Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Netbackup Appliance 5230 and Activity Monitor Access

Created: 23 Jul 2014 • Updated: 23 Jul 2014 | 5 comments
This issue has been solved. See solution.

We have a Netbackup Appliance 5230 running 2.6.0.2 as a master server.  We would like to give our operators access to the Activity Monitor by setting up user accounts and plan on using auth.conf to restrict certain things.  My question is do you guys normally create an account on the appliance and do you set restricted shell?(rbash)  We don't want the operators moving around directly on the appliance.  Also we need to give the operators the ability to change their own password.  Thanks.

Operating Systems:

Comments 5 CommentsJump to latest comment

Mark_Solutions's picture

I guess for what you are trying to do you will need to use the Java console on their PCs and restrict it like you would with a normal master server server.

You could setup OpsCenter and give them restricted access to that as you can see all activity in there too and it is easy to set that up with AD account access.

No one would need a console then either - just access it via a web page and login as themselves.

To get the appliance working with AD (LDAP) is a minor nightmare to be honest and NBAC (which i cannot remember off the top of my head if appliances support that yet) is probably a bigger nightmare to setup!

If you just want them to see activity monitor go for OpsCenter.

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

chashock's picture

Direct modification of the auth.conf on an appliance is not supported, and neither is setting up accounts with restricted shell.  

If you want to allow shell access but limit users to NBU functions, create a NetBackupCLI user.  That will natively restrict the user to NBU commands only from the shell.

I'd agree with Mark_Solutions that based on what you've said, OpsCenter would be the way to go.  You can view the Activity Monitor from that console and it allows you to easily use AD credentials combined with Views to limit what users have visibility and authority to do.

bmaro's picture

Thanks Guys really appreciate it.  Yeah I was thinking opscenter as well I forget though can they insert/remove tapes from there?  Basically this is an offsite location.  We setup the Netbackup environment for them, appliance, media server, reboot, slps, vault, opscenter, etc and we are going to slowly transition it to them.  They have no Netbackup experience.  Our manager wants us to give them read only access to the activity monitor but thats not possible as we don't have nbac and like you said Mark we're trying to stay away from it :-) and then from there slowly transition reposibilites to them, insert/eject tapes, then create policies, and so forth.  chashock-in the admin guide I could only find how to create admin users on the appliance, I'm going to scan the doc again.  Thanks.

bmaro's picture

The other thing they needed was to be able to modify policies which I dont believe they can do in opscenter.  Sounds like we might just have to grant them full access to the admin console.

chashock's picture

Yeah, today on the appliances there are only NoRole and Admin user authorization roles.  The NoRole will only give them BAR access if I recall correctly (can't get to an appliance to test at the moment).

SOLUTION