Solved: NBAC causing error 48 client connect issues

Kev_Lamb · ‎12-13-2011

Hi,

I have two RHEL 5.6 Master Servers running NBU 7.1.0.2 one is using Winbind for authentication using a Domain Controller the other is using standard Unix accounts for login.

I have never previously used NBAC for authentication of NBU but thought now would eb the time to dip my toes in the water, the Master Server that is running Winbind works a treat with access controlled by the use of NBAC; however if I set up NBAC on my other Master Server and configure NBAC to authenticate using UNIXPWD this causes issues with a number of my clients with a different domain name to fail with an error 48, the unix clients which use the same DomainName as the master server are fine, if I place an entry in the /etc/hosts file for one of the failing clients this then resolves the issue.

Not wanting to place over 200 clients with the IP and FQDN in the host file is there an alternative way of using NBAC and still have full access to the clients just uing the UNIXPWD authentication?

DNS does work as does bpclntcmd and bptestbpcd on the ones that fail with a 48 from the GUI?

Only really want to use NBAC so I can use the full audit trails in OpsCenter and not have to rely on using the java auth.conf file to lock other access down, at present I am unable to set up winbind on the master server due to access restrictions in place by our USA owners.

Thanks in advance

Kev

Attitude is a small thing that makes a BIG difference

Kev_Lamb · ‎02-10-2012

having a nightmare with NBAC on the second master server, still unable to get it working correctly, now giving up and using the auth,conf file instead, as we only have 3 admins with Netbackup the use of NBAC is not really worth it.

Attitude is a small thing that makes a BIG difference

View solution in original post

Douglas_A · ‎12-14-2011

So what i have found with NBAC is that you can only put a windows and Unix master unnder the same NBAC domain is when they both aiuthenticate the same way.. Example the Windows system is using AD/WinBind, so your UNIX machine will need to have LDAP enabled and be able to see the same domains.

This is likley not how it should be setup but to get it to work correctly this is the only way i have found.

Best of luck.

Kev_Lamb · ‎12-15-2011

Scenario is this:

masterserver1.ipcmedia.com NBU7.1.0.2 running Linux using Winbind authentication, no media servers, 20 clients mix of Unix and Wintel, clients have a mix of two domains, ipcmedia.com & corp.ad.timeinc.com, NBAC is working a treat on this one.

masterserver2.ipcmedia.com NBU7.1.0.2 running Linix now using Winbind authentication, one Wintel media server runninh NBU6.5.5, 200+ clients, mix of Wintel, MAC, Solaris, HP-UX & Linux, clients have a mix of domain names, ipcmedia.com, corp.ad.timeinc.com, enterprise.corpad.timeinc.com, NBAC does not work correctly.

When using NBAC on masterserver2 I can select the clients in the ipcmedia.com domain but get an error 48 when I select any other client regardless of the O/S; however if I enter the client details in the /etc/hosts file I can then connect without an issue, it is as though when using NBAC on this master server it does not use the resolve.conf correctly, I do not want to place all 200+ clients into the hosts file as this is a security risk and also another admin task everytime a client is removed or added.

I am using the java auth.conf file as a short term fix which allows me to restrict certain users access but this does not record the user details in the OpsCentre audit trails as the user is shown as root what ever the log in.

Attitude is a small thing that makes a BIG difference

Kev_Lamb · ‎02-10-2012

having a nightmare with NBAC on the second master server, still unable to get it working correctly, now giving up and using the auth,conf file instead, as we only have 3 admins with Netbackup the use of NBAC is not really worth it.

Attitude is a small thing that makes a BIG difference

VOX

NBAC causing error 48 client connect issues