the first digit (0 or 1) in the <ISSUE> section. For example:

> SIOXX.XX.0XXXXXX indicates that the alert is active

> SIOXX.XX.1XXXXXX indicates that the alert has been closed

I’ve rebooted Secondary MDM to test the function above.

I had expected the trap contains “SIO02.01.1000001″ would be send by gateway after cluster recovered, but it wasn’t.

Is it normal behavior? If so, do I have to any setting or configuring to activate the function to send trap after failure recovered?

#please see packet capture log below:

————————————

tcpdump -i eth0 -T snmp -s 0 “(dst port 162) or (src port 161) or (dst port161)”

[Before reboot MDM2]

10:41:23.734093 IP [SIO-GATEWAY].38650 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222765000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

[After MDM2 shutdown]

10:41:53.734020 IP [SIO-GATEWAY].36025 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222768000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:41:53.734251 IP [SIO-GATEWAY].36025 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222768000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=5 E:1139.101.1.2=”MDM.MDM_Cluster.MDM_Not_Clustered” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO02.01.0000001″

[During MDM2 rebooting]

10:45:23.733943 IP [SIO-GATEWAY].59254 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222789000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:45:23.734308 IP [SIO-GATEWAY].59254 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222789000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=5 E:1139.101.1.2=”MDM.MDM_Cluster.MDM_Not_Clustered” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO02.01.0000001″

[After MDM2 rebooted]

10:45:53.734101 IP [SIO-GATEWAY].57034 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222792000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:46:23.734032 IP [SIO-GATEWAY].52960 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222795000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

————————————

*: “…” means repeating.

Regards,

Ichiro

Related:

  • No Related Posts

7016262: IDM Patch instructions for non-root install

Steps to install IDM patches (Engine, Remote Loader, drivers) on Linux when IDM has been installed with the non-root install instructions.

IDM Patch instructions for non-root installs

1) ROOTDIR=<non-root eDirectory location>

2) rpm –dbpath $ROOTDIR/rpm -Uvh –relocate=/usr=$ROOTDIR/opt/novell/eDirectory –relocate=/etc=$ROOTDIR/etc –relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory –relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml –relocate=/var=$ROOTDIR/var –badreloc –nodeps –replacefiles <rpm-location>

===

Usage example: We have installed ssop rpm as a user other than root

1) Assuming the <non-root eDirectory location> is /home/user/eDirectory

Under this Directory you should find the following directories and files:

Copyright license nmas opt readme.txt var etc license.txt Packages rpm

the 1st command would be:

ROOTDIR=/home/user/eDirectory

2) With the above in mind the second command would be:

rpm –dbpath $ROOTDIR/rpm -Uvh –relocate=/usr=$ROOTDIR/opt/novell/eDirectory –relocate=/etc=$ROOTDIR/etc –relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory –relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml –relocate=/var=$ROOTDIR/var –badreloc –nodeps –replacefiles /home/user/novell-DXMLssop.rpm

Important Note : All the commands provided are meant to be a single line. The commands may not work if you don’t have the folder <non-root eDirectory location>/rpm and the file named “__db.000” under that folder. This would mean that the base non-root IDM installation has been corrupted. You may want to re-install the base IDM system again to correct this issue.

Related:

  • No Related Posts