Data Protector User Discussions
cancel

issue with a new installation server deploying new client

SOLVED
Go to solution
Highlighted
nschwendener Trusted Contributor.
Trusted Contributor.

issue with a new installation server deploying new client

Hello all,

I'm new with Data Protector... we have DP 10.10 Cell Manager installed on a Windows server. We also have a Linux Installation server that should be formatted in a short time.  This old server was a CentOs server with KeyChain installed. When installing new client, the workflow worked without prompting password of the client server.

I've installed a new server and I configured KeyChain as illustrated into the documentation (see attachment). I've imported the keys of the old server into the new one and keychain and ssh from the server works correctly without asking for credentials.

Trying to install a new client, the DP workflow asks for username/password of the client server. If I try to insert username and password I got the "invalid username or password".

right now the Remote Installation server is able to communicate with the client over port TCP 22 and 5555, while the Cell Manager is able to communicate with Remote Installation server only on port 5555.

on Linux servers with already installed DP, when I try to check the installation using the new remote server, everything works correctly.

someone could help me figuring out what I'm doing wrong?

thank you very much

best regards

Nicola

1 ACCEPTED SOLUTION

Accepted Solutions
nschwendener Trusted Contributor.
Trusted Contributor.
Solution

Re: issue with a new installation server deploying new client

Hello Andres,

thank you very much for your reply.

The solution you proposed is the one I've already did, and if I try to ssh directly from the server, the keychain works fine. the problem was related to the interaction of Data Protector with the keychain. Yesterday evening I found the solution (that was in the troubleshooting guide of DP:

create a copy of the .omnirc.TMPL to .omnirc

cp /opt/omni/.omnircTMPL /opt/omni/.omnirc.omnirc

and then add the following variable (as documented):

OB2_ENCRYPT_PVT_KEY=1

restarting xinetd do the magic:

systemctl restart xinetd.service

Data Protector is now able to login to the client server passing through the Installation server without asking for any password.

thank you very much for your time and your support.

best regards

Nicola

3 REPLIES
Micro Focus Expert
Micro Focus Expert

Re: issue with a new installation server deploying new client

Hello @nschwendener

I was checking others threads and found a possible solution provided by @vitorobar that should have to work for you too:

On unix installation server:

1. Login as root
2. # cd ~/.ssh
3. Check if you have RSA keypair: find files id_rsa and id_rsa.pub; if you have different basename than default id_rsa then sshd must be configured to use it
If you don't have RSA keypair, then generate it now and keep default names (i.e. don't use option -f):
# ssh-keygen -t rsa
4. Copy public key id_rsa.pub to DP client (only public key!!!)
# scp id_rsa.pub dp_client:/tmp/id_rsa_is.pub

On DP client:

5. Login as root
6. # cd ~/.ssh
7. Find if there is file authorized_keys file. If it doesn't exist, create empty one and change permissions to 400 (only root can read):
# touch authorized_keys
# chmod 400 authorized_keys
8. Append IS's public key (4) to authorized_keys file:
# cat /tmp/id_rsa_is.pub >>authorized_keys

Test connection:

On IS server, logged as root, execute (use FQDN!):
# ssh dp_client.some.where.com
You should connect to dp_client without prompting for password.

Reference link: https://community.softwaregrp.com/t5/Data-Protector-User-Discussions/How-to-Remotely-install-Linux-Data-Protector-Client-over-SSH/m-p/1676837#M158738

Regards,

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
nschwendener Trusted Contributor.
Trusted Contributor.
Solution

Re: issue with a new installation server deploying new client

Hello Andres,

thank you very much for your reply.

The solution you proposed is the one I've already did, and if I try to ssh directly from the server, the keychain works fine. the problem was related to the interaction of Data Protector with the keychain. Yesterday evening I found the solution (that was in the troubleshooting guide of DP:

create a copy of the .omnirc.TMPL to .omnirc

cp /opt/omni/.omnircTMPL /opt/omni/.omnirc.omnirc

and then add the following variable (as documented):

OB2_ENCRYPT_PVT_KEY=1

restarting xinetd do the magic:

systemctl restart xinetd.service

Data Protector is now able to login to the client server passing through the Installation server without asking for any password.

thank you very much for your time and your support.

best regards

Nicola

Micro Focus Expert
Micro Focus Expert

Re: issue with a new installation server deploying new client

I am glad to know that you solved the issue. And thanks for sharing us your solution. 

I go to mark the thread as solved with your solution. 

Regards,

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
Top Contributors Last 30 Days