02-08-2021 04:47 AM - edited 02-08-2021 04:47 AM
Hello Netbackup Team,
I had a Master Server v8.1.2, When i Authenticate with an account of an AD i had no problems.
This account is in an other AD and are in the Admin loacl group of the Master Server.
I have upgrade it in v8.3.0.1, since when i log with the same account ihade the error:
Error 8021: unable to validate the user or group
Same thing with the 8.3
When i authenticate with the nbwebsvc account, all is ok.
When i use the command line :
vssat.bat authenticate -p user -d nt:<DomainAD> -b localhost:13783 the authentication failed (Unable to connect to Server)
Have you an idea to help me ?
Thx for help ^^
02-08-2021 06:25 AM
Have you configured RBAC on Master server yet ?
02-08-2021 07:01 AM
Hi,
No i havent.
I must set it ?
02-08-2021 08:48 AM
02-09-2021 01:26 AM
Hi ^^
Ok it seems logical !
So i have add an LDAP, now i want to check but don't understand the command line vssat validateprpl -p...
Don't understand what is the -p
02-09-2021 02:05 AM
So i add set RBAC, i try :
.\vssat.bat addldapdomain -d ntdsi.airsystems.thales -s ldap://<Domain> -u "<DistinguishedNameLDAP>" -g "DistinguishedNameGroup" -m "DistinguishedNameUser" -t msad C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $ Using data dir: C:\Program Files\Veritas\NetBackup\var\global\vxss\eab\data Enter password for DistinguishedNameUser: Successfully added LDAP domain. Verify whether the LDAP domain settings are appropriate by validating the LDAP domain user and group. Use the 'vssat validateprpl' and 'vssat validategroup' commands with domain type 'ldap' for validation. PS C:\Program Files\Veritas\NetBackup\sec\at\bin> .\vssat.bat authenticate -p User nt:<domain> -b localhost:13783 C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $ Using data dir: C:\Program Files\Veritas\NetBackup\var\vxss\at Enter password for User: vssat authenticate ERROR V-18-7006 Authentication Failed vssat authenticate ERROR V-18-7010 Unable To Connect To Server
The first command line was a success as we can see, but when i want to authenticate ihave the same problem ...
02-09-2021 02:17 AM
yeah right spotted... the first command to add to RBAC shows successful but further commands to validate shows failure.
In my case even after validate failure... i was able to login using my AD credentials. Check if this works for you.
02-09-2021 02:39 AM
Yes i can but i have the error Status error 8021: ...
And i cant authenticate on https://MasterServer/webui ...
What the next command to do, or do you know a tutorial to set the RBAC, i have the help of The KB NetBackup but it's not suffisant .
02-09-2021 05:22 AM
Hi
i see you ran command
.\vssat.bat addldapdomain -d ntdsi.airsystems.thales -s ldap://<Domain> -u "<DistinguishedNameLDAP>" -g "DistinguishedNameGroup" -m "DistinguishedNameUser" -t msad
and "-d ntdsi.airsystems.thales" <----- is this your master server name ? You need to specifiy the master server name with "-d" flag.
you can remove configuration added and try again
vssat removeldapdomain -d DomainName
Try adding configuration with command
vssat addldapdomain --domainname NBUMastername --server_url ldap://my_ad_host.mydomain.myenterprise.com --user_base_dn cn=users,dc=mydomain, dc=myenterprise,dc=com --group_base_dn dc=users,dc=mydomain,dc=myenterprise,
dc=com --schema_type msad --admin_user cn=Administrator,cn=users,dc=
mydomain,dc=myenterprise,dc=com
There are 2 prerequisites to run this command
1. Make sure you have a valid DNS record for Master Server Name
2. Make sure you can login to Master Server OS using a Domain account.
Hope it helps.
02-09-2021 05:37 AM
Hi,
add the name of the server : -d "masterserverrie.ntdsi.airsystems.thales"
The command is success as the first.
I try the authenticate command line, and it's the same result :
C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $
Using data dir: C:\Program Files\Veritas\NetBackup\var\vxss\at
Enter password for User:
vssat authenticate ERROR V-18-7006 Authentication Failed
vssat authenticate ERROR V-18-7010 Unable To Connect To Server
The NBAC is OK, and the Account i use is Admin on All NetBackup.
02-09-2021 05:47 AM
Hi
as i mentioned earlier "validate" step didnt worked for me either.... Try logging to webui if the add command was successful. Login worked for me even if validate command fails.
If nothing works out may be you can look iinto nbatd log or take some more help from Tech Support.
07-24-2022 11:48 AM
HI, All
Please check if the parameters are correctly assigned to execute “vssat addldapdomain…”?:
-d master server domain name…
-m account server administrator master server …
-u nbwebsvc…
-g nbwebgrp…
-t msad
I would appreciate any clarification.