Using the nbac_cron utility
The following steps help you to create credentials to execute cron jobs.
Using the nbac_cron utility to run cron jobs
- Run the command nbac_cron-addCron as root or administrator on the primary server.
root@amp# /usr/openv/netbackup/bin/goodies/nbac_cron -AddCron
# nbac_cron -AddCron
This application will generate a Veritas private domain identity that can be used in order to run unattended cron and/or at jobs.
User name to create account for (e.g. root, JSmith etc.): Dan
Password:*****
Password:*****
Access control group to add this account to [NBU_Admin]:
Do you with to register this account locally for root(Y/N) ? N
In order to use the account created please login as the OS identity that will run the at or cron jobs. Then run nbac_cron -setupcron or nbac_cron -setupat. When nbac_cron -setupcron or nbac_cron -setupat is run the user name, password and authentication broker will need to be supplied. Please make note of the user name, password, and authentication broker. You may rerun this command at a later date to change the password for an account.
Operation completed successfully.
If you do not explicitly specify an access control group (for example, NBU_Operator or Vault_Operator) to add the user to, the cron user (Dan here), is added to the NBU_Admin group.
If you respond with a 'Yes' to register the account locally for root, the nbac_cron - SetupCron command is automatically executed for the cron_user as root. If you plan to run the cron jobs as a non-root OS user then you should say 'No' here and manually run the nbac_cron - SetupCron command as that non-root OS user.
An identity is generated in the Veritas private domain. This identity can be used to run the cron jobs.
- Now, run the nbac_cron-SetupCron command as the OS user who wants to execute the cron jobs to obtain credentials for this identity.
[dan@amp ~]$ /usr/openv/netbackup/bin/goodies/nbac_cron -SetupCron
This application will now create your cron and/or at identity.
Authentication Broker: amp.sec.punin.sen.veritas.com
Name: Dan
Password:*****
You do not currently trust the server: amp.sec.punin.sen.veritas.com, do you wish to trust it? (Y/N): Y
Created cron and/or at account information. To use this account in your own cron or at jobs make sure that the environment variable VXSS_CREDENTIAL_PATH is set to "/home/dan/.vxss/credentials.crat"
Operation completed successfully.
The 'You do not currently trust' the server message is only shown once if you have not already trusted the broker.
The credential is created in the user's home directory atuser/.vxss/credentials.crat. The credential is valid for a year from the time when it is generated.
If required, you can check the credential details as shown:
dan@amp~]$ /usr/openv/netbackup/bin/bpnbat -whoami -cf ~dan/.vxss/credentials.crat
Name: CronAt_dan
Domain: CronAtUsers@amp.sec.punin.sen.veritas.com
Issued by: /CN=broker/OU=amp.sec.punin.sen.veritas.com
Expiry Date: Feb 4 13:36:08 2016 GMT
Authentication method: Veritas Private Domain
Operation completed successfully.
You must re-run the SetupCron operation (Step 2) to renew the credential before it expires.
- You can now create your own cron jobs. Ensure that the VXSS_CREDENTIAL_PATH path is set to point to the credentials you created above before you schedule any new job.