How To:Configure bsdtcp authentication: Difference between revisions

xinetd configuration

Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.

Template for /etc/xinet.d/amanda file

 service amanda
 {
       only_from               = <Amanda server>
       socket_type             = dgram
       protocol                = udp
       wait                    = yes
       user                    = <amanda backup user>
       group                   = <amanda backup user group id>
       groups                  = yes
       server                  = <absolute path to amandad>
       server_args             = -auth=bsd amdump
       disable                 = no
 }

Example xinetd.d amanda client service file with backup user - amandabackup

service amanda
{
       only_from       = amandaserver.company.com
       socket_type     = dgram
       protocol        = udp
       wait            = yes
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsd amdump
       disable         = no 
}

Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.

Example of xinetd server entry that used bsd and can do both backup as well as recovery

service amanda
{
       only_from       = amandaserver.company.com amandaclient.company.com
       socket_type     = dgram
       protocol        = udp
       wait            = yes
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsd amdump amindexd amidxtaped
       disable         = no 
}

The bsdtcp authentication requires different xinetd/inetd service entries. The protocol will be tcp. An example bsdtcp authentication xinetd service entry for a machine that can do both backup and recovery (differences with bsd authentication entry is highlighted):

service amanda
{
       only_from       = amandaserver.company.com amandaclient.company.com
       socket_type     = stream
       protocol        = tcp
       wait            = no
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsdtcp amdump amindexd amidxtaped
       disable         = no 
}

The bsdudp authentication requires minor modification to xinetd service entry. An example showing differences with bsd authentication entry:

service amanda
{
       only_from       = amandaserver.company.com amandaclient.company.com
       socket_type     = dgram
       protocol        = udp
       wait            = yes
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsdudp amdump amindexd amidxtaped
       disable         = no 
}

.amandahosts configuration

The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.

The format of .amandahosts is

<FQDN of the server> <backup user> <service(s)>

FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).

Example: The .amandahosts file on the Amanda client should have

amandaserver.company.com amandabackup amdump 

The .amandahosts file on the Amanda server should have

amandaclient1.company.com amandabackup amindexd amidxtaped