Highlighted
8 Krypton

After enable LDAP user authentication can become damaged authorization!

Jump to solution
  
      

Hello.

After you enable LDAP user authentication, authorization can become damaged.


I set up the authorization, applied it and then turned it off for not being beneficial.

Tried running the recovery of files from the archive and got this error Permission denied, user ' SYSTEM ' on ' SERVER1 ' does not have ' Recover Local Data ' privilege.


I wrote down all possible combinations to security groups in the NMC:

* @ * @ *, system, system @ SERVER1, user = system, host = SERVER1 as .local-no effect, the error is the same.


When I went to the client and tried to run the restore from the clietn, got this error:

53362: winwork: Cannot start session with server networkerSRV .local: Permission denied, user ' DOMAINUSER ' on SERVER1 local does not have ' Recover Local Data ' privilege.


Please help, thank you.

p.S.  Networker 8.1.1

0 Kudos
1 Solution

Accepted Solutions
8 Krypton

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

You might have to add the respective user into NetWorker as admin.

Try this command on the NetWorker server, the user and hostname are the DOMAINUSER and SERVER1 from your error.

nsraddadmin -u user@hostname

0 Kudos
5 Replies
8 Krypton

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

You might have to add the respective user into NetWorker as admin.

Try this command on the NetWorker server, the user and hostname are the DOMAINUSER and SERVER1 from your error.

nsraddadmin -u user@hostname

0 Kudos
8 Krypton

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

Thank you! What is this, now it makes no sense to edit group through a GUI?

0 Kudos
8 Krypton

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

Here are the extracts from the Command reference guide.

nsraddadmin

The nsraddadmin program is used to add a user entry to a NetWorker server’s administrator attribute. The program updates the server on the same host where the command runs. The addition of a user entry gives that user full administrator privileges on the NetWorker server.

remote access (read/write, string list)

This attribute controls who may back up, browse, and recover a client’s files. By default this attribute is an empty list, signifying that only users on the client are allowed to back up, browse, and recover its files. Additional users, hosts, and netgroups may be granted permission to access this client’s files by adding their names to this attribute.

0 Kudos
Rajnish1
1 Copper

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

Hello All,

  i am facing same problem . Now users are not able to run even local recover . when we add user in server administrator it works, but that doesn't make sense as i don't want client users to be administrator. If this problem is solved please let me know .

Regards

Rajnish

0 Kudos
8 Krypton

Re: After enable LDAP user authentication can become damaged authorization!

Jump to solution

Normally, from what I have seen and experienced as well, NMC can make things crazy in /opt/nsr/cst.  Normally, I would add *@* and do restore of that folder to get things back to normal.  And you can try to add it via CLI with nsraddadmin, but in GUI key section is not user groups, but rather legacy admin list under server properties. 

0 Kudos