How To:Configure bsdtcp authentication: Difference between revisions
No edit summary |
|||
Line 25: | Line 25: | ||
socket_type = dgram | socket_type = dgram | ||
protocol = udp | protocol = udp | ||
wait = | wait = yes | ||
user = amandabackup | user = amandabackup | ||
group = disk | group = disk | ||
Line 42: | Line 42: | ||
socket_type = dgram | socket_type = dgram | ||
protocol = udp | protocol = udp | ||
wait = | wait = yes | ||
user = amandabackup | user = amandabackup | ||
group = disk | group = disk | ||
Line 51: | Line 51: | ||
} | } | ||
The ''bsdtcp'' authentication requires different xinetd/inetd service entries. The protocol will be ''tcp''. An example ''bsdtcp'' authentication xinetd service entry for a machine that can do both backup and recovery (differences with ''bsd'' authentication entry is highlighted): | |||
service amanda | |||
{ | |||
only_from = amandaserver.company.com amandaclient.company.com | |||
socket_type = '''stream''' | |||
protocol = '''tcp''' | |||
wait = '''no''' | |||
user = amandabackup | |||
group = disk | |||
groups = yes | |||
server = /usr/lib/amanda/amandad | |||
server_args = -auth='''bsdtcp''' amdump amindexd amidxtaped | |||
disable = no | |||
} | |||
The ''bsdudp'' authentication requires minor modification to xinetd service entry. An example showing differences with ''bsd'' authentication entry: | |||
service amanda | |||
{ | |||
only_from = amandaserver.company.com amandaclient.company.com | |||
socket_type = dgram | |||
protocol = udp | |||
wait = yes | |||
user = amandabackup | |||
group = disk | |||
groups = yes | |||
server = /usr/lib/amanda/amandad | |||
server_args = -auth='''bsdudp''' amdump amindexd amidxtaped | |||
disable = no | |||
} | |||
==.amandahosts configuration== | ==.amandahosts configuration== |
Revision as of 00:29, 20 June 2006
xinetd configuration
Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.
Template for /etc/xinet.d/amanda file
service amanda { only_from = <Amanda server> socket_type = dgram protocol = udp wait = yes user = <amanda backup user> group = <amanda backup user group id> groups = yes server = <absolute path to amandad> server_args = -auth=bsd amdump disable = no }
Example xinetd.d amanda client service file with backup user - amandabackup
service amanda { only_from = amandaserver.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump disable = no }
Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.
Example of xinetd server entry that used bsd and can do both backup as well as recovery
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump amindexd amidxtaped disable = no }
The bsdtcp authentication requires different xinetd/inetd service entries. The protocol will be tcp. An example bsdtcp authentication xinetd service entry for a machine that can do both backup and recovery (differences with bsd authentication entry is highlighted):
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = stream protocol = tcp wait = no user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdtcp amdump amindexd amidxtaped disable = no }
The bsdudp authentication requires minor modification to xinetd service entry. An example showing differences with bsd authentication entry:
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdudp amdump amindexd amidxtaped disable = no }
.amandahosts configuration
The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.
The format of .amandahosts is
<FQDN of the server> <backup user> <service(s)>
FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).
Example: The .amandahosts file on the Amanda client should have
amandaserver.company.com amandabackup amdump
The .amandahosts file on the Amanda server should have
amandaclient1.company.com amandabackup amindexd amidxtaped