Configuring NetBackup Access Control (NBAC) on media servers
The following procedure describes how to configure NetBackup Access Control (NBAC) on media servers in a NetBackup configuration. These steps are needed for the media servers that are not co-located with the primary server.
Note:
Use -setupmedia set USE_VXSS = AUTOMATIC on the primary server. If USE_VXSS = REQUIRED is set on the primary server and an attempt is made to configure NBAC on media server, the following error can occur: NetBackup primary server is configured in REQUIRED Mode. Please change the mode to AUTOMATIC to complete configuration of the media server.
Configuring access control on media servers
- Log on to the primary server computer.
- Run the bpnbat -login command.
Make sure that you run the bpnbat -login command before the bpnbaz -setupmedia command to avoid a command failure.
The bpnbaz -setupmedia command has a number of options.
This command does not work without an extension for either the individual host, or the -all option.
See NBAC configure commands summary.
It is recommended to do a dry run of the configuration first, with the -dryrun option. It can be used with both -all and a single-server configuration. By default, the discovered host list is written to the file
SetupMedia.nbac. You can also provide your own output file name using the -out <output file> option. If you use your own output file, then it should be passed for the subsequent runs with the -file option. The dry-run command would look something like the following:bpnbaz -SetupMedia -all -dryrun [-out <outfile>] or
bpnbaz -SetupMedia <media.server.com> -dryrun [-out <outfile>].
If all of the media servers that you want to update are in the log file, use the -dryrun option. You can proceed with the -all command to do them all at once. For example, you can use:
bpnbaz -SetupMedia -all or
bpnbaz -SetupMedia -file <progress file>.
Note that the -all option updates all of the media servers seen each time it runs. If you want to run it for a selected set of media servers, can you do it. Keep only the media server host names that you wanted to configure in a file, and pass that file using the -file option. This input file would either be SetupMedia.nbac or the custom file name you provided with the -out option in the previous dry run. For example, you may have used: - bpnbaz -SetupMedia -file SetupMedia.nbac.
To configure a single media server, specify the media server host name as the option. For example, use:
bpnbaz -SetupMedia <media.server.com>.
- Restart the NetBackup services on the target media servers after the command completes successfully.
It sets up NBAC on the target hosts. If the configuration of some target hosts did not complete, you can check the output file.
Proceed to the access control configuration for the client hosts after this step.