05-02-2007 09:48 AM
05-02-2007 10:31 AM
Message Edited by Joe Despres on 05-02-200710:32 AM
05-02-2007 10:38 AM
The process for configuring Veritas Security Services is as follows:
Make sure you can ping the NetBios version of your domain (i.e. mybox)
1.) Install Authentication service and Root Broker version 4.1.2.5 on the master server using the Custom install method.
2.) Install the Authorization service 4.1.2.5 on the same server using the Custom install option.
3.) Patch Authentication service to 4.1.2.7 (if installing to different path, before rebooting run regedit, goto hkey_local_machine -> Software -> Veritas -> Security -> Authentication -> installdir and correct the path, then go to windows services and set from Manual to automatic).
4.) Reboot
5.) Install Authorization service patch 4.1.2.7 on the server (should not require a reboot).
Verify both services are started.
6.) Goto Command line on server and change directories to the Netbackup\bin directory (default is Program files\Veritas\NetBackup\Bin).
7.) Run "bpnbat -addmachine" two times, one for the FQDN of the Master Server and once for the netbios version of the name.
8.) Input the information requested (authentication broker should ALWAYS be the FQDN of the Master server, and the port number should be left as default).
9.) Run "bpnbat -loginmachine" two times, one for the FQDN of the Master Server and once for the netbios version of the name.
10.) Input the information requested (authentication broker should ALWAYS be the FQDN of the Master server, and the port number should be left as default).
Change directories to the Admincmd directory.
11.) run "bpnbaz -setupsecurity %FQDN_of_Master%" (ie "bpnbaz -setupsecurity bob.mybox.local")
During this process you will be creating the NBU_Security_Admin, the person who is allowed to add users to other groups within Access Control. You will need to type in the Authentication broker name (again, FQDN of Master), port left as default, the Authentication Domain (If Active Directory, it will be either NT or Windows, Depending on version of Veritas Security Services). Domain will be the netbios version of domain (i.e. "mybox" not "mybox.com"). The login name (and the password to follow) will be the credentials for the user account that will be the security admin, so make sure you have access to it. When the information has been typed in and the password entered it will proceed to validate your account against your specified authentication type (ie Active Directory). If Successful, it will state "Operation Completed successfully". Anything else is considered a failure and will need to be reattempted.
12.) Next type in "bpnbaz -allowauthorization %FQDN_of_Master%" (ie "bpnbaz -allowauthorization bob.mybox.local"). This again should return an "Operation Completed successfully".
13.) Now change directories up one level to the bin directory, and type in "bpnbat -login" and hit enter.
Veritas Security Services will now ask for your credentials to validate you as an admin to login to Netbackup/Veritas Security Services. (reference information on "bpnbaz -setupsecurity" section above).
14.) Change directories to admincmd and type "bpnbaz -listgroups". Five groups should be returned. If not, process was unsuccessful and you will need to rerun the "bpnbaz -setupsecurity" process.
Final stage in process is to associate NetBackup to use Veritas Security Services.
15.) Open NetBackup Admin Console, expand the "Host Properties" section, then "Master Server". Bring up properties of Master Server and click "Access Control". Set VxSS to "Automatic". Click add, then select "Domain" from radio button, and type in the netbios version of domain, and click Add/Ok/Close. Change from "Required" to "Automatic" (important, do not miss this step or you could potentially cause backups to fail).
16.) Click on the Authentication Service tab. Click Add, and type in the domain, authentication mechanism (for Active Directory, it would be NT or Windows), followed by broker will be the FQDN of the master server. Click Add then Close.
17.) Click on the Authorization Service Tab and type in the FQDN of the Master Server.
Click apply and Ok. Close NetBackup Admin Console and then Reopen it. When it opens, Click Help and "Current NBAC User". If you can click it and it shows your credentials, you have completed the configuration of Veritas Security Services. You can now proceed to add your users and groups to the Access Management -> NBU User Groups Section.
05-02-2007 11:52 AM
05-02-2007 02:34 PM
Message Edited by David Parker on 05-02-200705:35 PM