Use Preferred Group for Enhanced Authorization
The Use Preferred Group for Enhanced Authorization setting specifies the domain group name that is passed by this computer to the server when NetBackup-user authorization is used. The default is the user's primary domain\group. The Use Preferred Group for Enhanced Authorization entry is intended specifically for use with NetBackup enhanced authorization. The entry is case sensitive and must be in the form domain\group. For example:
NTDOMAINNAME\Backup Operators
When Use Preferred Group for Enhanced Authorization is specified, Windows global groups are checked to determine if the user is a member of the specified domain\group:
- If the specified domain\group is a global group and the user is a member, then this domain\group value is used.
- If the specified domain\group is a local group or the user is not a member, then the user's primary domain\group is used. Note that if the domain name is an empty string or is the name of the local machine, it is considered to be local.
Some NetBackup processes also use the Use Preferred Group for Enhanced Authorization entry for Media Manager authorization. For more information on this, see "Media Manager Configuration File (vm.conf)" in the NetBackup Media Manager System Administrator's Guide.
Adding a Use Preferred Group for Enhanced Authorization entry in the Universal Settings dialog has the following effect on UNIX and Windows systems:
The PREFERRED_GROUP entry is added to the bp.conf file:
PREFERRED_GROUP = netgroup name
- If the bp.conf configuration file has a PREFERRED_GROUP entry, the innetgr() function is used to determine if the user is in the netgroup (for further details refer to the innetgr man page).
- If the PREFERRED_GROUP entry does not exist or the user is not a member of the netgroup, the local group name is obtained.
Note
Netgroups are not supported for Sequent systems.
|
