I had the same problem yesterday. It was that I was trying to run cfrun
as my userid rather than as root, and only root had access to the ppkeys
directory under /var/cfengine. Make sure that whichever userid you use
to run cfrun has access to the public/private key directory that you use.
--Rick
-----Original Message-----
*From:* Ferguson, Steve [mailto:Steve.Ferguson@gedas.com]
*Sent:* Wednesday, August 27, 2003 11:46 AM
*To:* 'Morgan Ives'; help-cfengine@gnu.org
*Subject:* RE: cfkeys not being accepted - Domain name not understood.
Are your name service lookups working with nslookup/dig? Cfengine does
a DNS verification, not just whatever you happen to have configured in
nsswitch.conf (or it's moral equivalent on your platform). If not, look
at SkipVerify or make sure DNS lookups (both forward and reverse) work
and match the 'uname -n' value (qualified or not) on each host. Verify
at both ends.
Steve
-----Original Message-----
*From:* Morgan Ives [mailto:morgan.ives@motorola.com]
*Sent:* Wednesday, August 06, 2003 1:24 PM
*To:* help-cfengine@gnu.org
*Subject:* cfkeys not being accepted - Domain name not understood.
Help,
I am trying to "push" cfagent executions on my clients
via cfrun from my server using cfservd connections.
The sequence:
SETUP
1) Ran cfkey on server and client. Keys created in
/var/cfengine/ppkeys on both server and client.
2) Started cfservd on client with
control:
domain = ( <DNS-domain> )
cfrunCommand = ( " <cfagent command> " )
3) Started cfserd on server with
control:
domain = ( <DNS-domain> )
TrustKeysFrom = ( <ip of client> )
4) Ran "limited" cfagent on client with
copy : with server=<server> and trustkey=true
to force generation of
client:/var/cfengine/ppkeys/root-<server-ip>.pub
TEST RUN
1) Ran cfrun-v on server. Accepted key from client.
cfrun fails with following message:
<client> replies..
Host authentication failed. Did you forget the domain name?
Connection with <client> completed
DEBUG
1) Examined cksums for /var/cfengine/ppkeys/<files>
on both systems. Each has other's key correctly.
2) domain listed in cfagent.conf and cfservd.conf as
domain = (< DNS-domain> )
3) domain listed in cfrun.hosts as
domain = <DNS-domain>
( No parens seems to be correct syntax for cfrun.hosts
file.)
Any clues would be helpful.
Morgan
------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of
the designated recipient(s) named above. If you are not the intended
recipient of this message you are hereby notified that any review,
dissemination, distribution or copying of this message is strictly
prohibited. This communication is for information purposes only and
should not be regarded as an offer to sell or as a solicitation of an
offer to buy any financial product, an official confirmation of any
transaction, or as an official statement of Lehman Brothers. Email
transmission cannot be guaranteed to be secure or error-free. Therefore,
we do not represent that this information is complete or accurate and it
should not be relied upon as such. All information is subject to change
without notice.
------------------------------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine