cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How to disable client/policy encryption by commands?

Go to solution
thesunlover
Level 4

‎11-15-2011 08:23 AM

Hi, How can I use commands to disable client or policy encryption? bpinst only has options (policy_encrypt) for legacy encryption. How about standard encruption? Thank you in advance!
 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎11-15-2011 12:15 PM

bpinst should only need to be used once, if at all, for install.  Forget about bpinst.

Specifically, the command you're looking for (why not just use the checkbox in the GUI?) is:
# bpplinfo <policyname> -modify -encrypt [ 0 | 1 ]

where 1 = encryption: Yes, 0 = encryption: No

See pages 237,241:

Veritas NetBackup (tm) 6.5 Commands for UNIX and Linux

  http://www.symantec.com/docs/TECH52832

You can only modify a policy for this configuration - not a "client."

EDIT:  Per your other thread...please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information.  THOSE command line flags (-collect_bmr_info and -collect_tir_info) should both be set to 0 if you're trying to enable encryption.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎11-15-2011 09:11 AM

bpplinfo -modify?

0 Kudos

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎11-15-2011 12:15 PM

bpinst should only need to be used once, if at all, for install.  Forget about bpinst.

Specifically, the command you're looking for (why not just use the checkbox in the GUI?) is:
# bpplinfo <policyname> -modify -encrypt [ 0 | 1 ]

where 1 = encryption: Yes, 0 = encryption: No

See pages 237,241:

Veritas NetBackup (tm) 6.5 Commands for UNIX and Linux

  http://www.symantec.com/docs/TECH52832

You can only modify a policy for this configuration - not a "client."

EDIT:  Per your other thread...please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information.  THOSE command line flags (-collect_bmr_info and -collect_tir_info) should both be set to 0 if you're trying to enable encryption.

0 Kudos

Go to solution
thesunlover
Level 4

‎11-16-2011 06:31 AM

Thank you for the info. It's working well.

nbserver# bppllist mypolicy -U | grep -i encrypt
  Client Encrypt:      yes

nbserver# bpplinfo mypolicy -modify -encrypt 0

nbserver# bppllist mypolicy -U | grep -i encrypt
  Client Encrypt:      no

However, if encryption is enabled on the client, I still have to use GUI to disable it, right?

I prefer CLI over GUI to do some of my jobs because it's handy. Another reason is that I use an Apple at home and can't use NetBackup GUI.

"please make sure you're not trying to enable Encryption on a policy which is currently configured to collect BMR information."

After I know encryption and BMR can't coexist, I won't force them to live together. If people don't know it, they would do it.

0 Kudos

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎11-16-2011 10:59 AM

However, if encryption is enabled on the client, I still have to use GUI to disable it, right?

I'm not totally sure what you're asking, but you can change the CRYPT_OPTION parameter by manually editing the bp.conf file on your client.  Is that what you're looking for?

0 Kudos

Go to solution
thesunlover
Level 4

‎11-21-2011 06:55 AM

I am trying to run a command from the master server to enable/disable client encruption. You have to logon to each client to modify bp.conf.

Thank you!

0 Kudos