000029320 - How to configure Network File System (NFS) for backup on RSA Authentication Manager 8.1; error "failed to validate the remote share location

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029320
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.1 SP1
 
IssueAfter setting up NFS for backups in the Authentication Manager 8.1 Operations Console the following error occurs when running the backup:
User-added image

 
ResolutionHow to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Red Hat Enterprise Linux 6
 
1.  Create a directory anywhere on the file system. In the following example the backup directory will be at the root level of the drive (/) and created with the root user.  After creating the directory, chmod the permissions.  The backup folder must have read, write and execute permissions, else the validation to the share will fail.  Case sensitivity needs to be noted here. If you setup a share on the RHEL server called Backups, then when configuring the share name in the Operations Console GUI, the share name must be Backups, not backups.

-bash-3.00$ pwd
/
-bash-3.00$ mkdir Backups
-bash-3.00$ chmod 777 Backups

2.  Make a copy of the original /etc/exports file

-bash-3.00$ cp /etc/exports /etc/exports.bak 
-bash-3.00$ vi /etc/exports

 

3.  Edit /etc/exports to add the following information:  /<the_name_of_the_directory_created_in_step_1> <the_IP_address_of_the_primary_Authentication_Manager_server>n.n.n.n(rw,sync).  For example,

/Backups 86.75.30.9(rw,sync)

 

.4.  Reload the NFS configuration by running the command below.  Every time a change is made to the /etc/exports file, this command must be run for the changes to take effect.

-bash-3.00$ /sbin/service nfs reload


.5.  Check the NFS configuration with the command below, with expected output showing the IP address of the primary Authentication Manager server:

-bash-3.00$ exportfs -v
/backups     86.75.30.9(rw,wdelay,root_squash,no_subtree_check)

 
Should there be syntax error(s) in the exports file, check the entry in the exports file and run through the configuration again.
NotesGenerally speaking, the permissions required are going to be 'rwx' on the actual directory to which the backup is written.  Any parent directories need just 'rw' so if a directory created is called backups under root and the requirement was to place the backup in a subdirectory called RSABackups, the permissions should be as follows.



NFS folder name - /backups/RSABackups



Permissions on /backups:

drw-rw-rw-.  3 root root 4.0K Dec 23 10:12 backups

Permissions on RSABackups should be as follows:
drwxrwxrwx.  2 root root 4.0K Dec 23 10:31 RSABackup

We need 'rw' and 'x' or the share will fail to validate the backup location.  Also, the /etc/exports file should reflect the sub folder path.



NAS Storage Device Notes

The above permissions and notes should still apply if you are using a NAS device as they tend to be typically running Linux or Unix operating systems.  In cases where you do not have direct access to the NAS operating system then speak with an administrator/operator for that product and refer them to the above information. They should be able to get the settings right on the NAS device so the backups are created and stored properly.



At the current time RSA Authentication Manager 8.1 does not support username/password for NFS server.  That being said, access control is performed via an IP address, as noted above. We do have a feature request for enhancement (RFE)  in place for using a username/password with NFS share usage for Authentication Manager backups.
NFS 3.0 supports access control via IP address. 

Attachments

    Outcomes