RE: cfkeys not being accepted - Domain name not understood.

[Dennis, Richard]

I had the same problem yesterday.  It was that I was trying to run cfrun as my userid rather than as root, and only root had access to the ppkeys directory under /var/cfengine.  Make sure that whichever userid you use to run cfrun has access to the public/private key directory that you use.

 

--Rick

 

-----Original Message-----
From: Ferguson, Steve [mailto:Steve.Ferguson@gedas.com]
Sent: Wednesday, August 27, 2003 11:46 AM
To: 'Morgan Ives'; help-cfengine@gnu.org
Subject: RE: cfkeys not being accepted - Domain name not understood.

Are your name service lookups working with nslookup/dig?  Cfengine does a DNS verification, not just whatever you happen to have configured in nsswitch.conf (or it's moral equivalent on your platform).  If not, look at SkipVerify or make sure DNS lookups (both forward and reverse) work and match the 'uname -n' value (qualified or not) on each host.  Verify at both ends.

 

Steve

-----Original Message-----
From: Morgan Ives [mailto:morgan.ives@motorola.com]
Sent: Wednesday, August 06, 2003 1:24 PM
To: help-cfengine@gnu.org
Subject: cfkeys not being accepted - Domain name not understood.

Help,

     I am trying to "push" cfagent executions on my clients
     via cfrun from my server using cfservd connections.

The sequence:

SETUP
      1) Ran cfkey on server and client.  Keys created in
            /var/cfengine/ppkeys on both server and client.

      2) Started cfservd on client with
               control:
                     domain = ( <DNS-domain> )
                     cfrunCommand = (  " <cfagent command> " )

       3) Started cfserd on server with
                  control:
                         domain = ( <DNS-domain> )
                         TrustKeysFrom = ( <ip of client> )

      4) Ran "limited" cfagent on client with
           copy :  with server=<server> and trustkey=true
           to force generation of  client:/var/cfengine/ppkeys/root-<server-ip>.pub

TEST RUN
      1) Ran cfrun-v  on server.  Accepted key from client.
                cfrun fails with following message:

     <client>  replies..
 Host authentication failed. Did you forget the domain name?
   Connection with <client> completed

DEBUG

      1) Examined cksums for /var/cfengine/ppkeys/<files>
            on both systems.  Each has other's key correctly.

       2) domain listed in cfagent.conf and cfservd.conf as
                         domain = (< DNS-domain> )

       3) domain listed in  cfrun.hosts as
                        domain = <DNS-domain>
            ( No parens seems to be correct syntax for cfrun.hosts file.)
 
 

Any clues would be helpful.
                        Morgan
 

 

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.