How To:Configure bsdtcp authentication

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)
Revision as of 22:51, 19 June 2006 by Paddy (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

xinetd configuration

Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.

Template for /etc/xinet.d/amanda file

 service amanda
 {
       only_from               = <Amanda server>
       socket_type             = dgram
       protocol                = udp
       wait                    = yes
       user                    = <amanda backup user>
       group                   = <amanda backup user group id>
       groups                  = yes
       server                  = <absolute path to amandad>
       server_args             = -auth=bsd amdump
       disable                 = no
 }

Example xinetd.d amanda client service file with backup user - amandabackup

service amanda
{
       only_from       = amandaserver.company.com
       socket_type     = dgram
       protocol        = udp
       wait            = no
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsd amdump
       disable         = no 
}

Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.

Example of xinetd server entry that used bsd and can do both backup as well as recovery

service amanda
{
       only_from       = amandaserver.company.com amandaclient.company.com
       socket_type     = dgram
       protocol        = udp
       wait            = no
       user            = amandabackup
       group           = disk
       groups          = yes
       server          = /usr/lib/amanda/amandad
       server_args     = -auth=bsd amdump amindexd amidxtaped
       disable         = no 
}


.amandahosts configuration

The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.

The format of .amandahosts is

<FQDN of the server> <backup user> <service(s)>

FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).

Example: The .amandahosts file on the Amanda client should have

amandaserver.company.com amandabackup amdump 

The .amandahosts file on the Amanda server should have

amandaclient1.company.com amandabackup amindexd amidxtaped