Master server verification points for Windows
|Article:HOWTO46911|||||Created: 2011-03-24|||||Updated: 2011-03-25|||||Article URL http://www.symantec.com/docs/HOWTO46911|
The following topics describe procedures to:
Table: Master server verification procedures for Windows
Verify Windows master server settings
You can determine the domain in which a host is registered (where the primary authentication broker resides). Or you can determine the name of the computer the certificate represents. Run bpnbat with -whoami and specify the host credential file. The server credentials are located in the
bpnbat -whoami -cf "c:\Program Files\Veritas\Netbackup\var\vxss\credentials\ win_master" Name: win_master.company.com Domain: NBU_Machines@win_master.company.com Issued by: /CN=broker/OU=root@win_master.company.com/ O=vx Expiry Date: Oct 31 20:17:51 2007 GMT Authentication method: Veritas Private Security Operation completed successfully.
If the domain listed is not NBU_Machines@win_master.company.com, consider running bpnbat -addmachine for the name in question (win_master). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (win_master).
Verify which computers are present in the authentication broker
Verify which computers are permitted to perform authorization lookups
This command shows that win_master and win_media (master and media servers) are permitted to perform authorization lookups. Note that both servers are authenticated against the same Private Domain (domain type vx), NBU_Machines@win_master.company.com.
bpnbaz -ShowAuthorizers ========== Type: User Domain Type: vx Domain:NBU_Machines@win_master.company.com Name: win_master.company.com ========== Type: User Domain Type: vx Domain:NBU_Machines@win_master.company.com Name: win_media.company.com Operation completed successfully.
Verify that the database is configured correctly
bpnbaz -listgroups NBU_Operator NBU_Admin NBU_SAN Admin NBU_User NBU_Security Admin Vault_Operator Operation completed successfully.
Verify that the nbatd and nbazd processes are running
Verify that the host properties are configured correctly
In the access control host properties, verify that the NetBackup Authentication and Authorization property is set correctly. (The setting should be either Automatic or Required, depending on whether all computers use NetBackup Authentication and Authorization or not. If all computers do not use NetBackup Authentication and Authorization, set it to Automatic.
See Figure: Host properties settings. for an example of the host properties settings on the Authentication domain tab.
In the Access Control host properties, verify that the listed authentication domains are spelled correctly and point to the proper servers (valid authentication brokers). If all of the domains are Windows-based, they should point to a Windows computer that runs the authentication broker.
Article URL http://www.symantec.com/docs/HOWTO46911