After upgrading to NetBackup 8.1 or 8.1.1, Active Directory accounts have problems logging into the NetBackup Java Administration Console

Problem

Active Directory (AD) user account could previously access the NetBackup Administration console (pre NetBackup 8.1), but after upgrading to NetBackup 8.1 or 8.1.1, either Status 507 is received or the GUI only displays the Backup, Archive and Restore (BAR) GUI.

When trying to access the NetBackup Administration console using a local account to the master, no problems are seen, assuming the users are defined correctly in the '/usr/openv/java/auth.conf'.

Error Message

Unable to login, status: 507 Socket
connection to the NB-Java user service has been broken. Please try re-login.
Check the log file for more details.

Cause

The trouble appeared when bpjava-susvc called getpwnam() for the AD user information to find its home directory. A call to getpwname() broke the connected SSL session. The reason for this is because a call to getpwnam() for a AD user invokes the underlying winbind modules to talk to AD. This call will involve an exec system call and the socket performing the SSL had some flags set on it, namely FD_CLOEXEC, which can cause the file descriptor to be closed on subsequent exec functions.

Bug/Defect ID:

Etrack 3942453 (8.1.1), 3939591 (8.1)

Solution

Veritas engineering were made aware of the problem (Etrack 3942453, 3939591) and this will be resolved in a future release of the NetBackup code (after NetBackup 8.1.1).

Veritas engineering have supplied an Emergency Engineering Binary (EEB) to resolve the problems for NetBackup 8.1 and 8.1.1, please contact Veritas Support to obtain the EEB to resolve the issue, or update to a newer version of NetBackup.