Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Networker] RESOLVED: Re: [Networker] 733 upgrade and SUN RPC (TCP/111)

2007-12-07 12:26:43
Subject: [Networker] RESOLVED: Re: [Networker] 733 upgrade and SUN RPC (TCP/111)
From: Will Parsons <w.parsons AT LEEDS.AC DOT UK>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Fri, 7 Dec 2007 17:19:21 +0000 
Hello again.
It was indeed an issue to do with NSRAUTH.
It seems whoever coded the new authentication system wanted to do:
1st - NSRAUTH (SSL etc) [7.3 scheme]
2nd - SUN RPC based auth [6 and earlier scheme]
3rd - nsrexecd portmapper auth [7.? -> 7.2 scheme]

Changing the allowed authentication methods from :

auth methods: "0.0.0.0/0,nsrauth/oldauth";
to
auth methods: "0.0.0.0/0,oldauth";

has resolved the problem.

If I meet the programmer, I might buy him a beer...or perhaps not.

Thanks anyway folk.
From
Will





Will Parsons wrote:

Good afternoon all,
I've got a case logged on this with EMC, but in case any of you who've already moved to 733 have hit this, I thought I'd ask the list as well:
I carried out an upgrade of our Networker data zone yesterday from 7.2.1 to 7.3.3 (Master server + 3 storage nodes). We identified a serious issue during testing: Backups of clients behind firewalls were unable to run. Our environment has storage nodes behind the firewalls, on the same network as the clients. The same symptom was observed on both a Checkpoint NG1 cluster, and a CISCO firewall module.
The fault seems to stem from the fact that the Master server is now trying to contact clients initially on TCP port 111 - the SUN RPC portmapper. This has been blocked by our firewalls since the implementation of Networker 7, and has never been required before. It feels as if the code has reverted to a previous version - prior to nsrexecd running it's own portmapper on the clients.
As a temprary work around, the firewalls have been configured to allow this traffic on port 111. However, this does pose an increased security risk, and will probably have to be reverted very soon. 

I'm wondering if this is anything to do with the NSRAUTH/OLDAUTH setup?

Any thoughts??
From
Will Parsons








--


w.parsons AT leeds.ac DOT uk
UNIX Support
Information Systems Services
The University of Leeds
+44 113 343 5670

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] jbconfig in 7.4 selects wrong SCSI bus for robot?, Tim Mooney
Next by Date:  Re: [Networker] Linux to Solaris migration (7.3.3), Fazil Saiyed
Previous by Thread:  Re: [Networker] 733 upgrade and SUN RPC (TCP/111), Francis Swasey
Next by Thread:  Re: [Networker] RESOLVED: Re: [Networker] 733 upgrade and SUN RPC (TCP/111), Fazil Saiyed
Indexes:  [Date] [Thread] [Top] [All Lists]