Advertise on warmetal.nl!
Click for more information
about advertising here.

Did you find this website useful? Did I save you a lot of time?
Please consider donating to support this site:

[[Tivoli NDS Backup]]
 
Trace: » Tivoli Incremental Forever » Tivoli Linux Client » Tivoli NDS Backup
Table of Contents

Tivoli NDS Backup

Environment

Upgraded to eDirectory 8.8 sp2 ftf2 (ds version 20216.62)
Tivoli TSM client is 5.5.0.1
Everything was backing up fine prior to the upgrade. After the upgrade, when TSM tries to backup NDS, it errors out and asks for a username/password.
Error: ~ANS1874E error

Explanation

TSM is unable to deal with case-sensitive passwords. It stores all passwords in uppercase in the TSM.PWD file. When you have a UP policy on the TSM account that requires case-sensitive passwords, this can cause TSM to fail its authentication.
Assuming you have your UP policy keep the NDS password and UP password in sync on a user account, the authentication can succeed if the NDS password is checked first because the NDS password is also not case-sensitive. eDirectory 8.7 will use the NDS password if it exists on a user account and check the UP second. eDirectory 8.8 will prefer the UP over the NDS password which is why things started to fail after the upgrade and because I was requiring case-sensitive passwords.

Workaround

A temporary fix is to create a special UP policy for your TSM accounts that doesn't require case-sensitivity. IBM is looking into the possibility of fixing the TSM client so that passwords are stored in a case-sensitive format but it's unsure when, if ever, that would be released.
Another temporary fix would be changing the password to only uppercase characters.

Additional info

Thinking the tsm.pwd file was corrupted, I deleted and proceeded to re-setup the tsm client.
Using DSMC, I found the following behavior:
  • Using “q node”
    • Successfully finds nodes schedule
  • Using “q tsa”
    • Asked for name/password.
    • Successfully logged in.
    • Successfully saved password to tsm.pwd.
    • Successfully shows TSAFS stats.
  • Using “q tsa nds”
    • Asks for name/password. Will not accept the same credentials I entered in the previous step. Errors out with: ”~ANS1874E Login denied to ~NetWare Target Service Agent 'TREE name'.”
  • I've verified that the account can log in using a Novell Client.
  • Verified that the account is a trustee of ROOT with browse rights.
,

Discussion

Enter your comment:
 
tivolindsbackup.txt · Last modified: 2010/04/02 20:20 (external edit)