[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: master server confusion
From: |
Nate Campi |
Subject: |
Re: master server confusion |
Date: |
Sat, 24 Jan 2004 21:42:47 -0800 |
User-agent: |
Mutt/1.3.28i |
On Sat, Jan 24, 2004 at 04:30:47PM -0800, W. Ryan Merrick wrote:
> >
> >cfengine:: Server returned error: Host authentication failed. Did you
> >forget the domain name or IP/DNS address regist
> >ration (for ipv4 or ipv6)?
> >cfengine:: Can't stat /etc/cfengine/masters in copy
>
> I had this problem. Verify that your cfservd has a section like:
>
> admit: # or grant:
> /var/cfengine/bin/cfagent *.heronetwork.com
> /var/cfengine/inputs *.heronetwork.com
> /var/cfengine *.heronetwork.com
>
> The wildcard.domain.TLD should be the same as your defined domain and your
> server names.
You'll also want to get the key exhange working. Add "trustkey=true" to
the update.conf copy statement:
copy:
$(master_cfinput) dest=$(workdir)/inputs
r=inf
mode=700
type=binary
exclude=*.lst
exclude=*~
exclude=#*
exclude=RCS
exclude=*,v
purge=true
server=$(policyhost)
trustkey=true
...and a "TrustKeysFrom" statement in your cfservd.conf control section:
TrustKeysFrom = ( 192.168.1.0/24 192.168.2.0/24 )
It's generally best (and recommended by the cfengine author) to trust
for the initial exchange and then let cfengine make sure the keys match
from that point on. This setup does that.
--
Nate
"religious fanatics are not part of my desired user base."
- djb@cr.yp.to