Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Account Description

Created: 24 Jul 2012 | 3 comments

I am conducting research on Netbackup 5200, and I was interested in knowing the descriptions of the admin account and maintenance account. Can someone provide me with a general overview and please identify the difference in functions of these accounts. Thank you.

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

Sebastian Baszczyj's picture

Hey Mate,

 

admin - access to the CLISH. From this text menu, you can configure all aspects of the NetBackup, disk pools, FC etc. 

Maintenance - root access to the appliance (and Suse)

 

Hope it helps

Sebastian Baszczyj

sdo's picture

On 5020 and 5220 there is a third (built-in) account - which is the IPMI account.

 

On a 5220:

- The main account when ssh onto the appliance is:     admin

     this is the account for all normal NetBackup type work

- The account for IPMI is:                                           sysadmin

     this gives you web access to an ILO type interface that let's you power-off, power-on etc but also has a decent Java based KVM for the console - for troubleshooting boot and firmware issues.

The password rules are different for each (i.e. the IPMI mini-board account has different password rules to the Suse EL O/S of the main appliance).

The idea is one IP address for the IPMI only - and at least one different address for the main master/media server appliance data interface(s).  The IPMI address does not have to be in the VLAN as the master/media appliance that it oversees.

 

On a 5020:

...and I kid you not... the accounts are the other way around... more sighs...

...anyway - similar idea - IPMI lights out remote management, can be diff VLAN to actual data interfaces...

- "sysadmin"  for ssh login

- "admin" for the IPMI

...and again the password rules are different.

 

Finally, I ask myself if I will I ever get used to the different commands to "return" (N5220) or "exit" (N5020) back upwards through the CLIsh levels... yet more sighs.

 

Re N5220:  There is no need to change the internal "maintenance" password - as you need to be able to logon to get to it - i.e. you cannot logon to "maintenance" as such, only once you have logged as admin.  And it's kind of handy to leave teh maintenance password as default, because then you can sit back and watch support webex sessions and only have to get invovlved at the real point of logon.  You can create other accounts - which I haven't looked in to yet.

BUT - you absolutely must change the default passwords on the "admin" N5220 account and the "sysadmin" N5020 account.

I can't quite remember - but I think either one (maybe both) of N5220 and/or N5020 has a root account that has a default password - so you need to disable this account from logins too - my advice is to carefully check the manual on this - or open a support case (I'll post a clearer update if I get to do it again).

And - I only did this once - so I'm a bit fuzzy on this too - but I think there were some default IPMI accounts too - and you really should delete these and leave yourself with (yes it is the otrher way around) "sysadmin" on N5220 and "admin" on N5020 - and set some non-default passwords.

 

Mark_Solutions's picture

There are two primary accounts for the 5200 / 5220 appliances.

Once installed both passwords (admin and sysadmin) can be changed via its web GUI.

As covered earlier the admin account is what is generally used to access the inbuilt menu system (via Putty or similar) but should you need to access the O/S you can either login as sysadmin or access via the Support>Maintenance feature at which point you wil need to provide the sysadmin password.

It is usually best to use the admin account for the putty login as you can always drop in and out of the O/S if you need to.

The IPMI account is used for access to what you may call a Lights Out card (or what ever you like to call it)

The password for this cannot be as complex as it cannot use no asci characters.

This has limited functionality but it does give access to reboot or shut down the appliance - it does however have a KVM console accessible via Java (V6 or above) but this itself then needs you to login using admin or sysadmin.

Hope this helps - any further details just ask

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.