Troubleshooting issues with group name format in the auth.conf file
If the authorized NetBackup Administration Console operations (nodes) or Backup, Archive and Restore capabilities are not accessible as expected for a member in the user group that is defined in the auth.conf file, verify the group name format.
To verify that the group name format and correct it
- Run the following command to verify the group name format that is defined in the auth.conf file.
On UNIX:
install_path/netbackup/sec/at/bin/vssat validateprpl -p user name -d unixpwd -b broker host:1556:nbatd
On Windows:
install_path\NetBackup\sec\at\bin\vssat validateprpl -p user name -d nt:domain name -b broker-host:1556:nbatd
The output of the command provides names of the groups that are associated with the user who cannot access certain nodes or operations in the NetBackup Administration Console.
- To access the nodes as expected, copy the group names that appear in the command output and paste them in the auth.conf file.
Consider the following eExample:
vssat validateprpl -p user@addomain.com -d unixpwd -b localhost:1556:nbatd
Using data directory: /usr/openv/var/vxss/at
Output:
ValidatePrincipal :
ID : <UID>
Name : user@addomain.com
Display Name : user@addomain.com
Domain :
Description : User
Group(s) Details :
Count : 2
Name(s) and ID(s) : group1@addomain.com
GID of group1 :
group2@addomain.com
GID of group2
Add the group name in the auth.conf file as per the following format:
<GRP> group1@addomain.com ADMIN=SUM+AM JBP=ALL