Re: amandahostauth failed
On Tue, 8 Jan 2002, David T. Smith wrote: Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? = amcheck: debug 1 pid 15377 ruid 504 euid 0 start time Tue Jan 8 09:23:36 2002 amcheck: dgram_bind: socket bound to 0.0.0.0.761 amcheck: pid 15377 finish time Tue Jan 8 09:23:42 2002 = I don't know what I'm looking for here. The real user id is correct, I assume the effective user id is also ok? Socket bound to 0.0.0.0.761 is a mystery to me, and I don't see any errors. --charlie -- Charles Farinella Appropriate Solutions, Inc. www.AppropriateSolutions.com[EMAIL PROTECTED] 603.924.6079(v) 603.924.8668(f)
Re: amandahostauth failed
On Tue, 8 Jan 2002 at 1:01pm, Charles Farinella wrote On Tue, 8 Jan 2002, David T. Smith wrote: Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? = amcheck: debug 1 pid 15377 ruid 504 euid 0 start time Tue Jan 8 09:23:36 2002 amcheck: dgram_bind: socket bound to 0.0.0.0.761 amcheck: pid 15377 finish time Tue Jan 8 09:23:42 2002 = I don't know what I'm looking for here. The real user id is correct, I assume the effective user id is also ok? Socket bound to 0.0.0.0.761 is a mystery to me, and I don't see any errors. How about selfcheck*debug? -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: amandahostauth failed
Folks-
I have been following this thread closely, as last weekend I upgraded a
redhat 6.2 box to 7.1 and am now getting the same errors. I am now
getting during this during client checks:
Amanda Backup Client Hosts Check
ERROR: 7.1box: [can not access /dev/sdd1 (sdd1): Permission denied]
ERROR: 7.1box: [can not access /dev/sdc1 (sdc1): Permission denied]
ERROR: 7.1box: [can not access /dev/sdb1 (sdb1): Permission denied]
ERROR: 7.1box: [can not access /dev/sda5 (sda5): Permission denied]
ERROR: 7.1box: [can not access /dev/sda1 (sda1): Permission denied]
ERROR: 7.1box: [can not access /dev/sda6 (sda6): Permission denied]
ERROR: 7.1box: [can not read/write /etc/dumpdates: Permission denied]
Client check: 8 hosts checked in 0.604 seconds, 7 problems found
Everything was working correctly before, but I double checked the
.amandahosts file was properly set up, I also checked file permissions of
the devices and /etc/dumpdates. I didn't find anything useful to go on in
/tmp/amanda/ and chkconfig shows amanda as being on.
I verified xinetd which includes what everyone in other postings seems to
have:
service amanda
{
socket_type = dgram
protocol= udp
wait= yes
user= ambackup
server = /usr/local/libexec/amandad
disable = no
}
I even tried what John Jackson suggested by running common-src/security
(which is a great utility to know about!), but it says everything checks
out.
Was there a solution to this thread?? If so, it wasn't in the archives and
I missed seeing the post. If not, does anyone have any other ideas, I
seem to have hit a wall here.
TIA...
-Aaron
Re: amandahostauth failed
I knew it was something easy I was over looking. Thanx for the help. If
you are ever in the bay area, I owe ya a beer!
-Aaron
On Fri, 25 Jan 2002, John R. Jackson wrote:
ERROR: 7.1box: [can not access /dev/sdd1 (sdd1): Permission denied]
...
service amanda
{
socket_type = dgram
protocol= udp
wait= yes
user= ambackup
server = /usr/local/libexec/amandad
disable = no
}
Your missing groups = yes, which will run amandad in all the groups
you have it associated with in /etc/groups, not just the primary group
in /etc/passwd. My guess is you tried to give access to the devices
(and /etc/dumpdates) by group membership, which is perfectly reasonable,
but the xinetd folks screwed you up.
-Aaron
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
Re: amandahostauth failed
ERROR: 7.1box: [can not access /dev/sdd1 (sdd1): Permission denied]
...
service amanda
{
socket_type = dgram
protocol= udp
wait= yes
user= ambackup
server = /usr/local/libexec/amandad
disable = no
}
Your missing groups = yes, which will run amandad in all the groups
you have it associated with in /etc/groups, not just the primary group
in /etc/passwd. My guess is you tried to give access to the devices
(and /etc/dumpdates) by group membership, which is perfectly reasonable,
but the xinetd folks screwed you up.
-Aaron
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
Re: amandahostauth failed
Hi, aditionally reading the errormessage your .amandahosts would have to contain hostname.comamandauser Hope it helps C.Scheeder Joshua Baker-LePain schrieb: On Mon, 7 Jan 2002 at 5:08pm, Charles Farinella wrote ERROR: localhost.localdomain: [access as amandauser not allowed from [EMAIL PROTECTED]] amandahostsauth failed I have created a .amandahosts file with the following entry: localhost.localdomain amandauser You've got some DNS oddness going on. The canonical answer is to always use fully qualified hostnames with AMANDA -- don't use localhost. It *will* eventually bite you. Also, make sure that your .amandahosts file is in the right place (the $HOME of amandauser) and is readable by amandauser (duh). -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: amandahostauth failed
On Mon, 7 Jan 2002, Joshua Baker-LePain wrote: As suggested we have fixed our .amandahosts file to reflect the fully qualified hostname. Now I get the following: Amanda Backup Client Hosts Check ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p7 (/dev/rd/c0d0p7): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p2 (/dev/rd/c0d0p2): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p6 (/dev/rd/c0d0p6): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p1 (/dev/rd/c0d0p1): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p5 (/dev/rd/c0d0p5): Permission denied] ERROR: localhost.localdomain: [can not read/write /etc/dumpdates: Permission denied] Client check: 1 host checked in 0.019 seconds, 6 problems found This is my first attempt at installing Amanda, so I am unsure of what this means. Who 's permissions are denied? The amandauser has access to the devices in question, the program was built with proper (I think) configuration, the amcheck script has the following permissions: -rwsr-x--- 1 root amandauser There are two of us here who are a little lost. Thanks for the previous help. --charlie On Mon, 7 Jan 2002 at 5:08pm, Charles Farinella wrote ERROR: localhost.localdomain: [access as amandauser not allowed from [EMAIL PROTECTED]] amandahostsauth failed I have created a .amandahosts file with the following entry: localhost.localdomain amandauser You've got some DNS oddness going on. The canonical answer is to always use fully qualified hostnames with AMANDA -- don't use localhost. It *will* eventually bite you. Also, make sure that your .amandahosts file is in the right place (the $HOME of amandauser) and is readable by amandauser (duh). -- Charles Farinella Appropriate Solutions, Inc. www.AppropriateSolutions.com[EMAIL PROTECTED] 603.924.6079(v) 603.924.8668(f)
Re: amandahostauth failed
Can you repeat which node is the client and which is the server? Your errors seem to reflect a strange configuration: Charles Farinella wrote: On Mon, 7 Jan 2002, Joshua Baker-LePain wrote: As suggested we have fixed our .amandahosts file to reflect the fully qualified hostname. Now I get the following: Amanda Backup Client Hosts Check ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p7 (/dev/rd/c0d0p7): Permission denied] This means that amandauser on localhost.localdomain cannot read/write to /dev/rd/c0d0p7 on localhost.localdomain. But is this really what you want? What does your disklist on the server configuration say? ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p2 (/dev/rd/c0d0p2): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p6 (/dev/rd/c0d0p6): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p1 (/dev/rd/c0d0p1): Permission denied] ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p5 (/dev/rd/c0d0p5): Permission denied] ERROR: localhost.localdomain: [can not read/write /etc/dumpdates: Permission denied] This means that amandauser on localhost.localdomain cannot write to /etc/dumpdates -- you would get this error by default unless you change the permissions on /etc/dumpdates on localhost.localdomain. Client check: 1 host checked in 0.019 seconds, 6 problems found This is my first attempt at installing Amanda, so I am unsure of what this means. Who 's permissions are denied? The amandauser has access to the devices in question, the program was built with proper (I think) configuration, the amcheck script has the following permissions: -rwsr-x---1 root amandauser There are two of us here who are a little lost. Thanks for the previous help. --charlie On Mon, 7 Jan 2002 at 5:08pm, Charles Farinella wrote ERROR: localhost.localdomain: [access as amandauser not allowed from [EMAIL PROTECTED]] amandahostsauth failed I have created a .amandahosts file with the following entry: localhost.localdomainamandauser You've got some DNS oddness going on. The canonical answer is to always use fully qualified hostnames with AMANDA -- don't use localhost. It *will* eventually bite you. Also, make sure that your .amandahosts file is in the right place (the $HOME of amandauser) and is readable by amandauser (duh). -- David T. Smith PGP Fingerprint: 7B01 0086 BC4E C092 5348 B9AE E79A 07F2 9E59 29C2 ph: 1 203 364 1796 fax: 1 203 364 1795 cell: 1 203 770 1685 E-mail [EMAIL PROTECTED]
Re: amandahostauth failed
On Tue, 8 Jan 2002 at 9:43am, Charles Farinella wrote On Mon, 7 Jan 2002, Joshua Baker-LePain wrote: Amanda Backup Client Hosts Check ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p7 (/dev/rd/c0d0p7): Permission denied] *snip* ERROR: localhost.localdomain: [can not read/write /etc/dumpdates: Permission denied] Client check: 1 host checked in 0.019 seconds, 6 problems found This is my first attempt at installing Amanda, so I am unsure of what this means. Who 's permissions are denied? The amandauser has access to the devices in question, the program was built with proper (I think) configuration, the amcheck script has the following permissions: -rwsr-x---1 root amandauser First off, you may want to consider using directory names rather than raw disk partitions -- I've found it awfully useful when, e.g., a disk dies and I have to move a filesystem to a new disk/partition. When using directory names, the history stays intact. Regardless, what *are* the owner/group and permissions on those partitions (the raw devices)? Are you trying to use dump or tar for your backups? BTW, what OS? -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: amandahostauth failed
In a message dated: Tue, 08 Jan 2002 09:43:10 EST Charles Farinella said: As suggested we have fixed our .amandahosts file to reflect the fully qualified hostname. Now I get the following: Amanda Backup Client Hosts Check ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p7 (/dev/rd/c0d0p7): Permission denied] This is my first attempt at installing Amanda, so I am unsure of what this means. Who 's permissions are denied? The amandauser has access to the devices in question, the program was built with proper (I think) configuration, the amcheck script has the following permissions: Charlie, Can you provide the 'ls -l' output for those devices? /dev/rd/c0d0p7 /dev/rd/c0d0p2 /dev/rd/c0d0p6 /dev/rd/c0d0p1 /dev/rd/c0d0p5 Also, can you provide the 'ls -l' output for the /etc/dumpdates file on the client in question. -- Seeya, Paul God Bless America! ...we don't need to be perfect to be the best around, and we never stop trying to be better. Tom Clancy, The Bear and The Dragon
Re: amandahostauth failed
Charlie, Charles Farinella wrote: On Tue, 8 Jan 2002, Paul Lussier wrote: [...] Charlie, Can you provide the 'ls -l' output for those devices? [...] Also, can you provide the 'ls -l' output for the /etc/dumpdates file on the client in question. Paul, brw-rw1 root disk 48, 7 Jan 7 17:14 /dev/rd/c0d0p7 brw-rw1 root disk 48, 6 Aug 30 16:30 /dev/rd/c0d0p6 brw-rw1 root disk 48, 5 Aug 30 16:30 /dev/rd/c0d0p5 brw-rw1 root disk 48, 2 Aug 30 16:30 /dev/rd/c0d0p2 brw-rw1 root disk 48, 1 Aug 30 16:30 /dev/rd/c0d0p1 -rw-rw-r--1 root disk0 Jan 7 17:14 /etc/dumpdates The amandauser is included in the group 'disk', and can touch any of the devices. --charlie If you 'su' to amandauser on the localhost.localdomain, can you write to /etc/dumpdates? Is there another device in /dev with the same major device number but different permissions? Can you do 'dd if=/dev/rd/c0d0p7 of=/dev/null count=1' on the client? DTS -- David T. Smith PGP Fingerprint: 7B01 0086 BC4E C092 5348 B9AE E79A 07F2 9E59 29C2 ph: 1 203 364 1796 fax: 1 203 364 1795 cell: 1 203 770 1685 E-mail [EMAIL PROTECTED]
Re: amandahostauth failed
On Tue, 8 Jan 2002, David T. Smith wrote: If you 'su' to amandauser on the localhost.localdomain, can you write to /etc/dumpdates? Yes. Is there another device in /dev with the same major device number but different permissions? No. Can you do 'dd if=/dev/rd/c0d0p7 of=/dev/null count=1' on the client? Yes. --charlie -- Charles Farinella Appropriate Solutions, Inc. www.AppropriateSolutions.com[EMAIL PROTECTED] 603.924.6079(v) 603.924.8668(f)
Re: amandahostauth failed
Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? Charles Farinella wrote: On Tue, 8 Jan 2002, David T. Smith wrote: If you 'su' to amandauser on the localhost.localdomain, can you write to /etc/dumpdates? Yes. Is there another device in /dev with the same major device number but different permissions? No. Can you do 'dd if=/dev/rd/c0d0p7 of=/dev/null count=1' on the client? Yes. --charlie -- David T. Smith PGP Fingerprint: 7B01 0086 BC4E C092 5348 B9AE E79A 07F2 9E59 29C2 ph: 1 203 364 1796 fax: 1 203 364 1795 cell: 1 203 770 1685 E-mail [EMAIL PROTECTED]
Re: amandahostauth failed
On Tue, 8 Jan 2002, David T. Smith wrote: Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? = amcheck: debug 1 pid 15377 ruid 504 euid 0 start time Tue Jan 8 09:23:36 2002 amcheck: dgram_bind: socket bound to 0.0.0.0.761 amcheck: pid 15377 finish time Tue Jan 8 09:23:42 2002 = I don't know what I'm looking for here. The real user id is correct, I assume the effective user id is also ok? Socket bound to 0.0.0.0.761 is a mystery to me, and I don't see any errors. --charlie -- Charles Farinella Appropriate Solutions, Inc. www.AppropriateSolutions.com[EMAIL PROTECTED] 603.924.6079(v) 603.924.8668(f)
Re: amandahostauth failed
On Tue, 8 Jan 2002 at 1:01pm, Charles Farinella wrote On Tue, 8 Jan 2002, David T. Smith wrote: Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? = amcheck: debug 1 pid 15377 ruid 504 euid 0 start time Tue Jan 8 09:23:36 2002 amcheck: dgram_bind: socket bound to 0.0.0.0.761 amcheck: pid 15377 finish time Tue Jan 8 09:23:42 2002 = I don't know what I'm looking for here. The real user id is correct, I assume the effective user id is also ok? Socket bound to 0.0.0.0.761 is a mystery to me, and I don't see any errors. How about selfcheck*debug? -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: amandahostauth failed
Which system are you looking on? Charles Farinella wrote: On Tue, 8 Jan 2002, David T. Smith wrote: Look in /tmp/amanda on the client for the amandad.*.debug files. They report everything that happens when the amanda server checks or pulls a dump from the client. Is there anything strange in there where it tests those files? = amcheck: debug 1 pid 15377 ruid 504 euid 0 start time Tue Jan 8 09:23:36 2002 amcheck: dgram_bind: socket bound to 0.0.0.0.761 amcheck: pid 15377 finish time Tue Jan 8 09:23:42 2002 = This would be the content of the amcheck.*.debug file on the server (where amcheck was run). The client system would have an amandad.*.debug and a selfcheck.*.debug file. Those will tell us what is going on at the client. If the client and server are the same system, then you should still see the amandad.*.debug and selfcheck.*.debug files. I don't know what I'm looking for here. The real user id is correct, I assume the effective user id is also ok? Socket bound to 0.0.0.0.761 is a mystery to me, and I don't see any errors. --charlie -- David T. Smith PGP Fingerprint: 7B01 0086 BC4E C092 5348 B9AE E79A 07F2 9E59 29C2 ph: 1 203 364 1796 fax: 1 203 364 1795 cell: 1 203 770 1685 E-mail [EMAIL PROTECTED]
Re: amandahostauth failed
Hi, Amanda Backup Client Hosts Check ERROR: localhost.localdomain: [could not access /dev/rd/c0d0p7 is this c/p from you or the amanda output? Greets Tom
Re: amandahostauth failed
On Mon, 7 Jan 2002 at 5:08pm, Charles Farinella wrote ERROR: localhost.localdomain: [access as amandauser not allowed from [EMAIL PROTECTED]] amandahostsauth failed I have created a .amandahosts file with the following entry: localhost.localdomain amandauser You've got some DNS oddness going on. The canonical answer is to always use fully qualified hostnames with AMANDA -- don't use localhost. It *will* eventually bite you. Also, make sure that your .amandahosts file is in the right place (the $HOME of amandauser) and is readable by amandauser (duh). -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
