Access as localuser not allowed from remoteuser@remotehost: Difference between revisions
No edit summary |
Paul.bijnens (talk | contribs) (reworked) |
||
| Line 3: | Line 3: | ||
There must be something wrong with .amandahosts configuration (or .rhosts, if you have configured --without-amandahosts). | There must be something wrong with .amandahosts configuration (or .rhosts, if you have configured --without-amandahosts). | ||
First, if the USERNAME is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time), check the inetd configuration file: you must have specified the wrong username there. | First, if the USERNAME is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time), check the inetd configuration file: you must have specified the wrong username there. | ||
The file .amandahosts on the client has lines of the format: | |||
hostname username | |||
indicating that user "username" from host "hostname" is allowed to initiate a backup. | |||
Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames. | |||
If the error message says: | |||
Access as backup not allowed from amanda@saturn.example.com | |||
the .amandahosts file on the client needs to contain: | |||
saturn.example.com amanda | |||
The above amcheck message implies that the client has the username "backup" in the inetd entry. | |||
Verify this is the name that is compiled into amanda on the client (look in the /tmp/amanda/amandad.DATETIME.debug file and check the CLIENT_LOGIN value). | |||
Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client. | |||
When using a .rhosts file (i.e. when compiled with --without-amandahosts) that file needs strict permissions, otherwise it is silently ignored. | |||
It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. | |||
The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. | |||
Adjust it: | |||
# chown amanda:disk ~amanda ~amanda/.rhosts | |||
# chmod 600 ~amanda/.rhosts | |||
# chmod 755 ~amanda | |||
Revision as of 20:18, 5 December 2005
--- This text was originally contributed to the AMANDA-FAQ-O-Matic by [email protected]. ---
There must be something wrong with .amandahosts configuration (or .rhosts, if you have configured --without-amandahosts).
First, if the USERNAME is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time), check the inetd configuration file: you must have specified the wrong username there.
The file .amandahosts on the client has lines of the format:
hostname username
indicating that user "username" from host "hostname" is allowed to initiate a backup.
Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames.
If the error message says:
Access as backup not allowed from [email protected]
the .amandahosts file on the client needs to contain:
saturn.example.com amanda
The above amcheck message implies that the client has the username "backup" in the inetd entry. Verify this is the name that is compiled into amanda on the client (look in the /tmp/amanda/amandad.DATETIME.debug file and check the CLIENT_LOGIN value).
Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client.
When using a .rhosts file (i.e. when compiled with --without-amandahosts) that file needs strict permissions, otherwise it is silently ignored. It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. Adjust it:
# chown amanda:disk ~amanda ~amanda/.rhosts # chmod 600 ~amanda/.rhosts # chmod 755 ~amanda