NBAC configure commands summary

Article:HOWTO70337  |  Created: 2012-02-07  |  Updated: 2013-03-01  |  Article URL http://www.symantec.com/docs/HOWTO70337
Article Type
How To


Environment

Subject


NBAC configure commands summary

The following table summarizes the commands that are used in the NBAC quick configure sequences.

The following conventions are frequently used in the synopsis of command usage.

Brackets [ ] indicate that the enclosed command-line component is optional.

Vertical bar or pipe (|) -indicate separates optional arguments to choose from. For example, when a command has the format: command arg1|arg2 you can select either the arg1 or arg2 variable.

Table: NBAC configure commands summary

Command

Description

bpnbaz -GetConfiguredHosts [target.server.com [-out file] | -all [-outfile] | -file progress.file]

The bpnbaz -GetConfiguredHosts command is used to obtain NBAC status on the host. Either the -all or target.server.com options are required for this command.

The syntax is:

  • target.server.com is the name of a single target host. If for example you want to find out NBAC status on single host, then use this option.

  • -out option is used to specify a custom output file name. By default, the output is written to the SetupMedia.nbac file. This option can be used with -all and the single host configuration options.

  • -all is an option that goes through all the policies and collects all unique host names. These host names are found in the policies. It also collects all configured media server(s) and captures the NBAC status of each host in ConfiguredHosts.nbac file.

  • -file progress.file is an option used to specify host name(s) to be read from progress_file. This option expects one host name per line in the progress_file.CLI updates the progress_file with the host's NBAC status. It appends # after hostname followed by the NBAC status.

  • When used with target.server.com or -all option, status of the host(s) is captured in the ConfiguredHosts.nbac file.

bpnbaz -SetupMaster [-fsa [<domain type>:<domain name>:]<user name>]

The bpnbaz -SetupMaster command is run to set up the master server for using NBAC. The authorization server and authentication broker are expected to be installed and running on the master server.

Use the bpnbaz -SetupMaster -fsa command with the First Security Administrator option to provision a particular OS user as NBU Administrator.

The syntax is:

  • -fsa option is used for provisioning a specific OS user as NBU Administrator. When using this option you are asked for the password for your current OS user identity.

  • domain type is the type of network domain you are using. For example the bpnbaz -SetupMaster -fsa nt:ENTERPRISE:jdoe command provisions the Windows enterprise domain user jdoe as NBU Administer.

  • domain name is the name of the particular domain you are using. For example the bpnbaz -SetupMaster -fsa jdoecommand takes the current logged on user domain type (Windows/UNIXPWD), domain name, and provisions jdoe user in that domain.

  • user name is the particular OS user name you are designating as an NBU Administrator.

    Note:

    The user is verified for the existence in the specified domain. Existing behavior of provisioning the logged-on Administrator or root as NBU Admin is preserved.

bpnbaz -SetupMedia [ media.server.com [-out file] | -all [-out file] | -file progress.file ] [-dryrun] [-disable]

The bpnbaz -SetupMedia command is run by an NBU_Administrator group member on the master server. It should not be run until a bpnbaz -SetupMaster has been completed successfully. It expects connectivity between the master server and target media server systems. Either the -all or target.server.com options are required for this command.

The syntax is:

  • media.server.com is the name of a single target host. Use this option to add a single additional host for use with NBAC.

  • -out option is used to specify a custom output file name. By default, the output is written to the SetupMedia.nbac file. This option can be used with -all and the single host configuration options.

  • -all goes through all the storage units and collect all unique host names that are found in the storage unites. These can be tried in a sorted order. The results are written to the progress file.

  • -file progress_file option is used to specify an input file with a specific set of media server host names. After the run, status for each media server is updated in the progress file. Successfully completed ones are commented out for the subsequent runs. This command can be repeated until all the media servers in the input file are successfully configured.

  • -dryrun can generate the list of media server names and write them to the log. This option can work with media.server.com but it is intended to be used with the -all option.

  • -disable option can disable NBAC (USE_VXSS = PROHIBITED ) on targeted hosts.

bpnbaz -SetupClient [ client.server.com [-out file] | -all [-images] [-out file] | -file progress.file ] [-dryrun] [-disable]

The bpnbaz -SetupClient command is used for setting up NBAC on the clients. It should not be run until thebpnbaz -SetupMaster command has been completed successfully. The bpnbaz -SetupClient needs to run from the master server. It expects connectivity between the master server and target client systems. Either the -all or target.server.com options are required for this command.

The syntax is:

  • client.server.com is the name of a single target host. If for example you wished to add a single additional host for use with NBAC, then this name is the option for you.

  • -out is an option that is used to specify a custom output file name. By default, the output is written to the SetupClient.nbac file. This option can be used with -all and the single host configuration options. The -out option is used to specify a custom output file name. By default, the output is written to the SetupClient.nbac file. This option can be used with -all and the single host configuration options.

  • -all is an option that goes through all the policies and collects all unique host names that are found within the policies. The policies are tried in a sorted order. The results are written to the progress file.

  • -images is an option that searches all images for unique host names. This option cannot be recommend for customers with large catalogs unless they add the -dryrun option. This option yields all unique clients that are contained in the image catalog. Older catalogs can contain a larger number of decommissioned hosts, hosts that are moved to new masters, or are renamed. Run time of the command can increase as attempts are made to contact unreachable hosts.

  • -dryrun is an option that generates the list of client names and writes them to the log. It does not result in actual configuration of the target systems.

  • -disable is an option that disables NBAC (USE_VXSS = PROHIBITED) on targeted hosts.

  • -file progress.file is an option used to specify a different file name for the progress log. The CLI reads the host names from the progress_file. The status is appended next to each host name with a [# separated value]. Successfully completed ones are commented out. This command can be run multiple times until all the clients in the progress_file are successfully configured.

See About using NetBackup Access Control (NBAC)


Legacy ID



v32263560_v71360082


Article URL http://www.symantec.com/docs/HOWTO70337


Terms of use for this information are found in Legal Notices