This post is more than 5 years old
12 Posts
0
5616
Restricted access of NetWorker 9.1 client to server attributes
Hello colleagues,
How to grant a right to view administrator property from NW client ?
| root@nwclient # nsradmin -s nwserver NetWorker administration program. Use the "help" command for help, "visual" for full-screen mode. nsradmin> . type:NSR Current query set nsradmin> show administrator nsradmin> print administrator: No privilege to view administrator list; |
I've added root@nwclient user on nwserver to administrators:
| root@nwserver # nsradmin -p nsrexec NetWorker administration program. Use the "help" command for help, "visual" for full-screen mode. nsradmin>. NSRLA Current query set nsradmin> show administrator nsradmin> update administrator: "administrator@nwserver", "root", "root@nwserver", "user=root,host=nwserver", "user=root,host=nwclient", "root@nwclient" administrator: administrator@nwserver, root, root@nwserver, "user=root,host=nwserver", "user=root,host=nwclient", root@nwclient; Update? yes updated resource id 3.0.33.222.0.0.0.0.92.184.125.90.10.255.83.229(11) nsradmin> nsradmin>. NSR system port ranges Current query set nsradmin> print type: NSR system port ranges; service ports: 7937-7938, 8201-8307; connection ports: 0-0; administrator: "isroot,host=localhost"; nsradmin> update administrator: "isroot,host=localhost", "user=root,host=nwclient", "root@nwclient" administrator: "isroot,host=localhost", "user=root,host=nwclient", root@nwclient; Update? yes updated resource id 8.0.33.222.0.0.0.0.92.184.125.90.10.255.83.229(6) nsradmin> nsradmin> exit |
As well root@nwclient is added into NSR usergroup - Security Administrators
It didn't solve the issue
oldhercules
116 Posts
1
February 15th, 2018 01:00
I've also tested it (9.1.1.4) and it works like for bingo: without admin access I got "administrator: No privilege to view administrator list;", after nsraddadmin I can see the list.
I think it's worth a try to test it with FQDN / and/or for the specific IP/hostname if you have multiple adapters.
If nothing seems to work you can give a try to run: nsraddadmin -u "root@*", but make sure that you remove this immediately after testing..
oldhercules
116 Posts
0
February 13th, 2018 23:00
I think the user 'root@nwclient' must be a networker administrator to be able to see the list of the admins.
I don't understand why did you added 'root@nwclient' to nsrla and port ranges resources.. networker admins are stored in the 'NSR' resource. You should use nsraddadmin utility to grant networker admin privileges.
I don't see why do you need to see the list of admins from a client, but granting nw admin access to a client to be able to get this info is overshoot
edwgiz
12 Posts
0
February 14th, 2018 03:00
Thanks for answer
root@nwclient is already administrator
root@nwserver # nsraddadmin -u root@nwclient
134748:nsraddadmin: 'root@nwclient' is already on the 'administrator' list.I've added the user as administrator into nsrla and port ranges resources just to attempt to solve the issue.
NW8 allows to view 'administrators' attribute. The trouble is detected in NW 9.1.0.2 and NW 9.1.1.5
bingo.1
2.4K Posts
0
February 14th, 2018 04:00
The behavior is a bit strange but in fact you may be able to change a parameter (as root@client) but you will not able to see the administrator's list untill you use nsraddadmin on the NW server and add the appropriate account.
Verified with NW 9.1.1.5.
edwgiz
12 Posts
0
February 14th, 2018 09:00
I've removed root@nwclient manually via nsradmin, and added the user via nsraddadmin, there are no changes
edwgiz
12 Posts
0
February 15th, 2018 04:00
Thanks for advises,
the trouble was related with incorrect host configuration.
I assume 'my hostname' attribute on client's NSRLA resource must be equal with the user host in administrators of server side.