Forum Discussion
Paul_Lancashire
Nimbostratus
Nimbostratuserror on locallbnode.pl script
I have been running this 4.x generic script with a full web user successfully to change nodes from disabled to enabled and vice versa, but need to run it as a partial web user. I've asked this in a different format previously, but have started having similar issues -
SOAP-ENV:Server SOAPException : 'Could not connect to the requested iControl CORBA Portal'
Why does this error occur? What can I do to get it to work? It must be something to do with communication between SOAP and CORBA, so I would imagine there is something that can be done?
thanks
Paul_LancashireFurther to this, I have found the following from switching on DEBUG -
icontrol_portal:User does not have iControl privilege
How can i set the iControl priviledges?- These should be two completely different issues. Firstly, the "Could not connect to the requested iControl CORBA Portal" basically means that the local SOAP proxy could not establish an IIOP connection to the CORBA server on the BIG-IP. Previous to v9.0, the core engine on our server was implemented in CORBA. We built a SOAP proxy to sit on top of the CORBA portal and translate SOAP to CORBA and vice-versa. You may need to reset the CORBA portal as it may have somehow become unresponsive.
bigstart shutdown corbaportal
bigstart startup
As for the error about privilege, on 4.x, the user account for iControl connections must be part of the administrator group. This error is stating tha the user account you are authenticating with does not have sufficient privileges to execute iControl methods. Try bumping that user up to a higher privilege level and you should be set.
In the 9.x platform, we've elimintated alot of these issues including removing CORBA and more granular iControl authentication levels.
-Joe - Paul_LancashireI have restarted the corba portal services (and checked the log for completion) many times, and still have the same error. I have also run one of the system stats scripts, which has the same error.
How do I increase the user priviledges? I need the scripts to run as a partial web user that *should* have the correct access via the GUI to change node states. If there is nothing else to change, is it worth letting us know that you HAVE to run these scripts as a full web admin user? - Paul_LancashirePlease can you confirm whether or not this should work with a partial read/write user? If so, how can I make the icontrol portal allow through my partial user. I have now found that a change from full access user, to partial works for a short period of time!
Can you also confirm whether or not this type of script could work on version 9.x without having to have a user with full access? - On 4.x, only users with the role "bigiprole2" will be able to access iControl services, and only admin users will have this role, hence only admin users have iControl privileges.
I'm not sure how/why after changing the user role to partial read/write would work for a short period of time, but it's likely something related to cache timeout on the user credentials, which is something like 600 secs.
In 9.x, users with different credentials (admin, operator, and guest) can still access iControl, but their access will be limited based on those roles.
Loc
