Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section I. Identity and access management
  4. NetBackup Access Control Security (NBAC)
  5. Troubleshooting Access Management
  6. Verification points in a mixed environment with a Windows primary server
  7. Media server verification points for a mixed Windows primary server
NetBackup™ Security and Encryption Guide

Media server verification points for a mixed Windows primary server

The following table describes the media server verification procedures for a mixed Windows primary server.

Table: Media server verification procedures for a mixed Windows primary server

Procedure

Description

Verify the Windows media server for a mixed Windows primary server

See the following topic for the verification procedures for a Windows media server:

See Media server verification points for Windows.

Verify the UNIX media server

Check that the computer certificate is issued from the root authentication broker, found on the Windows primary server (win_primary). To determine which authentication broker the media server is authenticated against, run bpnbat -whoami with -cf for the media server's credential file.

For example:

  bpnbat -whoami -cf 
    /usr/openv/var/vxss/credentials/unix_media.company.com
   Name: unix_media.company.comDomain: NBU_Machines@
    win_primary.company.com
   Issued by: /CN=broker/OU=root@win_primary.company.com/
    O=vx
   Expiry Date: Oct 31 14:48:08 2007 GMT
   Authentication method: Veritas Private Security
   Operation completed successfully.

Verify that the server has access to the authorization database

To make sure that the media server is able to access the authorization database it needs to perform authorization checks. Run bpnbaz -ListGroups -CredFile "/usr/openv/var/vxss/credentials/<hostname>"

For example:

  bpnbaz -ListGroups -CredFile\
    /usr/openv/var/vxss/credentials/unix_media.company.com
   NBU_Operator
   NBU_AdminNBU_SAN Admin
   NBU_UserNBU_Security Admin
   Vault_Operator
   Operation completed successfully.

If the media server is not allowed to perform authorization checks, run bpnbaz -allowauthorization on the primary server for the media server name in question.

Unable to load library message

Verify the media server and that it has access to the proper database indirectly. This verification informs us that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with a message "unable to load libraries": Check to make certain the authentication client libraries and authorization client libraries are installed.

Cross platform authentication domains

You may also verify that the authentication domains are correct by viewing the access control host properties for this media server. Or, you may also verify by cat(1)ing the bp.conf file.

Take extra care in mixed environments to ensure that the appropriate domain types point to the correct authentication brokers.

In the example, note that the PASSWD domains and NIS domains point to unix_media2.company.com, which, in this example, is the UNIX authentication broker:

  cat bp.conf
   SERVER = win_primary.company.com
   MEDIA_SERVER = unix_media.company.com
   MEDIA_SERVER = unix_media2.company.com
   CLIENT_NAME = unix_media
   AUTHENTICATION_DOMAIN = win_primary "win_primary domain" 
    WINDOWS win_primary.company.com 
     0
   AUTHENTICATION_DOMAIN = enterprise "enterprise domain"
    WINDOWS win_primary.company.com 0
   AUTHENTICATION_DOMAIN = unix_media2.company.com "local
    unix_media2 domain" PASSWD unix_media2.company.com 0
   AUTHENTICATION_DOMAIN = min.com "NIS domain" NIS 
   unix_media.company.com 0
   AUTHORIZATION_SERVICE = win_primary.company.com 0
   USE_VXSS = AUTOMATIC

Feedback

Was this page helpful?
Previous

Primary server verification points for a mixed Windows primary server

Next

Client verification points for a mixed Windows primary server

Feedback

Was this page helpful?