Networker

Re: [Networker] networker user's priviledge question

2008-05-12 02:41:23
Subject: Re: [Networker] networker user's priviledge question
From: Shyam Hegde <hegde.shyam AT GMAIL DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 12 May 2008 12:01:17 +0530
Hi,

Please have a look at this powerlink solution. Hope this helps.

http://solutions.emc.com/emcsolutionview.asp?id=esg75186

Fact: NetWorker 7.3

Error: 'nsrd: Impersonation was requested by: "User@machine_name", but the
user does not have enough privileges to impersonate'

 Cause:

 By Default, User Authentication for NetWorker is configured at the console
level (via Setup, Setup Menu->System Options). This setting allows only
users in the NetWorker administrator list to send requests to the NetWorker
server via the console window (ie to change a schedule etc). These request
will appear to come from the user running the console gui as opposed to the
gstd process owner on the console server (ie local system account on a
Windows Console servers)

 The user mentioned in the message is the user that started a Console server
(gstd) and does not have enough privileges for impersonation.

 Impersonation means that a user is allowed to pretend that they are another
user. Impersonation is needed because sometimes requests are sent to one
daemon and then forwarded to another and this requires special priveleges.

 The account that is requesting the right to impersonate another user, need
the "Change Security Settings" privilege set.

 Solution:

 Give the account that was used to start the EMC Legato GST
service"Administrator" access in NetWorker

1. From command line on the NetWorker server, add the account account which
starts the gstd service to the administrators list. By default this is the
SYSTEM account in windows and the root account on UNIX

 Windows:

nsraddadmin -u user=SYSTEM,host=console_servername

UNIX:

nsraddadmin -u user=root,host=console_servername


Thanks!
-Shyam


On 5/12/08, stornewer <networker-forum AT backupcentral DOT com> wrote:
>
> daemons.log file contains information below :
>
>
> 05/12/08 10:56:04 nsrd: Impersonation was requested by: "SYSTEM@client1",
> but the user does not have enough privileges to impersonate.
> 05/12/08 10:56:04 nsrd: Impersonation was requested by: "SYSTEM@client1",
> but the user does not have enough privileges to impersonate.
> 05/12/08 10:56:04 nsrd: Impersonation was requested by: "SYSTEM@client1",
> but the user does not have enough privileges to impersonate.
> 05/12/08 10:56:05 nsrd: Impersonation was requested by: "SYSTEM@client1",
> but the user does not have enough privileges to impersonate.
> 05/12/08 11:03:00 nsrd: savegroup info: starting  advgrp (with 1 client(s))
> 05/12/08 11:03:01 nsrexecd: Authentication Warning: The user's OS groups
> cannot be verified and will not be included in the credential. This means
> that remote hosts may not see the user as being a member of any OS groups.
> Domain: NT AUTHORITY, User: SYSTEM.
>
>
> how should I do to get priviledge?
>
> +----------------------------------------------------------------------
> |This was sent by hotclarcli AT hotmail DOT com via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
> To sign off this list, send email to listserv AT listserv.temple DOT edu and 
> type
> "signoff networker" in the body of the email. Please write to
> networker-request AT listserv.temple DOT edu if you have any problems with 
> this
> list. You can access the archives at
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER