After setting up NFS for backups in the Authentication Manager 8.x Operations Console the following error occurs when running the backup:
How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Red Hat Enterprise Linux 6
1. Create a directory anywhere on the file system. In the following example the backup directory will be at the root level of the drive (/) and created with the root user. After creating the directory, chmod the permissions. The backup folder must have read, write and execute permissions, else the validation to the share will fail. Case sensitivity needs to be noted here. If you setup a share on the RHEL server called Backups, then when configuring the share name in the Operations Console GUI, the share name must be Backups, not backups.
Should there be syntax error(s) in the exports file, check the entry in the exports file and run through the configuration again.
How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Windows Server
In Windows Server machine
1. Make sure that File Services Server Role is installed and running. It can be created on Windows Server using Add Roles.
2. Configure a NFS share folder
Create a new folder for your NFS share. It can be done on default Windows Drive(C:) Right-click the folder and click Properties. Select the NFS Sharing tab. Under the NFS Sharing tab, click the Manage NFS Sharing… button Check the Share this folder check box. Enter a name into the Share name text field. This will be used when a user connects to your NFS share. Click the Permissions button. Click Add and then enter the IP address or hostname of the client(s) you want to allow connections to. When added, select they have read write access. Check Allow root access box. Click OK. Click Apply and then OK.
3. Allow Group/Users to access NFS Shared Folder.
Right-click the folder and click Properties. Select Security. Click Edit... Button Click Add.. Button Enter 'Authenticated Users' in "Enter the object names to select" box and click on Check Names button Once it is selected and highlighted, click OK. Select "Authenticated Users" in Group or user names section and In Permission section select "Read & execute" and all below permissions. click Apply and OK button.
In RSA AM Operations Console
4. In Back Up Now or Schedule Backups page, under Backup Location, make sure NFS(Network File System) shared Folder is selected.
5. Under NFS Shared Folder, enter <NFS_Windows_Server_ip>:/NFS_Shared_Folder
Perform Backup Now or Schedule backup to make sure it backs up successfully.
Please note that 'Authenticated Users' group and 'Read & execute' permission is the least lower group and permission required Windows NFS to work with RSA Authentication Manager NFS backup.
Generally speaking, the permissions required are going to be 'rwx' on the actual directory to which the backup is written. Any parent directories need just 'rw' so if a directory created is called backups under root and the requirement was to place the backup in a subdirectory called RSABackups, the permissions should be as follows.
NFS folder name - /backups/RSABackups
Permissions on /backups:
drw-rw-rw-. 3 root root 4.0K Dec 23 10:12 backups
Permissions on RSABackups should be as follows:
drwxrwxrwx. 2 root root 4.0K Dec 23 10:31 RSABackup
We need 'rw' and 'x' or the share will fail to validate the backup location. Also, the /etc/exports file should reflect the sub folder path.
NAS Storage Device Notes
The above permissions and notes should still apply if you are using a NAS device as they tend to be typically running Linux or Unix operating systems. In cases where you do not have direct access to the NAS operating system then speak with an administrator/operator for that product and refer them to the above information. They should be able to get the settings right on the NAS device so the backups are created and stored properly.
At the current time RSA Authentication Manager 8.1 does not support username/password for NFS server. That being said, access control is performed via an IP address, as noted above. We do have a feature request for enhancement (RFE) in place for using a username/password with NFS share usage for Authentication Manager backups.