Re: [No match of class]?

[Lev Lvovsky]

On Feb 25, 2004, at 2:52 PM, Luke A. Kanies wrote:

> On Wed, 25 Feb 2004, Lev Lvovsky wrote:
>
> > groups:
> >
> >    smarthost = ( tsthvy1-smarthost )
> >
> > admit:
> >
> >    smarthost::
> >     /file   *.domain.com
>
> My guess is that this is the reverse of what you want.  I think you are
> trying to set up a single server to allow access to many machines (a
> group).

exactly.

> Groups do not work that way in the cfservd.conf file (I'm pretty sure
> about this, anyway).  In the above case, if the cfserver's name is
> tsthvy1-smarthost, it will admit access to that file tree; otherwise it
> will not.  I'm assuming that's the client's name, though, right?

no, it's not :\

> If you are trying to collect a group of clients and allow them all 
> access
> at once, you need something else.  I haven't used this, but Mark 
> mentioned
> in his previous email that you can make a list:
>
> control:
>         list = ( host1:host2:host3 )
> admit:
>         /file ${list}
>
> I'm not real fond of that, and I haven't tried it, but if it works, 
> then
> great.

I'll be giving it a try shortly - it's the cleanest of the options, as 
it also removes the wildcard that "/file" might be associated with.

> I usually use a '*.domain.com' mechanism, even though it also seems
> marginally unclean.  I agree that it would be nice if cfservd could
> somehow know which classes matched the incoming client, but that's not
> really possible -- it would have no way of knowing, for instance, 
> whether
> a client was an aix server or a sunos server.

but isn't that what a group definition provides?


> So, you have to essentially redo all of your classifications in both
> cfservd.conf and cfagent.conf.

Right.  All is not lost however, as this isn't too much work when I get 
the file creation automated - most troubling was why it didn't work in 
the first place.

Talking offline to Mark, he's essentially backed up everything you've 
stated.

thanks for the help guys!
-lev