Highlighted

Netbackup Appliance 2.6.1.1 Java Console "Unable to login,status:503 Invalid Username"

I have a new NetBackup Appliance 5230 wich was updated to 7.6.1.1 and is configured as a master server and I am triyng to login by my Windows 7 laptop with the Java Console 7.6.1.1, but getting this error : "Unable to login,status:503 Invalid Username". I don't know where is the problem, I added the usernames to the auth.conf file and it looks like:

domain\user.last ADMIN=all JBP=all

domain\user2.last2 ADMIN=all JBP=all

domain\user3.last3 ADMIN=all JBP=all

After configuring auth.conf I did restart services, my nbatd proccess is running normaly.  Can somebody tell me what I am missing?

 

Thanks,

 

1 Solution

Accepted Solutions
Highlighted
Accepted Solution!

It takes more than that and

It takes more than that and what to do to set AD authentication up had been discussed here with almost step-by-step instructions http://www.symantec.com/connect/forums/add-ldap-authentication-5230-appliance

Frustrating that we can't have a technote from Symantec that explains all this. There is one technote but it is not a cookbook http://www.symantec.com/docs/HOWTO102490

As I mentioned above, Appliances don't support NBAC when configured as Masters

View solution in original post

7 Replies
Highlighted

So you have configured NBAC?

So you have configured NBAC? The appliance does not come configured with NBAC running. If so what type of authentication did you choose?

Highlighted

Where did you create the

Where did you create the auth.conf with the domain users?

Refer to the steps on page 1134 of NB761 admin guide: http://www.symantec.com/docs/DOC7668

Highlighted

I don't think you've set it

I don't think you've set it up correctly, but you haven't given me enough information to pinpoint just WHERE things might have gone wrong.

Symantec NetBackup 52xx and 5330 Appliance Administrator’s Guide – Release 2.6.1.1
 http://symantec.com/docs/DOC8009

Check out the documentation (start at the bottom of page 259, Settings > Authentication to check out some CLISH commands that can help you troubleshoot and/or start over from scratch in getting AD user access.  Especially look at the AD portion of the table on page 262)

If this isn't enough, hopefully somebody who knows more about Appliances than I do can show up in this thread and give you some REAL advice.  ;-)  Good luck!

Highlighted

Well, that's looks like a

Well, that's looks like a Java security file, not NBAC.

By the way, NBU Appliances do not support NBAC at all when configured as Masters.

Highlighted
Accepted Solution!

It takes more than that and

It takes more than that and what to do to set AD authentication up had been discussed here with almost step-by-step instructions http://www.symantec.com/connect/forums/add-ldap-authentication-5230-appliance

Frustrating that we can't have a technote from Symantec that explains all this. There is one technote but it is not a cookbook http://www.symantec.com/docs/HOWTO102490

As I mentioned above, Appliances don't support NBAC when configured as Masters

View solution in original post

Highlighted

You should undo the changes

You should undo the changes you made to the auth.conf.  Direct changes to that file on an appliance are going to put you in a potentially unsupported state.

What you want to do is take a look at the admin guide for 2.6.1.1 starting around page 262.  While it isn't step by step, it does discuss this issue.  I'd also suggest the Command Reference Guide.  HOWTO102490 is more geared toward LDAP, and the addition of the the appliance to AD is a much simpler process.

Once you have the appliance added into AD, and you've set an AD group as authorized as an admin role your users belonging to that group should be able to use their domain credentials to login via the Java GUI.

Thank you everybody, I did

Thank you everybody,

I did undo the changes to the auth.conf file in the appliance.

There is not enough official information that can support the step-by-step kindly Mouse shared with us, so the security department did not like the idea of plug-in required in the AD server, so we decided to use the Local Authentication. Here the way:
1. Create user by:
Main_Menu> Settings> Security> Authentication
Users Add username
* It will ask for a new password
2. Grant permissions by:
Main_Menu> Settings> Security> Authorization
Grant Administrator Users droman

Many thanks for your help!