Highlighted
Hemulll
3 Argentium

sm_authority or authozie via Radius or another method

Hello All.

I looking for a solution fo authentication via Radius os some another way.

Something that i found is SM_Authority variable that i can change to "--env=SM_AUTHORITY=IDENTIFY=sm_authority,AUTHENTICATE=/usr/bin/perl /opt/InCharge/SAM/smarts/local/script/sm_authority.pl'" or put it directly into run.cmd as a variable.

So, i have 2 questions

1) Where can i get sm_authority_ldap.pl ?

2) When i try to use SM_AUTHORITY variable. i get next error in domain manager log file

[September 11, 2012 1:45:23 AM GMT+07:00 +582ms] t@1203198272 HTTP #2

AUTH-E-EUNKNOWNMSG-Authority /usr/bin/perl  /opt/InCharge/SAM/smarts/local/script/sm_authority.pl sent unknown message "Bareword found where operator expected at (eval 53) line 1, near "/# credentials BrokerNonsecure/Nonsecure"

[September 11, 2012 1:45:23 AM GMT+07:00 +583ms] t@1203198272 HTTP #2

AUTH-E-EUNKNOWNMSG-Authority /usr/bin/perl  /opt/InCharge/SAM/smarts/local/script/sm_authority.pl sent unknown message "        (Missing operator before Nonsecure?)

[September 11, 2012 1:45:23 AM GMT+07:00 +586ms] t@1203198272 HTTP #2

AUTH-E-EUNKNOWNMSG-Authority /usr/bin/perl  /opt/InCharge/SAM/smarts/local/script/sm_authority.pl sent unknown message "Bareword found where operator expected at (eval 56) line 1, near "/# 1.  Change the privileges for BrokerNonsecure/Nonsecure"

First time after domain manager started, authorization works but second time i get errors and authorization cold.

if i put incorrect password is cold too.

I try to work with different versions of sm_authority.pl from DFM 7,8 and 9. But get same error.

Somebody have document how to work with sm_authority from EMC P.S?

Somebody have sm_authority_ldap.pl or script that authorize via another method?

My issue is get rid of serverConnect.conf file and manage user roles (Monitor, All) in Radius or DB server.

--


Best Regards

Reply
5 Replies
Highlighted
Baadsgaard
1 Copper

Re: sm_authority or authozie via Radius or another method

Hello Hemulll,

Your issue may be stemming from the Perl script which is causing process forking to occur.  The symptoms outlined in knowledge base aricle emc258213 matches what you're describing to me in the above post.  Details from the article are as follows:

Symptoms:

LDAP sm_authority Perl script prevents users from logging into Ionix/Smarts SAM domain

LDAP sm_authority Perl script goes into a zombie state and prevents users from logging into Ionix/Smarts SAM domain

Cause:

Process forking is occuring in Perl, which can cause the SAM server to block connections using sm_authority.

Fix

To resolve this issue and prevent Perl process forking, include the following within your Perl script before you make the LDAP connection:

$SIG{CHLD} = 'IGNORE'

Let me know if this answers your question. 

Regards,

Joseph

Reply
Highlighted
Hemulll
3 Argentium

Re: sm_authority or authozie via Radius or another method

Hi!

Already solved this problem.

Important issue is when you put variable sm_authorize into runcmd_env.sh don't forget to put quotes ("")

SM_AUTHORITY="IDENTIFY=sm_authority,AUTHENTICATE=/usr/bin/perl /InCharge/SAM/smarts/local/script/sm_authority.pl"

U can download my sample from my blog

http://ionix-smarts.blogspot.com/


Reply
Baadsgaard
1 Copper

Re: sm_authority or authozie via Radius or another method

Hi Hemulll,

Thank you for the update.  Let me know if there's anything else I can do. 

Regards,

Joseph

Reply
Highlighted
showmount
1 Copper

Re: sm_authority or authozie via Radius or another method

Please remove my email address from this list.

Reply
Highlighted
HockeyWeasel
2 Bronze

Re: sm_authority or authozie via Radius or another method

Hello Pedro,

Since I don't see your name on this post, it may be because you are subscribed to this forum. I recommend to check and make sure to turn "Email Notification" off.

stop_notif.JPG

Hope this helps,

Regards,

TJ

EMC Technical Support Engineer III,

Ionix Smarts / NCM

VCP, EMCSA, EMCIE

Reply