SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000029320
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
After setting up NFS for backups in the Authentication Manager 8.x Operations Console the following error occurs when running the backup:
Image description
Image descriptionResolution
How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Red Hat Enterprise Linux 6
.5. Check the NFS configuration with the command below, with expected output showing the IP address of the primary Authentication Manager server:
Should there be syntax error(s) in the exports file, check the entry in the exports file and run through the configuration again.
How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Windows Server
In Windows Server machine
1. Make sure that File Services Server Role is installed and running. It can be created on Windows Server using Add Roles.
Image description
2. Configure a NFS share folder
Create a new folder for your NFS share. It can be done on default Windows Drive(C:)
Right-click the folder and click Properties.
Select the NFS Sharing tab.
Under the NFS Sharing tab, click the Manage NFS Sharing… button
Check the Share this folder check box.
Enter a name into the Share name text field. This will be used when a user connects to your NFS share.
Click the Permissions button.
Click Add and then enter the IP address or hostname of the client(s) you want to allow connections to. When added, select they have read write access. Check Allow root access box.
Click OK.
Click Apply and then OK.
Image description
3. Allow Group/Users to access NFS Shared Folder.
Right-click the folder and click Properties.
Select Security.
Click Edit... Button
Click Add.. Button
Enter 'Authenticated Users' in "Enter the object names to select" box and click on Check Names button
Once it is selected and highlighted, click OK.
Select "Authenticated Users" in Group or user names section and In Permission section select "Read & execute" and all below permissions.
click Apply and OK button.
Image description
Image description
In RSA AM Operations Console
4. In Back Up Now or Schedule Backups page, under Backup Location, make sure NFS(Network File System) shared Folder is selected.
5. Under NFS Shared Folder, enter
<NFS_Windows_Server_ip>:/NFS_Shared_Folder
Image description
Perform Backup Now or Schedule backup to make sure it backs up successfully.
Please note that 'Authenticated Users' group and 'Read & execute' permission is the least lower group and permission required Windows NFS to work with RSA Authentication Manager NFS backup.
1. Create a directory anywhere on the file system. In the following example the backup directory will be at the root level of the drive (/) and created with the root user. After creating the directory, chmod the permissions. The backup folder must have read, write and execute permissions, else the validation to the share will fail. Case sensitivity needs to be noted here. If you setup a share on the RHEL server called Backups, then when configuring the share name in the Operations Console GUI, the share name must be Backups, not backups.
-bash-3.00$ pwd
/
-bash-3.00$ mkdir Backups
-bash-3.00$ chmod 777 Backups
2. Make a copy of the original /etc/exports file
-bash-3.00$ cp /etc/exports /etc/exports.bak
-bash-3.00$ vi /etc/exports3. Edit /etc/exports to add the following information: /<the_name_of_the_directory_created_in_step_1> <the_IP_address_of_the_primary_Authentication_Manager_server>n.n.n.n(rw,sync). For example,
/Backups 86.75.30.9(rw,sync).4. Reload the NFS configuration by running the command below. Every time a change is made to the /etc/exports file, this command must be run for the changes to take effect.
-bash-3.00$ /sbin/service nfs reload.5. Check the NFS configuration with the command below, with expected output showing the IP address of the primary Authentication Manager server:
-bash-3.00$ exportfs -v
/backups 86.75.30.9(rw,wdelay,root_squash,no_subtree_check)Should there be syntax error(s) in the exports file, check the entry in the exports file and run through the configuration again.
How to setup NFS for backups with RSA Authentication Manager 8.x where the NFS is on Windows Server
In Windows Server machine
1. Make sure that File Services Server Role is installed and running. It can be created on Windows Server using Add Roles.
Image description2. Configure a NFS share folder
Create a new folder for your NFS share. It can be done on default Windows Drive(C:)
Right-click the folder and click Properties.
Select the NFS Sharing tab.
Under the NFS Sharing tab, click the Manage NFS Sharing… button
Check the Share this folder check box.
Enter a name into the Share name text field. This will be used when a user connects to your NFS share.
Click the Permissions button.
Click Add and then enter the IP address or hostname of the client(s) you want to allow connections to. When added, select they have read write access. Check Allow root access box.
Click OK.
Click Apply and then OK.
Image description3. Allow Group/Users to access NFS Shared Folder.
Right-click the folder and click Properties.
Select Security.
Click Edit... Button
Click Add.. Button
Enter 'Authenticated Users' in "Enter the object names to select" box and click on Check Names button
Once it is selected and highlighted, click OK.
Select "Authenticated Users" in Group or user names section and In Permission section select "Read & execute" and all below permissions.
click Apply and OK button.
Image descriptionImage descriptionIn RSA AM Operations Console
4. In Back Up Now or Schedule Backups page, under Backup Location, make sure NFS(Network File System) shared Folder is selected.
5. Under NFS Shared Folder, enter
<NFS_Windows_Server_ip>:/NFS_Shared_Folder
Image descriptionPerform Backup Now or Schedule backup to make sure it backs up successfully.
Please note that 'Authenticated Users' group and 'Read & execute' permission is the least lower group and permission required Windows NFS to work with RSA Authentication Manager NFS backup.
Notes
Generally speaking, the permissions required are going to be 'rwx' on the actual directory to which the backup is written. Any parent directories need just 'rw' so if a directory created is called backups under root and the requirement was to place the backup in a subdirectory called RSABackups, the permissions should be as follows.
NFS folder name - /backups/RSABackups
Permissions on /backups:
NAS Storage Device Notes
The above permissions and notes should still apply if you are using a NAS device as they tend to be typically running Linux or Unix operating systems. In cases where you do not have direct access to the NAS operating system then speak with an administrator/operator for that product and refer them to the above information. They should be able to get the settings right on the NAS device so the backups are created and stored properly.
At the current time RSA Authentication Manager 8.1 does not support username/password for NFS server. That being said, access control is performed via an IP address, as noted above. We do have a feature request for enhancement (RFE) in place for using a username/password with NFS share usage for Authentication Manager backups.
NFS 3.0 supports access control via IP address.
NFS folder name - /backups/RSABackups
Permissions on /backups:
drw-rw-rw-. 3 root root 4.0K Dec 23 10:12 backups
drwxrwxrwx. 2 root root 4.0K Dec 23 10:31 RSABackupNAS Storage Device Notes
The above permissions and notes should still apply if you are using a NAS device as they tend to be typically running Linux or Unix operating systems. In cases where you do not have direct access to the NAS operating system then speak with an administrator/operator for that product and refer them to the above information. They should be able to get the settings right on the NAS device so the backups are created and stored properly.
At the current time RSA Authentication Manager 8.1 does not support username/password for NFS server. That being said, access control is performed via an IP address, as noted above. We do have a feature request for enhancement (RFE) in place for using a username/password with NFS share usage for Authentication Manager backups.
NFS 3.0 supports access control via IP address.
In this article
