How To:Configure bsdtcp authentication
xinetd configuration
Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.
Template for /etc/xinet.d/amanda file
service amanda { only_from = <Amanda server> socket_type = dgram protocol = udp wait = yes user = <amanda backup user> group = <amanda backup user group id> groups = yes server = <absolute path to amandad> server_args = -auth=bsd amdump disable = no }
Example xinetd.d amanda client service file with backup user - amandabackup
service amanda { only_from = amandaserver.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump disable = no }
Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.
Example of xinetd server entry that used bsd and can do both backup as well as recovery
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump amindexd amidxtaped disable = no }
The bsdtcp authentication requires different xinetd/inetd service entries. The protocol will be tcp. An example bsdtcp authentication xinetd service entry for a machine that can do both backup and recovery (differences with bsd authentication entry is highlighted):
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = stream protocol = tcp wait = no user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdtcp amdump amindexd amidxtaped disable = no }
The bsdudp authentication requires minor modification to xinetd service entry. An example showing differences with bsd authentication entry:
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdudp amdump amindexd amidxtaped disable = no }
.amandahosts configuration
The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.
The format of .amandahosts is
<FQDN of the server> <backup user> <service(s)>
FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).
Example: The .amandahosts file on the Amanda client should have
amandaserver.company.com amandabackup amdump
The .amandahosts file on the Amanda server should have
amandaclient1.company.com amandabackup amindexd amidxtaped