Active Directory-based authentication
If the appliance, Flex Scale, Flex Appliance application instance, or MSDP BYO server is part of the Active Directory domain, you can use this approach.
When you create a universal share from the NetBackup web UI, you can specify Active Directory users or groups. This approach restricts access to only specified users or groups. You can also control permissions from the Windows client where the universal share is mounted. See the NetBackup Web UI Administrator's Guide for more information.
For information about setting up Active Directory users or groups with an appliance, see the NetBackup Appliance Security Guide.
Universal shares can be created with NFS or SMB protocol. When the SMB protocol is used, SMB must be set up with ADS or in local user mode. The following table describes how to configure the media server with Active Directory for various platforms and create a universal share using SMB.
Table: Describes the requirements for different platforms to join the Active Directory domain
Platform | Requirements |
|---|---|
BYO appliance | For BYO, Example usage of register_samba_to_ad.sh: /usr/openv/pdde/vpfs/bin/register_samba_to_ad.sh --domain=<domain> --username=<username> The following are other options you can use with register_samba_to_ad.sh: --domain=<domain> : domain name --domaincontroller=<domain controller> : domain controller --username=<username> : windows domain username which has the privilege to join the client to domain --help|-h : Print the usage |
NetBackup appliance (NBA) | Review the section Adding an Active Directory server configuration in the NetBackup Appliance Administrator's Guide. |
Flex media server | The same as BYO. |
WORM enabled storage server | The storage server can be configured to join or leave Active Directory with Restricted Shell commands. [msdp-16.0] hostname > setting ActiveDirectory configure ad_server=<ad_server> domain=<domain_server> domain_admin=<domain_adin> |
Flex Scale | Review the section Configuring AD server for Universal shares and Instant Access in the NetBackup Flex Scale Administrator's Guide. |
AKS/EKS AD | NetBackup support only SMB local user mode. The SMB server is configured with local user mode by default. |
Once the storage server has been added to an Active Directory domain, a universal share can be created as normal. Any users and user groups that are specified are validated using the wbinfo command. The following procedure describes how to add a universal share to an Active Directory.
Adding a universal share to an Active Directory
- Open the NetBackup web UI.
- Create a universal share with the SMB protocol.
- Mount the shared storage on a Windows client.
Provide all necessary credentials.
- Verify that the universal share is fully set up, and can be backed up and restored using a Universal-Share policy.
The following requirements exist to add Microsoft SQL Server instant access to an Active Directory:
The storage server and the client must be in the same domain.
The domain user account is required with the necessary permissions to log on to the Microsoft SQL Server client.
In the web UI, register the Microsoft SQL Server instance with the domain user.
See the information on manually adding a SQL Server instance in the NetBackup for Microsoft SQL Server Administrator's Guide.
The domain user credentials are required to use instant access.