05-05-2015 03:02 PM
I have a new NetBackup Appliance 5230 wich was updated to 7.6.1.1 and is configured as a master server and I am triyng to login by my Windows 7 laptop with the Java Console 7.6.1.1, but getting this error : "Unable to login,status:503 Invalid Username". I don't know where is the problem, I added the usernames to the auth.conf file and it looks like:
domain\user.last ADMIN=all JBP=all
domain\user2.last2 ADMIN=all JBP=all
domain\user3.last3 ADMIN=all JBP=all
After configuring auth.conf I did restart services, my nbatd proccess is running normaly. Can somebody tell me what I am missing?
Thanks,
Solved! Go to Solution.
05-06-2015 02:25 AM
It takes more than that and what to do to set AD authentication up had been discussed here with almost step-by-step instructions http://www.symantec.com/connect/forums/add-ldap-authentication-5230-appliance
Frustrating that we can't have a technote from Symantec that explains all this. There is one technote but it is not a cookbook http://www.symantec.com/docs/HOWTO102490
As I mentioned above, Appliances don't support NBAC when configured as Masters
05-05-2015 03:35 PM
So you have configured NBAC? The appliance does not come configured with NBAC running. If so what type of authentication did you choose?
05-05-2015 05:21 PM
Where did you create the auth.conf with the domain users?
Refer to the steps on page 1134 of NB761 admin guide: http://www.symantec.com/docs/DOC7668
05-05-2015 05:22 PM
I don't think you've set it up correctly, but you haven't given me enough information to pinpoint just WHERE things might have gone wrong.
Check out the documentation (start at the bottom of page 259, Settings > Authentication to check out some CLISH commands that can help you troubleshoot and/or start over from scratch in getting AD user access. Especially look at the AD portion of the table on page 262)
If this isn't enough, hopefully somebody who knows more about Appliances than I do can show up in this thread and give you some REAL advice. ;) Good luck!
05-06-2015 02:11 AM
Well, that's looks like a Java security file, not NBAC.
By the way, NBU Appliances do not support NBAC at all when configured as Masters.
05-06-2015 02:25 AM
It takes more than that and what to do to set AD authentication up had been discussed here with almost step-by-step instructions http://www.symantec.com/connect/forums/add-ldap-authentication-5230-appliance
Frustrating that we can't have a technote from Symantec that explains all this. There is one technote but it is not a cookbook http://www.symantec.com/docs/HOWTO102490
As I mentioned above, Appliances don't support NBAC when configured as Masters
05-06-2015 05:37 AM
You should undo the changes you made to the auth.conf. Direct changes to that file on an appliance are going to put you in a potentially unsupported state.
What you want to do is take a look at the admin guide for 2.6.1.1 starting around page 262. While it isn't step by step, it does discuss this issue. I'd also suggest the Command Reference Guide. HOWTO102490 is more geared toward LDAP, and the addition of the the appliance to AD is a much simpler process.
Once you have the appliance added into AD, and you've set an AD group as authorized as an admin role your users belonging to that group should be able to use their domain credentials to login via the Java GUI.
05-06-2015 09:30 AM
Thank you everybody,
I did undo the changes to the auth.conf file in the appliance.
There is not enough official information that can support the step-by-step kindly Mouse shared with us, so the security department did not like the idea of plug-in required in the AD server, so we decided to use the Local Authentication. Here the way:
1. Create user by:
Main_Menu> Settings> Security> Authentication
Users Add username
* It will ask for a new password
2. Grant permissions by:
Main_Menu> Settings> Security> Authorization
Grant Administrator Users droman
Many thanks for your help!