I'm trying to configure NBAC on Netbackup 7.1 in a clustered master server.
I want to implement Access Management with NBAC to manage user access to the Netbackup Administration Console, just this.
I'm following that marvelous tool of misunderstanding called "Symantec Netbackup Security and Encription Guide".
I successfully followed the 6 steps configuration NBAC on a clustered master server:
bpnbaz -setupmaster command finished sucessfully:
# sudo ./bpnbaz -setupmaster
You will have to restart NetBackup services on this machine after the command completes successfully.
Do you want to continue(y/n)y
Gathering configuration information.
Please be patient as we wait for 10 sec for the security services to start their operation.
Generating identity for host 'netbackup-sc'
Setting up basic authorization information. Please be patient.
Basic authorization information generated successfully.
Granting authorization check permissions to host 'netbackup-sc'
Configuring authentication domains within Netbackup
Setting up authorization information in Netbackup configuration files.
Setting up NBAC on target host: ronda
Managing Authentication Broker on target host: ronda
Setting up NBAC on target host: viznar
Managing Authentication Broker on target host: viznar
Warning: NetBackup Master Server is currently configured in AUTOMATIC mode. Security will be enforced only in REQUIRED mode. This can be done after entire NetBackup domain is configured with NBAC
Operation completed successfully.
After restarting services, I tried to configure "Access Management" on the Netbackup Administration Console, and I got a status code 193 "Access Management is not configured on this system" error. Also I get an authentication error if I try to configure the "Access Control" in Master Server properties.
Before aplying troubleshooting, I would like to know how to disable NBAC on UNIX in case of wrong configuration.
Thanks in advance.
After placing USE_VXSS = PROHIBITED in bp.conf on master server and restart Netbackup, the Netbackup daemos on master become unstable, restarting after 30 secs ALL SERVICES.
I had to stop Netbackup and revert USE_VXSS = AUTOMATIC in bp.conf
So... how I can unconfigure NBAC in a Solaris clustered Master Server ??
Reverting the NBAC mode from REQUIRED to PROHIBITED on the active node of a cluster, can lead the cluster into a faulted state. The workaround for this issue is to do the following. On an active node run the bpclusterutil -disableSvc nbazd command followed by the bpclusterutil -disableSvc nbatd command
NBAC is a Special security feature in Netbackup ENvironment mainly for authenticating and authorizing the user related to NB activity.
After changing the USE_VXSS = PROHIBITED in Bp.conf file.
Remove the following lines in bp.conf file
AUTHENTICATION_DOMAIN = nbmaster1 "ADDED AUTOMATICALLY" PASSWD nbmaster1 0
AUTHORIZATION_SERVICE = nbmaster1 0
Please refer to the below Link for uninstalling the NBAC feature in Netbackup.
For Window Master Server
FOr Unix Master Server