Access as localuser not allowed from remoteuser@remotehost

From wiki.zmanda.com
Revision as of 12:21, 8 December 2005 by Paul.bijnens (talk | contribs) (Reworked)
Jump to navigation Jump to search

--- This text was originally contributed to the AMANDA-FAQ-O-Matic by [email protected]. ---

Amcheck may give this error message: 

Amanda Backup Client Hosts Check
--------------------------------
ERROR: clienthost: [access as localuser not allowed from remoteuser@remotehost]

(x)inetd configuration on the client

First, if the localuser is not what you expect (i.e., not what you have specified in the --with-user flag, at configure time for that client), check the (x)inetd configuration file on the client: you must have specified the wrong username there.

Verify this is the name that is compiled into the Amanda client: look in the amandad debug file in the AMANDA_DBG directory, and verify the CLIENT_LOGIN value).

File .amandahosts or .rhosts on the client

The file .amandahosts on the client has lines of the format: 

 remotehost  remoteuser

indicating that user "remoteuser" from host "remotehost" is allowed to initiate a backup on this client.

Make sure you specify the hostname exactly as it appears in the error message after the `@' sign. You'll need a fully-qualified domain name or not, depending on how your client resolves IP addresses to hostnames.

Depending on the error message saying: 

access as backup not allowed from [email protected]

or 

access as backup not allowed from amanda@saturn

then .amandahosts file on the client needs the first or the second line: 

saturn.example.com  amanda
saturn  amanda

You may add both lines.

Also check the ownership and permissions of .amandahosts. Make sure the dumpuser on the client can read the file. Also check the permissions of all the parent directories up to the root directory for access as the dumpuser on that client.

When using a .rhosts file (i.e. when compiled with --without-amandahosts) that file needs strict permissions, otherwise it is silently ignored. It should be owned by the dumpuser and be unreadeable and unwriteable by anyone else. The home directory of the dumpser should also be unwriteable by anyone except the dumpuser. Adjust it assuming "amanda" is the dumpuser on that client: 

# chown amanda:disk  ~amanda  ~amanda/.rhosts
# chmod 600 ~amanda/.rhosts
# chmod 755 ~amanda
Retrieved from ‘http://wiki.zmanda.com/index.php?title=Access_as_localuser_not_allowed_from_remoteuser@remotehost&oldid=1809