help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Réf. : Re: several questions on running cfengine


From: Mark Burgess
Subject: Re: Réf. : Re: several questions on running cfengine
Date: Wed, 12 Mar 2003 10:54:30 +0100 (MET)

Patrice -- that trace is mine. :) I posted it for Eva to compare to,
sorry for the confusion

M


On 12 Mar, address@hidden wrote:
> 
> Hi Eva,
> 
> I didn't look seriously at the beginning of your thread so I don't
> remember very well what have been already said. But a few things
> bother me in your cfservd traces :
> - your client seems to be named nexus.io.hio.no and the user mark.
> That's M. Burgess, isn't it ?
> - at the end of the output you can find 'No previous key found, and
> unable to accept this one on trust'. This means that your server
> didn't get the client cfengine key. Did you put that key on the
> server, or is there a TrustKeysFrom line in your cfservd.conf ?
> 
> Patrice
> 
> 
> 
> 
> 
> address@hidden@iu.hio.no le
> 12/03/2003 08:40:29
> 
> Envoyé par :      address@hidden
> 
> 
> Pour : address@hidden
> cc :   address@hidden
> 
> Objet :     Re: several questions on running cfengine
> 
> 
> 
> 
> Eva - if this is all the output that comes out of cfservd -d2, even
> when you
> connect to the host then there is something badly wrong. No connection
> is even
> arriving at the machine. After what you have sent, you should see
> someting like this: (my hosts are running IPv6 .. but imagine it says
> IPv4 there)
> 
> Your server claims "address family 0" -- which I think is localhost.
> It does not seem to know about IP at all!! Perhaps this is an AIX
> thing. Something that needs to be configured? Note that it says below
> "bound to address ::". On IPv4 it should say "bound to address 0 or
> 0.0.0.0".
> You don't seem to get that far.
> 
> Here is my guess: your system has the new getaddrinfo() calls (see
> what configure
> tells you) and these have to be specially configured to read the right
> results with whatever name service / directory service you are using.
> For instance, on solaris, one has to alter nsswitch.conf to make this
> work.
> 
> Any other AIX users have ideas??
> 
> Mark
> 
> 
> IPV6 address
> sockaddr_ntop(::)
> Bound to address :: on solaris=7
> Listening for connections ...
> Checking file updates on /local/iu/cfengine/inputs/cfservd.conf
> (3e574eef/3e6ee085)
> IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Obtained IP address of 2001:700:700:3:a00:20ff:fe9b:dd4a on socket 6
> from accept
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Purging Old Connections...
> Done purging
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Prepending 2001:700:700:3:a00:20ff:fe9b:dd4a
> *** New socket [6]
> New connection...(from 2001:700:700:3:a00:20ff:fe9b:dd4a/6)
> Spawning new thread...
> Checking file updates on /local/iu/cfengine/inputs/cfservd.conf
> (3e574eef/3e6ee085)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 62][]
> RecvSocketStream(62)
>     (Concatenated 62 from stream)
> Received: [CAUTH 2001:700:700:3:a00:20ff:fe9b:dd4a nexus.iu.hio.no
> mark 0] on socket 6
> Connecting host identifies itself as 2001:700:700:3:a00:20ff:fe9b:dd4a
> nexus.iu.hio.no mark 0
> (ipstring=[2001:700:700:3:a00:20ff:fe9b:dd4a],fqname
> =[nexus.iu.hio.no],username=[mark],socket
> =[2001:700:700:3:a00:20ff:fe9b:dd4a])
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Socket caller address appears honest
> (2001:700:700:3:a00:20ff:fe9b:dd4a matches
> 2001:700:700:3:a00:20ff:fe9b:dd4a) cfservd: Socket originates from
> 2001:700:700:3:a00:20ff:fe9b:dd4a=nexus.iu.hio.no
> Attempting to verify honesty by looking up hostname (nexus.iu.hio.no)
> Using v6 compatible lookup...
> IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> CMP: 2001:700:700:3:a00:20ff:fe9b:dd4a
> 2001:700:700:3:a00:20ff:fe9b:dd4a IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Found match
> IPV4 address
> sockaddr_ntop(128.39.89.10)
> CMP: 2001:700:700:3:a00:20ff:fe9b:dd4a 128.39.89.10
> IPV4 address
> sockaddr_ntop(128.39.89.10)
> Host ID is nexus.iu.hio.no
> User ID seems to be mark
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 280][]
> RecvSocketStream(280)
>     (Concatenated 280 from stream)
> Received: [SAUTH y 256 37] on socket 6
> Challenge encryption = y, nonce = 37, buf = 256
> ChecksumString(m)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 261][]
> RecvSocketStream(261)
>     (Concatenated 261 from stream)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 5][]
> RecvSocketStream(5)
>     (Concatenated 5 from stream)
> Modulus (2048 bit):
>     00:c1:b4:1b:46:b0:da:e4:13:81:b8:27:6b:e5:dc:
>     e1:a8:a6:cc:e3:d3:43:aa:5c:95:71:04:37:8a:61:
>     5c:05:90:73:d0:4c:2a:ca:c1:29:36:17:27:9a:f4:
>     70:45:87:a2:30:ec:93:6c:83:34:6f:e2:f5:ce:09:
>     d8:45:67:68:2b:63:a7:3f:90:96:a0:42:84:a0:b6:
>     34:6f:0c:80:c9:86:07:87:aa:b3:98:59:ee:51:c4:
>     60:74:46:9f:a1:46:58:02:49:77:b1:20:c8:ef:37:
>     11:b1:95:a7:9a:28:93:a5:ed:b5:d6:84:21:ef:7d:
>     fa:89:cc:6b:35:24:a5:e6:50:ac:81:ae:7e:74:49:
>     5b:2b:92:4a:67:10:fa:71:da:61:92:65:48:18:55:
>     af:c7:98:fe:b9:ac:e4:aa:56:b8:fa:a5:e1:10:26:
>     be:10:f7:5f:1e:64:7b:26:96:0e:3d:48:07:90:4b:
>     d1:e3:c9:ee:7c:c3:84:df:6a:50:ca:f9:ad:40:fe:
>     b9:96:44:91:38:fe:4e:5f:84:cc:c1:bf:de:db:85:
>     9c:94:dd:c7:6b:13:00:8b:8b:80:9d:4a:4b:f9:87:
>     b4:1a:fd:b2:a0:c5:8c:61:33:f7:b4:17:fe:72:b6:
>     7c:e9:b3:24:da:16:fa:2b:2e:20:89:19:e1:c5:60:
>     df:37
> Exponent: 35 (0x23)
> Havekey(mark-2001:700:700:3:a00:20ff:fe9b:dd4a)
> Did not have key mark-2001:700:700:3:a00:20ff:fe9b:dd4a
> No previous key found, and unable to accept this one on trust
> Transaction Send[t 39][Packed text]
> SendSocketStream, sent 47
> cfservd: Host authorization/authentication failed or access denied
> Transaction Send[t 64][Packed text]
> SendSocketStream, sent 72
> cfservd: From
> (host=nexus.iu.hio.no,user=mark,ip=2001:700:700:3:a00:20ff:fe9b:dd4a)
> Terminating thread...
> ***Closing socket 6 from 2001:700:700:3:a00:20ff:fe9b:dd4a
> Deleted item 2001:700:700:3:a00:20ff:fe9b:dd4a
> ^Ccfservd: Received signal 2 (SIGINT) while doing [cfservd]
> cfservd: Logical start time Wed Mar 12 08:23:49 2003
> cfservd: This sub-task started really at Wed Mar 12 08:23:49 2003
> 
> 
> On 11 Mar, Eva Hocks wrote:
>>
>>
>> On Tue, 11 Mar 2003 address@hidden wrote:
>>
>>>
>>> I have to sleep now, but if you send the -d2 output from cfservd I
> promise
>>> to look at it tomorrow.
>>>
>>> Mark
>>>
>>
>>
>> Mark,
>>
>> thanks you very much for your patience. I really appriciate the help
>> of all of you. Appended the output from the cfservd. I couldn't see
>> anything wrong but then I don't know what it should look like.
>>
>> Thnaks again,
>> Eva
> 
> 
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  address@hidden
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> 
> 
> 
> 
>  
> ----------------
> L'acces immediat aux meilleurs tarifs Air France et au billet
> electronique sur http://www.airfrance.com
>  
> For immediate access to the best Air France fares and to electronic
> tickets, visit our website http://www.airfrance.com
>  
> ----------------
> Les donnees et renseignements contenus dans ce message sont
> personnels, confidentiels et secrets. Ce message est adresse a
> l'individu ou l'entite dont les coordonnees figurent ci-dessus. Si
> vous n'etes pas le bon destinataire, nous vous demandons de ne pas
> lire, copier, utiliser ou divulguer cette communication. Nous vous
> prions de notifier cette erreur a l'expediteur et d'effacer
> immediatement cette communication de votre systeme. The information
> contained in this message is privileged, confidential, and protected
> from disclosure. This message is intended for the individual or entity
> adressed herein. If you are not the intended recipient, please do not
> read, copy, use or disclose this communication to others; also please
> notify the sender by replying to this message, and then delete it from
> your system.
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine

-- 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]