in a new project , i ve just installed WAS ND 9.0.5.18 in a windows server 22, and managed to configure kerberos access againt a windows16 AD.
(Generated the keytab in AD with aes256 )

In global security, configured the LDAP registry, with primary admin from AD, added authentication with another user for the bind distinguished name, everything ok.

Went to kerkeros configuration added the HTTP kerberos service name, config file, keytab file and activated SSO with the right domain.

Managed to activate the security with kerberos, restarted everything and i have no problemas in acessing and operationg with was console using sso/kerberos

Also when i call the snoop application, it also shows the principal name and negociated key. Everything looks ok.

However when i issue wsadmin cmd line with the primary admin user , evertime  i try to make an operation , like stop and start servers it shows me the error :

WASX7209I: Connected to process "dmgr" on node DmgrPrdNode01 using SOAP connector;  The type of process is: DeploymentManager
$Id: wsadminlib.py 115 2011-01-03 15:51:00Z dingsor $
[2024-1011-1406-0600] stopServer: stopping server WasNode01,server1 immediate=0 terminate=0
[2024-1011-1406-0600] stopServer: EXCEPTION STOPPING SERVER server1
[2024-1011-1406-0600] stopServer: Exception=<type 'com.ibm.ws.scripting.ScriptingException'>
PARMS=com.ibm.ws.scripting.ScriptingException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of insufficient or empty credentials.

note sure whats happening, as if its missing some kerberos tickets or so ... help?

Hi, You will need to add the user as an Admin in the console and give them all the necessary roles.

Brian

in a new project , i ve just installed WAS ND 9.0.5.18 in a windows server 22, and managed to configure kerberos access againt a windows16 AD.
(Generated the keytab in AD with aes256 )

In global security, configured the LDAP registry, with primary admin from AD, added authentication with another user for the bind distinguished name, everything ok.

Went to kerkeros configuration added the HTTP kerberos service name, config file, keytab file and activated SSO with the right domain.

Managed to activate the security with kerberos, restarted everything and i have no problemas in acessing and operationg with was console using sso/kerberos

Also when i call the snoop application, it also shows the principal name and negociated key. Everything looks ok.

However when i issue wsadmin cmd line with the primary admin user , evertime  i try to make an operation , like stop and start servers it shows me the error :

WASX7209I: Connected to process "dmgr" on node DmgrPrdNode01 using SOAP connector;  The type of process is: DeploymentManager
$Id: wsadminlib.py 115 2011-01-03 15:51:00Z dingsor $
[2024-1011-1406-0600] stopServer: stopping server WasNode01,server1 immediate=0 terminate=0
[2024-1011-1406-0600] stopServer: EXCEPTION STOPPING SERVER server1
[2024-1011-1406-0600] stopServer: Exception=<type 'com.ibm.ws.scripting.ScriptingException'>
PARMS=com.ibm.ws.scripting.ScriptingException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of insufficient or empty credentials.

note sure whats happening, as if its missing some kerberos tickets or so ... help?

the user is the primary admin user.

added other users to the admin role but ended up with the same error. 

Not sure if playing around with sas.client.props its the right direction, but i ll try different variations. 

thkxs

Hi, You will need to add the user as an Admin in the console and give them all the necessary roles.

Brian

in a new project , i ve just installed WAS ND 9.0.5.18 in a windows server 22, and managed to configure kerberos access againt a windows16 AD.
(Generated the keytab in AD with aes256 )

In global security, configured the LDAP registry, with primary admin from AD, added authentication with another user for the bind distinguished name, everything ok.

Went to kerkeros configuration added the HTTP kerberos service name, config file, keytab file and activated SSO with the right domain.

Managed to activate the security with kerberos, restarted everything and i have no problemas in acessing and operationg with was console using sso/kerberos

Also when i call the snoop application, it also shows the principal name and negociated key. Everything looks ok.

However when i issue wsadmin cmd line with the primary admin user , evertime  i try to make an operation , like stop and start servers it shows me the error :

WASX7209I: Connected to process "dmgr" on node DmgrPrdNode01 using SOAP connector;  The type of process is: DeploymentManager
$Id: wsadminlib.py 115 2011-01-03 15:51:00Z dingsor $
[2024-1011-1406-0600] stopServer: stopping server WasNode01,server1 immediate=0 terminate=0
[2024-1011-1406-0600] stopServer: EXCEPTION STOPPING SERVER server1
[2024-1011-1406-0600] stopServer: Exception=<type 'com.ibm.ws.scripting.ScriptingException'>
PARMS=com.ibm.ws.scripting.ScriptingException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of insufficient or empty credentials.

note sure whats happening, as if its missing some kerberos tickets or so ... help?