09-16-2009 07:38 AM
09-16-2009 09:13 AM
09-16-2009 10:21 AM
09-16-2009 11:04 AM
09-16-2009 11:49 AM
There is A LOT of information in the Yellow Books - certainly more than I can handle. :) I think it can get you started if you can put in the time.
http://www.symantec.com/business/theme.jsp?themeid=yellowbooks
(VxSS is now called "Symantec Product Authentication and Authorization Services" - but that acronym [SPAAS] hasn't caught on yet :) )
There are also individual NetBackup manuals on Authentication and Authorization, which we have linked with all the other documentation:
DOCUMENTATION: Where is the documentation for Symantec Product Authentication Service (VxAT), Product Authorization Service (VxAZ) [formerly known as Veritas Security Services (VxSS)] and Infrastructure Core Services (ICS)?
http://support.veritas.com/docs/311203
Good luck! Ask here if (when?) you get stuck! I won't be able to help :) but there are some real experts who have made this thing work for them!
09-16-2009 11:59 AM
09-16-2009 12:18 PM
09-16-2009 12:23 PM
09-16-2009 10:38 PM
Try this---
The process for configuring Veritas Security Services (VxSS) is as follows:
1)Make sure you can ping the NetBIOS version of the domain you log into (i.e. mybox not mybox.local and the FQDN of the master if using unixpwd)
2)Install Authentication service and Root Broker version 4.2 by executing the installics on the master server, and selecting yes to installing the Root + AB brokers. (installics is located on the Infrastructure Core Services disk)
3)Install the Authorization service 4.2 by executing the installics on the same server using the Custom/Complete install option. (installics is located on the Infrastructure Core Services disk)
4)Verify both processes (vxatd and vxazd) are started.
5)Goto Command line on server and change directories to the netbackup/bin directory (default is /usr/openv/netbackup/bin).
6)Run "bpnbat -addmachine" two times, one for the FQDN of the Master Server and once for the netbios version of the name.
7)Input the information requested (authentication broker should ALWAYS be the FQDN of the Master server, and the port number should be left as default).
8)Run "bpnbat -loginmachine" two times, one for the FQDN of the Master Server and once for the netbios version of the name.
9)Input the information requested (authentication broker should ALWAYS be the FQDN of the Master server, and the port number should be left as default).
10)Change directories to the Admincmd directory.
11)run "bpnbaz -setupsecurity %FQDN_of_Master%" (ie "bpnbaz -setupsecurity bob.mybox.local")
12)During this process you will be creating the NBU_Security_Admin, the person who is allowed to add users to other groups within Access Control. You will need to type in the Authentication broker name (again, FQDN of Master), leave port settings as default, the Authentication Domain (If Active Directory, it will be either NT or Windows, Depending on version of Veritas Security Services and FQDN of the master if using unixpwd). Domain will be the netbios version of domain (i.e. "mybox" not "mybox.com" for windows and FQDN of the master if using unixpwd). The login name (and the password to follow) will be the credentials for the user account that will be the security admin, so make sure you have access to it. When the information has been typed in and the password entered it will proceed to validate your account against your specified authentication type (ie Active Directory or the unix password file for unixpwd). If Successful, it will state "Operation Completed successfully". Anything else is considered a failure and will need to be reattempted.
13)Next type in "bpnbaz -allowauthorization %FQDN_of_Master%" (ie "bpnbaz -allowauthorization bob.mybox.local"). This again should return an "Operation Completed successfully".
14)Now change directories up one level to the bin directory, and type in "bpnbat -login" and hit enter.
15)Veritas Security Services will now ask for your credentials to validate you as an admin to login to Netbackup/Veritas Security Services. (reference information on "bpnbaz -setupsecurity" section above).
16)Change directories to admincmd and type "bpnbaz -listgroups". Five groups should be returned. If not, process was unsuccessful and you will need to rerun the "bpnbaz -setupsecurity" process.
17)Final stage in process is to associate NetBackup to use Veritas Security Services.
18)Open NetBackup Admin Console, expand the "Host Properties" section, then "Master Server". Bring up properties of Master Server and click "Access Control". Set VxSS to "Automatic". Click add, then select "Domain" from radio button for Domains, or Hostname if using unixpwd, and type in the netbios version of domain, and click Add/Ok/Close. Change from "Required" to "Automatic" (important, do not miss this step or you could potentially cause backups to fail).
19)Click on the Authentication Service tab. Click Add, and type in the domain or FQDN of the master if using unixpwd, authentication mechanism (for Active Directory, it would be NT or Windows, for password then unixpwd), followed by broker will be the FQDN of the master server. Click Add then Close.
20)Click on the Authorization Service Tab and type in the FQDN of the Master Server.
21)Click apply and Ok. Close NetBackup Admin Console then Reopen it. Click Help, then "Current NBAC User". If you can click it and it shows your credentials, you have completed the configuration of Veritas Security Services. You can now proceed to add your users and groups to the Access Management -> NBU User Groups Section.
*********
For each media server and Remote Admin Console you will need to repeat steps 6 and 13 (substituting the name of each Media Server and Remote Admin Console) from the master server and step 8 from the respective boxes
09-17-2009 10:30 AM
09-17-2009 01:16 PM
09-18-2009 10:49 PM