How to change the account for the NetBackup web server on UNIX

How to change the account for the NetBackup web server on UNIX

Article: 100047148
Last Published: 2020-03-13
Ratings: 2 0
Product(s): NetBackup

Description

Use the following steps to change the group and the user account for the web server configured with NetBackup.

Note: This article does apply to NetBackup 8.1.1 and earlier.

Note: This group and user must be available on each master server (or each node of a clustered master server). And the user must be member of the group.

  • If you use  non-clustered environments, the NetBackup web service user can be a local or a domain user.
  • If  your environment uses Windows domain users, use the DOMAIN\USER format.
  • If you use a clustered environment on Linux or UNIX platforms, the NetBackup web service user can be a local user. Additionally, the group can be a local group. The NetBackup web service user must have the same name and UID on all nodes of the cluster. Also, the group must have the same name and GID on all nodes of the cluster. It is recommended to use domain users (Example: NIS) for clustered environments.
  • When a local user is used, the corresponding group must be a local group. When a domain user is used, the group must be available in the given domain. Local user and domain group or domain user and local group combination is not supported.
  • In clustered environments, the following steps should be run on both the active and the inactive nodes. On inactive node, no services are started but the NBMWC is configured with permissions for a new user. In a Windows environment,  the service is configured to run as this new user. Following this procedure allows a failover to happen seamlessly.

 

Note: Check PBX mode before changing the NetBackup web service account.

1. Execute the following command in a shell prompt to verify if the PBX is running in secure mode.

/opt/VRTSpbx/bin/pbxcfg -p -m

If Secure Mode: true is displayed, then PBX is running in secure mode. Proceed to Step 2.

If Secure Mode: false is displayed, proceed to change the web service user account.

2. Add the new user in the PBX authorized users’ list.

/opt/VRTSpbx/bin/pbxcfg -a -u <user name>

The new user needs to be added to the PBX authorized users' list. Otherwise, the web server fails to listen on the PBX port and PBX registration from the web server fails.

3. Restart the PBX service.

/opt/VRTSpbx/bin/vxpbx_exchanged restart

4. Verify that the new user was added to the PBX authenticated user list.

/opt/VRTSpbx/bin/pbxcfg -p -u

 

To change the web service user account

== Non-Cluster Aware ==

1. Stop the nbwmc service.

/usr/openv/netbackup/bin/nbwmc -terminate

2. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.

echo "WEBSVC_USER"="<NEW_USER_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

echo "WEBSVC_GROUP"="<NEW_GROUP_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

3. Edit lines 28 and 29 in /usr/openv/wmc/bin/setenv

28 USERID=<NEW_USER_NAME>

29 GRPID=<NEW_GROUP_NAME>

4. Delete the directory.

/usr/openv/var/global/vxss/nbcertservice

/usr/openv/var/global/vxss/tomcatcreds

/usr/openv/var/global/vxss/websvccreds

5. Run the following commands, in order:

/usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i

/usr/openv/netbackup/bin/admincmd/nbcertconfig -m

/usr/openv/netbackup/bin/admincmd/nbcertconfig -t

6. Run the setupWmc command to configure the NetBackup web server (nbwmc) service.

/usr/openv/wmc/bin/install/setupWmc

7. Start the  nbwmc service.

/usr/openv/netbackup/bin/nbwmc start

8. Before continuing, wait until the nbwmc service has completely started.

Run the nbcertcmd command to see if web service is up and accessible.

/usr/openv/netbackup/bin/nbcertcmd -ping

The output should show:

Fetched data = <some large number>

 

Note: The owner of /usr/openv/var/global/wsl/portfile does not change. If you want to change, follow all the steps above to change to a new account and update the information as follows:

# ls -l /usr/openv/var/global/wsl/portfile

-rw-rw---- 1 root nbwebgrp 77 Mar 18  2016 /usr/openv/var/global/wsl/portfile

# /usr/openv/wmc/bin/install/configurePorts -shutdownPort 8205

Old Shutdown Port: 8205

New Shutdown Port: 8205

# ls -l /usr/openv/var/global/wsl/portfile

-rw-rw---- 1 root test_grp2 77 Mar 18  2016 /usr/openv/var/global/wsl/portfile

 

== Cluster Aware ==

Note: Freeze the NetBackup group on cluster beforehand.

Clustered Master Server: Active Node:

1. Stop the nbwmc service.

/usr/openv/netbackup/bin/nbwmc -terminate

2. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.

echo "WEBSVC_USER"="<NEW_USER_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

echo "WEBSVC_GROUP"="<NEW_GROUP_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

3. Edit lines 28 and 29 in /usr/openv/wmc/bin/setenv

28 USERID=<NEW_USER_NAME>

29 GRPID=<NEW_GROUP_NAME>

4. Delete the directory.

/usr/openv/var/global/vxss/nbcertservice

/usr/openv/var/global/vxss/tomcatcreds

/usr/openv/var/global/vxss/websvccreds

5. Run the following commands, in order:

/usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i

/usr/openv/netbackup/bin/admincmd/nbcertconfig -m

On 8.0 and 8.1: /usr/openv/netbackup/bin/admincmd/nbcertconfig -t

On 8.1.1:  /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f

6. Run the setupWmc command to configure the NetBackup web server (nbwmc) service.

/usr/openv/wmc/bin/install/setupWmc

7. Start the nbwmc service.

/usr/openv/netbackup/bin/nbwmc -start

8. Before continuing, wait until the nbwmc service has completely started.

Run the nbcertcmd command to see if web service is up and accessible.

/usr/openv/netbackup/bin/nbcertcmd -ping

The output should show:

Fetched data = <some large number>

 

Note: Unfreeze the NetBackup group on cluster after operation.

Note: The owner of /usr/openv/var/global/wsl/portfile does not change. If you want to change, follow all the steps above to change to a new account and update the information as follows:

# ls -l /usr/openv/var/global/wsl/portfile

-rw-rw---- 1 root nbwebgrp 77 Mar 18  2016 /usr/openv/var/global/wsl/portfile

# /usr/openv/wmc/bin/install/configurePorts -shutdownPort 8205

Old Shutdown Port: 8205

New Shutdown Port: 8205

# ls -l /usr/openv/var/global/wsl/portfile

-rw-rw---- 1 root test_grp2 77 Mar 18  2016 /usr/openv/var/global/wsl/portfile

 

Clustered Master Server: Inactive Node:

1. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.

echo "WEBSVC_USER"="<NEW_USER_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

echo "WEBSVC_GROUP"="<NEW_GROUP_NAME>" | /usr/openv/netbackup/bin/admincmd/bpsetconfig

2. Edit lines 28 and 29 in /usr/openv/wmc/bin/setenv

28 USERID=<NEW_USER_NAME>

29 GRPID=<NEW_GROUP_NAME>

3. Run the setupWmc command to configure the NetBackup web server (nbwmc) service.

/usr/openv/wmc/bin/install/setupWmc

 

 

Was this content helpful?