Amrecover:access not allowed.
Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backupthis share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try'amrecover' from the/ directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowedfrom [EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lan root merlin.systematic.lan amanda localhost.localdomain amanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
On Thu, 1 Aug 2002, Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Same principle applies. If you see Access as whatever not allowed from foo@bar, add bar foo to .amandahosts. In this case localhost.localdomain root. -- Nate Eldredge HMC CS Staff [EMAIL PROTECTED]
Re: Amrecover:access not allowed.
hi, for an unknown reason amrecover conects to your server with the name [EMAIL PROTECTED] two solution's are possible: 1.)you'll have to fix your /etc/host or nameservice to show the correct hostname for this box or 2.)add the line localhost.localdomain root to your .amandahosts file. i would suggest the 1st solution as your broken nameservices/hosts probably will bite you again in the future. Christoph Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
On Thursday 01 August 2002 04:02, Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor. Making sure that your setup is consistent as far as users and groups are defined would be a good start. You didn't say whether you were using the rpm's or the tar.gz's, which would also be helpfull. The first thing I do after unpacking a new amanda archive is to do as root, chown -R amanda:disk amanda-version-date Then become user amanda, configure and build it. Then become root again and do the make install, thereby automaticly setting all the perms and such amanda needs to run for backups. For backups, it must be run as the user of the user:group spec above, and will refuse to run for user root. For recoveries, I think those functions must be run as root. Also, using localhost@localdomain will come back to haunt you so please remove that line in addition to the one with the root user specifier. Use the FQDN of the machine when you add another machine even if its the same machine its running on. One other item, samba doesn't keep all the file dates correctly in its local copies. If you are going to do a local copy, and then backup that local copy, rsync does a much better job of doing that copy. -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.09% setiathome rank, not too shabby for a WV hillbilly
Re: Amrecover:access not allowed.
Thanks, I tried that, same error. Do I need to restart anything? Any other suggestions? Something I thought I should mention, I had an amcheck problem a while back, giving the same error, I was told to change the dump user from root to amanda. This brought more problems, and when I changed it back, everything came right. Wierd. Same principle applies. If you see Access as whatever not allowed from foo@bar, add bar foo to .amandahosts. In this case localhost.localdomain root. -- Nate Eldredge HMC CS Staff [EMAIL PROTECTED]
Re: Amrecover:access not allowed.
Thank for the info. /etc/hosts looks fine: *amongst other entries* 192.168.0.2merlin.systematic.lanmerlin One question: How do I fix the name service to show the correct name for this box, is this the named? Thanks, Trevor. p.s. I did add localhost.localdomain root to the .amandahosts file, no change yet. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 10:36 AM Subject: Re: Amrecover:access not allowed. hi, for an unknown reason amrecover conects to your server with the name [EMAIL PROTECTED] two solution's are possible: 1.)you'll have to fix your /etc/host or nameservice to show the correct hostname for this box or 2.)add the line localhost.localdomain root to your .amandahosts file. i would suggest the 1st solution as your broken nameservices/hosts probably will bite you again in the future. Christoph Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
Hi Gene, thank for your help. I used the rpm. Two questions, what is FQDN and does rsync only apply to non-rpm install? Thanks, Trevor. - Original Message - From: Gene Heskett [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 11:55 AM Subject: Re: Amrecover:access not allowed. On Thursday 01 August 2002 04:02, Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor. Making sure that your setup is consistent as far as users and groups are defined would be a good start. You didn't say whether you were using the rpm's or the tar.gz's, which would also be helpfull. The first thing I do after unpacking a new amanda archive is to do as root, chown -R amanda:disk amanda-version-date Then become user amanda, configure and build it. Then become root again and do the make install, thereby automaticly setting all the perms and such amanda needs to run for backups. For backups, it must be run as the user of the user:group spec above, and will refuse to run for user root. For recoveries, I think those functions must be run as root. Also, using localhost@localdomain will come back to haunt you so please remove that line in addition to the one with the root user specifier. Use the FQDN of the machine when you add another machine even if its the same machine its running on. One other item, samba doesn't keep all the file dates correctly in its local copies. If you are going to do a local copy, and then backup that local copy, rsync does a much better job of doing that copy. -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.09% setiathome rank, not too shabby for a WV hillbilly
Re: Amrecover:access not allowed.
Hi, first off all you'll have to find where amrecover/amidxd gets the strange name from. 1.) what result gives the command hostname? it should be merlin or your FQDN. 2.) your /etc/hosts should have the folowing two lines belonging to your computer: 127.0.0.1 localhost 192.168.0.2 merlin.systematic.lan merlin if the first line contains other values: they are bad, so fix it. next do a nslookup on your hostname and your ip-adress. the results should be consistant, if not, fix your dns Christoph Trevor Fraser wrote: Thank for the info. /etc/hosts looks fine: *amongst other entries* 192.168.0.2merlin.systematic.lanmerlin One question: How do I fix the name service to show the correct name for this box, is this the named? Thanks, Trevor. p.s. I did add localhost.localdomain root to the .amandahosts file, no change yet. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 10:36 AM Subject: Re: Amrecover:access not allowed. hi, for an unknown reason amrecover conects to your server with the name [EMAIL PROTECTED] two solution's are possible: 1.)you'll have to fix your /etc/host or nameservice to show the correct hostname for this box or 2.)add the line localhost.localdomain root to your .amandahosts file. i would suggest the 1st solution as your broken nameservices/hosts probably will bite you again in the future. Christoph Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
Hi, thanks. I've followed your advise to the point of nslookup, I get a correct reply for the IP, but for the name 'merlin', I get: Server:192.168.0.1 (which is our DNS server address) Address: 192.168.0.1#53 ** server can't find merlin: NXDOMAIN What does this mean/where should I look for problems? Thanks, Trevor. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 1:35 PM Subject: Re: Amrecover:access not allowed. Hi, first off all you'll have to find where amrecover/amidxd gets the strange name from. 1.) what result gives the command hostname? it should be merlin or your FQDN. 2.) your /etc/hosts should have the folowing two lines belonging to your computer: 127.0.0.1 localhost 192.168.0.2 merlin.systematic.lan merlin if the first line contains other values: they are bad, so fix it. next do a nslookup on your hostname and your ip-adress. the results should be consistant, if not, fix your dns Christoph Trevor Fraser wrote: Thank for the info. /etc/hosts looks fine: *amongst other entries* 192.168.0.2merlin.systematic.lanmerlin One question: How do I fix the name service to show the correct name for this box, is this the named? Thanks, Trevor. p.s. I did add localhost.localdomain root to the .amandahosts file, no change yet. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 10:36 AM Subject: Re: Amrecover:access not allowed. hi, for an unknown reason amrecover conects to your server with the name [EMAIL PROTECTED] two solution's are possible: 1.)you'll have to fix your /etc/host or nameservice to show the correct hostname for this box or 2.)add the line localhost.localdomain root to your .amandahosts file. i would suggest the 1st solution as your broken nameservices/hosts probably will bite you again in the future. Christoph Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
Hi, Trevor Fraser wrote: Hi, thanks. I've followed your advise to the point of nslookup, I get a correct reply for the IP, but for the name 'merlin', I get: Server:192.168.0.1 (which is our DNS server address) Address: 192.168.0.1#53 ^^^ are these 3 characters realy displayed ? Strange ** server can't find merlin: NXDOMAIN NXDOMAIN is an abrevation for non-existent host/domain there seems to be something wrong with the forward-mapping for merlin on your nameserver. Do you have acces to this server? and can you take a look at the zonefiles of named? they should reside somewhere in /etc/bind or /var/named. Christoph What does this mean/where should I look for problems? Thanks, Trevor. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 1:35 PM Subject: Re: Amrecover:access not allowed. Hi, first off all you'll have to find where amrecover/amidxd gets the strange name from. 1.) what result gives the command hostname? it should be merlin or your FQDN. 2.) your /etc/hosts should have the folowing two lines belonging to your computer: 127.0.0.1 localhost 192.168.0.2 merlin.systematic.lan merlin if the first line contains other values: they are bad, so fix it. next do a nslookup on your hostname and your ip-adress. the results should be consistant, if not, fix your dns Christoph Trevor Fraser wrote: Thank for the info. /etc/hosts looks fine: *amongst other entries* 192.168.0.2merlin.systematic.lanmerlin One question: How do I fix the name service to show the correct name for this box, is this the named? Thanks, Trevor. p.s. I did add localhost.localdomain root to the .amandahosts file, no change yet. - Original Message - From: Christoph Scheeder [EMAIL PROTECTED] To: Trevor Fraser [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 10:36 AM Subject: Re: Amrecover:access not allowed. hi, for an unknown reason amrecover conects to your server with the name [EMAIL PROTECTED] two solution's are possible: 1.)you'll have to fix your /etc/host or nameservice to show the correct hostname for this box or 2.)add the line localhost.localdomain root to your .amandahosts file. i would suggest the 1st solution as your broken nameservices/hosts probably will bite you again in the future. Christoph Trevor Fraser wrote: Hello all. Last night my boss gave me a test to see if I can recover lost files before copying everything from his computer to our amanda server( I know we could backup his computer too, but we've chosen to use samba to store files on a share here and backup this share). Anyway, so I couldn't do it, and obviously he isn't impressed. Anyway, the problem comes when I try 'amrecover' from the / directory. The error is: [root@merlin /]# amrecover AMRECOVER Version 2.4.2p2. Contacting server on localhost . . . 220 merlin AMANDA index server (2.4.2p2) ready. 500 Access not allowed: [ access as amanda not allowed from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] amandahostsauth failed [ root@merlin /]# My amanda dumpuser is root, and in amanda, amandaidx and amidxtape are user = amanda. My .amandahost looks like this: merlin.systematic.lanroot merlin.systematic.lanamanda localhost.localdomainamanda The file belong to root:root and has read and write privileges for the user owner only. I've read the FAQ's and saw a similar problem, but with regard to amcheck. I can amcheck and amdump fine. What is the next step in troubleshooting? Thanks, Trevor.
Re: Amrecover:access not allowed.
On Thursday 01 August 2002 07:13, Trevor Fraser wrote: Hi Gene, thank for your help. I used the rpm. Two questions, what is FQDN and does rsync only apply to non-rpm install? FQDN=Fully Qualified Doman Name. This doesn't have to be registered anyplace but the /etc/hosts files on the machines of your subnet as long as /etc/host.conf sets the search order to hosts,dns. I'm a bit lazy, and thats a lot easier than setting up a dns entry for it. The whole point being thats its a unique name and it translates to THAT machines nnn.nnn.nnn.nnn address, whereas every machine probably has a localhost@localdomain that alias's to 127.0.0.0, and thats whats known as a Bad Thing(TM) when you really meant that machine over there in the corner. :-) rsync isn't fussy, you can build it or use the rpm. I use it here in exactly that scenario as I keep several of the directories on my firewall machine mirrored here. rsync is very efficient in that it actually moves only that which has changed. If you update a file, adding 20 bytes to the middle of it, rsync, after doing the compare, moves those 20 bytes. It takes it about 10 minutes to scan and update a couple of gigs worth of stuff here, over a 10base-T network. Normally that machines monitor isn't turned on for days at a time, so other than up2date or gnorpm keeping the security stuff up to date, theres not a lot of activity. rsync is fairly security consious, so getting the setups on both machines to the point of its being a crontab job will take some reading and a few sessions with vim, but once thats done cron will take care of it from there and you can convieniently forget it. IIRC from the previous messages in this thread, you are still running amanda as root, and thats another no-no. IIRC the backup stuff will only run as the user amanda. If it won't run as amanda, then you need to add the user 'amanda', and if its the rpm's, make her a member of the group 'disk'. Getting all the perms setup is a one time job though. Unless you've changed the owner:group of some of the rpm's contents, this should all work. I guess thats one of the reasons I like the tarballs, you unpack them as root, chown the whole directory tree to amanda:disk, become amanda and build it, then install as root. That takes care of *all* the perms problems. Amanda has her own way of becoming root when she needs root perms to do something. My crontab entries to run her are in amanda's crontab, not roots. -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.09% setiathome rank, not too shabby for a WV hillbilly
Re: Amrecover:access not allowed.
On Thursday 01 August 2002 08:57, Trevor Fraser wrote: Hi, thanks. I've followed your advise to the point of nslookup, I get a correct reply for the IP, but for the name 'merlin', I get: Server:192.168.0.1 (which is our DNS server address) Address: 192.168.0.1#53 ** server can't find merlin: NXDOMAIN What does this mean/where should I look for problems? Hummm, [root@coyote named]# nslookup gene Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 192.168.1.1 Address:192.168.1.1#53 ** server can't find gene: NXDOMAIN Which is *almost* exaclty what I get here. But as noted above, be aware that nslookup is a deprecated utility, and that dig or host has replaced it. In my checks here just this instant, 'dig gene' returns the ip address of the machine gene, and 'dig coyote' similarly returns the ip of that machine. I did a cat * on the contents of the /var/named dir on my firewall machine and no local records returned any ip numbers, so my hosts file is doing it all. Oddly, the 'host gene', etc, returns the NXDOMAIN error as above. OTOH, I'm NOT a bind expert, I'm home and haven't carried a briefcase in months. (based on an expert being someone who is at least 50 miles from home and carrying a briefcase :) [...] -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.09% setiathome rank, not too shabby for a WV hillbilly