How To:Configure bsdtcp authentication
These configuration file are valid only Amanda 2.5.1 or later releases.
xinetd/inetd configuration file changes
Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.
Template for /etc/xinet.d/amanda file
service amanda
{
only_from = <Amanda server>
socket_type = dgram
protocol = udp
wait = yes
user = <amanda backup user>
group = <amanda backup user group id>
groups = yes
server = <absolute path to amandad>
server_args = -auth=bsd amdump
disable = no
}
Example xinetd.d amanda client service file with backup user - amandabackup
service amanda
{
only_from = amandaserver.company.com
socket_type = dgram
protocol = udp
wait = yes
user = amandabackup
group = disk
groups = yes
server = /usr/lib/amanda/amandad
server_args = -auth=bsd amdump
disable = no
}
Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.
Example of xinetd server entry that used bsd and can do both backup as well as recovery
service amanda
{
only_from = amandaserver.company.com amandaclient.company.com
socket_type = dgram
protocol = udp
wait = yes
user = amandabackup
group = disk
groups = yes
server = /usr/lib/amanda/amandad
server_args = -auth=bsd amdump amindexd amidxtaped
disable = no
}
The bsdtcp authentication requires different xinetd/inetd service entries. The protocol will be tcp. An example bsdtcp authentication xinetd service entry for a machine that can do both backup and recovery (differences with bsd authentication entry is highlighted):
service amanda
{
only_from = amandaserver.company.com amandaclient.company.com
socket_type = stream
protocol = tcp
wait = no
user = amandabackup
group = disk
groups = yes
server = /usr/lib/amanda/amandad
server_args = -auth=bsdtcp amdump amindexd amidxtaped
disable = no
}
The bsdudp authentication requires minor modification to xinetd service entry. An example showing differences with bsd authentication entry:
service amanda
{
only_from = amandaserver.company.com amandaclient.company.com
socket_type = dgram
protocol = udp
wait = yes
user = amandabackup
group = disk
groups = yes
server = /usr/lib/amanda/amandad
server_args = -auth=bsdudp amdump amindexd amidxtaped
disable = no
}
inetd.conf example
When using inetd, the only_from variable is controlled by your hosts.allow file on the local system. The example below assumes: user=amanda and auth=bsd.
amanda dgram udp wait amanda /usr/local/libexec/amandad amandad -auth=bsd amdump amindexd amidxtaped amandaidx stream tcp nowait amanda /usr/local/libexec/amindexd amindexd -auth=bsd amdump amindexd amidxtaped amidxtape stream tcp nowait amanda /usr/local/libexec/amidxtaped amidxtaped -auth=bsd amdump amindexd amidxtaped
.amandahosts configuration file changes
The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.
The format of .amandahosts is
<FQDN of the server> <backup user> <service(s)>
FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).
Example: The .amandahosts file on the Amanda client should have
amandaserver.company.com amandabackup amdump
The .amandahosts file on the Amanda server should have
amandaclient1.company.com root amindexd amidxtaped