cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Java interface for windows clients

matador
Level 2

‎11-05-2007 08:53 AM

We run Netbackup on an HPUX master, with a mixed bag of windows and unix media servers and clients. For restores, the UNIX admins can login to any UNIX client via the Java interface on their Windows workstations, as long as they have a userid on that client. This isolates them to only do restores on their servers. However, for Windows clients, I'm not sure what userid that can use to login. Users are authenticated via Active Directory, but I've tried various forms of the AD account (ie., John Doe, "John Doe", domain\John Doe) to no avail. The workaround has been to add unix accounts to the Windows admins on the master, but that gives them carte blanche to do restores from/to any clients.
BTW: They use the java interface, to get the "preview" facility, which is not found on the client backup/restore interface.
thanks
0 Kudos
4 REPLIES 4

zippy
Level 6

‎11-05-2007 12:17 PM

We have a simalar setup.
 
Master = HPUX
Clients = Linux HPUX Windows NDMP etc
 
I can allow any user manage the backup env, this includes backup. restores, hardware etc from any java GUI using their UNIX ID.
 
This is how its done.
 
add the user to the master server useradd - groupadd or just plain old "sam"
 
add that same user ID to the auth.conf
 
 
Java auth file is located on the master
/usr/openv/java/auth.conf
 
 
root ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC
nt_admins_name ADMIN=ALL
the_other_nt_admins nameADMIN=ALL
unix_admins_name=ALL
The_other_UNIX_admins_name=ALL
some_helpdesker ADMIN=AM
some_helpdeskers_who_knows_something_about_UNIX_name ADMIN=ALL
 
0 Kudos

matador
Level 2

‎11-05-2007 01:38 PM

James,
My question was not how to grant ADMIN access, but how to restrict the access. All admins (UNIX and Windows) have accounts on the Master HPUX server. So that allows an NT admin to restore an NT server's C drive onto the root filesystem of a UNIX server (yep, it happened). I'm looking for a way to isolate UNIX admins from the Window's admins, so that UNIX can only restore to UNIX servers. If I have an auth.conf on the windows clients, can I specify a UNIX account on that windows-local file? Or does the account have to be a userid on the windows side, which in our case is managed by Active Directory?
Thanks
0 Kudos

Omar_Villa
Level 6
Employee

‎04-08-2008 08:32 AM

You can configure the java console to only be able to see some modules of the console just add what you need to the user you want:
 
sample can be:
user ADMIN=AM+DM  --> this will allow the user to only see the Activity Monitor and Device Monitor.

AM Activity Monitor

BPM Backup Policy Manager

CAT Catalog

DM Device Monitor

HPD Host Properties

JBP Backup, Archive, and Restore

MM Media Manager

REP Reports

SUM Storage Unit Manager

VLT Vault Management

Check your Admin Guide page 429.

 

regards

0 Kudos

Stumpr2
Level 6

‎04-08-2008 09:37 AM

LOL - Omar, what brings you to answering a post that is 5 months old?
The author has not logged in since last year.
Date Last Visited: 11-05-2007 05:08 PM
 
 
 
0 Kudos