Highlighted

Install Netbackup Access Management

Hi All,

I want to install Netbackup Access management on my netbackup system ., netbackup 7.0 system is Windows HA for Master server ,

there is two Nodes for Master server layer so how I can install NBAC?

 

Regards.

4 Replies

Hi,   Here is all the info

Hi,

 

Here is all the info you need. Its 6.5 but should be the same on 7.0.

 

http://www.symantec.com/docs/HOWTO31149

 

R

the way to install

Hi Ialahmad

You can read install guide

NBAC for Windows Quick Install Guide.pdf

NBU 7.0 Security and Encryption.pdf

First of all, I wanted to

Access Control configuration on NetBackup, so please feel free to share your knowledge if anything is wrong or missing.

 

Reference: NetBackup 7.0 Security and Encryption Guide

  1. Install and configure Symantec Product Authentication Service (Complete Root + Authentication Broker installation) on the master server.
  2. Install and configure Symantec Product Authorization Service on the master server.
  3. Configure NetBackup master server for Access Control (Create Groups, give permissions, add users etc…)

Note: We will configure Access Control using Active Directory.

  • Product Authentication Installation
  1. Start installation as Administrator by launching installer from the following path: NetBackup_Installation_Media_PathAddonsx86ICSAuthenticationVxSSVRTSatSetup.exe
  2. If this is an upgrade, you will be asked to upgrade this package. Select Yes and continue your installation.
  3. On the “Setup Type” screen, select “Complete” and click Next
  4. Select Root + Authentication Broker as broker mode
  5. Choose the service to be started automatically (You can choose to start manually, it depends on your configuration. it was the option that i selected) and click Next
  6. Enter your desired password for RootAuthentication Password when appears (Choose a password with at least 8 digits) and click Next
  7. After the installation is completed, click Finish
  • Product Authorization Installation
  1. Start installation as Administrator by launching installer from the following path:  NetBackup_Installation_Media_PathAddonsx86ICSAuthorizationVRTSazSetup.exe
  2. If this is an upgrade, you will be asked to upgrade this package. Select Yes and continue your installation.
  3. On the “Setup Type” screen, select “Custom” and click Next
  4. On “Select Features” screen click Next
  5. When the “Question” screen is displayed, select No to install the service in Read-Write mode.
  6. After the installation is completed, click Finish
  • If you want to check your installation so far,

Open a command prompt and go inside the following path:

%ProgramFiles(x86)%VERITASSecurityAuthenticationbin  (on a x64 Server)

and issue the command:

vssat showbrokermode

You should be able to see an output similar to this:

showbrokermode
———————-
———————-
Broker mode is : 3
———————-

  • Access Control Configuration

Run the following command (Command Prompt):

bpnbaz -setupmaster

Enter y when asked to continue,

When asked, enter your user password which you logged on your windows server with. (Administrator password in our setup). After this point the system begings to gather configuration information.

After the command is completed restart all NetBackup services on your netbackup master server. (bpdown/bpup)

After this point, you can configure your groups and users inside “NetBackup Administration Console -> Master Server -> Access Management.

anyone get this to actually work with active directory?

Installed NBAC on UNIX master.

Host Properties -> Master -> Access Control, select Authentication Domains, added a new domain (Windows AD domain). What system do you use as a broker? Just pick one of the domain controllers? And does the port number need to be defined?

Tried this, then tried to add a new user to the NBU_Admin group (in the NBU Admin Console GUI), specified a user in the AD domain and get an "Unable to contact Authentication Server" message.

I'm sure its something simple, but I can't seem to find any other documentation on how to get a UNIX master to talk with Windows AD... or is it even possible?