Symptoms

When browsing Isilon volumes, only /ifs is shown, but no sub-folders. User browsing credentials are correctThe user is not disabled or locked out.The behavior affects both the root account and the browse user account. From the NDNP node or Isilon node, run the command with root or browse user. Change to the real IP or name of Isilon: curl -vk -u "root" X GET "https://:8080/namespace/ifs/" or curl -vk -u "av-browse-admin" X GET "https://:8080/namespace/ifs/" This returns 401 Unauthorized error: # curl -vk -u "root" X GET "https://:8080/namespace/ifs/" Enter host password for user 'root': ... * SSL certificate verify result: self signed certificate (18), continuing anyway. * Server auth using Basic with user 'root' > GET /namespace/ifs/ HTTP/1.1 > Host: hostname:8080 > Authorization: Basic cm9vdDpSbzA3QGRtIW5taGxy > User-Agent: curl/7.60.0 > Accept: */* > < HTTP/1.1 401 Unauthorized ... {"errors":[{"message":"Authorization required"}]}

Cause

This is a known limitation with Avamar NDMP plug-in for Isilon in Avamar 19.7 and lower.It occurs when web basic authentication is disabled.To verify that Isilon authentication setting, run the following procedure: 1. SSH into the Isilon server2. Run the following command # isi_gconfig -t web-config |grep basic This output shows that basic authentication is disabled.auth_basic (bool) = falseVersus This output shows that basic authentication is enabled.auth_basic (bool) = true

Resolution

This issue is resolved in Avamar 19.8 NDMP per the Avamar 19.8 release notes:Workaround #1 1. Connect to Isilon, and check the basic authentication: # isi_gconfig -t web-config |grep basic 2. This output shows basic auth is disabled: auth_basic (bool) = false 3. Enable basic authentication for web access: # isi_gconfig -t web-config auth_basic=true Workaround #21. Connect to the NDMP accelerator node.2. Create bash wrapper script for curl binary:3. Rename the /usr/bin/curl binary mv /usr/bin/curl /usr/bin/curl.orig 4. Create a bash shell wrapper script using original curl file path /usr/bin/curl vi /usr/bin/curl #!/bin/bash #created from KB 000204249 if [[ "$*" == *--config* ]] then cat "$2" > /tmp/curl-output.txt IFS=":" read -r username password <<< `cat /tmp/curl-output.txt | awk '/user/{print $NF }'` server=`cat /tmp/curl-output.txt | awk -F':8080' '/url\ /{print ($1)":8080"}'| awk -F'"' '{print $2}'` url=`cat /tmp/curl-output.txt | grep url | awk '{print $2}'| awk -F'"' '{print $2}'` generate_post_data() { cat <<EOF { "username": "$username", "password": "$password", "services": ["platform", "namespace"] } EOF } # get cookie isisessid and isicsrf /usr/bin/curl.orig -ikv -o /tmp/out.curl -H 'Content-Type: application/json' -d "$(generate_post_data)" $server/session/1/session 2>/dev/null read -r isisessid isicsrf <<< `cat /tmp/out.curl | awk -F'=' '/isisessid|isicsrf/{print ($2) }' | awk -F';' '{print $1}'` #browse ndmp using isisessid and isicsrf /usr/bin/curl.orig -k -b "isisessid=$isisessid" -H "X-CSRF-Token:$isicsrf" --referer $server $url rm /tmp/curl-output.txt rm /tmp/out.curl else #passthrough for normal curl command when --config is not passed exec /usr/bin/curl.orig "$@" fi 5. Set execute permission on new curl wrapper. chmod 755 /usr/bin/curl 6.This should allow browsing even with advanced authentication configuration enabled.

Support Cases