UNIX client verification

Article:HOWTO46917

Created: 2011-03-24

Updated: 2011-03-25

Article URL http://www.symantec.com/docs/HOWTO46917

Article Type
How To

Product(s)

Show all

Environment

Show all

CLOSE X

Windows Server 2008
Web Edition (x64) SP2, Web Edition (x64), Standard (x86-32bit) SP2, Standard (x86-32bit), Standard (x64-64bit) SP2, Standard (x64-64bit), Server Core SP2, Server Core, Itanium SP2, Itanium, Enterprise (x86-32bit) SP2, Enterprise (x86-32bit), Enterprise (x64-64bit) SP2, Enterprise (x64-64bit), DataCenter (x86-32bit) SP2, DataCenter (x86-32bit), DataCenter (x64-64bit) SP2, DataCenter (x64-64bit)

OpenVMS (VAX)
7.3, 6.2, 5.5

Solaris
10 (x86_64), 10, 9 (x86_64), 9.0

FreeBSD
8.1

Windows Vista
Ultimate RC2, Ultimate (x64) 6.0.6000, Enterprise RC2

Windows 7
Professional, Enterprise

Windows Server 2003 R2
Standard Edition (x86), Standard Edition (x64), Enterprise Edition (x86), Enterprise Edition (x64), Datacenter Edition (x64)

Windows Server 2003
Standard Server(x64), Standard Server SP2 (x64), Standard Server SP2, Standard Server SP1 (x64), Standard Server SP1, Standard Server, Enterprise SP2(x64), Enterprise SP2, Enterprise SP1(x64), Enterprise SP1(IA64), Enterprise ServerSP1, Enterprise Server, Enterprise (x64), Enterprise (IA64), Datacenter SP2(x64), DataCenter SP2, DataCenter SP1(x64), DataCenter SP1(IA64), DataCenter SP1, DataCenter (x64), DataCenter (IA64), DataCenter

Windows Server 2008 R2
WebServer (x64-64bit), Standard (x64-64bit), Server Core, Itanium, Enterprise (x64-64bit), DataCenter (x64-64bit)

Windows XP
Pro 5.1 64 bit SP2, Home 5.1 SP2, Embedded SP2

OpenVMS (Alpha)
8.3, 8.2, 7.3, 6.2, 6.1

HP-UX
11.11

Linux
SLES9 (zSeries), SLES 9 (IA64), SLES 11 (zSeries), SLES 11, SLES 10 SP1, SLES 10 (zSeries), SLES 10 (x86_64), SLES 10 (pSeries), RHEL 5.0 (zSeries), RHEL 5.0 (pSeries), RHEL 5 (x86_64), RHEL 5, RHEL 4.0 (zSeries), RHEL 4.0 (x86_64), RHEL 4.0 (pSeries), RHEL 4.0 (IA64), Debian GNU Linux 5.0, Debian GNU Linux 4.0, Canonical Ubuntu 9.04

AIX
7.1, 6.1, 5.3

OpenVMS (IA64)
8.3, 8.2

NetWare
6.5

Subject

Show all

Languages

Show all

UNIX client verification

The following procedures are used to verify the UNIX client:

Verify the credential for the UNIX client.
Verify that the authentication client libraries are installed.
Verify correct authentication domains.

The following table describes the verification procedures for the UNIX client.

Table: Verification procedures for the UNIX client

Procedures	Description
Verify the credential for the UNIX client	Check that the credential for the client is indeed for the correct client and comes from the correct domain. Run bpnbat -whoami with -cf for the client's credential file. For example: bpnbat -whoami -cf /usr/openv/var/vxss/credentials/unix_client.company.com Name: unix_client.company.com Domain: NBU_Machines@unix_master.company.com Issued by: /CN=broker/OU=root@unix_master.company.com/O=vx Expiry Date: Oct 31 14:49:00 2007 GMT Authentication method: Veritas Private Security Operation completed successfully. If the domain listed is not NBU_Machines@unix_master.company.com, consider running bpnbat -addmachine for the name in question (unix_client). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (unix_master). Then, on the computer where we want to place the certificate (unix_client), run: bpnbat -loginmachine
Verify that the authentication client libraries are installed	Run bpnbat -login on the client to verify that the authentication client libraries are installed. bpnbat -login Authentication Broker: unix_master.company.com Authentication port [Enter = default]: Authentication type (NIS, NIS+, WINDOWS, vx, unixpwd): NIS Domain: min.com Name: Smith Password: Operation completed successfully.
Verify correct authentication domains	Check that any defined authentication domains for the client are correct in the Access Control host properties or by using cat(1). Ensure that the domains are spelled correctly. Also ensure that the authentication brokers on the list for each of the domains are valid for that domain type. This process can also be verified in bp.conf using cat(1). cat bp.conf SERVER = unix_master SERVER = unix_media CLIENT_NAME = unix_master AUTHENTICATION_DOMAIN = min.com "default company NIS namespace" NIS unix_master 0 AUTHENTICATION_DOMAIN = unix_master.company.com "unix_master password file" PASSWD unix_master 0 AUTHORIZATION_SERVICE = unix_master.company.com 0 USE_VXSS = AUTOMATIC

Procedures

Description

Verify the credential for the UNIX client

Check that the credential for the client is indeed for the correct client and comes from the correct domain. Run bpnbat -whoami with -cf for the client's credential file.

For example:

    bpnbat -whoami -cf 
    /usr/openv/var/vxss/credentials/unix_client.company.com
    Name: unix_client.company.com
    Domain: NBU_Machines@unix_master.company.com
    Issued by: /CN=broker/OU=root@unix_master.company.com/O=vx
    Expiry Date: Oct 31 14:49:00 2007 GMT
    Authentication method: Veritas Private Security
    Operation completed successfully.

If the domain listed is not NBU_Machines@unix_master.company.com, consider running bpnbat -addmachine for the name in question (unix_client). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (unix_master).

Then, on the computer where we want to place the certificate (unix_client), run: bpnbat -loginmachine

Verify that the authentication client libraries are installed

Run bpnbat -login on the client to verify that the authentication client libraries are installed.

    bpnbat -login
    Authentication Broker: unix_master.company.com
    Authentication port [Enter = default]:
    Authentication type (NIS, NIS+, WINDOWS, vx, unixpwd): NIS
    Domain: min.com
    Name: Smith
    Password:
    Operation completed successfully.

Verify correct authentication domains

Check that any defined authentication domains for the client are correct in the Access Control host properties or by using cat(1). Ensure that the domains are spelled correctly. Also ensure that the authentication brokers on the list for each of the domains are valid for that domain type.

This process can also be verified in bp.conf using cat(1).

    cat bp.conf
    SERVER = unix_master
    SERVER = unix_media
    CLIENT_NAME = unix_master
    AUTHENTICATION_DOMAIN = min.com "default company
     NIS namespace" 
    NIS unix_master 0
    AUTHENTICATION_DOMAIN = unix_master.company.com "unix_master 
    password file" PASSWD unix_master 0
    AUTHORIZATION_SERVICE = unix_master.company.com 0
    USE_VXSS = AUTOMATIC

See About using NetBackup Access Control (NBAC)

Legacy ID

v32157064_v54411808

Article URL http://www.symantec.com/docs/HOWTO46917

UNIX client verification

UNIX client verification

Legacy ID

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support