Veritas-bu

Re: [Veritas-bu] Veritas-bu Digest, Vol 21, Issue 62

2008-01-29 20:16:43
Subject: Re: [Veritas-bu] Veritas-bu Digest, Vol 21, Issue 62
From: Robert Griffin <rmg AT ua DOT edu>
To: veritas-bu AT mailman.eng.auburn DOT edu
Date: Tue, 29 Jan 2008 18:57:59 -0600
Have you checked /usr/openv/java/auth.conf to make sure
user_name_here is assigned admin privileges? Example:

user_name_here ADMIN=ALL JBP=ALL

Robert Griffin
Unix Systems Administrator
OIT, Enterprise Technology
The University of Alabama
<rmg AT ua DOT edu> | 205-348-0177



> Message: 2
> Date: Tue, 29 Jan 2008 18:39:07 -0500
> From: "Johnson, Eric" <Eric.Johnson AT mtsallstream DOT com>
> Subject: [Veritas-bu] LDAP authentication
> To: "veritas-bu" <veritas-bu AT mailman.eng.auburn DOT edu>
> Message-ID:
>       <4DCBE99454CB9141B5985CF2FD21D0F80A1A9986 AT TJ1EXA02.mtsallstream DOT 
> com>
> Content-Type: text/plain; charset="us-ascii"
>
> NetBackup 6.5.1 master server on Solaris 10 update 4. System uses LDAP
> to authenticate logins vs. Active Directory on Win2k3 R2. This works
> fine for local and SSH logins. Using it to authenticate NBAC logins
> doesn't seem to work though.
>
>
>
> The root broker is running on the master server and is configured for
> "unixpwd" and works fine for actual local accounts in the /etc/passwd
> file. For accounts that are in AD, I am able to successfully add  
> them as
> users in the Access Management section of the GUI, and can also pass
> username/password authentication at the Admin GUI.
>
>
>
> However, for AD users, the GUI will show me the master server as if it
> were only a client, offering just backup/restore options. The
> bpjava-msvc log shows this:
>
>
>
> 15:54:59.183 [4768] <2> setIDs: setuid = 10008
>
> 15:54:59.183 [4768] <2> setIDs: setgid = 10001
>
> 15:54:59.193 [4768] <2> VssInit:  ++++ ENTERING ++++
>
> 15:54:59.193 [4768] <2> VssInit: (vss_auth.cpp,749): ARGS:
> ReqVersion="4", BrokerName="host.name.org", BrokerPort="0",
> LoadReentrant="NO"
>
> 15:54:59.193 [4768] <2> VssGetFQDNHostName:  ++++ ENTERING ++++
>
> 15:54:59.193 [4768] <2> VssGetFQDNHostName: (vss_auth.cpp,4356): ARGS:
> InputName="host.name.org", FullNameSize="1024"
>
> 15:54:59.194 [4768] <2> VssGetFQDNHostName: (vss_auth.cpp,4704):
> RETURNING: Match = "host.name.org"
>
> 15:54:59.194 [4768] <2> VssGetFQDNHostName:  ---- EXITING ----
>
> 15:54:59.195 [4768] <2> VssInit: (vss_auth.cpp,797): Using Cached
> entries: FALSE
>
> 15:54:59.235 [4768] <2> VssInit:  ---- EXITING ----
>
> 15:54:59.235 [4768] <2> VssGetRootCert:  ++++ ENTERING ++++
>
> 15:54:59.235 [4768] <2> VssGetRootCert: (vss_auth.cpp,1165): ARGS:
> BrokerName="NULL", BrokerPort="0"
>
> 15:54:59.340 [4768] <2> VssGetRootCert:  ---- EXITING ----
>
> 15:54:59.340 [4768] <2> VssAuthenticate:  ++++ ENTERING ++++
>
> 15:54:59.340 [4768] <2> VssAuthenticate: (vss_auth.cpp,3026): ARGS:
> Name="user_name_here", NameLen="8", Domain="host.name.org",
> DomainLen="17", DomainType="unixpwd"
>
> 15:54:59.479 [4768] <2> VssAuthenticate: (vss_auth.cpp,3034):
> vrtsAtAuthenticate returned FAILURE
>
> 15:54:59.481 [4768] <2> VssAuthenticate: (vss_auth.cpp,3067):  
> VxStatus =
> 24587 (0x0000600b): Status = 45 : "One or more of Name, Password and
> domain are incorrect."
>
> 15:54:59.481 [4768] <2> VssAuthenticate:  ---- EXITING ----
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1459:
> VssAuthenticate failed: 45 0x0000002d
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1461:
> User name: user_name_here
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1463:
> Domain name: host.name.org
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1464:
> Auth mode: 4 0x00000004
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1465:
> Broker: host.name.org
>
> 15:54:59.481 [4768] <2> vnet_vxss_change_user: vnet_vxss_helper.c. 
> 1466:
> Port: 0 0x00000000
>
> 15:54:59.481 [4768] <2> VssCleanUp:  ++++ ENTERING ++++
>
> 15:54:59.481 [4768] <2> VssCleanUp: (vss_auth.cpp,948): ARGS:
> VerToClean="4"
>
> 15:54:59.485 [4768] <2> VssCleanUp:  ---- EXITING ----
>
> 15:54:59.485 [4768] <2> vnet_vxss_java_login: vnet_vxss_helper.c.2300:
> vnet_vxss_change_user failed: 36 0x00000024
>
> 15:54:59.485 [4768] <2> vnet_vxss_java_login: vnet_vxss_helper.c.2317:
> Unable to VxSS login: 36 0x00000024
>
> 15:54:59.492 [4767] <2> fork_off_createCredential: vxss_status is >36<
>
> 15:54:59.493 [4767] <2> fork_off_createCredential: bp_status is >116<,
> VxSS authentication failed
>
> 15:54:59.493 [4767] <2> createCredential: bp_status is >116<, VxSS
> authentication failed
>
> 15:54:59.493 [4767] <16> isVxssActive: authentication determination
> failed, assume none required: (116) VxSS authentication failed
>
> 15:54:59.493 [4767] <2> isVxssActive: vxss authentication is NOT
> required
>
> 15:54:59.493 [4767] <2> userIsAuthorizedAdmin: auth.conf file is
> /usr/openv/java/auth.conf
>
> 15:54:59.493 [4767] <2> userIsAuthorizedAdmin: user_name_here does NOT
> have admin privileges
>
> 15:54:59.494 [4767] <2> setIDs: setuid = 10008
>
> 15:54:59.494 [4767] <2> setIDs: setgid = 10001
>
>
>
>
>
> I know this is kind of an odd setup, but if I could get it working, it
> would fit very nicely in our environment.
>
>
>
> Thanks,
>
> Eric
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Veritas-bu] Veritas-bu Digest, Vol 21, Issue 62, Robert Griffin <=