Highlighted
edwgiz
1 Nickel

Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

Hello colleagues,

How to grant a right to view administrator property from NW client ?

root@nwclient # nsradmin -s nwserver

NetWorker administration program.

Use the "help" command for help, "visual" for full-screen mode.

nsradmin> . type:NSR

Current query set

nsradmin> show administrator

nsradmin> print

               administrator: No privilege to view administrator list;

I've added root@nwclient user on nwserver to administrators:

root@nwserver # nsradmin -p nsrexec

NetWorker administration program.

Use the "help" command for help, "visual" for full-screen mode.

nsradmin>. NSRLA

Current query set

nsradmin> show administrator

nsradmin> update administrator: "administrator@nwserver", "root", "root@nwserver", "user=root,host=nwserver", "user=root,host=nwclient", "root@nwclient"

               administrator: administrator@nwserver,

                              root, root@nwserver,

                              "user=root,host=nwserver",

                              "user=root,host=nwclient",

                              root@nwclient;

Update? yes

updated resource id 3.0.33.222.0.0.0.0.92.184.125.90.10.255.83.229(11)

nsradmin>

nsradmin>. NSR system port ranges

Current query set

nsradmin> print

                        type: NSR system port ranges;

               service ports: 7937-7938, 8201-8307;

            connection ports: 0-0;

               administrator: "isroot,host=localhost";

nsradmin> update administrator: "isroot,host=localhost", "user=root,host=nwclient", "root@nwclient"

               administrator: "isroot,host=localhost",

                              "user=root,host=nwclient",

                              root@nwclient;

Update? yes

updated resource id 8.0.33.222.0.0.0.0.92.184.125.90.10.255.83.229(6)

nsradmin>

nsradmin> exit


As well root@nwclient is added into NSR usergroup - Security Administrators
It didn't solve the issue

Labels (1)
Tags (2)
0 Kudos
6 Replies
oldhercules
2 Iron

Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

I think the user 'root@nwclient' must be a networker administrator to be able to see the list of the admins.

I don't understand why did you added 'root@nwclient' to nsrla and port ranges resources.. networker admins are stored in the 'NSR' resource. You should use nsraddadmin utility to grant networker admin privileges.

I don't see why do you need to see the list of admins from a client, but granting nw admin access to a client to be able to get this info is overshoot

0 Kudos
edwgiz
1 Nickel

Re: Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

Thanks for answer

root@nwclient is already administrator

root@nwserver # nsraddadmin -u root@nwclient

134748:nsraddadmin: 'root@nwclient' is already on the 'administrator' list.

I've added the user as administrator into nsrla and port ranges resources  just to attempt to solve the issue.

NW8 allows to view 'administrators' attribute. The trouble is detected in NW 9.1.0.2 and NW 9.1.1.5

0 Kudos
bingo
4 Germanium

Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

The behavior is a bit strange but in fact you may be able to change a parameter (as root@client) but you will not able to see the administrator's list untill you use nsraddadmin on the NW server and add the appropriate account.

Verified with NW 9.1.1.5.

0 Kudos
edwgiz
1 Nickel

Re: Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

I've removed root@nwclient manually via nsradmin, and added the user via nsraddadmin, there are no changes

0 Kudos
oldhercules
2 Iron

Re: Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

I've also tested it (9.1.1.4) and it works like for bingo: without admin access I got "administrator: No privilege to view administrator list;", after nsraddadmin I can see the list.

I think it's worth a try to test it with FQDN / and/or for the specific IP/hostname if you have multiple adapters.

If nothing seems to work you can give a try to run: nsraddadmin -u "root@*", but make sure that you remove this immediately after testing..

edwgiz
1 Nickel

Re: Re: Restricted access of NetWorker 9.1 client to server attributes

Jump to solution

Thanks for advises,

the trouble was related with incorrect host configuration.

I assume 'my hostname' attribute on client's NSRLA resource must be equal with the user host in administrators of server side.

0 Kudos