Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ----> On the NetBackup master server running RHEL 7.2:
- -- install the following:
- yum install adcli sssd authconfig krb5-workstation krb5-auth-dialog openldap-clients realmd PackageKit
- -- had to run this one twice...2nd time it works:
- # realm join acme.krt -U 'Administrator'
- -- note this may or may not work and I cannot explain why it won't:
- ldapsearch -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -Y GSSAPI -N -b "dc=acme,dc=krt" "(&(objectClass=user) (sAMAccountName=admin1))"
- -- this should work:
- # id admin1@acme.krt
- -- this should work:
- # ssh -l admin1@acme.krt localhost
- -- this should fail *until* we bpbnbat -login (assuming the admin1 account is in the NBU_admin group):
- [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/admincmd/bppllist
- VxSS authentication failed (116)
- [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/bpnbat -login
- Authentication Broker: WIN-2OCNO3URDBQ.acme.krt
- Authentication port [0 is default]:
- Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap): nt
- Domain: acme
- Login Name: admin1
- Password:
- You do not currently trust the server: WIN-2OCNO3URDBQ.acme.krt, do you wish to trust it? (y/n):
- y
- Unable to connect to the NetBackup web authentication service.
- AT authentication successful, but web authentication failed.
- [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/admincmd/bppllist
- no entity was found (227)
- ---------------------------------
- ls -l /var/lib/sss/pubconf/
- total 4
- -rw-r--r-- 1 root root 12 Apr 27 20:11 kdcinfo.ACME.KRT
- drwxr-xr-x 2 sssd sssd 85 Apr 25 22:15 krb5.include.d
- /var/lib/sss/pubconf/kdcinfo.ACME.KRT
- # cat kdcinfo.ACME.KRT
- 192.168.1.60
- ls -l /var/lib/sss/pubconf/krb5.include.d
- total 12
- -rw-r--r-- 1 root root 15 Apr 25 22:15 domain_realm_acme_krt
- -rw-r--r-- 1 root root 15 Apr 25 21:18 domain_realm_ACME_KRT
- -rw-r--r-- 1 root root 98 Apr 25 22:15 localauth_plugin
- [root@chattypuma krb5.include.d]# cat domain_realm_acme_krt
- [domain_realm]
- [root@chattypuma krb5.include.d]# cat domain_realm_ACME_KRT
- [domain_realm]
- ldapsearch -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -Y GSSAPI -N -b "dc=acme,dc=krt" "(&(objectClass=user) (sAMAccountName=admin1))"
- ldapsearch -LLL -x -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -N -b dc=acme,dc=krt "(objectclass=domaindns)"; dn name dc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement