|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP1
|Issue||After setting up NFS for backups in the Authentication Manager 8.1 Operations Console the following error occurs when running the backup:|
|Resolution||How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Red Hat Enterprise Linux 6|
1. Create a directory anywhere on the file system. In the following example the backup directory will be at the root level of the drive (/) and created with the root user. After creating the directory, chmod the permissions. The backup folder must have read, write and execute permissions, else the validation to the share will fail. Case sensitivity needs to be noted here. If you setup a share on the RHEL server called Backups, then when configuring the share name in the Operations Console GUI, the share name must be Backups, not backups.
2. Make a copy of the original /etc/exports file
-bash-3.00$ cp /etc/exports /etc/exports.bak
3. Edit /etc/exports to add the following information: /<the_name_of_the_directory_created_in_step_1> <the_IP_address_of_the_primary_Authentication_Manager_server>n.n.n.n(rw,sync). For example,
.4. Reload the NFS configuration by running the command below. Every time a change is made to the /etc/exports file, this command must be run for the changes to take effect.
-bash-3.00$ /sbin/service nfs reload
.5. Check the NFS configuration with the command below, with expected output showing the IP address of the primary Authentication Manager server:
-bash-3.00$ exportfs -v
Should there be syntax error(s) in the exports file, check the entry in the exports file and run through the configuration again.
|Notes||Generally speaking, the permissions required are going to be 'rwx' on the actual directory to which the backup is written. Any parent directories need just 'rw' so if a directory created is called backups under root and the requirement was to place the backup in a subdirectory called RSABackups, the permissions should be as follows.|
NFS folder name - /backups/RSABackups
Permissions on /backups:
drw-rw-rw-. 3 root root 4.0K Dec 23 10:12 backups
Permissions on RSABackups should be as follows:
drwxrwxrwx. 2 root root 4.0K Dec 23 10:31 RSABackup
We need 'rw' and 'x' or the share will fail to validate the backup location. Also, the /etc/exports file should reflect the sub folder path.
NAS Storage Device Notes
The above permissions and notes should still apply if you are using a NAS device as they tend to be typically running Linux or Unix operating systems. In cases where you do not have direct access to the NAS operating system then speak with an administrator/operator for that product and refer them to the above information. They should be able to get the settings right on the NAS device so the backups are created and stored properly.
At the current time RSA Authentication Manager 8.1 does not support username/password for NFS server. That being said, access control is performed via an IP address, as noted above. We do have a feature request for enhancement (RFE) in place for using a username/password with NFS share usage for Authentication Manager backups.
NFS 3.0 supports access control via IP address.