Configuring NetBackup Access Control (NBAC) on a clustered primary server
Note:
In a Windows clustered environment, after setting up primary server, the AUTHENTICATION_DOMAIN entry in the passive nodes can be the same as the active node name. This is not acceptable. After a failover on a passive node, when MFC UI is launched (using <[local machine name] > \[Administrator user]), an authentication-related pop-up error message is displayed. The workaround for this issue is to add the local node name as authentication domain into the AUTHENTICATION_DOMAIN on passive nodes after setting up primary server (before failover). Before updating the value of AUTHENTICATION_DOMAIN, get the current value using the bpgetconfig command. Then add the local node name as authentication domain in the existing domain list using the bpsetconfig command. To exit and save from the bpsetconfig command prompt press Ctrl + Z and then press theEnter key.
Note:
Reverting the NBAC mode from REQUIRED to PROHIBITED on the active node of a cluster, can lead the cluster into a faulted state. The workaround for this issue is to do the following. On an active node run the bpclusterutil -disableSvc nbazd command followed by the bpclusterutil -disableSvc nbatd command. Change the bp.conf USE_VXSS=AUTOMATIC or REQUIRED value to PROHIBITED using the bpsetconfig command. Run the bpclusterutil -enableSvc nbazd command followed by the bpclusterutil -enableSvc nbatd command on the active node while turning NBAC to REQUIRED mode to monitor the security services.
You can use the following procedure to configure NetBackup Access Control (NBAC) on a clustered primary server.
Configuring NetBackup Access Control (NBAC) on a clustered primary server
- Log on to the primary cluster node.
- If you use Windows, open a command console.
- For UNIX, change the directory to
/usr/openv/netbackup/bin/admincmd. For Windows, change the directory toinstall_path\NetBackup\bin\admincmd. - Run bpnbaz -setupmaster on the active node.
- Log on to the administration console on the primary server.
- Restart the NetBackup services to ensure that the NBAC settings take place.