07-30-2015 01:29 PM
Hey guys,
Clustered Netbackup 7.7 Master Server, running on Windows 2012.
After installing NBAC, I looks like it is running fine (login screen, permissions, roles, etc). However, I cannot run a "bpexpdate.exe", "bpimage.exe" and other commands on the command prompt (running as admin, obviously).
They all return something like:
expire not allowed: cannot connect on socket (25).
If I take nbac down (chanking registry key from AUTOMATIC to PROHIBITED), it works.
The user I am using has ALL the possible permissions on the authorization screen.
Any guesses?
Thanks a lot,
Rafael
Solved! Go to Solution.
07-30-2015 02:48 PM
To run these commands first you need to login using bpnbat -login command
Once you have successfully logged in you will be able to run those commands
07-30-2015 02:12 PM
07-30-2015 02:48 PM
To run these commands first you need to login using bpnbat -login command
Once you have successfully logged in you will be able to run those commands
07-30-2015 02:51 PM
Example -
# bpnbat -Login
Authentication Broker: test.example.com
Authentication port[ Enter = default]:
Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd): NIS
Domain: example.com
Name: username
Password:
You do not currently trust the server: test.example.com, do
you wish to trust it? (y/n): y
Operation completed successfully.
07-31-2015 01:15 PM
Actually I went back to test it today, and it was working - never used the login command. :)
Is it mandatory to login every time I open a cmd.exe? Or maybe it have a cache or something?
Tks!
07-31-2015 01:47 PM
With NBAC it creates a security tocket for every session to EMM, its just like TGT system in windows. It also has a time to live after which the ticket expired so you need to login again
08-02-2015 03:50 PM
The "bpnbat -login" is like a credential ticket issued to the user by the AB (authentication broker) for a certain period of time.
You don't need to do a login every time, but you will need to check if your current credential has or has not expired. You can do so by "bpnbat -whoami", the output will be like this:
Name: ADMINISTRATOR
Domain: w2k8master
Issued by: /CN=broker/OU=root@w2k8master/O=vx
Expiry Date: Jun 13 22:12:34 2015 GMT
Authentication method: Microsoft Windows
Operation completed successfully.
If your system time has passed the expiry date, you will need to "bpnbat -login" for a new credential ticket.
08-03-2015 11:39 AM
Pretty clear, thank you guys!