NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
Configure user authentication with smart cards or digital certificates
NetBackup supports authentication of Active Directory (AD) or LDAP domain users with a digital certificate or smart card, including CAC and PIV. This authentication method only supports one AD or LDAP domain for each master server domain and is not available for local domain users. You must perform this configuration separately for each master server domain where you want to use this authentication method.
If not already completed as part of role-based access control (RBAC) configuration, ensure that you complete the following steps before you configure certificate authentication:
To configure NetBackup to authenticate users with a smart card or digital certificate
- At the top right, select Settings > Smart card authentication.
- Turn on Smart card authentication.
- Select a User authentication domain.
- Select a Certificate mapping attribute.
- Optionally, enter the OCSP URI.
If you do not provide the OCSP URI, the URI in the user certificate is used.
- Click Save.
- To the right of CA certificates, click Add.
- Browse for or drag and drop the CA certificates and click Add.
Smart card authentication requires a list of trusted root or intermediate CA certificates. Add the CA certificates that are associated with the user digital certificates or the user smart cards.
Certificate file types must be
PKCS #7format and less than 64KB in size.
- On the Smart card authentication page, verify the configuration information.
- Before users can use a digital certificate that is not installed on a smart card, the certificate must be uploaded to the browser's certificate manager.
See the browser documentation for instructions or contact your certificate administrator for more information.
- When users sign in, they now see an option to Sign in with certificate or smart card.
If you do not want users to have this sign-in option yet, turn off Smart card authentication. (For example, if all users do not yet have their certificates configured on their hosts.). The settings that you configured are retained even if you turn off smart card authentication.