Media server verification points for a mixed UNIX primary server — NetBackup 11.1.0.2 | Cohesity Documentation

Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist

Media server verification points for a mixed UNIX primary server — NetBackup 11.1.0.2 | Cohesity Documentation

Media server verification points for a mixed UNIX primary server

The following table describes the media server verification procedures for a mixed UNIX primary server.

Table: Verification procedures for a mixed UNIX primary server

Procedure	Description
Verify the UNIX media server	See the following topic for the verification procedure for a UNIX media server: See UNIX media server verification.
Verify the Windows media server	Check that the computer certificate comes from the root authentication broker, which is found on the UNIX primary server (unix_primary). If there is a missing certificate, run the following commands to correct the problem: bpnbat -addmachine on the root authentication broker (in this example, unix_primary) bpnbat -loginmachine (in this example, win_media) For example: bpnbat -whoami -cf "install_path \Netbackup\var\vxss\credentials\ win_media.company.com" Name: win_media.company.com Domain: NBU_Machines@unix_primary.company.com Issued by: /CN=broker/OU=root@ unix_primary.company.com/O=vx Expiry Date: Oct 31 20:11:04 2007 GMT Authentication method: Veritas Private Security Operation completed successfully.
Verify that a media server is permitted to perform authorization lookups	Ensure that the media server is allowed to perform authorization checks by running bpnbaz -listgroups -CredFile. For example: bpnbaz -listgroups -CredFile "install_path \Netbackup\var\vxss\credentials\ win_media.company.com" NBU_User NBU_Operator NBU_Admin NBU_Security Admin Vault_Operator Operation completed successfully. If the media server is not allowed to perform authorization checks, run bpnbaz -allowauthorization on the primary server for the media server name in question.
Unable to load library message	Verify the Windows media server and that it can perform authorization checks indirectly. This verification informs us that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with a message "unable to load libraries," make certain the authentication client libraries and authorization client libraries are installed.
Verify authentication domains	Verify that the authentication domains are correct by viewing the access control host properties for this media server. You can also use regedit (or regedit32) directly on the media server in the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\ CurrentVersion\config\AUTHENTICATION_DOMAIN
Cross platform authentication domains	Take extra care in mixed environments to ensure that the appropriate domain types point to the correct authentication brokers. The example Authentication domain tab shows available authentication Windows domains that can be added to the Windows broker. In this case, it is not a mixed environment as both systems are Windows based. If there were a combination of Windows and UNIX domains it is important to match the brokers to the most useful authentication domains. Figure: Cross platform authentication domains for a display on how to match the platform to the most useful authentication domains.

Figure: Cross platform authentication domains

Cross platform authentication domains

Feedback

Was this page helpful?

Feedback

Was this page helpful?