In this window I am facing the problem. What should enter here??

Image is uploaded for the same

Hello Gurmeet,

In regards to your question, it seems you are stuck at the Console Security Administrator role config.

However please note the following on per page 407, Step 7 of the (NW 7.6.x) Administration Guide (which describes how to enable LDAP Authentication).

"The LDAP user that was added to the NetWorker Server Administrator’s list in step 2 must also be added to the Console Security Administrator role."

Below are the steps as per the Administration Guide which may be access here > http://powerlink.emc.com/km/live1/en_US/Offering_Technical/Technical_Documentation/300-009-443.pdf

Please review as page 408 goes on the describe in depth, the process of assigning Console usersand Console Roles.

On a side note, please ensure to backup your NMC database prior to making the changes as I have seen Admins lock themselves out of NMC while trying to enable LDAP authentications.

To enable LDAP authentication:

1. Log in to the Console server as a user, such as the default administrator, who belongs to the Console Security Administrator role.

2. On each NetWorker server, add an external LDAP user to the NetWorker server Administrator's user group. This step ensures that once LDAP is enabled, at least one user will be able manage the NetWorker server and to add additional NetWorker users as required.

The LDAP user that you add should also belong to the LDAP user roles or LDAP user names that you specify later in step 7.

a. Click the Enterprise button on the taskbar.

b. Highlight a host in the navigation tree, right-click NetWorker, and select Launch Application. The Administration window appears.

c. Click the Configuration button on the taskbar.

d. In the navigation tree, select User Groups.

e. In the User Groups list, right-click Administrators and select Properties.

f. Add the LDAP user to the User attribute. Use the following format to add the user:

User=LDAP_username, host=console_host

Please refer to esg105187.  It has an example on how LDAP authentication is configured in NMC.

Gurmeet,

The manual is not easy to understand and i understand just how hard this can be. I spent 2 days with my AD guru getting this working.

Ok so from a busty memory i will try and help you.

Firstly i created 2 accounts, this first is the user to be able to lookup AD on the config LDAP screen. The second pointed to a Backup group in AD. Now both group and users, including the AD lookup user need to be in the same OU.

On the roles based screen add the accounts / groups that are in the AD ou that you want to be added to networker. I have 3, Backup Security admins, Backup Admins and Backup Users. Each once added allows me to add users in AD to the groups and then they can logon to Networker. You will also have to go in to networker and add the groups/users to the admin console under "user groups"

user=administrator,host=********
user=system,host=********
group=Administrators,host=********
user=tstadm,host=*******

user=backupglobal,host=*****
user=administrator,host=****
user=system,host=******
group=Administrators,host=******.transfieldservices.com
user=administrator,host=*****transfieldservices.com
user=system,host=*******transfieldservices.com
scott.dugan

This is just an example. ***** Replace with Networker server name.

If your continually getting errors when you try and go forward from that page as it tries to verify the user/group you have a miss config. go back a page and review your config. for LDAP.

The key here is to make sure the account that you use to do the LDAP lookups is never moved or deleted or your in big trouble. Also make sure you keep a wel documented record of the original administrator account. You may need it one day.

Other than that it works fine.

Good ;luck

At this point you have to enter the AD-group of those admins, who will have the right to change the security settings in the NMC.

With a user from this group, you can link nmc-roles to AD-Groups

Hope that helps

Peter