Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section I. Identity and access management
  4. NetBackup Access Control Security (NBAC)
  5. Troubleshooting Access Management
  6. Verification points in a mixed environment with a UNIX primary server
  7. Media server verification points for a mixed UNIX primary server
NetBackup™ Security and Encryption Guide

Media server verification points for a mixed UNIX primary server

The following table describes the media server verification procedures for a mixed UNIX primary server.

Table: Verification procedures for a mixed UNIX primary server

Procedure

Description

Verify the UNIX media server

See the following topic for the verification procedure for a UNIX media server:

See UNIX media server verification.

Verify the Windows media server

Check that the computer certificate comes from the root authentication broker, which is found on the UNIX primary server (unix_primary).

If there is a missing certificate, run the following commands to correct the problem:

  • bpnbat -addmachine on the root authentication broker (in this example, unix_primary)

  • bpnbat -loginmachine (in this example, win_media)

For example:

bpnbat -whoami -cf "install_path
   \Netbackup\var\vxss\credentials\
    win_media.company.com"
   Name: win_media.company.com
   Domain: NBU_Machines@unix_primary.company.com
   Issued by: /CN=broker/OU=root@
    unix_primary.company.com/O=vx
   Expiry Date: Oct 31 20:11:04 2007 GMT
   Authentication method: Veritas Private Security
   Operation completed successfully.

Verify that a media server is permitted to perform authorization lookups

Ensure that the media server is allowed to perform authorization checks by running bpnbaz -listgroups -CredFile.

For example:

   bpnbaz -listgroups -CredFile "install_path
   \Netbackup\var\vxss\credentials\
    win_media.company.com"
   NBU_User
   NBU_Operator
   NBU_Admin
   NBU_Security Admin
   Vault_Operator
   Operation completed successfully.

If the media server is not allowed to perform authorization checks, run bpnbaz -allowauthorization on the primary server for the media server name in question.

Unable to load library message

Verify the Windows media server and that it can perform authorization checks indirectly. This verification informs us that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with a message "unable to load libraries," make certain the authentication client libraries and authorization client libraries are installed.

Verify authentication domains

Verify that the authentication domains are correct by viewing the access control host properties for this media server.

You can also use regedit (or regedit32) directly on the media server in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\
CurrentVersion\config\AUTHENTICATION_DOMAIN

Cross platform authentication domains

Take extra care in mixed environments to ensure that the appropriate domain types point to the correct authentication brokers.

The example Authentication domain tab shows available authentication Windows domains that can be added to the Windows broker. In this case, it is not a mixed environment as both systems are Windows based. If there were a combination of Windows and UNIX domains it is important to match the brokers to the most useful authentication domains.

Figure: Cross platform authentication domains for a display on how to match the platform to the most useful authentication domains.

Figure: Cross platform authentication domains

Cross platform authentication domains

Feedback

Was this page helpful?
Previous

Primary server verification points for a mixed UNIX primary server

Next

Client verification points for a mixed UNIX primary server

Feedback

Was this page helpful?