Access as localuser not allowed from remoteuser@remotehost: Difference between revisions
Paul.bijnens (talk | contribs) (reworked) |
Paul.bijnens (talk | contribs) (Reworked) |
||
| Line 1: | Line 1: | ||
--- This text was originally contributed to the AMANDA-FAQ-O-Matic by [email protected]. --- | --- This text was originally contributed to the AMANDA-FAQ-O-Matic by [email protected]. --- | ||
[[Amcheck]] may give this error message: | |||
First, if the | Amanda Backup Client Hosts Check | ||
-------------------------------- | |||
ERROR: clienthost: [access as ''localuser'' not allowed from ''remoteuser''@''remotehost''] | |||
===(x)inetd configuration on the client=== | |||
First, if the ''localuser'' is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time for that client), check the (x)inetd configuration file on the client: you must have specified the wrong username there. | |||
Verify this is the name that is compiled into the Amanda client: look in the amandad debug file in the [[Amanda_log_files#Log_and_Debug_Files_on_the_Backup_Client|AMANDA_DBG]] directory, and verify the CLIENT_LOGIN value). | |||
===File .amandahosts or .rhosts on the client=== | |||
The file .amandahosts on the client has lines of the format: | The file .amandahosts on the client has lines of the format: | ||
remotehost remoteuser | |||
indicating that user " | indicating that user "remoteuser" from host "remotehost" is allowed to initiate a backup on this client. | ||
Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames. | Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames. | ||
Depending on the error message saying: | |||
access as backup not allowed from [email protected] | |||
or | |||
access as backup not allowed from amanda@saturn | |||
then .amandahosts file on the client needs the first or the second line: | |||
saturn.example.com amanda | saturn.example.com amanda | ||
saturn amanda | |||
You may add both lines. | |||
Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client. | Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client. | ||
| Line 29: | Line 43: | ||
It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. | It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. | ||
The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. | The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. | ||
Adjust it: | Adjust it assuming "amanda" is the dumpuser on that client: | ||
# chown amanda:disk ~amanda ~amanda/.rhosts | # chown amanda:disk ~amanda ~amanda/.rhosts | ||
# chmod 600 ~amanda/.rhosts | # chmod 600 ~amanda/.rhosts | ||
# chmod 755 ~amanda | # chmod 755 ~amanda | ||
Revision as of 12:21, 8 December 2005
--- This text was originally contributed to the AMANDA-FAQ-O-Matic by [email protected]. ---
Amcheck may give this error message:
Amanda Backup Client Hosts Check -------------------------------- ERROR: clienthost: [access as localuser not allowed from remoteuser@remotehost]
(x)inetd configuration on the client
First, if the localuser is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time for that client), check the (x)inetd configuration file on the client: you must have specified the wrong username there.
Verify this is the name that is compiled into the Amanda client: look in the amandad debug file in the AMANDA_DBG directory, and verify the CLIENT_LOGIN value).
File .amandahosts or .rhosts on the client
The file .amandahosts on the client has lines of the format:
remotehost remoteuser
indicating that user "remoteuser" from host "remotehost" is allowed to initiate a backup on this client.
Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames.
Depending on the error message saying:
access as backup not allowed from [email protected]
or
access as backup not allowed from amanda@saturn
then .amandahosts file on the client needs the first or the second line:
saturn.example.com amanda saturn amanda
You may add both lines.
Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client.
When using a .rhosts file (i.e. when compiled with --without-amandahosts) that file needs strict permissions, otherwise it is silently ignored. It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. Adjust it assuming "amanda" is the dumpuser on that client:
# chown amanda:disk ~amanda ~amanda/.rhosts # chmod 600 ~amanda/.rhosts # chmod 755 ~amanda