Veritas NetBackup™ Commands Reference Guide

Last Published:
Product(s): NetBackup (8.1)
  1. Introduction
    1.  
      About NetBackup commands
    2.  
      Navigating multiple menu levels
    3.  
      NetBackup command conventions
    4.  
      NetBackup Media Manager command notes
  2. Appendix A. NetBackup Commands
    1.  
      acsd
    2.  
      add_media_server_on_clients
    3.  
      backupdbtrace
    4.  
      backuptrace
    5.  
      bmrc
    6.  
      bmrconfig
    7.  
      bmrepadm
    8.  
      bmrprep
    9.  
      bmrs
    10.  
      bmrsrtadm
    11.  
      bp
    12.  
      bparchive
    13.  
      bpbackup
    14.  
      bpbackupdb
    15.  
      bpcatarc
    16.  
      bpcatlist
    17.  
      bpcatres
    18.  
      bpcatrm
    19.  
      bpcd
    20.  
      bpchangeprimary
    21.  
      bpclient
    22.  
      bpclimagelist
    23.  
      bpclntcmd
    24.  
      bpclusterutil
    25.  
      bpcompatd
    26.  
      bpconfig
    27.  
      bpdbjobs
    28.  
      bpdbm
    29.  
      bpdgclone
    30.  
      bpdown
    31.  
      bpduplicate
    32.  
      bperror
    33.  
      bpexpdate
    34.  
      bpfis
    35.  
      bpflist
    36.  
      bpgetconfig
    37.  
      bpgetdebuglog
    38.  
      bpimage
    39.  
      bpimagelist
    40.  
      bpimmedia
    41.  
      bpimport
    42.  
      bpinst
    43.  
      bpkeyfile
    44.  
      bpkeyutil
    45.  
      bplabel
    46.  
      bplist
    47.  
      bpmedia
    48.  
      bpmedialist
    49.  
      bpminlicense
    50.  
      bpnbat
    51.  
      bpnbaz
    52.  
      bppficorr
    53.  
      bpplcatdrinfo
    54.  
      bpplclients
    55.  
      bppldelete
    56.  
      bpplinclude
    57.  
      bpplinfo
    58.  
      bppllist
    59.  
      bpplsched
    60.  
      bpplschedrep
    61.  
      bppolicynew
    62.  
      bpps
    63.  
      bprd
    64.  
      bprecover
    65.  
      bprestore
    66.  
      bpretlevel
    67.  
      bpschedule
    68.  
      bpschedulerep
    69.  
      bpsetconfig
    70.  
      bpstsinfo
    71.  
      bpstuadd
    72.  
      bpstudel
    73.  
      bpstulist
    74.  
      bpsturep
    75.  
      bptestbpcd
    76.  
      bptestnetconn
    77.  
      bptpcinfo
    78.  
      bpup
    79.  
      bpverify
    80.  
      cat_convert
    81.  
      cat_export
    82.  
      cat_import
    83.  
      configurePorts
    84.  
      create_nbdb
    85.  
      csconfig cldinstance
    86.  
      csconfig cldprovider
    87.  
      csconfig meter
    88.  
      csconfig throttle
    89.  
      duplicatetrace
    90.  
      importtrace
    91.  
      jbpSA
    92.  
      jnbSA
    93.  
      ltid
    94.  
      manageClientCerts
    95.  
      mklogdir
    96.  
      nbauditreport
    97.  
      nbcatsync
    98.  
      NBCC
    99.  
      NBCCR
    100.  
      nbcertcmd
    101.  
      nbcertupdater
    102.  
      nbcldutil
    103.  
      nbcomponentupdate
    104.  
      nbcplogs
    105.  
      nbdb_admin
    106.  
      nbdb_backup
    107.  
      nbdb_move
    108.  
      nbdb_ping
    109.  
      nbdb_restore
    110.  
      nbdb_unload
    111.  
      nbdbms_start_server
    112.  
      nbdbms_start_stop
    113.  
      nbdc
    114.  
      nbdecommission
    115.  
      nbdelete
    116.  
      nbdeployutil
    117.  
      nbdevconfig
    118.  
      nbdevquery
    119.  
      nbdiscover
    120.  
      nbdna
    121.  
      nbemm
    122.  
      nbemmcmd
    123.  
      nbexecute
    124.  
      nbfindfile
    125.  
      nbfirescan
    126.  
      nbftadm
    127.  
      nbftconfig
    128.  
      nbgetconfig
    129.  
      nbhba
    130.  
      nbholdutil
    131.  
      nbhostidentity
    132.  
      nbhostmgmt
    133.  
      nbhypervtool
    134.  
      nbjm
    135.  
      nbkmsutil
    136.  
      nboraadm
    137.  
      nborair
    138.  
      nbpem
    139.  
      nbpemreq
    140.  
      nbperfchk
    141.  
      nbplupgrade
    142.  
      nbrb
    143.  
      nbrbutil
    144.  
      nbregopsc
    145.  
      nbreplicate
    146.  
      nbrestorevm
    147.  
      nbseccmd
    148.  
      nbsetconfig
    149.  
      nbsnapimport
    150.  
      nbsnapreplicate
    151.  
      nbsqladm
    152.  
      nbstl
    153.  
      nbstlutil
    154.  
      nbstop
    155.  
      nbsu
    156.  
      nbsvrgrp
    157.  
      resilient_clients
    158.  
      restoretrace
    159.  
      stopltid
    160.  
      tl4d
    161.  
      tl8d
    162.  
      tl8cd
    163.  
      tldd
    164.  
      tldcd
    165.  
      tlhd
    166.  
      tlhcd
    167.  
      tlmd
    168.  
      tpautoconf
    169.  
      tpclean
    170.  
      tpconfig
    171.  
      tpext
    172.  
      tpreq
    173.  
      tpunmount
    174.  
      verifytrace
    175.  
      vltadm
    176.  
      vltcontainers
    177.  
      vlteject
    178.  
      vltinject
    179.  
      vltoffsitemedia
    180.  
      vltopmenu
    181.  
      vltrun
    182.  
      vmadd
    183.  
      vmchange
    184.  
      vmcheckxxx
    185.  
      vmd
    186.  
      vmdelete
    187.  
      vmoprcmd
    188.  
      vmphyinv
    189.  
      vmpool
    190.  
      vmquery
    191.  
      vmrule
    192.  
      vmupdate
    193.  
      vnetd
    194.  
      vxlogcfg
    195.  
      vxlogmgr
    196.  
      vxlogview
    197.  
      W2KOption

Name

nbseccmd — run the NetBackup Security Configuration service utility

SYNOPSIS

nbseccmd -drpkgpassphrase

nbseccmd - getsecurityconfig -insecurecommunication | -autoaddhostmapping [-masterserver master_server_name]

nbseccmd - setsecurityconfig -insecurecommunication on|off | -autoaddhostmapping on|off [-masterserver master_server_name]

nbseccmd -setuptrustedmaster -add | -update | -remove -masterserver master_server_name -remotemasterserver remote_master_server -domainname domain_name -username username -fpfile filename

nbseccmd -setuptrustedmaster - add | -update | -remove -info answer_file

nbseccmd -help

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/admincmd/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\admincmd\

DESCRIPTION

Use the nbseccmd command to establish trust relationships among various master servers.

Note:

If the source or the target master server version is NetBackup 8.0 or earlier, please refer to the NetBackup Commands Guide for 8.0 or earlier. The command has undergone a number of changes for NetBackup 8.1.

Note:

You must have root or administrator permissions to use this command if NetBackup Access Control (NBAC) is enabled.

OPTIONS

-autoaddhostmapping [on|off]

Use this option to manage the addition of host ID to the host name or the IP addresses that the master server automatically detects.

Hosts may have multiple host names or IP addresses associated with them. For successful communication among hosts, all relevant host names and IP addresses must be mapped to the respective host IDs. During communication, NetBackup may detect new host names or IP addresses with respect to a host ID.

When you use the -getsecurityconfig, the option takes no parameters, and reports the current setting for the -autoaddhostmapping value.

When you used the -setsecurityconfig option, this option enables or disables automatic host mapping. Use the on parameter to automatically map the host ID to the host name or the IP addresses detected. Disable this action with the off parameter.

-domainname domain_name

Specifies the domain to which the user that is specified in -username belongs. You are prompted to enter a password to validate the credentials of the remote master server host.

-drpkgpassphrase

The -drpkgpassphrase option is used to specify the passphrase that is used to encrypt disaster recovery packages. If a passphrase already exists, it is overwritten.

Note:

You must set the passphrase for successful catalog backups. Failure to set the passphrase results in failed catalog backups.

The disaster recovery package stores the identity of the NetBackup master server and is created during each catalog backup.

These packages are encrypted with the passphrase that you specify here. You must provide this passphrase when you reinstall NetBackup on the master server after a disaster.

Before using this command, you must run the bpnbat command to log on:

bpnbat -login -loginType WEB

When you set the passphrase, please note:

  • Passphrase must contain a minimum of eight characters and a maximum of 20 characters.

  • The existing passphrase and the new passphrase must be different.

  • You must be an authorized user with administrator or root privileges or you must be an Enhanced Auditing user to run the nbseccmd -drpkgpassphrase command.

  • Only the characters that are listed are supported for the passphrase:

    • White spaces

    • Uppercase and lowercase characters (A to Z, a to z)

    • Numbers (0 to 9)

    • The special characters shown: ~ ! @ # $ % ^ & * ( ) _ + - = ' { } [ ] | : ; ' " , . / ? < >

    Caution:

    If you enter an unsupported character, you may face issues during disaster recovery package restore. The passphrase may not be validated and you may not be able to restore the disaster recovery package.

-fpfile filename

This option accepts the root certificate fingerprint information that is required for validating the root certificate of the remote master server. You can store the fingerprint details in a text file.

-getsecurityconfig -autoaddhostmapping | -insecurecommunication

Use this option to get the security configuration information for NetBackup. When you use the -autoaddhostmapping option, you get the value for the -autoaddhostmapping option. When you use the -insecurecommunication option, you get the value for the -insecurecommunication option.

-info answerfile

The -info option accepts the information that is required for setting up a trusted master server. The information is stored in an answer file, which is a text file. It contains the following entries:

masterserver:
remotemasterserver:
trusttype:
domainname:
username:
password:
token:
fpfile:

The password is optional in the answer file. If you do not provide a password, you are prompted for the password when you run the command.

Note:

The trusttype value is valid only for master servers at version 8.0 and earlier. Possible values for trusttype are mutualtrust, remoteonly, and localonly. The trusttype of localonly does not require a domain name or user credentials.

The entries in your answer file must match the format that is shown in the example.

Example sample file:

masterserver:testmaster1
remotemasterserver:testmaster2
trusttype:mutualtrust
domainname:testdomain
username:Administrator
password:abc123
-insecurecommunication [on | off]

Use this option to manage insecure communication within your NetBackup environment. The on parameter enables insecure communication with all NetBackup hosts that are present in the NetBackup environment. Disable insecure communication with the off parameter.

Veritas implemented new security features in 8.1 which are not present in NetBackup 8.0 and earlier. NetBackup communicates with 8.0 and earlier hosts insecurely. For increased security, upgrade all your hosts to the current version of NetBackup, and then use this option with the on parameter. This action ensures that only secure communication is possible between NetBackup hosts.

-masterserver master_server_name

Specifies the name of the master server that the user has logged into. Auto Image Replication uses this name for the current master server or the source master server.

-remotemasterserver remote_master_server

Specifies the name of the remote master server with whom the trust is to be established. Auto Image Replication uses this name for the target master server.

-remoteonly | -localonly | -mutualtrust

Specifies the way that a trust must be established. Either the local master (source) trusts the remote master (target) or vice versa. If neither of these options is specified, a two-way trust (-mutualtrust) is established.

-setsecurityconfig -autoaddhostmapping | -insecurecommunication

Use this option to set the security configuration information for NetBackup. When you use the -autoaddhostmapping option, you set the behavior for the addition of host names and IP addresses. When you use the -insecurecommunication option, you set the behavior for secure communication.

-setuptrustedmaster -add | -update | -remove

Add, update, or remove inter-domain trust across master servers. To update a trust relationship, run the -update option on both the source and the target server. Both servers must be on version 8.1. or later. You must use the -update option if after you establish a trust, you upgrade the source or the target master server to version 8.1 or later. To remove a trusted master server, the domain, user name, and password are not required.

You must run the bpnbat command to remove a trusted master before you can use the -setuptrustedmaster option. Log on locally on the master server you want to remove and use the bpnbat command as shown: bpnbat -login -loginType WEB

-username username

Specifies the logon user name of the remote master server host. This option is used with the -domainname option. You are prompted to enter a password to validate the credentials of the remote master server host. If you specify only the domain name, you are prompted to enter the Authorization Token of the remote master server.

EXAMPLES

Example 1 - Set up a trusted master server using user credentials.

nbseccmd -setuptrustedmaster -add -masterserver testmaster1
-remotemasterserver testmaster2 -domainname testdomain -username 
Administrator
Password:******

The SHA1 fingerprint of root certificate is 
C7:87:7F:9D:13:B4:67:F6:D9:65:F4:95:EC:DC:D4:50:8C:20:18:BF.

Are you sure you want to continue using this certificate ? (y/n): y

The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server testmaster2.
testdomain.com.
Host certificate received successfully from server testmaster2.
testdomain.com.
Trusted master operation successful.

Example 2 - Set up a trusted master server using authentication token.

nbseccmd -setuptrustedmaster -add -masterserver testmaster1
-remotemasterserver testmaster2 -domainname testdomain
Authorization Token:***** 
The SHA1 fingerprint of root certificate is 
C7:87:7F:9D:13:B4:67:F6:D9:65:F4:95:EC:DC:D4:50:8C:20:18:BF.
Are you sure you want to continue using this certificate ? (y/n): y
The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server testmaster2.
testdomain.com.
Host certificate received successfully from server testmaster2.
testdomain.com.
Trusted master operation successful.

Example 3 - Set up a trusted master server using -fpfile.

nbseccmd -setuptrustedmaster -add -masterserver testmaster1
-remotemasterserver testmaster2 -domainname testdomain -username 
Administrator
-fpfile C:\fp_file

Password:******

The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server testmaster2.
testdomain.com.
Host certificate received successfully from server testmaster2.
testdomain.com.
Trusted master operation successful.

Example 4 - Set up a trusted master server using an answer file.

nbseccmd -setuptrustedmaster -add -info C:\nbseccmd_answerfile.txt

The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server testmaster2.
testdomain.com.
Host certificate received successfully from server testmaster2.
testdomain.com.
Trusted master operation successful.

Example 5 - Update trust after upgrading both the source and master server to version 8.1 and later.

-setuptrustedmaster -update -masterserver testmaster1 -remotemasterserver 
testmaster2
Authorization Token:
Authenticity of root certificate cannot be established.
The SHA1 fingerprint of root certificate is finger_print_details
Are you sure you want to continue using this certificate ? (y/n): y
The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server testmaster2.
Host certificate received successfully from server testmaster2.
Trusted master operation successful

Example 6 - Remove a trusted master server.

-setuptrustedmaster -remove -masterserver testmaster2 -remotemasterserver 
testmaster1

Certificate revoke request processed successfully.
Trusted master operation successful