Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] LDAP authentication

2008-01-29 18:56:23
Subject: [Veritas-bu] LDAP authentication
From: "Johnson, Eric" <Eric.Johnson AT mtsallstream DOT com>
To: "veritas-bu" <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Tue, 29 Jan 2008 18:39:07 -0500

NetBackup 6.5.1 master server on Solaris 10 update 4. System uses LDAP to authenticate logins vs. Active Directory on Win2k3 R2. This works fine for local and SSH logins. Using it to authenticate NBAC logins doesn’t seem to work though.

 

The root broker is running on the master server and is configured for “unixpwd” and works fine for actual local accounts in the /etc/passwd file. For accounts that are in AD, I am able to successfully add them as users in the Access Management section of the GUI, and can also pass username/password authentication at the Admin GUI.

 

However, for AD users, the GUI will show me the master server as if it were only a client, offering just backup/restore options. The bpjava-msvc log shows this:

 

15:54:59.183 [4768] <2> setIDs: setuid = 10008

15:54:59.183 [4768] <2> setIDs: setgid = 10001

15:54:59.193 [4768] <2> VssInit:  ++++ ENTERING ++++

15:54:59.193 [4768] <2> VssInit: (vss_auth.cpp,749): ARGS: ReqVersion="4", BrokerName="host.name.org", BrokerPort="0", LoadReentrant="NO"

15:54:59.193 [4768] <2> VssGetFQDNHostName:  ++++ ENTERING ++++

15:54:59.193 [4768] <2> VssGetFQDNHostName: (vss_auth.cpp,4356): ARGS: InputName="host.name.org", FullNameSize="1024"

15:54:59.194 [4768] <2> VssGetFQDNHostName: (vss_auth.cpp,4704): RETURNING: Match = "host.name.org"

15:54:59.194 [4768] <2> VssGetFQDNHostName:  ---- EXITING ----

15:54:59.195 [4768] <2> VssInit: (vss_auth.cpp,797): Using Cached entries: FALSE

15:54:59.235 [4768] <2> VssInit:  ---- EXITING ----

15:54:59.235 [4768] <2> VssGetRootCert:  ++++ ENTERING ++++

15:54:59.235 [4768] <2> VssGetRootCert: (vss_auth.cpp,1165): ARGS: BrokerName="NULL", BrokerPort="0"

15:54:59.340 [4768] <2> VssGetRootCert:  ---- EXITING ----

15:54:59.340 [4768] <2> VssAuthenticate:  ++++ ENTERING ++++

15:54:59.340 [4768] <2> VssAuthenticate: (vss_auth.cpp,3026): ARGS: Name="user_name_here", NameLen="8", Domain="host.name.org", DomainLen="17", DomainType="unixpwd"

15:54:59.479 [4768] <2> VssAuthenticate: (vss_auth.cpp,3034): vrtsAtAuthenticate returned FAILURE

15:54:59.481 [4768] <2> VssAuthenticate: (vss_auth.cpp,3067): VxStatus = 24587 (0x0000600b): Status = 45 : "One or more of Name, Password and domain are incorrect."

15:54:59.481 [4768] <2> VssAuthenticate:  ---- EXITING ----

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1459: VssAuthenticate failed: 45 0x0000002d

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1461: User name: user_name_here

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1463: Domain name: host.name.org

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1464: Auth mode: 4 0x00000004

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1465: Broker: host.name.org

15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c.1466: Port: 0 0x00000000

15:54:59.481 [4768] <2> VssCleanUp:  ++++ ENTERING ++++

15:54:59.481 [4768] <2> VssCleanUp: (vss_auth.cpp,948): ARGS: VerToClean="4"

15:54:59.485 [4768] <2> VssCleanUp:  ---- EXITING ----

15:54:59.485 [4768] <2> vnet_vxss_java_login: vnet_vxss_helper.c.2300: vnet_vxss_change_user failed: 36 0x00000024

15:54:59.485 [4768] <2> vnet_vxss_java_login: vnet_vxss_helper.c.2317: Unable to VxSS login: 36 0x00000024

15:54:59.492 [4767] <2> fork_off_createCredential: vxss_status is >36<

15:54:59.493 [4767] <2> fork_off_createCredential: bp_status is >116<, VxSS authentication failed

15:54:59.493 [4767] <2> createCredential: bp_status is >116<, VxSS authentication failed

15:54:59.493 [4767] <16> isVxssActive: authentication determination failed, assume none required: (116) VxSS authentication failed

15:54:59.493 [4767] <2> isVxssActive: vxss authentication is NOT required

15:54:59.493 [4767] <2> userIsAuthorizedAdmin: auth.conf file is /usr/openv/java/auth.conf

15:54:59.493 [4767] <2> userIsAuthorizedAdmin: user_name_here does NOT have admin privileges

15:54:59.494 [4767] <2> setIDs: setuid = 10008

15:54:59.494 [4767] <2> setIDs: setgid = 10001

 

 

I know this is kind of an odd setup, but if I could get it working, it would fit very nicely in our environment.

 

Thanks,

Eric

 

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] LDAP authentication, Johnson, Eric <=
Previous by Date:  Re: [Veritas-bu] tape limit?, Wilkinson, Tim
Next by Date:  Re: [Veritas-bu] What's Best Practice for SSO in NBU 5.1, Curtis Preston
Previous by Thread:  [Veritas-bu] VCS Clustered NetBackup Master Server, selwyn
Next by Thread:  Re: [Veritas-bu] Veritas-bu Digest, Vol 21, Issue 62, Robert Griffin
Indexes:  [Date] [Thread] [Top] [All Lists]