help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cfrun fails on remote host reply.


From: W. Ryan Merrick
Subject: Re: Cfrun fails on remote host reply.
Date: Sat, 24 Jan 2004 17:24:55 -0800
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031218

Ryan Merrick wrote:
Hello,

I can't get cfrun to successfully activate cfagent on a remote host, but I can login to that host and run cfagent without a problem. I am not using a access control and have the cfengine directories in the admit section of the cfservd.conf.

What else is needed ?


con0#cfrun -v alfheim
...
GNU Cfengine server daemon -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_RC
...
cfrun(0):         .......... [ Hailing alfheim.heronetwork.com ] ..........
Connecting to server alfheim.heronetwork.com to port 0 with options
Loaded /var/cfengine/ppkeys/root-alfheim.heronetwork.com.pub
Connect to alfheim.heronetwork.com = 192.168.25.52 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.52.pub
cfrun:con0.heronetwork.com: Strong authentication of server=alfheim.heronetwork.com connection confirmed
alfheim.heronetwork.com replies..

Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)?Connection with alfheim.heronetwork.com completed



cfservd on con0:

control:
    domain        = ( heronetwork.com )
    cfrunCommand    = ( "/var/cfengine/bin/cfagent" )
  any::
        AllowConnectionsFrom = ( 192.168.0.0/16 )
        TrustKeysFrom = ( 192.168 )
        DynamicAddresses = ( 192.168.50.150-200 )
        LogAllConnections = ( true )
        DenyBadClocks = ( true )
        HostnameKeys = ( on )
        ChecksumDatabase = ( /tmp/testDATABASEcache )
        IfElapsed = ( 1 )
        MaxConnections = ( 10 )

admit:   # or grant:
#    Both
        /var/cfengine/bin/cfagent       *.heronetwork.com
        /var/cfengine/inputs            *.heronetwork.com
        /var/cfengine                    *.heronetwork.com
        /usr/ports/packages             *.heronetwork.com
        /tmp                            *.heronetwork.com

cfservd.conf on Alfheim:

control:
    domain        = ( heronetwork.com )
    cfrunCommand    = ( "/var/cfengine/bin/cfagent" )

  any::
        AllowConnectionsFrom = ( 192.168.25.0/24 )
        TrustKeysFrom = ( 192.168.25 )
        LogAllConnections = ( true )
        DenyBadClocks = ( true )
        HostnameKeys = ( on )
        ChecksumDatabase = ( /tmp/testDATABASEcache )
        IfElapsed = ( 1 )
        MaxConnections = ( 10 )
admit:   # or grant:
#    Both
        /usr/local/sbin/cfagent         *.heronetwork.com
        /var/cfengine/bin/cfagent       *.heronetwork.com
        /var/cfengine/inputs            *.heronetwork.com
        /var/cfengine                   *.heronetwork.com
        /tmp                            *.heronetwork.com


alfheim# cfagent -v
...
GNU Configuration Engine -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_STABLE
...

Checking copy from con0.heronetwork.com:/var/cfengine/inputs to /var/cfengine//inputs
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:: Strong authentication of server=con0.heronetwork.com connection confirmed
Registering root device as 171268
Checking copy from con0.heronetwork.com:/var/cfengine/inputs/cfservd.srv to /var/cfengine//inputs/cfservd.conf
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:09 2004
....


Checking copy from con0.heronetwork.com:/etc/periodic.conf to /etc/periodic.conf
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:alfheim: Strong authentication of server=con0.heronetwork.com connection confirmed
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:10 2004


Ryan Merrick
Systems Administrator
address@hidden
Heronetwork LLC



_______________________________________________
Help-cfengine mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/help-cfengine


Solved:

allowuser = ( root ) in the cfservd.conf solved the problem.

--
Ryan Merrick
address@hidden
Systems Administrator
Hero Network LLC






reply via email to

[Prev in Thread] Current Thread [Next in Thread]