Solved: NBAC 7.1 Solaris - root being denied

austin_lazanows · ‎09-20-2011

Hello everyone,

I currently have a case opened (for any Symantec rep, its case #: 415-215-656) to figure out why the root user id and password on the Solaris 10 netbackup master is being denied during bpnbat login. The Netbackup master server has existed for a long time and has been recently upgraded from version 6.5.6 to 7.1.0.1. During the setup of NBAC on the master, we were being denied for the unixpwd account of root and its password (we verified we were typing it correct by sshing into the box with the same credentials) so we had to use another local admin on the box. The account we used for the local admin does not have permissions to create another fsa or add users to a particular group. When you try to login with root, it is still being denied access. We do not use NIS or NISPLUS in the environment, and we verified the local root account on the box.

I still have some files under /opt/VRTSaz, but no /opt/VRTSat exists. The new directories for this under 7.1 exist under /usr/openv/netbackup/sec/at and /usr/openv/netbackup/sec/az respectively.

bp.conf entries exist below:

AUTHENTICATION_DOMAIN = masterservernamehere "ADDED AUTOMATICALLY" PASSWD masterservernamehere 0 exists in the bp.conf file (i've edited out the master server name for the sake of this post)

AUTHORIZATION_SERVICE = masterservernamehere 0
USE_VXSS = AUTOMATIC
VXSS_SERVICE_TYPE = INTEGRITYANDCONFIDENTIALITY

If this was 6.5 i would just simply uninstall the ICS packages and install them back, but since this is 7.1 and they integrated the packages, I have no idea how to do this anymore. Even my current support engineer is scratching his head at this time.

Does anyone out there have any idea?

austin_lazanows · ‎09-30-2011

After backline support, and building a secondary master server to test NBAC on that (which worked beautifully and took only 30 seconds to perform), there seems to be particular binaries missing. Unfortunately since they do not have any switch integration to their installs and removed the installics as a separate install, we will be forced to rebuild the master server and restore the catalog. I've put in a request that individual packages also have some uninstall and install command line switches to the packages for future "repair" situations.

View solution in original post

Marianne · ‎09-21-2011

I have been battling with NBAC for the last couple of days...

I found the following in the manual that helped getting root access:

To make sure that the database is configured correctly, run bpnbaz -listgroups

If the groups do not appear, or if bpnbaz -listmainobjects does not return data, you may need to run bpnbaz -setupsecurity.

Handy NetBackup Links

austin_lazanows · ‎09-22-2011

Yeah, unfortunately when you try to run the bpnbaz commands it will want you to relogin with bpnbat; which of course unfortunately is denying the root credentials. Whats funny is we just got it up and running in our DR environment which mimics the same install/hardware, but the only difference is its completely clean and never from an upgrade. Oh well, I hope backline can help us look at whatever binaries must be hiccuping.

Thanks again for your help!

austin_lazanows · ‎09-30-2011

After backline support, and building a secondary master server to test NBAC on that (which worked beautifully and took only 30 seconds to perform), there seems to be particular binaries missing. Unfortunately since they do not have any switch integration to their installs and removed the installics as a separate install, we will be forced to rebuild the master server and restore the catalog. I've put in a request that individual packages also have some uninstall and install command line switches to the packages for future "repair" situations.

VOX

NBAC 7.1 Solaris - root being denied