Media server verification points for a mixed UNIX master server

Article:HOWTO46977  |  Created: 2011-03-24  |  Updated: 2011-03-25  |  Article URL http://www.symantec.com/docs/HOWTO46977
Article Type
How To


Environment

Subject


Media server verification points for a mixed UNIX master server

The following table describes the media server verification procedures for a mixed UNIX master server.

Table: Verification procedures for a mixed UNIX master server

Procedure

Description

Verify the UNIX media server

See UNIX media server verification. for the verification procedure for a UNIX media server.

Verify the Windows media server

Check that the computer certificate comes from the root authentication broker, which is found on the UNIX master server (unix_master).

If there is a missing certificate, run the following commands to correct the problem:

  • bpnbat -addmachine on the root authentication broker (in this example, unix_master)

  • bpnbat -loginmachine (in this example, win_media)

For example:

    bpnbat -whoami -cf "C:\Program 
    Files\Veritas\Netbackup\var\vxss\credentials\
     win_media.company.com"
    Name: win_media.company.com
    Domain: NBU_Machines@unix_master.company.com
    Issued by: /CN=broker/OU=root@
     unix_master.company.com/O=vx
    Expiry Date: Oct 31 20:11:04 2007 GMT
    Authentication method: Veritas Private Security
    Operation completed successfully.

Verify that a media server is permitted to perform authorization lookups

Ensure that the media server is allowed to perform authorization checks by running bpnbaz -listgroups -CredFile.

For example:

    bpnbaz -listgroups -CredFile "C:\Program 
    Files\Veritas\Netbackup\var\vxss\credentials\
     win_media.company.com"
    NBU_User
    NBU_Operator
    NBU_Admin
    NBU_Security Admin
    Vault_Operator
    Operation completed successfully.

If the media server is not allowed to perform authorization checks, run bpnbaz -allowauthorization on the master server for the media server name in question.

Unable to load library message

Verify the Windows media server and that it can perform authorization checks indirectly. This verification informs us that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with a message "unable to load libraries," make certain the authentication client libraries and authorization client libraries are installed.

Verify authentication domains

Verify that the authentication domains are correct by viewing the access control host properties for this media server.

You can also use regedit (or regedit32) directly on the media server in the following location:

HKEY_LOCAL_MACHINE\Software\Veritas\NetBackup\
CurrentVersion\config\AUTHENTICATION_DOMAIN

Cross platform authentication domains

Take extra care in mixed environments to ensure that the appropriate domain types point to the correct authentication brokers.

The example Authentication domain tab shows available authentication Windows domains that can be added to the Windows broker. In this case, it is not a mixed environment as both systems are Windows based. If there were a combination of Windows and UNIX domains it is important to match the brokers to the most useful authentication domains.

See Figure: Cross platform authentication domains. for a display on how to match the platform to the most useful authentication domains.

Figure: Cross platform authentication domains

Cross platform authentication domains

See About using NetBackup Access Control (NBAC)


Legacy ID



v49827201_v54411808


Article URL http://www.symantec.com/docs/HOWTO46977


Terms of use for this information are found in Legal Notices