Re: several questions on running cfengine

[Mark . Burgess]

I have to sleep now, but if you send the -d2 output from cfservd I promise
to look at it tomorrow.

Mark


On 11 Mar, Eva Hocks wrote:
> 
> Thanks for all your help and suggestion. Unfortunately cfengine seems to
> be real stubborn. Even though cfservd sais:
> 
> 
> Define:: variable [domain=sdsc.edu] when any)
> 
> Host IPs allowed connection access :
> 
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs denied connection access :
> 
> Host IPs allowed multiple connection access :
> 
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs from whom we shall accept public keys on trust :
> 
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs from NAT which we don't verify :
> 
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time :
> 
> 
> ACCESS GRANTED ----------------------:
> 
> Path: /var/cfengine/inputs (encrypt=0)
>    Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /usr/local (encrypt=0)
>    Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /etc (encrypt=0)
>    Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /usr/local/apps/sbin/cfagent (encrypt=0)
>    Admit: 192.168.240.* root=
> 
> 
> the client is still not trusted:
> Connect to b80cw = 192.168.240.254 on port cfengine
> Loaded /var/cfengine/ppkeys/root-192.168.240.254.pub
> cfengine:b80n11: Strong authentication of server=b80cw connection
> confirmed
> Checking copy from b80cw://etc/inetd.conf.nodes to /etc/inetd.conf
> cfengine:b80n11: Server returned error:  Host authentication failed. Did
> you forget the domain name?
> 
> 
> I put the domain name in all and every configuration file just to make
> sure cfengine wouldn't miss it. Still the cfagent on the client machine
> returns the same error with no further explaination (even in -d3). The
> internal network adapter names are in no DNS and they are not the
> hostname. They are in the /etc/hosts file:
> 192.168.240.11 b80n11e b80n11e.sdsc.edu
> The /etc/hosts file it kept the same on all nodes in the cluster by
> a scp script, one of the things I hoped to be able to do with cfengine.
> 
> Where else should I put the domain name or whatever to allow the copy?
> Maybe I should just run the scp with ssh authentication rather than use
> the cfengine authentication?
> 
> 
> Thanks,
> Eva
> 
> On Tue, 11 Mar 2003, Martin A. Brooks wrote:
> 
>> At 17:39 07/03/2003 -0800, you wrote:
>> >Saving public key /var/cfengine/ppkeys/root-192.168.240.254.pub
>> >cfengine:b80n11: Server returned error:  Host authentication failed. Did
>> >you forget the domain name?
>>
>> Hi Eva
>>
>> I see this problem with our installation every now and then.  Our internal
>> domain is "lon4.fastsearch.net" and we use a replicated hosts file for
>> internal DNS. Whenever we see this problem, we do two things which always
>> seems to fix it.
>>
>> 1)  We make sure than the FQDN is listed in the master hosts file  i.e.
>>
>> 1.2.3.4 machine.lon4.fastsearch.net     machine
>>
>> 2) We manually copy the master hosts file onto the affected machine.
>>
>> Hope this helps.
>>
>>
>> Martin A. Brooks
>> ---------------------------------
>> I/O, I/O, it's off to disk we go,
>> A bit or byte, to read or write,
>> I/O, I/O, I/O......
>>
> 
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~