[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
some sort of host authentication problem.
From: |
Kurt Lieber |
Subject: |
some sort of host authentication problem. |
Date: |
Sat, 12 Apr 2003 18:47:46 -0400 |
User-agent: |
Mutt/1.4.1i |
I am unable to successfuly copy files from my master host to a slave
server. After a fair amount of troubleshooting, I tracked it down to this
line:
# master cfengine config files are stored here
/var/cfengine/masterfiles/inputs/ *.domain.com
If I change it to:
# master cfengine config files are stored here
/var/cfengine/masterfiles/inputs/ *
Then it works fine which tells me that it's probably a problem with the
reverse lookup. Here is the relevant section of my cfservd.conf file:
control:
domain = ( domain.com )
AllowUsers = ( root )
AllowConnectionsFrom = ( 192.168.1 )
TrustKeysFrom = ( 192.168.1.0/24 )
SkipVerify = ( 192.168.1 )
And the relevant section from cfservd -d2:
AccessControl(/var/cfengine/masterfiles/inputs)
AccessControl(/var/cfengine/masterfiles/inputs,192.168.1.144) encrypt request=1
Found a match for in access list
(/var/cfengine/masterfiles/inputs,/var/cfengine/masterfiles/inputs)
FuzzyItemIn(192.168.1.144)
IsWildItem(192.168.1.144,*.domain.com)
IsWildItem(192.168.1.144,*.domain.com)
FuzzyItemIn(192.168.1.144)
cfservd: Host 192.168.1.144 denied access to /var/cfengine/masterfiles/inputs
Now, reverse lookups don't work on my network -- so 192.168.1.144 is never
going to correctly resolve to host.domain.com. Is there any other way to
tell cfservd that 192.168.1.144 really is host.domain.com? Or am I stuck
using "*" for all my file controls in cfservd.conf?
Thanks.
--kurt
- some sort of host authentication problem.,
Kurt Lieber <=