Enable backup users for ONTAP NDMP authentication
Suggest changes
PDFs
To authenticate SVM-scoped NDMP from the backup application, there must be an administrative user with sufficient privileges and an NDMP password.
You must generate an NDMP password for backup admin users. You can enable backup admin users at the cluster or SVM level, and if necessary, you can create a new user. By default, the users with the following roles can authenticate for NDMP backup:
-
Cluster-wide:
adminorbackup -
Individual SVMs:
vsadminorvsadmin-backup
If you are using an NIS or LDAP user, the user must exist on the respective server. You cannot use an Active Directory user.
-
Display the current admin users and permissions:
security login showLearn more about
security login showin the ONTAP command reference. -
If needed, create a new NDMP backup user with the
security login createcommand and the appropriate role for cluster-wide or individual SVM privileges.You can specify a local backup user name or an NIS or LDAP user name for the
-user-or-group-nameparameter.The following command creates the backup user
backup_admin1with thebackuprole for the entire cluster:cluster1::> security login create -user-or-group-name backup_admin1 -application ssh -authmethod password -role backupThe following command creates the backup user
vsbackup_admin1with thevsadmin-backuprole for an individual SVM:cluster1::> security login create -user-or-group-name vsbackup_admin1 -application ssh -authmethod password -role vsadmin-backupEnter a password for the new user and confirm.
Learn more about
security login createin the ONTAP command reference. -
Generate a password for the admin SVM by using the
vserver services ndmp generate passwordcommand.The generated password must be used to authenticate the NDMP connection by the backup application.
cluster1::> vserver services ndmp generate-password -vserver cluster1 -user backup_admin1 Vserver: cluster1 User: backup_admin1 Password: qG5CqQHYxw7tE57g