cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

linux agent based on ldap login

Era2000
Not applicable

‎08-01-2012 04:41 PM

Hello

I'm using backupexec 2010 in linux based envirement and have following problem with agent. All my linux boxes have mostly only ldap accounts and I want to use one(shared) ldap account for backupexec operation.

My communication between BE server and linux agent works well when I use local account. And it doesn't work with ldap based accounts. Permissions and groups for ldap and local are the same.

Here they are :

root@ id bexec
uid=1003(bexec) gid=1003(bexec) groups=15695(beoper),1003(bexec)
root@# id backupexec
uid=12339(backupexec) gid=12339(backupexec) groups=15695(beoper),12339(backupexec)

I found article regarding NIS , but it doesn't help.

http://www.symantec.com/business/support/index?page=content&id=TECH70099

ps : tried to use following lib : /lib64/libnss_ldap-2.11.1.so instead of NIS.

Is it possible to use LDAP account for linux agent operation needs ?

 

Regards,

Alexey

0 Kudos
2 REPLIES 2

Tushar_H_
Level 2
Employee

‎08-22-2012 04:59 AM

Hi,

As long as the LDAP account is member of ROOT and BEOper group you should not have any issue. I would like to get some more information on this.

What is the exact version of BE (BE 2010, BE 2010 R2) with patches? What is the version of Linux Server you are backing up? How many Linux Servers you are looking forward to backup?

You have mentioned BE server communicates well with the Linux Agent (RALUS). Are you logged in with ROOT account or LDAP account to Linux Server?

what happens exactly when you run the backup job with LDAP based account. Does the backup job fail with any error message?

In order to research on it more can you run the backup job with LDAP account and send me the Job Log and Debug Log from Linux Server?                                                                                                                               To run RALUS in debug mode please refer to following Technote: http://www.symantec.com/docs/TECH35477

 

Thanks & Regards,

Tushar H.

0 Kudos

edmin-josh
Not applicable

‎10-18-2012 01:58 PM

Did you ever figure this out? We are having the same issue. It works fine when logging in with root on the local account, but no ldap accounts are working. The snip from the debug log just shows this:

 

44341940 Thu Oct 18 13:53:18 2012 : sslOpen(): certinfo = 0xf18c1dff ; sslConn = 0xf188cd3f
44341940 Thu Oct 18 13:53:18 2012 : Username for Logon: beoperadmin
44341940 Thu Oct 18 13:53:18 2012 : LogonUser failed for user: beoper because LogonUser: The input password does not match the OS password
44341940 Thu Oct 18 13:53:18 2012 : LogonUser failed for user: beoper
44341940 Thu Oct 18 13:53:18 2012 : In ndmpdGetLastError:: Callback to get last NDMP Error.
44341940 Thu Oct 18 13:53:18 2012 : ndmp_readit: Caught message on closed connection. Socket 0x7 len 0x0
44341940 Thu Oct 18 13:53:18 2012 : ndmp_readit: ErrorCode :: 0 :
44341940 Thu Oct 18 13:53:18 2012 : FreeFormatEnv( cur_fmt=0 )
44341940 Thu Oct 18 13:53:18 2012 : FreeFormatEnv( cur_fmt=0 )
44341940 Thu Oct 18 13:53:18 2012 : sslClose() : Closing SSL for: 0xf18c536f
 

 

I should mention I can login with the ldap user via SSH, so the password is setup properly. Also when running "getent passwd" and "getent group" it shows the user and group we have created. When we installed the agent, it says the group beoper doesn't exist, but can't create it. Something is wrong and we aren't sure what.

0 Kudos