cancel
Showing results for 
Search instead for 
Did you mean: 

Messed up the AD-User Authentication

MarkusKuttke
Level 1

Well, it was not the most sophisticated thing when I messed up the User Authentication an a NetBackup Appliance 3.0. Here is what I did:

I joined the appliance into the AD. I added single users to the appliance and granted the rights. Everything worked very well so far.

However, I thought it would be wiser to add an AD group to authenticate the users. So I created this group in the AD and configured the same users asabove as members. And granted this group to have admin rights.

The result was that the users appeared as users of in the group tree as well as single users on the top of the list. So tried to delete the users on the top just to maintain the users in the group. But it did not work. The users were marked as Auth:denied but they were not deleted. So I deleted the group as well and the users were gone. So far so good. I added the group again and granted the rights, but was not able as a member of this group to login.

Back and forth for some time nothing worked. So I decided to restore to the snapshot created after the upgrade. This also messed up the AD-Integration. The state now is I do have is now I have an appliance which is unable to join the AD because of some leftovers, I am unable to leave the AD via the CLI because it says there are AD-Users and I am not able to remove this users.

Any Ideas? I was looking vor a database file like /etc/passwd or so were the accounts were savet but without any avail.

Local login maintenance shell and elevate do work as local administrator.

Thanks

Markus

3 REPLIES 3

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

Dont you love security!

I'm not sure but you should be able to follow the same procedure as you would to rollback/unconfigure NBAC on Linux/Unix.

Or reimage it :p

ejporter
Level 4

I had a very similar problem.  AD was broken,  I could not unconfiure and reconfigure it becuase I had defined users.   And I could not delete the users because AD was down.

They keep some of the user configuration information in some XML files.

Basically I had to remove  the xml file, cleanup everything for AD via the clish and reconfigure.

The xml file I had to move aside was /usr/openv/runtime_data/sec_prpls.xml

That said, I would work with support on this.  This really is not something they want customers doing without guidance.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Seems that @MarkusKuttke has not been back since February.

Hopefully he can tell us what happened since then?