Configure smart card authentication with a domain
You can configure NetBackup to validate users with smart cards or certificates with an AD or an LDAP domain.
Note the following prerequisites:
Before you add the authentication method you must add the domain that is associated with your NetBackup users. See the NetBackup Security & Encryption Guide.
Ensure that you complete the role-based access control (RBAC) configuration for the NetBackup users before you configure smart card or certificate authentication.
See Configuring RBAC.
To configure smart card authentication with a domain
- Sign in to the NetBackup web UI.
- At the top right, select Settings > Smart card authentication.
- Turn on Smart card authentication.
- Select the required AD or LDAP domain from the Select the domain option.
- Select a Certificate mapping attribute: Common name (CN) or Universal principal name (UPN).
- Optionally, enter the OCSP URI.
If you do not provide the OCSP URI, the URI in the user certificate is used.
- Select Save.
- To the right of CA certificates, click Add.
- Browse for or drag and drop the CA certificates and click Add.
Smart card authentication requires a list of trusted root or intermediate CA certificates. Add the CA certificates that are associated with the user digital certificates or the user smart cards.
Certificate file types must be
.crt,.cer,.der,.pem, orPKCS #7format and less than 64KB in size. - On the Smart card authentication page, verify the configuration information.
After configuring smart card authentication, you must restart the NetBackup Web Management Console (nbwmc) service.
- Before users can use a digital certificate that is not installed on a smart card, the certificate must be uploaded to the browser's certificate manager.
See the browser documentation for instructions or contact your certificate administrator for more information.
- When users sign in, they now see an option to Sign in with certificate or smart card.
If you do not want users to have this sign-in option yet, turn off Smart card authentication. (For example, if all users do not yet have their certificates configured on their hosts.). The settings that you configured are retained even if you turn off smart card authentication.
For such users, the domain name and domain type are smart card.