Netbackup Authentifizierung gegen AD oder LDAP?

You are properly looking into using NBAC (sorry)

See the security and encryption guide:

http://www.symantec.com/docs/DOC6486

If the Linux hosts are LDAP enabled, Netbackup can use PAM (pluggable authentication Module) to authenticate  users and groups in Netbackup. Basically you add a LDAP group to a Netbackup group under access management.

The configuring of Netbackup is relative easy. However NBAC is not completely integrated with every part of Netbackup ( BMR and logging assistant) and the error message often look like network problem when they are authentication issues.

The auth.conf is not so much there for authentification as for the privileges. We always authenticate against AD, on Linux as well as on Windows. We have a group in the AD which the admins belong to, and which "owns" the necessary commands for commandline administration (there is a document for "non root administration" in the knowledgebase).

AFAIK NBAC is a complicated way to shoot yourself in the foot, and doesn't really give you anything.

If you have security issues and want the client admins do for example restores you can use Opscenter, keeps the users out of my hair and away from the "real Netbackup".

Hello,

on our next User Group meeting in the next days I can show how NBAC is working. But this feature is not useable. There are several ways to deaktivate it without to have rights in NetBackup.

We see us tomorrow

John

@Johannes

Stimmt! Auf der Agenda für morgen steht ja ein Beitrag über NBAC.

Ich freue mich schon sehr!

Gruß

Thomas

NBAC will not protect you against root. Root can by definition do everything.

@Johannes - can you elaborate on "deactivate without right" statement ?