Hi all,
This is my last problem for the time being...
Server side reports this (amdump.1):
driver: result time 2126.498 from dumper2: TRY-AGAIN 02-00009 "NAK: host
h-74-0-x-28.phlapafg.covad.net: port 1026 not secure"
The IP address there is the amanda server.
Client side reports this (amandad.debug):
security_handleinit(handle=0x8052000, driver=0x28094900 (BSDTCP))
security_streaminit(stream=0x8058000, driver=0x28094900 (BSDTCP))
security_seterror(handle=0x8052000, driver=0x28094900 (BSDTCP) error=host
h-74-0-x-28.phlapafg.covad.net: port 1026 not secure)
amandad: time 0.002: accept error: host h-74-0-x-28.phlapafg.covad.net:
port 1026 not secure
amandad: time 0.002: sending NAK pkt:
<<<<<
ERROR host h-74-0-x-28.phlapafg.covad.net: port 1026 not secure
If I'm reading this right, the client is listening via inetd, it accepts a
connection FROM the server, but it does not like that the server is
connecting to it from a port above 1024.
The check appears to be in common-src/security-util.c:
/*
* Request packets must come from a reserved port
*/
if (ntohs(rh->peer.sin_port) >= IPPORT_RESERVED) {
security_seterror(&rh->sech,
"host %s: port %d not secure", rh->hostname,
ntohs(rh->peer.sin_port));
amfree(service);
amfree(security_line);
return (-1);
}
But that doesn't tell me much about what controls what port the server
decides to bind to when contacting the client.
I saw a FAQ entry about this error when running amcheck without the suid
root bit, but this happens during amdump and amcheck. It seems fairly
random.
Any ideas?
Thanks,
Charles
|