cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup 52XX Appliances LDAP issues and questions

logjam_admin
Not applicable

‎11-12-2014 03:46 PM

I have successfully enabled UNIX LDAP authentication on both our 5220 and 5230 appliances, I have noticed the following issues and was wondering if anyone else is seeing these issues.
 
Have seen these issues on both the 2.6.0.1 and 2.6.0.3 releases.
 
1.  After authorizing user accounts as Administrators, some users can log in via ssh successfully, some will be able to log in, but get a command prompt instead of the CLISH menu, while others the ssh session hangs.
 
2. Running LDAP commands from the CLISH menu (settings->security->authentication->LDAP->list) takes an hour to return results.
 
3.  The Web GUI successfully shows the LDAP Server configurations, but will not show configured users.   I know they are configured as the CLISH commands will show the configured users after an hour.
 
4.  All of the added LDAP user accounts are authorized as Administrator, when Logging onto a Java GUI, some users will be denied, others get all the options available, while others will only get the Backup,Archive,Restore control.
 
With the release of 2.6.0.3 it now includes the option of authenticating using Active Directory,  has anyone been able to successfully set that up and use it.  I can authenticate the appliance to our Domain, and add my user ID, after that I can not add additional id's to the appliance. In addition, sometimes when logging on as the local admin account I will get "user not authorized".
 
Any feedback with experience using using LDAP or Active Directory Authentication on the Netbackup 52XX Appliances would be appreciated.

0 Kudos
1 REPLY 1

ejporter
Level 4

‎08-23-2016 08:30 AM - edited ‎08-23-2016 08:34 AM

I am using it with Active Directory.  It works but can be on the slow side.   Its fine with the Java GUI.  It often stalls before presenting the clish, sometimes for minutes.

It seems to have an affinity for the AD server it connects to intially.  So if the AD server is down dont expect it to find another on its own.

I am using 2.6.1.2 currently,  but started using it at 2.6.0.3.  Check for EEB's  I belive 2.6.0.3 had EEB's for a lot of LDAP/AD peformance issues.  This may be what you need -> https://www.veritas.com/support/en_US/article.000024177

Also, some of the upgrades have stepped on the LDAP config and I had to  rebuild it.  I am waiting to see what happens when I go to 2.7 :)

Almost forgot one thing.  It will send updates to dynamic DNS via AD.   It will advertise both the public IP and the one shipped with the appliance on the first interface.   I ended up disabling the non-public IP on the appliance so we did not mess up our DNS.   I probably should have told support, so that this could be addressed but I didnt get  to it.  :)

0 Kudos