Re: [Networker] Oracle GSS authentication messages???

Hi,

you can find information about "strong authentication" in networker admin 
guide. I think that strong authentication is using ssl protocol.

In past we have had problems with oracle backups. We have had lot of errors 
about duplicate peers information and problems with hanging/failing DB 
backups. I have disabled the strong authentication and after this we haven't 
had problems with DB backups.

If you would like to disable strong authentication in whole environment (for 
all clients going to backup server) you need only to setup auth methods: 
"0.0.0.0/0,oldauth" on backup server and then do restart of networker.

If you would like to disable for one client, do this only on client.

If you have only warning messages is up to you   .... 


On Tuesday 20 April 2010 19:49:37 George Sinclair wrote:
> Tomas Simik wrote:
> > Hi,
> > you can disable GSS authentication...
> > 
> > you need only to change auth methods from "0.0.0.0/0,nsrauth/oldauth" to
> > "0.0.0.0/0,oldauth"
> 
> So I would do this on both the primary backup server and the Oracle
> client, and then stop/restart, correct? How about the storage node server?
> 
> I assume the message(s) that we're seeing are because it's trying to use
> strong authentication first and failing? I did a search on the message
> in the listing and also on EMC's Powerlink, including the NW admin.
> guide, too, and I couldn't find that exact message. There were a number
> of references to older releases and also to situations where people are
> getting timeouts or actual errors. We're not seeing those problems, just
> the warnings. The admin guide doesn't mention warnings you might get?
> 
> George
> 
> > nsradmin -p nsrexec
> > NetWorker administration program.
> > Use the "help" command for help, "visual" for full-screen mode.
> > nsradmin> print type:NSRLA
> > 
> >                         type: NSRLA;
> >                         name: satellite.site;
> >  
> >  NW instance info operations: ;
> >  
> >        NW instance info file: ;
> >        
> >           installed products: NetWorker 7.6.Build.142;
> >           
> >                      version: EMC NetWorker 7.6.Build.142 11/07/09;
> >                      servers: localhost, satellite;
> >                 
> >                 auth methods: "0.0.0.0/0,oldauth";
> >                
> >                administrator: "isroot,host=localhost",
> >                
> >                               "isroot,host=satellite", root,
> >                               "user=root,host=localhost",
> >                               "user=root,host=satellite.site";
> >                  
> >                  kernel arch: x86_64;
> >                  
> >                     CPU type: x86_64;
> >                 
> >                 machine type: desktop;
> >                 
> >                           OS: Linux 2.6.31.12-0.2-default;
> >            
> >            NetWorker version: 7.6.Build.142;
> >            
> >               client OS type: Linux;
> >               
> >                         CPUs: 2;
> >                      
> >                      MB used: 172450;
> >                   
> >                   IP address: 127.0.0.2, 192.168.1.101,
> >                   
> >                               "fe80::216:eaff:fee6:fc0e%wlan0";
> > 
> > nsradmin> update auth methods:"0.0.0.0/0,oldauth"
> > 
> >                 auth methods: "0.0.0.0/0,oldauth";
> > 
> > Update? y
> > updated resource id 3.0.137.10.0.0.0.0.232.182.60.75.0.0.0.0.254.128(113)
> > nsradmin>
> > 
> > On Tuesday 20 April 2010 17:01:19 George Sinclair wrote:
> >> Hi,
> >> 
> >> We're seeing the following messages in the NetWorker log file
> >> (daemon.raw) on the backup server every time one of the save sets runs
> >> for the Oracle backups:
> >> 
> >> 6631 04/20/10 09:29:16  0 primary_server nsrexecd Failed to authenticate
> >> user with GSS Legato authentication. User: oracle, Domain: (none),
> >> NetWorker Instance Name: oracle_server
> >> 
> >> These messages repeat a number of times for each save set, but the
> >> backups still run and complete OK.
> >> 
> >> We're running NMO 5.0 with NW 7.5.1 client on Oracle 10g, running on
> >> Linux RH. Primary backup server is running NW 7.5.1, Linux RH. Our
> >> backups are divided into three groups:
> >> 
> >> database_group
> >> catalog_group
> >> archive_redo_logs
> >> 
> >> Groups 1-2 use a modified versions of the /usr/sbin/nsrnmo script as the
> >> 'Backup command' and an RMAN script (pathname to RMAN '.rcv' script) as
> >> the single save set. The difference between our modified version and the
> >> original (vanilla version) is:
> >> 
> >> ORACLE_HOME path is defined
> >> PATH is defined
> >> ORACLE_SID is defined
> >> 
> >> Note: ORACLE_USER is not defined. We were unclear on what to set that
> >> to, but the file does mention: "Description: Specifies the user name of
> >> the Oracle database being backed up. It is required for OS verification
> >> during backups."
> >> 
> >> Backup group 3 is a flat file backup, and we see no such messages for
> >> that group, my guess being that that's not running as the Oracle user?
> >> 
> >> 
> >> I searched the EMC news listing, and found a few non-Oracle related
> >> posts where people were receiving errors or time outs due to newer
> >> versus older authentication. We're not seeing any errors. I ran:
> >> 
> >> 'nsradmin -p nsrexec'
> >> 
> >> on both the primary backup server and the Oracle client, and both show
> >> the following for NSRLA: auth methods: "0.0.0.0/0,nsrauth/oldauth";
> >> 
> >> What can we do to remove these messages, and should we be concerned
> >> about them?
> >> 
> >> George

-- 
Tomas

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER