Skip to main content

Enable a backup user for NDMP authentication

Contributors netapp-aoife

To authenticate SVM-scoped NDMP from the backup application, there must be an administrative user with sufficient privileges and an NDMP password.

About this task

You must generate an NDMP password for backup admin users. You can enable backup admin users at the cluster or SVM level, and if necessary, you can create a new user. By default, the users with the following roles can authenticate for NDMP backup:

  • Cluster-wide: admin or backup

  • Individual SVMs: vsadmin or vsadmin-backup

If you are using an NIS or LDAP user, the user must exist on the respective server. You cannot use an Active Directory user.

Steps
  1. Display the current admin users and permissions:

    security login show

  2. If needed, create a new NDMP backup user with the security login create command and the appropriate role for cluster-wide or individual SVM privileges.

    You can specify a local backup user name or an NIS or LDAP user name for the -user-or-group-name parameter.

    The following command creates the backup user backup_admin1 with the backup role for the entire cluster:

    cluster1::> security login create -user-or-group-name backup_admin1 -application ssh -authmethod password -role backup

    The following command creates the backup user vsbackup_admin1 with the vsadmin-backup role for an individual SVM:

    cluster1::> security login create -user-or-group-name vsbackup_admin1 -application ssh -authmethod password -role vsadmin-backup

    Enter a password for the new user and confirm.

  3. Generate a password for the admin SVM by using the vserver services ndmp generate password command.

    The generated password must be used to authenticate the NDMP connection by the backup application.

    cluster1::> vserver services ndmp generate-password -vserver cluster1 -user backup_admin1
    
     Vserver: cluster1
        User: backup_admin1
    Password: qG5CqQHYxw7tE57g