Re: [Networker] Oracle GSS authentication messages???
2010-04-20 13:51:17
Tomas Simik wrote:
Hi,
you can disable GSS authentication...
you need only to change auth methods from "0.0.0.0/0,nsrauth/oldauth" to
"0.0.0.0/0,oldauth"
So I would do this on both the primary backup server and the Oracle
client, and then stop/restart, correct? How about the storage node server?
I assume the message(s) that we're seeing are because it's trying to use
strong authentication first and failing? I did a search on the message
in the listing and also on EMC's Powerlink, including the NW admin.
guide, too, and I couldn't find that exact message. There were a number
of references to older releases and also to situations where people are
getting timeouts or actual errors. We're not seeing those problems, just
the warnings. The admin guide doesn't mention warnings you might get?
George
nsradmin -p nsrexec
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> print type:NSRLA
type: NSRLA;
name: satellite.site;
NW instance info operations: ;
NW instance info file: ;
installed products: NetWorker 7.6.Build.142;
version: EMC NetWorker 7.6.Build.142 11/07/09;
servers: localhost, satellite;
auth methods: "0.0.0.0/0,oldauth";
administrator: "isroot,host=localhost",
"isroot,host=satellite", root,
"user=root,host=localhost",
"user=root,host=satellite.site";
kernel arch: x86_64;
CPU type: x86_64;
machine type: desktop;
OS: Linux 2.6.31.12-0.2-default;
NetWorker version: 7.6.Build.142;
client OS type: Linux;
CPUs: 2;
MB used: 172450;
IP address: 127.0.0.2, 192.168.1.101,
"fe80::216:eaff:fee6:fc0e%wlan0";
nsradmin> update auth methods:"0.0.0.0/0,oldauth"
auth methods: "0.0.0.0/0,oldauth";
Update? y
updated resource id 3.0.137.10.0.0.0.0.232.182.60.75.0.0.0.0.254.128(113)
nsradmin>
On Tuesday 20 April 2010 17:01:19 George Sinclair wrote:
Hi,
We're seeing the following messages in the NetWorker log file
(daemon.raw) on the backup server every time one of the save sets runs
for the Oracle backups:
6631 04/20/10 09:29:16 0 primary_server nsrexecd Failed to authenticate
user with GSS Legato authentication. User: oracle, Domain: (none),
NetWorker Instance Name: oracle_server
These messages repeat a number of times for each save set, but the
backups still run and complete OK.
We're running NMO 5.0 with NW 7.5.1 client on Oracle 10g, running on
Linux RH. Primary backup server is running NW 7.5.1, Linux RH. Our
backups are divided into three groups:
database_group
catalog_group
archive_redo_logs
Groups 1-2 use a modified versions of the /usr/sbin/nsrnmo script as the
'Backup command' and an RMAN script (pathname to RMAN '.rcv' script) as
the single save set. The difference between our modified version and the
original (vanilla version) is:
ORACLE_HOME path is defined
PATH is defined
ORACLE_SID is defined
Note: ORACLE_USER is not defined. We were unclear on what to set that
to, but the file does mention: "Description: Specifies the user name of
the Oracle database being backed up. It is required for OS verification
during backups."
Backup group 3 is a flat file backup, and we see no such messages for
that group, my guess being that that's not running as the Oracle user?
I searched the EMC news listing, and found a few non-Oracle related
posts where people were receiving errors or time outs due to newer
versus older authentication. We're not seeing any errors. I ran:
'nsradmin -p nsrexec'
on both the primary backup server and the Oracle client, and both show
the following for NSRLA: auth methods: "0.0.0.0/0,nsrauth/oldauth";
What can we do to remove these messages, and should we be concerned
about them?
George
--
George Sinclair
Voice: (301) 713-3284 x210
- The preceding message is personal and does not reflect any official or
unofficial position of the United States Department of Commerce -
- Any opinions expressed in this message are NOT those of the US Govt. -
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|