Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] Backing up part of an NDS tree

2004-02-12 04:04:06
Subject: Re: [Networker] Backing up part of an NDS tree
From: Allan Nelson <an AT CEH.AC DOT UK>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Thu, 12 Feb 2004 09:03:33 +0000 
Hi
We went round and round with this a couple of years ago.
Basically, we never found a solution and were told by Legato that you
need rights to the 'top of the tree' to be able to backup even part of
the NDS.
This wasn't a problem for us as we are split across 8 sites, and 3 of
us backup the whole of the NDS, so, the others don't need to bother.
As an aside, we once tried restoring a Template object that got
corrupted - and shafted the tree!!  Took a lot of untangling to sort
that one out.
Apparantly another 'known problem' and something to do with the version
of TSANDS we were using at the time.  But that's another story.

All in all, Legato's support for Netware is pretty grim.

Here's a Legato Tech bulletin which covers it... hope this helps...
Allan.

LEGATO TECHNICAL BULLETIN
382: Distributed Novell Directory Services Backup

--------------------------------------------------------------------------------

PURPOSE
This bulletin describes the following Legato NetWorker® limitations
that can compromise distributed Novell Directory Services (NDS) backup
operations:

Distributed NDS backup fails after upgrading from NetWare 4.11 to 5.1
or later

Distributed NDS backup fails after new installations of NetWare 5.1 or
6.0

This issue applies to distributed NDS backups of NetWare 5.1 and 6.x
trees.

Note:  This problem does not occur when using the default administrator
account at the root of the tree, or when using NetWare 4.11 (NDS version
6.xx).

PRODUCTS
Legato NetWorker, Release 4.15 and later, NetWare Version
NetWare 5.1 and 6.0 trees (NDS version 7.5x and later)

DESCRIPTION
To run a scheduled backup for a branch of an NDS tree, for example,
{NDS}.OU=TechSupport.O=Legato, the remote user specified in the
NetWorker Client resource must be able to authenticate to the NDS tree
and Storage Management Data Requester (SMDR). The remote user account,
therefore, must have Browse objects rights and Read/Write property
rights to all targeted NDS resources accessed. These rights must be
granted in the object's trustee assignment. For further details on
setting objects and property rights for NDS resources, refer to Novell
documentation.

The same account requirements apply to manual backup operations. The
login account must have Browse objects rights, as well as Read/Write
property rights to all objects to be backed up. If a backup of an object
or a subset of the NDS tree is attempted from an account that does not
have these rights, various errors are returned. For example, you might
receive the following error message:

     User has no access rights to the named object

This error is typically written to the NetWorker logs.

Other errors messages include:

     Connecting directories failed


     Connecting path failed

Unlike the native NetWare backup program or other Novell system
management software (SMS) compliant software, releases 4.15 to 4.2x of
the NetWorker software for NetWare not only back up the marked objects,
but also back up the vertical connecting objects path above the marked
objects. The connecting objects are all of the container or parent
objects holding the objects you are accessing during the backup. A user
without Browse objects rights and Read/Write property rights at each
connecting container, therefore, fails to back up the NDS objects and
receives errors for each failing objects.

SOLUTION
To work around this issue:

Use an account equivalent to root or administrator to perform all NDS
backups.

Add the user to the trustee of the root and make the rights
inheritable.

Manually assign rights to all connecting objects and make these rights
not inheritable.

Backup the entire NDS tree.


--------------------------------------------------------------------------------


>>> tbiles AT D.UMN DOT EDU 11/02/04 23:38:47 >>>
I'm trying to backup my NDS partition in a larger NDS tree.  I have
admin rights to my container, and I believe my syntax for the save set
is correct.  I have tried a manual backup of the subtree, and it
appears
to process through a large number of my objects, and then stops on an
object that is higher in the tree.

The save set syntax looks like this:

{NDS}.OU=Sitename.O=Orgname.T=Treename

When I went through docs, it appears that you don't need to specify
the
".T=Treename" portion, but the save set failed with that part missing.
They way I "discovered" that I should add it was by doing a manual
backup via the Networker console on my server.  When browsing the
objects to backup, it started with .T=Treename, and then I maneuvered
down the tree (just like you would for a subdirectory in the file
system) to my OU, marked it, and ran the backup.

It looks like it works until the end of the backup.  What appears to
be
happening from the log file is as follows:

1) It backs up all the objects beneath
OU=Sitename.O=Orgname.T=Treename.
  2) It backs up the OU I marked in the Backup menu.
3) It then trys to backup the parent of the OU I marked (in my example
.O=Orgname.T=Treename).

I then get the following:

(1) .O=Orgname.T=Treename User has no access rights to the named
object.
RPC error, Can't encode arguments
(2000)  Connecting directories failed
See file 'SYS:NETWORKR.LOG' for a listing

It does this 3 times, and ends the backup job.  Why does it try to
back
up the parent object?  I'm going to try it as a scheduled save set
tonight to see if it behaves the same way.  Since I'm in a large tree,
I
don't have admin rights above my OU (and I don't expect to).  Is this
just a "feature" that I can ignore?  Can I assume the container backed
up successfully?  Is there something I'm missing that would cause this
behavior?

Thanks.

--
Timothy M. Biles                                    voice:(218)
726-6959
ITSS - Systems Administrator                          fax:(218)
726-7674
University of MN-Duluth
MWAH 176
1023 University Drive                         e-mail: tbiles @
d.umn.edu
Duluth, MN 55812

--
Note: To sign off this list, send a "signoff networker" command via
email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] backing up via NFS, Yura Pismerov
Next by Date:  Re: [Networker] NDMP for NAS devices- do you like it?, Mark Kilpatrick
Previous by Thread:  [Networker] Backing up part of an NDS tree, Timothy Biles
Next by Thread:  [Networker] Autoreply: [Networker] Backing up part of an NDS tree, vikas . saini
Indexes:  [Date] [Thread] [Top] [All Lists]