Linux webclient authentication issues

stevedd

Active Newcomer
Joined
Oct 1, 2015
Messages
5
Reaction score
0
Points
0
PREDATAR Control23

Hello,

I'm attempting to enable the Linux webclient on CentOS 7.1 using TSM 7.1.1.

I'm stumbling on actually authenticating to the webclient. I get the following errors:
Screenshot%20from%202015-09-30%2016-19-31.png

And after typing in the node password I get:

Screenshot%20from%202015-09-30%2016-20-40.png

I don't have admin access to TSM backend servers, only the clients, but I've been told by the backup team that we don't use ldap for TSM. I am using SSSD (ldap) for user authentication on the backup client though.

Anyone have ideas as to what might be the issue here?

Thanks
 
PREDATAR Control23

what does your dsm.opt/dsm.sys look like?
 
PREDATAR Control23

I think you're going to need some info from the TSM server...not sure if you can get it or not;

Q NODE PCIwhatever f=d
Q ADMIN PCIwhatever f=d
 
PREDATAR Control23

what does your dsm.opt/dsm.sys look like?

dsm.sys
SERVERNAME tsm4...
TCPWINDOWSIZE 255
TCPBUFFSIZE 128
GROUPS root
USERS root
TXNBYTELIMIT 2097152
COMMmethod TCPip
TCPServeraddress tsm4...
TCPPort 1500
TCPNodelay Yes
LARGECOMmbuffers Yes
managedservices webclient schedule
webports 1582 1583
SchedMode polling
PASSWORDAccess generate
AUTOFSRENAME YES
SCHEDLOGName /var/log/dsmsched.log
SCHEDLOGRetention 15 D
ERRORLOGName /var/log/dsmerror.log
ERRORLOGRetention 30 D
CHangingretries 4
COMMRESTARTDuration 60
COMMRESTARTInterval 15
COMPRESSION yes
dirmc STAGING
Nodename pci...

* if the users or groups are specified, even if null, tsm will only permit
* the listed users or members of the listed groups to run tsm commands
* Access is always limited to files owned by ther user
* groups ""
* users ""

* -------------------------------------------------------- TSM 5.1
* allow multiple backup/archive channels
RESOURceutilization 8

* minimize the chance for TSM server to invoke local commands
preschedulecmd ""
postschedulecmd ""
prenschedulecmd ""
postnschedulecmd ""
presnapshotcmd ""
postsnapshotcmd ""

* -------------------------------------------------------------


* ----------------------------------------------------------- TSM 5.2
* Prevent the TSM server from running local commands
SCHEDCMDDisabled Yes

* ---------------------------------------------------------------

* ---------------------------------------------------------------
* -- help TSM not have to restart files that grow during compression

INCLUDE "/.../*" STAGING


dsm.opt
SERVERNAME tsm4...
dateformat 3
subdir yes
MEMORYEFficient no
compressAlways yes
tapeprompt no
replace prompt
* Not using this right now, but it's here so people who aren't familiar can see the syntax...
followsymbolic yes
domain /mnt/mount-test
 
PREDATAR Control23

yeah, I don't see anything suspicious there...i think the error is originating from the tsm server, so probably need to get the q node/admin output. assuming your admins are telling you the truth and ldap auth isn't used for TSM, I think this error can happen if they didn't define (removed) the admin id associated with the node.
 
PREDATAR Control23

I think you're going to need some info from the TSM server...not sure if you can get it or not;

Q NODE PCIwhatever f=d
Q ADMIN PCIwhatever f=d

I get an error excessive arguments; is this what you meant?

# dsmc q node pci... f=d
ANS0102W Unable to open the message repository
ANS1102E An excessive number of command line arguments are passed to the program.
ANS1133W An expression might contain a wildcard not enclosed in quotes.
 
PREDATAR Control23

these are tsm server commands, not client commands...
 
PREDATAR Control23

these are tsm server commands, not client commands...
That would make sense!

Here's what I got back from the admin team. I'm guessing the error on q admin.. confirms your suspicions?

> dsmc q node pcic... f=d

ANS8000I Server command: 'q node pci... f=d'

Node Name: PCI...
Platform: Linux x86-64
Client OS Level: 3.10.0-229.14.1.el7
Client Version: Version 7, release 1, level 1.0
Application Version: Version 0, release 0, level 0.0
Policy Domain Name: RESEARCH_SERVERS
Last Access Date/Time: 2015-10-02 14:12:49
Days Since Last Access: <1
Password Set Date/Time: 2015-09-30 14:11:11
Days Since Password Set: 2
Invalid Sign-on Count: 0
Locked?: No
Contact: PCICD.....active(2015-09-30)S
Compression: Client
Archive Delete Allowed?: Yes
Backup Delete Allowed?: Yes
Registration Date/Time: 2015-09-30 13:22:33
Registering Administrator: TSMADMIN
Last Communication Method Used: Tcp/Ip
Bytes Received Last Session: 657,160
Bytes Sent Last Session: 4,552
Duration of Last Session: 1.33
Pct. Idle Wait Last Session: 30.86
Pct. Comm. Wait Last Session: 0.90
Pct. Media Wait Last Session: 0.00
Optionset: SERV_BACK_UNIX
URL:
Node Type: Client
Password Expiration Period: 0 Day(s)
Keep Mount Point?: No
Maximum Mount Points Allowed: 2
Auto Filespace Rename : Yes
Validate Protocol: All
TCP/IP Name: pci...
TCP/IP Address: 142...
Globally Unique ID: cb...
Transaction Group Max: 0
Data Write Path: ANY
Data Read Path: ANY
Session Initiation: ClientOrServer
High-level Address:
Low-level Address:
Collocation Group Name:
Proxynode Target:
Proxynode Agent:
Node Groups:
Email Address:
Deduplication: ServerOnly
Users allowed to back up: All
Role: Server
Role Override: UseReported
Processor Vendor: Intel
Processor Brand: Xeon
Processor Type: 1
Processor Model: 2000MHz
Processor Count: 2
Hypervisor: KVM
API Application: No
Scan Error: No
MAC Address:
Replication State: None
Replication Mode: None
Backup Replication Rule: DEFAULT
Archive Replication Rule: DEFAULT
Space Management Replication Rule: DEFAULT
Replication Primary Server:
Last Replicated to Server:
Client OS Name: CentOS Linux release 7.1.1503 (Core)
Client Processor Architecture: x64
Client Products Installed: BA
Client Target Version: (?)
Authentication: Local
SSL Required: Default
Split Large Objects: Yes
At-risk type: Default interval
At-risk interval:
Utility URL:
Replication Recovery of Damaged Files: Yes




> dsmc q admin pci... f=d
>

ANS8000I Server command: 'q admin pci... f=d'
ANR2034E QUERY ADMIN: No match found using this criteria.
ANS8001I Return code 11.
 
PREDATAR Control23

You should edit your last post, some identifying data there.

node auth is local, so the ldap leaning error is probably bad;

Authentication: Local

i'm pretty sure the problem is that an admin id for this node doesn't exist, even though it probably should.
 
PREDATAR Control23

the suspense is killing me! ;)

did this work?
 
PREDATAR Control23

I know!

I'm waiting for the backup team to respond if they're willing to make the changes, its outside of their standard setup so fingers crossed.
 
Top