cfrun problem

help-cfengine
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cfrun problem

From:	Dori Seliskar
Subject:	cfrun problem
Date:	Wed, 4 Sep 2002 11:51:33 +0200
User-agent:	KMail/1.4.1
Hi list,

I have fresh installed cfengine 2.0.4 on Redhat 7.3 on server and client.
If I say cfagent -v -q on client everything works fine, but if I say 
cfrun -f file on server I get message "authentication failed" although
a line above states "Strong authentication ... of connection confirmed".
If I run cfservd on client with debug option it says "Couldn't stat filename 
from host ...".

What am I doing wrong?

Best regards,

Dori

Here is a sample output of cfrun 



[root@ldap-replica1 cfengine]# /usr/local/sbin/cfrun -v -f 
cfrun/cfrun.some_hosts
GNU Cfengine server daemon -
2.0.4
Free Software Foundation 1994-2001
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway

------------------------------------------------------------------------

Host name is: ldap-replica1
Operating System Type is linux
Operating System Release is 2.2.18-cdhs
Architecture = i686


Using internal soft-class linux for host linux

The time is now Wed Sep  4 11:08:44 2002


------------------------------------------------------------------------

Additional hard class defined as: 32_bit
Additional hard class defined as: linux_2_2_18_cdhs
Additional hard class defined as: linux_i686
Additional hard class defined as: linux_i686_2_2_18_cdhs
Additional hard class defined as: 
linux_i686_2_2_18_cdhs__2_SMP_Sat_Mar_10_03_03_44_CET_2001

GNU autoconf class from compile time: compiled_on_linux-gnu

Address given by nameserver: 172.16.10.15
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Looking for a source of entropy in /var/cfengine/randseed
cfrun(0):         .......... [ Hailing virgo.delo.si ] ..........
Connecting to server virgo.delo.si to port 0 with options
Loaded /var/cfengine/ppkeys/root-172.16.16.234.pub
Connect to virgo.delo.si = 172.16.16.234 on port cfengine
Loaded /var/cfengine/ppkeys/root-172.16.16.234.pub
cfrun:ldap-replica1.: Strong authentication of server=virgo.delo.si connection 
confirmed
virgo.delo.si replies..

 Host authentication failed. Did you forget the domain 
name?cfrun:ldap-replica1.: Couldn't recv
cfrun:ldap-replica1.: recv
Connection with virgo.delo.si completed

and output of cfservd --debug --verbose --no-fork on client

cfservd Debug mode: running in foreground
GetNameInfo()
WildMatch(-,linux)
WildMatch(-,linux)
WildMatch(sunos,linux)
WildMatch(ultrix,linux)
WildMatch(hp-ux,linux)
WildMatch(hp-ux,linux)
WildMatch(aix,linux)
WildMatch(linux,linux)
WildMatch(*,i686)
WildMatch(*,2.4.18-10)
AddClassToHeap(linux)
Appending [linux]
AddClassToHeap(virgo)
Appending [virgo]
AddClassToHeap(virgo)
AddClassToHeap()
AddClassToHeap(virgo)
GNU Cfengine server daemon - 
2.0.4
Free Software Foundation 1994-2001
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway

------------------------------------------------------------------------

Host name is: virgo
Operating System Type is linux
Operating System Release is 2.4.18-10
Architecture = i686


Using internal soft-class linux for host linux

The time is now Wed Sep  4 11:18:32 2002


------------------------------------------------------------------------

AddClassToHeap(32_bit)
Appending [32_bit]
Additional hard class defined as: 32_bit
AddClassToHeap(linux_2_4_18_10)
Appending [linux_2_4_18_10]
AddClassToHeap(i686)
Appending [i686]
Additional hard class defined as: linux_2_4_18_10
AddClassToHeap(linux_i686)
Appending [linux_i686]
Additional hard class defined as: linux_i686
AddClassToHeap(linux_i686_2_4_18_10)
Appending [linux_i686_2_4_18_10]
Additional hard class defined as: linux_i686_2_4_18_10
AddClassToHeap(linux_i686_2_4_18_10__1_Wed_Aug_7_11_39_21_EDT_2002)
Appending [linux_i686_2_4_18_10__1_Wed_Aug_7_11_39_21_EDT_2002]
Additional hard class defined as: 
linux_i686_2_4_18_10__1_Wed_Aug_7_11_39_21_EDT_2002
AddClassToHeap(compiled_on_linux_gnu)
Appending [compiled_on_linux_gnu]

GNU autoconf class from compile time: compiled_on_linux-gnu

Address given by nameserver: 127.0.0.1
Adding alias localhost.localdomain..
AddClassToHeap(localhost_localdomain)
Appending [localhost_localdomain]
Adding alias localhost..
AddClassToHeap(localhost)
Appending [localhost]
This appears to be a redhat system.
AddClassToHeap(redhat)
Appending [redhat]
Looking for redhat linux info...
AddClassToHeap(redhat)
AddClassToHeap(redhat_7)
Appending [redhat_7]
AddClassToHeap(redhat_7_3)
Appending [redhat_7_3]
Directory for /var/cfengine/test exists. Okay
CheckWorkDirectories()
Directory for /var/cfengine/test exists. Okay
Directory for /var/cfengine/ppkeys/test exists. Okay
RandomSeed() work directory is /var/cfengine
Looking for a source of entropy in /var/cfengine/randseed
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
GetInterfaceInfo()
Interface 1: lo
Interface 2: eth0
Host information for 172.16.16.234 not found
New Parser Object::BEGIN PARSING /var/cfengine/inputs/cfservd.conf
   (No actions pending in )

BEGIN NEW ACTION Control Defintions:
HandleId(domain) in action Control Defintions:
LEFTBRACK
HandleItem(delo.si)
simple item = (delo.si)

(Action is control, variable [domain=delo.si])
Define:: variable [domain=delo.si] when any)
AddClassToHeap(virgo_delo_si)
Appending [virgo_delo_si]
RIGHTBRACK
HandleId(IfElapsed) in action Control Defintions:
LEFTBRACK
HandleItem(1)
simple item = (1)

(Action is control, variable [IfElapsed=1])
Define:: variable [IfElapsed=1] when any)
RIGHTBRACK
HandleId(MaxConnections) in action Control Defintions:
RecordMacroId(MaxConnections)
LEFTBRACK
HandleItem(100)
simple item = (100)

(Action is control, variable [MaxConnections=100])
Define:: variable [MaxConnections=100] when any)
AddMacroValue(MaxConnections=100)
Added Macro at hash address 892: MaxConnections=100
RIGHTBRACK
HandleId(AllowConnectionsFrom) in action Control Defintions:
LEFTBRACK
HandleItem(172.16)
simple item = (172.16)

(Action is control, variable [AllowConnectionsFrom=172.16])
Define:: variable [AllowConnectionsFrom=172.16] when any)
Appending [172.16]
RIGHTBRACK
HandleId(TrustKeysFrom) in action Control Defintions:
LEFTBRACK
HandleItem(172.16)
simple item = (172.16)

(Action is control, variable [TrustKeysFrom=172.16])
Define:: variable [TrustKeysFrom=172.16] when any)
Appending [172.16]
RIGHTBRACK
HandleId(SkipVerify) in action Control Defintions:
LEFTBRACK
HandleItem(172.16)
simple item = (172.16)

(Action is control, variable [SkipVerify=172.16])
Define:: variable [SkipVerify=172.16] when any)
Appending [172.16]
RIGHTBRACK
HandleId(AllowMultipleConnectionsFrom) in action Control Defintions:
LEFTBRACK
HandleItem(172.16)
simple item = (172.16)

(Action is control, variable [AllowMultipleConnectionsFrom=172.16])
Define:: variable [AllowMultipleConnectionsFrom=172.16] when any)
Appending [172.16]
RIGHTBRACK
HandleId(AllowUsers) in action Control Defintions:
LEFTBRACK
HandleItem(root)
simple item = (root)

(Action is control, variable [AllowUsers=root])
Define:: variable [AllowUsers=root] when any)
Appending [root]
RIGHTBRACK
   (No actions pending in Control Defintions:)

BEGIN NEW ACTION Admit network access:
   (No actions pending in Admit network access:)
InitializeAction()
HandleVarpath(/var/cfengine)
admit/deny varpath=/var/cfengine
HandleId(172.16) in action Admit network access:
ParsingIPRange(172.16)
InstallAuthItem(/var/cfengine,172.16)
Build2DListFromVarstring(/var/cfengine,sep=/)
SplitVarstring(/var/cfengine,:=58)
Appending [/var/cfengine]
AppendTwoDimItem(itemlist, sep=/)
Set2DLIst()
Get2DListEnt()
Get2DLIstEnt returns /var/cfengine
IncrementTwoDimList()
AuthPathExists(/var/cfengine)
InstallAuthPath(/var/cfengine,172.16)
AddAuthHostItem(/var/cfengine,172.16)
Prepending 172.16
Get2DListEnt()
InitializeAction()
Done with HandleId()
   (No actions pending in Admit network access:)
Delete Parser Object::(END OF PARSING)
virgo: cfservd Multithreaded version
CompareMacro(CheckIdent,MaxConnections=100)=MaxConnections
CompareMacro(DenyBadClocks,MaxConnections=100)=MaxConnections
CompareMacro(LogAllConnections,MaxConnections=100)=MaxConnections
CompareMacro(ChecksumDatabase,MaxConnections=100)=MaxConnections
CompareMacro(cfrunCommand,MaxConnections=100)=MaxConnections
CompareMacro(MaxConnections,MaxConnections=100)=MaxConnections
CompareMacro(MaxConnections,MaxConnections=100)=MaxConnections
$(MaxConnections) Expanded to 100
MaxConnections = 100
CompareMacro(ChecksumUpdates,MaxConnections=100)=MaxConnections

Defined Classes = ( any linux virgo 32_bit linux_2_4_18_10 i686 linux_i686 
linux_i686_2_4_18_10 linux_i686_2_4_18_10__1_Wed_Aug_7_11_39_21_EDT_2002 
compiled_on_linux_gnu localhost_localdomain localhost redhat redhat_7 
redhat_7_3 virgo_delo_si )

Negated Classes = ( )

Installable classes = ( )
ACCESS GRANTED ----------------------:

Path: /var/cfengine (encrypt=0)
   Admit: 172.16 root=
ACCESS DENIAL ------------------------ :

Host IPs allowed connection access :

IP: 172.16
Host IPs denied connection access :

Host IPs allowed multiple connection access :

IP: 172.16
Host IPs from whom we shall accept public keys on trust :

IP: 172.16
Host IPs from NAT which we don't verify :

IP: 172.16
Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time :

IPV4 address
sockaddr_ntop(0.0.0.0)
Bound to address 0.0.0.0 on linux=7
Listening for connections ...
Checking file updates on /var/cfengine/inputs/cfservd.conf (3d74c0fe/3d75cfe8)
IPV4 address
sockaddr_ntop(172.16.10.15)
Obtained IP address of 172.16.10.15 on socket 5 from accept
FuzzyItemIn(172.16.10.15)
FuzzyItemIn(172.16.10.15)
Purging Old Connections...
Done purging
FuzzyItemIn(172.16.10.15)
Prepending 172.16.10.15
*** New socket [5]
New connection...(from 172.16.10.15/5)
Spawning new thread...
Checking file updates on /var/cfengine/inputs/cfservd.conf (3d74c0fe/3d75cfe8)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 47][]
RecvSocketStream(47)
    (Concatenated 47 from stream)
Received: [CAUTH 172.16.10.15 ldap-replica1.delo.si root 0] on socket 5
Connecting host identifies itself as 172.16.10.15 ldap-replica1.delo.si root 0
(ipstring=[172.16.10.15],fqname=[ldap-replica1.delo.si],username=[root],socket=[172.16.10.15])
FuzzyItemIn(172.16.10.15)
virgo: Allowing 172.16.10.15 to connect without (re)checking ID
Non-verified Host ID is ldap-replica1.delo.si
Non-verified User ID seems to be root
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 280][]
RecvSocketStream(280)
    (Concatenated 280 from stream)
Received: [SAUTH y 256 37] on socket 5
Challenge encryption = y, nonce = 37, buf = 256
ChecksumString(m)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 261][]
RecvSocketStream(261)
    (Concatenated 261 from stream)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 5][]
RecvSocketStream(5)
    (Concatenated 5 from stream)
Modulus (2048 bit):
    00:c6:e4:c5:68:c0:65:6a:68:1a:23:7b:86:b0:0a:
    54:67:e3:be:0f:87:4b:45:11:24:ec:53:60:e9:53:
    a1:99:40:ed:ed:20:54:19:c8:8f:8d:8c:af:8c:3b:
    f4:5e:e7:13:3f:f6:2d:64:6e:82:d2:1a:93:69:01:
    50:ab:c4:3a:fe:3e:8a:be:bc:79:e0:a1:45:e3:30:
    fe:c7:a7:6d:3e:37:bc:23:92:75:f1:53:1d:66:51:
    af:f2:ef:0b:9a:5b:03:20:03:8d:d6:af:f6:07:ed:
    ea:ef:09:ae:f3:42:a8:a6:09:27:0a:5d:06:df:c7:
    c0:28:11:c6:e7:dc:80:44:e8:af:9a:98:47:19:c9:
    a1:cf:74:c8:2f:68:f8:ec:92:1f:19:77:8c:db:f9:
    27:99:5d:18:a2:8a:a3:86:31:80:d1:4b:7e:01:c5:
    d7:13:bc:27:23:2d:b2:fb:47:00:84:37:16:4f:b2:
    a1:77:7f:65:4f:d2:cd:7c:7c:c7:a9:a6:92:fa:ac:
    4a:70:03:09:47:56:8c:9f:f9:e7:b2:d1:cf:f7:9d:
    ea:42:94:13:25:35:e5:50:86:cd:7a:f7:cd:36:55:
    d0:f9:5d:92:45:db:06:91:11:4f:48:25:a3:f5:46:
    d7:e6:54:f3:95:09:b5:d4:06:f5:4a:62:1b:3b:3f:
    33:93
Exponent: 35 (0x23)
Havekey(root-172.16.10.15)
Loaded /var/cfengine/ppkeys/root-172.16.10.15.pub
A public key was already known from ldap-replica1.delo.si/172.16.10.15 - no 
trust required
Adding IP 172.16.10.15 to SkipVerify - no need to check this if we have a key
Prepending 172.16.10.15
The public key identity was confirmed as root@ldap-replica1.delo.si
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
SendSocketStream, sent 264
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
virgo: Strongly authentication of client ldap-replica1.delo.si/172.16.10.15
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
    (Concatenated 6 from stream)
Received: [EXEC  ] on socket 5
User root granted connection privileges
AccessControl()
virgo: Couldn't stat filename  from host ldap-replica1.delo.si

virgo: lstatvirgo: Host authorization/authentication failed or access denied
Transaction Send[t 64][Packed text]
SendSocketStream, sent 72
virgo: From (host=ldap-replica1.delo.si,user=root,ip=172.16.10.15)
Terminating thread...
***Closing socket 5 from 172.16.10.15
Deleted item 172.16.10.15
virgo: Received signal 2 (SIGINT) while doing [cfservd]
virgo: Logical start time Wed Sep  4 11:18:32 2002
virgo: This sub-task started really at Wed Sep  4 11:18:32 2002

ReleaseCurrentLock(cfservd)
[Prev in Thread]
Current Thread
[Next in Thread]
cfrun problem, Dori Seliskar <=
- Re: cfrun problem, Reenen Kroukamp, 2002/09/04
- Re: cfrun problem, Dori Seliskar, 2002/09/04
- Re: cfrun problem, Dori Seliskar, 2002/09/04
Prev by Date: Crashing under FreeBSD 4.5
Next by Date: Re: cfrun problem
Previous by thread: Crashing under FreeBSD 4.5
Next by thread: Re: cfrun problem
Index(es):
- Date
- Thread