Re: [Networker] Peer errors under Networker 7.3
2006-03-03 09:57:58
lemons_terry AT emc DOT com wrote:
One of the changes in V7.3 was a much better security/authentication
mechanism, where SSL credentials are exchanged between NetWorker systems the
first time they talk with each other. It's much better than DNS
forward/backward lookup as a security mechanism.
I had the same problem, and was told to look in NMC in Configuration ->
Local Hosts, and to delete something there. I never could, due to a
permission problem that I couldn't resolve.
I think I may have this on the run but I need more testing. By default
NWC uses 'administrator' as the root account and sets up such an account
in Networker on the server where NWC was installed. This allows NWC to
access and change attributes on the Networker server via NWC. When
installing Linux Networker 7.3 clients the user 'administrator' is NOT
automatically added / listed in the access list for the client. I think
this prevents NWC from automatically handling (updates/add/delete) of
the "NSR peer information" resource on either the client or the server
and results in the errors logged on the server.
The above circumstances appear to be true for a Linux shop where
'administrator' is really 'root'. There appear to be two possible
solutions. Add 'administrator' to the client Admins list or create a new
NWC admin account named 'root' and use that instead of 'administrator'
when adding new clients. This seems to work since on Linux clients
'root' is already in the access list by default. To correct the
situation I did the following:
1) Created a new account 'root' in NWC and make sure that it was in the
NWC Administrators group
2) Logged into NWC using the new 'root' account.
3) In Networker Administration select 'Configuration' and on the Local
Hosts tree delete the client certificates under the server
4) Click / edit the properties of each client to immediately reestablish
a new certificate with the server
So far I'm not seeing any additional peer errors in daemon.log on the
Networker 7.3 server. I gotta say, I'm a bit disappointed at the
assumptions that Networker seems to make that everything will be Windows
based.
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On
Behalf Of Scott Russell
Sent: Friday, March 03, 2006 8:33 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] Peer errors under Networker 7.3
Greets.
On Networker 7.3 I'm seeing lots of the following error in the
daemon.log file on the server:
03/03/06 08:14:55 nsrexecd: SYSTEM error: There is already a machine
using the name: "oddjob.rtp.raleigh.ibm.com". Either choose a different
name for your machine, or delete the "NSR peer information" entry for
"oddjob.rtp.raleigh.ibm.com" on host: "dotbak.raleigh.ibm.com"
The client is 'oddjob' and the server is 'dotbak'. Both systems are
RHEL4 running Networker 7.3. The error appears to be something to do
with authentication and certificate exchange. It does not prevent
backups from happening however.
I'm a bit lost at what it's really telling me. According to page 568 it
appears as if two hosts automatically exchange credentials when they
authenticate with each other for the first time. In this case the
server, dotbak, has a copy of the client oddjob's credentials and the
client, oddjob, has a copy of the server dotbak credentials. If I follow
the advice given and delete the 'NSR peer infromation' entry for oddjob
off of dotbak, won't it just come back again?
--
Scott Russell <lnxgeek AT us.ibm DOT com>
IBM Linux Technology Center
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|