Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] 7.1.3 client DNS checks and multihomed clients

2005-08-23 03:45:01
Subject: Re: [Networker] 7.1.3 client DNS checks and multihomed clients
From: Charles Heynig <charles.heynig AT WMICH DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 22 Aug 2005 17:05:47 -0400
Shared key would definitely be nice. How long would it take to setup a Legato server, spoof DNS and then be able to remotely restore any file you want to any client. And there is no log on the client that any restore has ever occoured. Is there anything in Legato that would stop you? 

Charles

Dave Mussulman wrote:

On Sat, Aug 20, 2005 at 10:46:42PM -0500, Jason Koelker wrote:


Contact Legato about this "feature".  They claim it is by design, and
for "security".  All clients after 7.1.1 (7.1.2+) do their own hostname
mangling after a gethostname() call is returned.  They take the short
name of the machine, and attempt to use that as the authentication name
for finding which client the server is associated with.



I noticed a similar problem after jumping from 6 to 7.1.2 where I used
to have to add the FQDN Windows NetBIOS name to the aliases list for
Windows clients to backup.  Post-7.1.2 the FQDN didn't work, but I
needed the Windows NetBIOS name shortname.

IIRC, Networker has always recommended putting the short name and FQDN
for the client in the aliases field.  If I'm not mistaken, with the unix
nwadmin client, if you do a "Create Multiple" it does this by default
for new clients.

Luckily, my environment doesn't have the problem listed here (clients
with the same short name but different FQDNs.)  That's certainly a
blockbuster problem and something they should quickly escalate and
resolve.

EMC/Legato really needs to reconsider the dependence on hostnames in
their authentication schemes.  I'd prefer to see some sort of shared key
between the client and server that uniquely defines the client, and then
slacking the rules on checking for the same hostname or Windows NetBIOS
name.  That would let clients that connect to dynamic IP networks
backup, and would get around the DNS/AD naming conflicts.  It'd be safer
too.

Dave

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER



To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] 7.1.3 client DNS checks and multihomed clients, Tim Mooney
Next by Date:  Re: [Networker] 7.1.3 client DNS checks and multihomed clients, Peter Viertel
Previous by Thread:  Re: [Networker] 7.1.3 client DNS checks and multihomed clients, Tim Mooney
Next by Thread:  Re: [Networker] 7.1.3 client DNS checks and multihomed clients, Peter Viertel
Indexes:  [Date] [Thread] [Top] [All Lists]