cancel
Showing results for 
Search instead for 
Did you mean: 

NBAC and Netbackup 7.1

jluis
Level 4

Hello,

I'm trying to configure NBAC on Netbackup 7.1 in a clustered master server.
I want to implement Access Management with NBAC to manage user access to the Netbackup Administration Console, just this.

I'm following that marvelous tool of misunderstanding called "Symantec Netbackup Security and Encription Guide".

I successfully followed the 6 steps configuration NBAC on a clustered master server:

bpnbaz -setupmaster command finished sucessfully:


# sudo ./bpnbaz -setupmaster
You will have to restart NetBackup services on this machine after the command completes successfully.
Do you want to continue(y/n)y
Gathering configuration information.
Please be patient as we wait for 10 sec for the security services to start their operation.
Generating identity for host 'netbackup-sc'
Setting up basic authorization information. Please be patient.
Basic authorization information generated successfully.
Granting authorization check permissions to host 'netbackup-sc'
Configuring authentication domains within Netbackup
Setting up authorization information in Netbackup configuration files.
Setting up NBAC on target host: ronda
Managing Authentication Broker on target host: ronda
Setting up NBAC on target host: viznar
Managing Authentication Broker on target host: viznar
Warning: NetBackup Master Server is currently configured in AUTOMATIC mode. Security will be enforced only in REQUIRED mode. This can be done after entire NetBackup domain is configured with NBAC
Operation completed successfully.

After restarting services, I tried to configure "Access Management" on the Netbackup Administration Console, and I got a status code 193 "Access Management is not configured on this system" error. Also I get an authentication error if I try to configure the "Access Control" in Master Server properties.

Before aplying troubleshooting, I would like to know how to disable NBAC on UNIX in case of wrong configuration.

Thanks in advance.

8 REPLIES 8

Mouse
Moderator
Moderator
Partner    VIP    Accredited Certified

Placing USE_VXSS = PROHIBITED in bp.conf should be sufficient to disable NBAC

Consult this technote about USE_VXSS http://www.symantec.com/docs/HOWTO33242

jluis
Level 4

Cool !

Thanks a lot.

jluis
Level 4

Hello,

After placing USE_VXSS = PROHIBITED in bp.conf on master server and restart Netbackup, the Netbackup daemos on master become unstable, restarting after 30 secs ALL SERVICES.

I had to stop Netbackup and revert USE_VXSS = AUTOMATIC in bp.conf

 

So... how I can unconfigure NBAC in a Solaris clustered Master Server ??

 

 

Rafael_Fernande
Level 1

Reverting the NBAC mode from REQUIRED to PROHIBITED on the active node of a cluster, can lead the cluster into a faulted state. The workaround for this issue is to do the following. On an active node run the bpclusterutil -disableSvc nbazd command followed by the bpclusterutil -disableSvc nbatd command

mansoor_sheik
Level 6
Certified

Hi Julis,

NBAC is a Special security feature in Netbackup ENvironment mainly for authenticating and authorizing the user related to NB activity.

After changing the USE_VXSS = PROHIBITED in Bp.conf file.

Remove the following lines in bp.conf file
AUTHENTICATION_DOMAIN = nbmaster1 "ADDED AUTOMATICALLY" PASSWD nbmaster1 0
AUTHORIZATION_SERVICE = nbmaster1 0


Please refer to the below Link for uninstalling the NBAC feature in Netbackup.

For Window Master Server
http://www.symantec.com/docs/TECH189775


FOr Unix Master Server
http://www.symantec.com/docs/TECH175054

 

 

 

mansoor_sheik
Level 6
Certified

Hi Julis,

Done with NBAC. Please let know if any assistance is required.

Twinkle_Sapra
Level 5
Certified
I am looking for help to install AT & AZ in cluster enviornment. Any document that can help me.

mansoor_sheik
Level 6
Certified
Hi, I dont have any document. For 7.1 it is Authorization and Authentication is ( AZ & AT) is automatically done rite ?