help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: several questions on running cfengine


From: Eva Hocks
Subject: Re: several questions on running cfengine
Date: Mon, 10 Mar 2003 15:58:14 -0800 (PST)


> >   public         = ( /usr/local/ )
> >   almost_public  = ( /usr/local/apps )
> >   cfrunCommand   = ( /usr/local/apps/sbin/cfagent )
> >   MultipleConnections = ( true )
> >   MaxConnections = ( 10 )
> >   master_configs = ( /usr/local/apps/cfengine/inputs/cfagent.conf )
> >   AllowUsers     = ( root hocks )         # This is always required.
> >   AllowConnectionsFrom = ( 192.168.0  192.168.240.1-254 )
> >   DenyBadClocks = ( false )
> >   TrustKeysFrom  = ( 192.168.240.254 192.168.240.0/24 )
>
> This smacks of cargo cult configuration to me. Your
> MultipleConnections line is bogus -- maybe you want
> AllowMultipleConnectionsFrom = ( a.b.c.d/e ) or somesuch. I don't
> know what you're doing with 'public', 'almost_public' or
> 'master_configs' -- maybe you use them elsewhere though. And your
> TrustKeysFrom contains a redundant first entry.

Well, I grapped whatever I could find in the samples hoping to catch the
correct keyword.

My cfservd seems to grant to the following:
ACCESS GRANTED ----------------------:

Path: /var/cfengine/inputs (encrypt=0)
   Admit: * root=
Path: /usr/local/apps/cfengine/inputs (encrypt=0)
   Admit: * root=
Path: /usr/local (encrypt=0)
   Admit: * root=
Path: /etc (encrypt=0)
   Admit: * root=
Path: /usr/local/apps/sbin/cfagent (encrypt=0)
   Admit: 192.168.240.* root=
   Admit: tf*sdsc.edu root=
ACCESS DENIAL ------------------------ :

Path: /usr/local
   Deny: *.com
Path: /etc
   Deny: *.com
Host IPs allowed connection access :

IP: 132.249.20
IP: 192.168.240
Host IPs denied connection access :

Host IPs allowed multiple connection access :

Host IPs from whom we shall accept public keys on trust :

IP: 132.249.20
IP: 192.168.240
Host IPs from NAT which we don't verify :




The client still receives the same error:
Loaded /var/cfengine/ppkeys/root-192.168.240.254.pub
cfengine:b80n11: Strong authentication of server=192.168.240.254
connection confirmed
Checking copy from 192.168.240.254:/usr/local/apps/cfengine/inputs to
/var/cfengine/inputs
cfengine:b80n11: Server returned error:  Host authentication failed. Did
you forget the domain name?


The only way I found to make the copy work is to use a NFS filesystem
from the server mounted on the client and do a local copy.
Checking copy from localhost:/usr/local/apps/cfengine/inputs to
/var/cfengine/inputs
cfengine:b80n11: /var/cfengine/inputs/cf.B80 wasn't at destination
(copying)

Any other ideas?
Thanks,
Eva






reply via email to

[Prev in Thread] Current Thread [Next in Thread]