cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Error 8021: unable to validate the user or group

Dackey
Level 4

‎02-08-2021 04:47 AM - edited ‎02-08-2021 04:47 AM

Hello Netbackup Team,

I had a Master Server v8.1.2, When i Authenticate with an account of an AD i had no problems.

This account is in an other AD and are in the Admin loacl group of the Master Server.

I have upgrade it in v8.3.0.1, since when i log with the same account ihade the error:

Error 8021: unable to validate the user or group

Same thing with the 8.3

When i authenticate with the nbwebsvc account, all is ok.

When i use the command line :

vssat.bat authenticate -p user -d nt:<DomainAD> -b localhost:13783 the authentication failed (Unable to connect to Server)

 

Have you an idea to help me ?

 

Thx for help ^^

 

 

0 Kudos
11 REPLIES 11

pats_729
Level 6
Employee

‎02-08-2021 06:25 AM

Have you configured RBAC on Master server yet ?

0 Kudos

Dackey
Level 4
In response to pats_729

‎02-08-2021 07:01 AM

Hi,

 

No i havent.

I must set it ?

0 Kudos

pats_729
Level 6
Employee
In response to Dackey

‎02-08-2021 08:48 AM

I think the command you are running will work only if RBAC is set.
It’s working for nbwebsvc because it’s already a domain account but NBU doesn’t know any AD objects (unless RBAC configured).

Dackey
Level 4
In response to pats_729

‎02-09-2021 01:26 AM

Hi ^^

Ok it seems logical !

So i have add an LDAP, now i want to check but don't understand the command line vssat validateprpl -p...

Don't understand what is the -p

0 Kudos

Dackey
Level 4
In response to Dackey

‎02-09-2021 02:05 AM

So i add set RBAC, i try :

.\vssat.bat addldapdomain -d ntdsi.airsystems.thales -s ldap://<Domain> -u "<DistinguishedNameLDAP>" -g "DistinguishedNameGroup" -m "DistinguishedNameUser" -t msad

C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $
Using data dir: C:\Program Files\Veritas\NetBackup\var\global\vxss\eab\data
Enter password for DistinguishedNameUser:
Successfully added LDAP domain.
Verify whether the LDAP domain settings are appropriate by validating the LDAP domain user and group.
Use the 'vssat validateprpl' and 'vssat validategroup' commands with domain type 'ldap' for validation.



PS C:\Program Files\Veritas\NetBackup\sec\at\bin> .\vssat.bat authenticate -p User nt:<domain> -b localhost:13783

C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $
Using data dir: C:\Program Files\Veritas\NetBackup\var\vxss\at
Enter password for User:


vssat authenticate ERROR V-18-7006 Authentication Failed

vssat authenticate ERROR V-18-7010 Unable To Connect To Server

The first command line was a success as we can see, but when i want to authenticate  ihave the same problem ...

0 Kudos

pats_729
Level 6
Employee
In response to Dackey

‎02-09-2021 02:17 AM

yeah right spotted... the first command to add to RBAC shows successful but further commands to validate shows failure.

In my case even after validate failure... i was able to login using my AD credentials. Check if this works for you.

0 Kudos

Dackey
Level 4
In response to pats_729

‎02-09-2021 02:39 AM

Yes i can but i have the error Status error 8021: ...

And i cant authenticate on https://MasterServer/webui ...

 

What the next command to do, or do you know a tutorial to set the RBAC, i have the help of The KB NetBackup but it's not suffisant .

0 Kudos

pats_729
Level 6
Employee
In response to Dackey

‎02-09-2021 05:22 AM

Hi

i see you ran command

.\vssat.bat addldapdomain -d ntdsi.airsystems.thales -s ldap://<Domain> -u "<DistinguishedNameLDAP>" -g "DistinguishedNameGroup" -m "DistinguishedNameUser" -t msad

and "-d ntdsi.airsystems.thales" <----- is this your master server name ? You need to specifiy the master server name with "-d" flag.

you can remove configuration added and try again

vssat removeldapdomain -d DomainName

Try adding configuration with command

vssat addldapdomain --domainname NBUMastername --server_url ldap://my_ad_host.mydomain.myenterprise.com --user_base_dn cn=users,dc=mydomain, dc=myenterprise,dc=com --group_base_dn dc=users,dc=mydomain,dc=myenterprise,
dc=com --schema_type msad --admin_user cn=Administrator,cn=users,dc=
mydomain,dc=myenterprise,dc=com

There are 2 prerequisites to run this command

1. Make sure you have a valid DNS record for Master Server Name

2. Make sure you can login to Master Server OS using a Domain account.

Hope it helps.

0 Kudos

Dackey
Level 4
In response to pats_729

‎02-09-2021 05:37 AM

Hi,

 

add the name of the server : -d "masterserverrie.ntdsi.airsystems.thales"

The command is success as the first.

I try the authenticate command line, and it's the same result :

C:\Program Files\Veritas\NetBackup\sec\at\bin>REM $Copyright: Copyright (c) 2020 Veritas Technologies LLC. All rights reserved $
Using data dir: C:\Program Files\Veritas\NetBackup\var\vxss\at
Enter password for User:


vssat authenticate ERROR V-18-7006 Authentication Failed

vssat authenticate ERROR V-18-7010 Unable To Connect To Server

 

The NBAC is OK, and the Account i use is Admin on All NetBackup.

 

0 Kudos

pats_729
Level 6
Employee
In response to Dackey

‎02-09-2021 05:47 AM

Hi

as i mentioned earlier "validate" step didnt worked for me either.... Try logging to webui if the add command was successful. Login worked for me even if validate command fails.

If nothing works out may be you can look iinto nbatd log or take some more help from Tech Support.

0 Kudos

AndriiPushkarov
Level 4
In response to pats_729

‎07-24-2022 11:48 AM

HI, All

Please check if the parameters are correctly assigned to execute “vssat addldapdomain…”?:

-d master server domain name…

-m account server administrator master server …

-u nbwebsvc…

-g nbwebgrp…

-t msad

I would appreciate any clarification.

0 Kudos