Solved: Netbackup Access Control Error

Taztopher · ‎06-01-2011

Hello All,

I need help with NBAC!

I have just configured NBAC and it works fine, however I have some actions where I get Access denied even when logged in as root (NBU_Security Admin).

Environment Info:

Netbackup 7.1
Master: Redhat 5.6
Media: Redhat 5.6
Storage: Quantum DXI using OST

When I set to USE_VXSS = PROHIBITED everything works. It’s a permissions issue.

With access control off:

MASTER

[root@lonbst01 admincmd]# ./nbdevconfig -inventorydp -stype Quantum -dp lonmst01_londxip02

Disk pool lonmst01_londxip02 was successfully inventoried and updated with the following updates:

Old Raw Size (GB): 30720.00

New Raw Size (GB): 30720.00

Old Formatted Size (GB): 30720.00

New Formatted Size (GB): 30720.00

Old Host List: lonbst01_172.30.48.170

New Host List: lonbst01_172.30.48.170

MEDIA:

[root@lonmst01 admincmd]# ./nbdevconfig -inventorydp -stype Quantum -dp lonmst01_londxip02

Disk pool lonmst01_londxip02 was successfully inventoried and updated with the following updates:

Old Raw Size (GB): 30720.00

New Raw Size (GB): 30720.00

Old Formatted Size (GB): 30720.00

New Formatted Size (GB): 30720.00

Old Host List: lonbst01_172.30.48.170

New Host List: lonbst01_172.30.48.170

With access control on:

MASTER:

[root@lonbst01 admincmd]# ./nbdevconfig -inventorydp -stype Quantum -dp lonmst01_londxip02

failed to inventory disk pool, cannot connect on socket

MEDIA:

[root@lonmst01 admincmd]# ./nbdevconfig -inventorydp -stype Quantum -dp lonmst01_londxip02

failed to inventory disk pool, cannot connect on socket

At first I thought networking but it isn’t….

With access control on in the GUI:

Anyone had this before?

Taztopher · ‎06-01-2011

If i login as myself (NBU_Admin) the commands still don't work.

By default it looks like both NBU_Admin and NBU_Security Admin should be able to do this,

So with NBAC off:

[root@lonbst01 admincmd]# ./nbdevconfig -previewdv -storage_server lonbst01_172.30.48.170 -stype Quantum
V7.0 DiskVolume < "lonbst01" "lonbst01" 10995116277760 3594281128472 0 0 0 0 0 >
V7.0 DiskVolume < "lonbst01_new" "lonbst01_new" 5497558138880 1785663599832 0 0 0 0 0 >
V7.0 DiskVolume < "lonmst01" "lonmst01" 32985348833280 29171335447204 0 0 0 0 0 >
V7.0 DiskVolume < "lonbst01_rh" "lonbst01_rh" 32985348833280 32794472862156 0 0 0 0 0 >

With no config changes, just a vi bp.conf to set USE_VXSS = AUTOMATIC and a stop and start its now working.....

hmmmmm.........I had done this many times while testing and now its just working. I was given a new (temp) license key - makes me wonder......

Let me test for the next few days....

Cheers!

View solution in original post

Taztopher · ‎06-01-2011

Pic didn’t save so here it is as an attachment...

watsons · ‎06-01-2011

You mentioned that root is a NBU_Security Admin, but is it NBU_Admin?

Can we check if NBU_Admin has the rights to do nbdevconfig, I think by default it has...

Another test might be running nbdevconfig command (with other options) on this OST to see if it works - that can tell whether it is VXSS does not work with this command or with certain parameter.

Taztopher · ‎06-01-2011