NW Authentication Query

Question

Hi All, I'm seeing my daemon log get flooded with authentication warnings. I am deploying a new NW811 data zone for oracle archive log backups only . The bkup jobs are pushed from the oracle client side. The messages in the Daemon log are:     93452 2/19/2014 2:55:34 PM 2 1 108 15176 14796 0 nsrexecd SYSTEM warning Unable to authenticate svcgrid/ @(none): Unable to read request from ' ' for a GSS authentication status update: Unknown error The NW client version running on the oracle server is NW 7.4.5. (I have a lot of clients to migrate and most running v7.4.x or v7.6.x client versions. It's not really feasible in the near term to get all these clients to NW8.1.1) The authmethods on the Oracle client are '0.0.0.0/0,nsrauth/oldauth' My questions are: Would the flooding of the daemon log stop if I were to  change the authmethod to use oldauth first on the oracle client? Or maybe deleting the peer information for any clients migrated to this new Nw811 datazone? Would this issue be resolved by the upgrading to NW8.1.1 client ? (I know I could try these steps but I'm hindered by the fact that these servers are in production and testing using these boxes isn't advisable ) Or of course I could be  on the wrong track altogether and if so I'd be appreciative of any advice Tks, Liam

ble1 · Answer

Liam Guinane wrote:

(I know I could try these steps but I'm hindered by the fact that these servers are in production and testing using these boxes isn't advisable )

Running 7.4 client against 8.1.1 server isn't advisable

I doubt this is nsr peer issue - more likely this is NMO versus new server issue (you run NMO I assume). If running NMDA, I would not guess anything before having client on NW8.1.x level and running NMDA 1.5 (unless you have Oracle 10 - then 1.2 is your friend). As for auth, I keep that one disabled all the time (both backup server/sn and clients). 8.1.1 has pretty much different auth mechanism than previous versions (including NW 8.0.x) so anything goes here. I can't see why updating clients is such big issue for you - by updating server you already affect ALL your clients

lguinane · Answer

Thanks Hrvoje. Our change control process is very rigid and getting changes made (no matter how minor) on production boxes is a time consuming affair. Could I ask, how do you disable auth ?

crazyrov · Answer

You can attain this using nsradmin. Follow the steps below. nsradmin -p nsrexecd nsradmin> . type: nsrla nsramdin> update auth methods: '0.0.0.0/0,oldauth'

lguinane · Answer

Never mind Hrvoje. I found how to disable auth.

NetWorker

Was this post helpful?