RE: cfkeys not being accepted - Domain name not understood.

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cfkeys not being accepted - Domain name not understood.

From:	Ferguson, Steve
Subject:	RE: cfkeys not being accepted - Domain name not understood.
Date:	Wed, 27 Aug 2003 11:45:39 -0400

Are your name service lookups working with nslookup/dig? Cfengine does a DNS verification, not just whatever you happen to have configured in nsswitch.conf (or it's moral equivalent on your platform). If not, look at SkipVerify or make sure DNS lookups (both forward and reverse) work and match the 'uname -n' value (qualified or not) on each host. Verify at both ends.

Steve

-----Original Message-----
From: Morgan Ives [mailto:morgan.ives@motorola.com]
Sent: Wednesday, August 06, 2003 1:24 PM
To: help-cfengine@gnu.org
Subject: cfkeys not being accepted - Domain name not understood.

Help,
     I am trying to "push" cfagent executions on my clients
     via cfrun from my server using cfservd connections.
The sequence:
SETUP
      1) Ran cfkey on server and client. Keys created in
            /var/cfengine/ppkeys on both server and client.
      2) Started cfservd on client with
               control:
                     domain = ( <DNS-domain> )
                     cfrunCommand = ( " <cfagent command> " )
       3) Started cfserd on server with
                  control:
                         domain = ( <DNS-domain> )
                         TrustKeysFrom = ( <ip of client> )
      4) Ran "limited" cfagent on client with
           copy : with server=<server> and trustkey=true
           to force generation of client:/var/cfengine/ppkeys/root-<server-ip>.pub
TEST RUN
      1) Ran cfrun-v on server. Accepted key from client.
                cfrun fails with following message:
     <client> replies..
Host authentication failed. Did you forget the domain name?
   Connection with <client> completed
DEBUG
      1) Examined cksums for /var/cfengine/ppkeys/<files>
            on both systems. Each has other's key correctly.
       2) domain listed in cfagent.conf and cfservd.conf as
                         domain = (< DNS-domain> )
       3) domain listed in cfrun.hosts as
                        domain = <DNS-domain>
            ( No parens seems to be correct syntax for cfrun.hosts file.)

Any clues would be helpful.
                        Morgan
 

[Prev in Thread]

Current Thread

[Next in Thread]

cfkeys not being accepted - Domain name not understood., Morgan Ives, 2003/08/06
- RE: cfkeys not being accepted - Domain name not understood., Ferguson, Steve <=
- RE: cfkeys not being accepted - Domain name not understood., Dennis, Richard, 2003/08/27
  - Re: [Cfengine] RE: cfkeys not being accepted - Domain name not understood., Bas van der Vlies, 2003/08/28
    - Re: [Cfengine] RE: cfkeys not being accepted - Domain name not understood., Mark Burgess, 2003/08/28

Prev by Date: RE: reset actionsequence after import.
Next by Date: Re: Listening on specific interfaces
Previous by thread: cfkeys not being accepted - Domain name not understood.
Next by thread: RE: cfkeys not being accepted - Domain name not understood.
Index(es):
- Date
- Thread