cancel
Showing results for 
Search instead for 
Did you mean: 

RALUS agent authenticate using SSSD (AD Authentication)

AgeasServer
Level 4

Hi all,

I have a question regarding the RALUS agent installed on Ubuntu 14.04. I have managed to get the agent and server (Backup Exec 20.1) talking to each other and backing up using a local root account however I wish to have a backup account authenticate against our AD environment.

On our Ubuntu estate we utilise SSSD and kerboros to authentciate users, this method works well for SSH and drive mappings. My question is can RALUS authenticate it's logon user using SSSD against our AD environment. I have tried to no avail to get this working. The following is produced in the RALUS logs:

 Control connection accepted : connection established between end-points AGENTIP:10000 and BACKUPEXECSRV:59047
99956700 Wed Sep 19 10:07:15 2018 + engine/ndmp/ndmpsrvr/ndmpd.cpp (837):
99956700 Wed Sep 19 10:07:15 2018 | Session 1 initializing
99956700 Wed Sep 19 10:07:15 2018 + engine/ndmp/ndmpsrvr/ndmpd.cpp (921):
99956700 Wed Sep 19 10:07:15 2018 | Session 1 started
99956700 Wed Sep 19 10:07:15 2018 : sslOpen() : Opening SSL for: 0x7f1872ae0bef
99956700 Wed Sep 19 10:07:15 2018 : sslOpen(): certinfo = 0x7f185ab1ebef ; sslConn = 0x7f185ab1ef5f
99956700 Wed Sep 19 10:07:15 2018 : Username for Logon: DOMAIN\linuxaccount
99956700 Wed Sep 19 10:07:15 2018 : LogonUser failed for user: DOMAIN\linuxaccount because LogonUser: The input password does not match the OS password
99956700 Wed Sep 19 10:07:15 2018 : LogonUser failed for user: DOMAIN\linuxaccount
99956700 Wed Sep 19 10:07:15 2018 : In ndmpdGetLastError:: Callback to get last NDMP Error.
99956700 Wed Sep 19 10:07:15 2018 : ndmp_readit: Caught message on closed connection. Socket 0x7 len 0x0
99956700 Wed Sep 19 10:07:15 2018 : ndmp_readit: ErrorCode :: 0 :
99956700 Wed Sep 19 10:07:15 2018 + engine/ndmp/ndmpsrvr/ndmpd.cpp (929):
99956700 Wed Sep 19 10:07:15 2018 | Session 1 ending
99956700 Wed Sep 19 10:07:15 2018 + engine/ndmp/ndmpsrvr/ndmpd.cpp (982):
99956700 Wed Sep 19 10:07:15 2018 | Session 1 cleaning up
99956700 Wed Sep 19 10:07:15 2018 : FreeFormatEnv( cur_fmt=0 )
99956700 Wed Sep 19 10:07:15 2018 : FreeFormatEnv( cur_fmt=0 )
99956700 Wed Sep 19 10:07:15 2018 : sslClose() : Closing SSL for: 0x7f1872ae0bef
99956700 Wed Sep 19 10:07:15 2018 + engine/ndmp/ndmpsrvr/ndmpd.cpp (1044):
99956700 Wed Sep 19 10:07:15 2018 | Session 1 cleaned up

I have logged in with the same credentials using SSH from the Backup Exec server so I know the account is active. Any help will be greatly appreciated.

Many thanks,

Tom

1 REPLY 1

GPahuja
Level 3
Employee

You should try adding domain user to "beoper" local group on Ubuntu server.
Refer this link "About the Backup Exec operators (beoper) group "
https://www.veritas.com/support/en_US/doc/59226269-99535599-0/v53991917-99535599

Here is how you add a user to secondary group on linux :-
usermod -a -G beoper username
i.e : usermod -a -G beoper DOMAIN\linuxaccount

Hope this will help.