Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. NetBackup Access Control Security (NBAC)
  9. Troubleshooting Access Management
  11. UNIX verification points
  13. UNIX media server verification
NetBackup™ Security and Encryption Guide

UNIX media server verification

Perform the following to verify the UNIX media server:

  • Verify the media server.

  • Verify that the server has access to the authorization database.

  • Understand the unable to load library message.

The following table describes the verification procedures for the UNIX media server.

Table: Verification process for the UNIX media server

Process

Description

Verify the media server

To determine which authentication broker the media server is authenticated against, run bpnbat -whoami with -cf for the media server's credential file. The server credentials are located in the /usr/openv/var/vxss/credentials/ directory.

For example:

   bpnbat -whoami -cf 
    /usr/openv/var/vxss/credentials/unix_media.company.com
   Name: unix_media.company.com
   Domain: NBU_Machines@unix_primary.company.com
   Issued by: /CN=broker/OU=root@unix_primary.company.com/
     O=vx
   Expiry Date: Oct 31 14:48:08 2007 GMT
   Authentication method: Veritas Private Security
   Operation completed successfully.

If the domain listed is not NBU_Machines@unix_primary.company.com, consider running bpnbat -addmachine for the name in question (unix_media). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (unix_primary).

Then, on the computer where we want to place the certificate, run (unix_primary): bpnbat -loginmachine

Verify that the server has access to the authorization database

To make sure that the media server is able to access the authorization database as it needs, run bpnbaz -ListGroups

"machine_credential_file"

For example:

   bpnbaz -ListGroups -CredFile
    /usr/openv/var/vxss/credentials/unix_media.company.com
   NBU_User
   NBU_Operator
   NBU_Admin
   NBU_Security Admin
   Vault_Operator
   Operation completed successfully.

If this command fails, run bpnbaz -AllowAuthorization on the primary server that is the authorization server (unix_primary). Note that you need to run as root or administrator.

Unable to load library message

Verify the media server and that it has access to the proper database. This verification indirectly informs us that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with the message "unable to load libraries," check to make certain the Authentication and Authorization client libraries are installed.

You may also verify that the authentication domains are correct. Do this verification viewing the access control host properties for this media server, or by cat(1)ing the bp.conf file.

Feedback

Was this page helpful?
Previous

UNIX primary server verification

Next

UNIX client verification

Feedback

Was this page helpful?