Veritas NetBackup™ Appliance Security Guide

Use the following guidelines for authenticating users on the appliance:

• Only one remote user type (LDAP, or Active Directory/AD can be configured for authentication on an appliance. For example, if you currently authenticate LDAP users on an appliance, you must remove the LDAP configuration on it before changing to AD user authentication.

• The NetBackupCLI role can be assigned to a maximum of nine (9) user groups at any given time.

• You cannot grant the NetBackupCLI role to an existing local user. However, you can create a local NetBackupCLI user by using the Manage > NetBackupCLI > Create command from the NetBackup Appliance Shell Menu.

• You cannot add a new user or a user group to an appliance with the same user name, user ID, or group ID as an existing appliance user.

• Do not use group names or user names that are already used for appliance local users or NetBackupCLI users. Additionally, do not use the appliance default names admin or maintenance for LDAP or AD users.

• The appliance does not handle ID mapping for LDAP configuration. Veritas recommends that you reserve a user ID and group ID range of 1000 to 1999 only for local appliance users. For remote AD and LDAP users, reserve a user ID and group ID range greater than 1999.

• NetBackup appliance uses general CIFS shares for some of its internal operations such as storing patches and installation files, uploading logs to support, forwarding logs to an external server, and uploading OST plug-ins.

  Starting with appliance software version 4.0, you must manage access to the general CIFS shares for all local users and Active Directory users and user groups (except the admin user). Use the Settings > Security > Authentication > CIFSShare command to manage access to the general CIFS shares.

  • Guest users: Replace a Guest user by creating a new local user.

  • Existing local users: Change the passwords for these users.