02-08-2016 02:27 AM
Hi,
Netbackup access control configuration:I have added a user bkpmon to NBU_User group.It completed successfully.But i am not able to see when i list group members on NBU_User group.why this was happenning,as it was working fine with other groups like NBU_Operator.Please help in solving this issue
[root@linux1 admincmd]# ./bpnbaz -AddUser NBU_User UNIXPWD:linux1:bkpmon
Operation completed successfully.
[root@linux1 admincmd]# ./bpnbaz -ListGroupMembers NBU_User
==========
Type: Authorization Group
Domain Type: unknown
Domain: <NONE>
Name: Authenticated Principals
Operation completed successfully.
[root@linux1 admincmd]#
Thanks in advance
Regards,
Raviteja
02-08-2016 03:37 AM
I tried the same command :
bpnbaz -Adduser NBU_User UNIXPWD:ural.acme.com:nicolai
But using the GUI I can see the user isn't added to the group. A prerequisite in not in place (don't witch one).
02-08-2016 05:30 AM
I agree with Nicolai...
What other steps have you followed before this command?
02-08-2016 07:42 AM
I think this might be case sensitive issue.. shouldn't the UNIXPWD be like Unixpwd
02-08-2016 07:56 AM
I think you are rigt - sample command from the secuirty and encryption guide:
bpnbaz -AddUser unixpwd:v-123790b.punin.sen.symantec.com:Debbie
However the command still doesn't add the user to NBU_User
02-08-2016 08:01 AM
I think the first letter U is in upper case Unixpwd
02-08-2016 08:18 AM
It does not seem to do any diffrence - both UNIXPWD, Unixwd or unixpwD all return a "Operation completed successfully".
02-09-2016 03:40 AM
Hi,
The problem lies with NBU_User,while adding users to other groups like NBU_Operator are working fine
Regards,
Raviteja
02-09-2016 06:24 AM
Have no experience in NBAC so this may be totally incorrect(!!), but trawling around the T/N's I was wondering if it was because of this?
"All authenticated users are implicit members of the NBU_Users user group. All other groups must have members defined explicitly. "
https://www.veritas.com/support/en_US/article.000073664
Maybe it doesn't list them as it presumes all users are a part of this group by default
02-09-2016 06:24 AM
I think the next step should be to enable logs and diagnose further
02-09-2016 07:49 AM
I am buying Andy's suggestion - if you list memebers of NBU_group you see "Authenticated Principals".
Its the only NBU group where "Authenticated Principals" is a member. But I however don't find a lot of documentation on the "Authenticated Principal" to confirm it.
~Nicolai