[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

list access (was Re: [No match of class]?)

From: Lev Lvovsky
Subject: list access (was Re: [No match of class]?)
Date: Wed, 25 Feb 2004 16:00:55 -0800

trying to go the route of a list, I'm using the following test config for cfservd:


  domain = ( )
  LogAllConnections = ( true )
  AllowUsers = ( root )
  TrustKeysFrom = ( )

  smart_list = ( )
  db_list = ( )


    /tmp/test $(smart_list)
    /tmp/test $(db_list)

this setup works for the smarthost, however for the db_list, I get the following error from cfservd:

AccessControl(/tmp/test, encrypt request=1
Found a matching rule in access list (/tmp/test,/tmp/test)
Checking whether to map root privileges..

No root privileges granted

Try FuzzySetMatch(, cfservd: Mixture of IPv6 and IPv4 addresses:
 Try FuzzySetMatch(,
Couldn't read range
cfservd: Host denied access to /tmp/test
cfservd: Host authorization/authentication failed or access denied

this seems to happen only when I add more than one list element to the "db_list" variable. If I just use, the file transfer is fine.

I figure this might be caused by the fqdn hostname usage, but removing all but the hostname returns errors:


Try FuzzySetMatch(, cfservd: Mixture of IPv6 and IPv4 addresses:
 Try FuzzySetMatch(tsthvy1-smarthost,
cfservd: Not a valid address range - or not a fully qualified name: tsthvy1-smarthost
cfservd: Host denied access to /tmp/test

any advice appreciated!

On Feb 25, 2004, at 2:52 PM, Luke A. Kanies wrote:

On Wed, 25 Feb 2004, Lev Lvovsky wrote:


   smarthost = ( tsthvy1-smarthost )


    /file   *

My guess is that this is the reverse of what you want.  I think you are
trying to set up a single server to allow access to many machines (a

Groups do not work that way in the cfservd.conf file (I'm pretty sure
about this, anyway).  In the above case, if the cfserver's name is
tsthvy1-smarthost, it will admit access to that file tree; otherwise it
will not.  I'm assuming that's the client's name, though, right?

If you are trying to collect a group of clients and allow them all access at once, you need something else. I haven't used this, but Mark mentioned
in his previous email that you can make a list:

        list = ( host1:host2:host3 )
        /file ${list}

I'm not real fond of that, and I haven't tried it, but if it works, then

I usually use a '*' mechanism, even though it also seems
marginally unclean.  I agree that it would be nice if cfservd could
somehow know which classes matched the incoming client, but that's not
really possible -- it would have no way of knowing, for instance, whether
a client was an aix server or a sunos server.

So, you have to essentially redo all of your classifications in both
cfservd.conf and cfagent.conf.


Is life worth living?  That is a question for an embryo, not a man.
                --Samuel Butler

reply via email to

[Prev in Thread] Current Thread [Next in Thread]