Client Verification Points
The following sections describe procedures for UNIX client verification.
Verify the Credential for the Client
To check that the credential for the client is indeed for the correct client and comes from the correct domain, run bpnbat -whoami. For example:
bpnbat -whoami -cf /usr/openv/var/vxss/credentials/unix_client.min.com
Name: unix_client.min.com
Domain: NBU_Machines@unix_master.min.com
Issued by: /CN=broker/OU=root@unix_master.min.com/O=vx
Expiry Date: Nov 9 14:49:00 2004 GMT
Authentication method: VERITAS Private Security
Operation completed successfully.
Verify that the VxSS Authentication Client Libraries are Installed
Run bpnbat -login on the client to verify that the VxSS authentication client libraries are installed.
bpnbat -login
Authentication Broker: unix_master.min.com
Authentication port[ Enter = default]:
Authentication type (NIS, NIS+, NT, vx, UNIXpwd): NIS
Domain: min.com
Name: Smith
Password:
Operation completed successfully.
This can also be done by looking at /etc/vx/vss/*.loc to see where the libraries are installed, and verify they are in the location indicated:
cat /etc/vx/vss/*.loc
ProductInstallDir=/opt/VRTSat
ProductInstallDir=/opt/VRTSaz
ls -l /opt/VRTSat/*/opt/VRTSaz/*
Verify Correct Authentication Domains
In the Access Control host properties or by using vi, check that any defined authentication domains for the client are correct. Make certain the domains are spelled correctly, and that the authentication brokers listed for each of the domains is valid for that domain type.
This can also be verified in bp.conf using vi.
cat bp.conf
SERVER = unix_master
SERVER = unix_media
CLIENT_NAME = unix_master
AUTHENTICATION_DOMAIN = min.com "default company NIS namespace" NIS unix_master 0
AUTHENTICATION_DOMAIN = unix_master "unix_master password file" PASSWD unix_master 0
AUTHORIZATION_SERVICE = unix_master.min.com 0
USE_VXSS = REQUIRED
|
