Summary
BEX/NSB cannot authenticate with Open Enterprise Server (OES) using /etc/pam.d/tsafs due to an error in the file. To resolve this issue, modify the /etc/pam.d/tsafs file.
Symptoms
An eDirectory (eDir) and/or OES file level backup fails with an authentication error. In the OES, login or access issues prevent you from running Storage Management Service (SMS) backups.
User was LUM enabled and also had correct assigned roles. TSATEST also failed for the same user. Only root worked.
Novell found a problem in the /etc/pam.d/tsafs file, which needs to be modified (Novell TID 7007458).
If you run edirutil, you are able to log in, but getconfig always fails. However, you are able to log in to Linux with that user account.
The BEX/NSB job log displays the following error:
.... SNBEH_3072J Task 1: execution of eDirectory backup command failed with rc = -1 (java.io.FileNotFoundException: /opt/backupexpress/logs/edirlog)
If you observe this behavior, check the file /etc/pam.d/tsafs to see if it contains the following:
#eDirectory authentication using NAM
auth sufficient /lib/security/pam_nam.so
#use unix authentication
auth required pam_unix2.so nullok
Resolution
To resolve this issue:
1. To ensure that the tsafs uses the LUM account successfully, modify the /etc/pam.d/tsafs file:
Change: auth sufficient /lib/security/pam_nam.so
To: auth sufficient /lib/security/pam_nam.so use_first_pass
Change: auth required pam_unix2.so nullok
To: auth sufficient pam_unix2.so nullok
2. Recycle smdrd and tsafs after these changes.