Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. NetBackup Access Control Security (NBAC)
  9. Configuring NetBackup Access Control (NBAC)
  11. Configuring NetBackup Access Control (NBAC) on a clustered primary server
NetBackup™ Security and Encryption Guide

Configuring NetBackup Access Control (NBAC) on a clustered primary server

Note:

In a Windows clustered environment, after setting up primary server, the AUTHENTICATION_DOMAIN entry in the passive nodes can be the same as the active node name. This is not acceptable. After a failover on a passive node, when MFC UI is launched (using <[local machine name] > \[Administrator user]), an authentication-related pop-up error message is displayed. The workaround for this issue is to add the local node name as authentication domain into the AUTHENTICATION_DOMAIN on passive nodes after setting up primary server (before failover). Before updating the value of AUTHENTICATION_DOMAIN, get the current value using the bpgetconfig command. Then add the local node name as authentication domain in the existing domain list using the bpsetconfig command. To exit and save from the bpsetconfig command prompt press Ctrl + Z and then press theEnter key.

Note:

Reverting the NBAC mode from REQUIRED to PROHIBITED on the active node of a cluster, can lead the cluster into a faulted state. The workaround for this issue is to do the following. On an active node run the bpclusterutil -disableSvc nbazd command followed by the bpclusterutil -disableSvc nbatd command. Change the bp.conf USE_VXSS=AUTOMATIC or REQUIRED value to PROHIBITED using the bpsetconfig command. Run the bpclusterutil -enableSvc nbazd command followed by the bpclusterutil -enableSvc nbatd command on the active node while turning NBAC to REQUIRED mode to monitor the security services.

You can use the following procedure to configure NetBackup Access Control (NBAC) on a clustered primary server.

Configuring NetBackup Access Control (NBAC) on a clustered primary server

  1. Log on to the primary cluster node.
  2. If you use Windows, open a command console.
  3. For UNIX, change the directory to /usr/openv/netbackup/bin/admincmd. For Windows, change the directory to install_path\NetBackup\bin\admincmd.
  4. Run bpnbaz -setupmaster on the active node.
  5. Log on to the administration console on the primary server.
  6. Restart the NetBackup services to ensure that the NBAC settings take place.

Feedback

Was this page helpful?
Previous

Installing the NetBackup primary server highly available on a cluster

Next

Configuring NetBackup Access Control (NBAC) on media servers

Feedback

Was this page helpful?