help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: several questions on running cfengine

From: Eva Hocks
Subject: Re: several questions on running cfengine
Date: Wed, 12 Mar 2003 12:47:41 -0800 (PST) 

Mark, thanks for your sample output. Now I know what to look for. The
config.log has ac_cv_func_getaddrinfo=yes
but doesn't say anything what version. I am runing AIX 5.1. The
getaddrinfo is IEEE POSIX 1003.1g (Protocol Independent Interfaces) DRAFT
6.3.

The conf.h in the src/ has
/* Define if you have the `getaddrinfo' function. */
#define HAVE_GETADDRINFO 1


On AIX it's /etc/netsvc.conf. cfengine gets name resolution from the
/etc/hosts file all right (changed the entries to verify). Where does
cfservd know about IP?  cfagent does seem to use the interface as it did
copy the ppkeys from the server and the client root-192.168.240.254.pub
and root-192.168.240.11.pub
cfagent logs:
Interface 1: en0
Sorry - there is no current standard way to find out my IPv6 address (!!)
Maybe I have to tell cfengine to use IPv4? But where? I couldn't find it
in the configure --help. I am still using 2.0.4 due to the pthread problem
on AIX5.

Any ideas?
Thanks,
Eva


On Wed, 12 Mar 2003 Mark.Burgess@iu.hio.no wrote:

>
>
> Eva - if this is all the output that comes out of cfservd -d2, even when you
> connect to the host then there is something badly wrong. No connection is even
> arriving at the machine. After what you have sent, you should see someting
> like this: (my hosts are running IPv6 .. but imagine it says IPv4 there)
>
> Your server claims "address family 0" -- which I think is localhost. It
> does not seem to know about IP at all!! Perhaps this is an AIX thing.
> Something that needs to be configured? Note that it says below
> "bound to address ::". On IPv4 it should say "bound to address 0 or 0.0.0.0".
> You don't seem to get that far.
>
> Here is my guess: your system has the new getaddrinfo() calls (see what 
> configure
> tells you) and these have to be specially configured to read the right
> results with whatever name service / directory service you are using.
> For instance, on solaris, one has to alter nsswitch.conf to make this work.
>
> Any other AIX users have ideas??
>
> Mark
>
>
> IPV6 address
> sockaddr_ntop(::)
> Bound to address :: on solaris=7
> Listening for connections ...
> Checking file updates on /local/iu/cfengine/inputs/cfservd.conf 
> (3e574eef/3e6ee085)
> IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Obtained IP address of 2001:700:700:3:a00:20ff:fe9b:dd4a on socket 6 from 
> accept
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Purging Old Connections...
> Done purging
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Prepending 2001:700:700:3:a00:20ff:fe9b:dd4a
> *** New socket [6]
> New connection...(from 2001:700:700:3:a00:20ff:fe9b:dd4a/6)
> Spawning new thread...
> Checking file updates on /local/iu/cfengine/inputs/cfservd.conf 
> (3e574eef/3e6ee085)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 62][]
> RecvSocketStream(62)
>     (Concatenated 62 from stream)
> Received: [CAUTH 2001:700:700:3:a00:20ff:fe9b:dd4a nexus.iu.hio.no mark 0] on 
> socket 6
> Connecting host identifies itself as 2001:700:700:3:a00:20ff:fe9b:dd4a 
> nexus.iu.hio.no mark 0
> (ipstring=[2001:700:700:3:a00:20ff:fe9b:dd4a],fqname=[nexus.iu.hio.no],username=[mark],socket=[2001:700:700:3:a00:20ff:fe9b:dd4a])
> FuzzyItemIn(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Socket caller address appears honest (2001:700:700:3:a00:20ff:fe9b:dd4a 
> matches 2001:700:700:3:a00:20ff:fe9b:dd4a)
> cfservd: Socket originates from 
> 2001:700:700:3:a00:20ff:fe9b:dd4a=nexus.iu.hio.no
> Attempting to verify honesty by looking up hostname (nexus.iu.hio.no)
> Using v6 compatible lookup...
> IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> CMP: 2001:700:700:3:a00:20ff:fe9b:dd4a 2001:700:700:3:a00:20ff:fe9b:dd4a
> IPV6 address
> sockaddr_ntop(2001:700:700:3:a00:20ff:fe9b:dd4a)
> Found match
> IPV4 address
> sockaddr_ntop(128.39.89.10)
> CMP: 2001:700:700:3:a00:20ff:fe9b:dd4a 128.39.89.10
> IPV4 address
> sockaddr_ntop(128.39.89.10)
> Host ID is nexus.iu.hio.no
> User ID seems to be mark
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 280][]
> RecvSocketStream(280)
>     (Concatenated 280 from stream)
> Received: [SAUTH y 256 37] on socket 6
> Challenge encryption = y, nonce = 37, buf = 256
> ChecksumString(m)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 261][]
> RecvSocketStream(261)
>     (Concatenated 261 from stream)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 5][]
> RecvSocketStream(5)
>     (Concatenated 5 from stream)
> Modulus (2048 bit):
>     00:c1:b4:1b:46:b0:da:e4:13:81:b8:27:6b:e5:dc:
>     e1:a8:a6:cc:e3:d3:43:aa:5c:95:71:04:37:8a:61:
>     5c:05:90:73:d0:4c:2a:ca:c1:29:36:17:27:9a:f4:
>     70:45:87:a2:30:ec:93:6c:83:34:6f:e2:f5:ce:09:
>     d8:45:67:68:2b:63:a7:3f:90:96:a0:42:84:a0:b6:
>     34:6f:0c:80:c9:86:07:87:aa:b3:98:59:ee:51:c4:
>     60:74:46:9f:a1:46:58:02:49:77:b1:20:c8:ef:37:
>     11:b1:95:a7:9a:28:93:a5:ed:b5:d6:84:21:ef:7d:
>     fa:89:cc:6b:35:24:a5:e6:50:ac:81:ae:7e:74:49:
>     5b:2b:92:4a:67:10:fa:71:da:61:92:65:48:18:55:
>     af:c7:98:fe:b9:ac:e4:aa:56:b8:fa:a5:e1:10:26:
>     be:10:f7:5f:1e:64:7b:26:96:0e:3d:48:07:90:4b:
>     d1:e3:c9:ee:7c:c3:84:df:6a:50:ca:f9:ad:40:fe:
>     b9:96:44:91:38:fe:4e:5f:84:cc:c1:bf:de:db:85:
>     9c:94:dd:c7:6b:13:00:8b:8b:80:9d:4a:4b:f9:87:
>     b4:1a:fd:b2:a0:c5:8c:61:33:f7:b4:17:fe:72:b6:
>     7c:e9:b3:24:da:16:fa:2b:2e:20:89:19:e1:c5:60:
>     df:37
> Exponent: 35 (0x23)
> Havekey(mark-2001:700:700:3:a00:20ff:fe9b:dd4a)
> Did not have key mark-2001:700:700:3:a00:20ff:fe9b:dd4a
> No previous key found, and unable to accept this one on trust
> Transaction Send[t 39][Packed text]
> SendSocketStream, sent 47
> cfservd: Host authorization/authentication failed or access denied
> Transaction Send[t 64][Packed text]
> SendSocketStream, sent 72
> cfservd: From 
> (host=nexus.iu.hio.no,user=mark,ip=2001:700:700:3:a00:20ff:fe9b:dd4a)
> Terminating thread...
> ***Closing socket 6 from 2001:700:700:3:a00:20ff:fe9b:dd4a
> Deleted item 2001:700:700:3:a00:20ff:fe9b:dd4a
> ^Ccfservd: Received signal 2 (SIGINT) while doing [cfservd]
> cfservd: Logical start time Wed Mar 12 08:23:49 2003
> cfservd: This sub-task started really at Wed Mar 12 08:23:49 2003
>
>
> On 11 Mar, Eva Hocks wrote:
> >
> >
> > On Tue, 11 Mar 2003 Mark.Burgess@iu.hio.no wrote:
> >
> >>
> >> I have to sleep now, but if you send the -d2 output from cfservd I promise
> >> to look at it tomorrow.
> >>
> >> Mark
> >>
> >
> >
> > Mark,
> >
> > thanks you very much for your patience. I really appriciate the help of
> > all of you. Appended the output from the cfservd. I couldn't see anything
> > wrong but then I don't know what it should look like.
> >
> > Thnaks again,
> > Eva
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]