help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun and cfservd


From: Mark . Burgess
Subject: Re: cfrun and cfservd
Date: Sun, 16 May 2004 17:14:12 +0200 (MEST)

Nope - you write "AllowUser" not "AllowUsers"

M

On 16 May, Mohamed Eldesoky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Look to the very bottom of this email.
> It has my cfservd.conf pasted, and it has that specific directive.
> 
> !!
> 
> 
> On Sunday 16 May 2004 5:10 pm, address@hidden wrote:
>> Ahh - seems you should add root as a trusted user.
>>
>> e.g. in cfservd.conf
>>
>>   AllowUsers = ( mark sigmunds root )
>>
>> M
>>
>> On 16 May, Mohamed Eldesoky wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > I sent it in my last email, here it is again
>> >
>> >  and this strange error on the client
>> >  "Received: [EXEC root ] on socket 5
>> >  User root is not allowed on this server
>> >  cfservd: Host authorization/authentication failed or access denied
>> >
>> >
>> > Regards
>> >
>> > On Sunday 16 May 2004 4:35 pm, address@hidden wrote:
>> >> Well that's not a very good security principle. I recommend
>> >> using -d2 to see the real reason for the denial.
>> >>
>> >> M
>> >>
>> >> On 16 May, Mohamed Eldesoky wrote:
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > It gave the same exact result.
>> >> > Plus, if you think that options is needed even if one client only
>> >> > talks with one server, then it should be enabled by default (even
>> >> > forced enabled)
>> >> >
>> >> > Regards
>> >> > Mohamed Eldesoky
>> >> >
>> >> > On Sunday 16 May 2004 3:57 pm, address@hidden wrote:
>> >> >> But the same client might need to open multiple connections...?
>> >> >>
>> >> >> On 16 May, Mohamed Eldesoky wrote:
>> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> > Hash: SHA1
>> >> >> >
>> >> >> > I am only testing now with one to  one connections.
>> >> >> > ie, one server from one client
>> >> >> >
>> >> >> > Regards
>> >> >> >
>> >> >> > On Sunday 16 May 2004 1:46 pm, address@hidden wrote:
>> >> >> >> I would try AllowMultipleConnectionsFrom since you will be
>> >> >> >> connecting with several streams.
>> >> >> >>
>> >> >> >> M
>> >> >> >>
>> >> >> >> On 16 May, Mohamed Eldesoky wrote:
>> >> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> > Hash: SHA1
>> >> >> >> >
>> >> >> >> > Hi all,
>> >> >> >> >
>> >> >> >> > I have just got cfengine working with me.
>> >> >> >> > The only trouble is with cfrun.
>> >> >> >> >
>> >> >> >> > keys are exchanged properly (and cfagent works fine), and
>> >> >> >> > cfservd is running. Only it doesn't allow access.
>> >> >> >> > It always shows the famous
>> >> >> >> > "Host authentication failed. Did you forget the domain name or
>> >> >> >> > IP/DNS address registration (for ipv4 or ipv6)"   to the server
>> >> >> >> >
>> >> >> >> > and this strange error on the client
>> >> >> >> > "Received: [EXEC root ] on socket 5
>> >> >> >> > User root is not allowed on this server
>> >> >> >> > cfservd: Host authorization/authentication failed or access
>> >> >> >> > denied Transaction Send[t 114][Packed text]
>> >> >> >> > Attempting to send 122 bytes
>> >> >> >> > SendSocketStream, sent 122
>> >> >> >> > "
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > I will post my conf files for cfservd.conf and cfrun.conf
>> >> >> >> >
>> >> >> >> > cfservd.conf:
>> >> >> >> > ############### On both server and client ################
>> >> >> >> > control:
>> >> >> >> >
>> >> >> >> >         domain = ( domain.com )
>> >> >> >> >         cfrunCommand = ( "/usr/local/sbin/cfagent" )
>> >> >> >> >         Access = ( root )
>> >> >> >> >         AllowConnectionsFrom = ( xxx.xxx.xxx.xxx )  ## An IP
>> >> >> >> > range TrustKeysFrom = ( xxx.xxx.xxx.xxx )  ## An IP range
>> >> >> >> > AllowUser = ( root )
>> >> >> >> >         SkipVerify = ( xxx.xxx.xxx.xxx )  ## this is an IP range
>> >> >> >> > grant:
>> >> >> >> >
>> >> >> >> >         # Grant access to all hosts at example.org.
>> >> >> >> >         # Files should be world readable
>> >> >> >> >
>> >> >> >> >         /var/cfengine/inputs/       *
>> >> >> >> >         /usr/local/sbin/           *
>> >> >> >> >         /opt/                      *
>> >> >> >> >
>> >> >> >> > cfrun.hosts:
>> >> >> >> >
>> >> >> >> > domain=domain.com
>> >> >> >> > access=root
>> >> >> >> > xxx.xxx.xxx.xxx root
>> >> >> >> > -----BEGIN PGP SIGNATURE-----
>> >> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
>> >> >> >> >
>> >> >> >> > iD8DBQFApzeF2FHsOWMJBKMRAk5lAKCHanYZfjdB30BPoeiigFKpTyJw4QCfUkA+
>> >> >> >> > L9+zh4p0v1F61FFChxuELfc=
>> >> >> >> > =j/2z
>> >> >> >> > -----END PGP SIGNATURE-----
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > Help-cfengine mailing list
>> >> >> >> > address@hidden
>> >> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>> >> >> >>
>> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> >> >>~~~ ~ Work: +47 22453272            Email:  address@hidden
>> >> >> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
>> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> >> >>~~~ ~
>> >> >> >
>> >> >> > -----BEGIN PGP SIGNATURE-----
>> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
>> >> >> >
>> >> >> > iD8DBQFAp0qN2FHsOWMJBKMRAiZvAKDxfBYcDY4qqH5WEYAHsfmQnmnO+QCfWoCf
>> >> >> > spP7Geyd8P8rYEaJb6q3n94=
>> >> >> > =dFG3
>> >> >> > -----END PGP SIGNATURE-----
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > Help-cfengine mailing list
>> >> >> > address@hidden
>> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>> >> >>
>> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> >>~ Work: +47 22453272            Email:  address@hidden Fax :
>> >> >> +47 22453205            WWW  :  http://www.iu.hio.no/~mark
>> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> >>~
>> >> >
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v1.2.3 (GNU/Linux)
>> >> >
>> >> > iD8DBQFAp2Xb2FHsOWMJBKMRAiqUAJ4n32OdD9Gu6wVsmuQmqJTZufB31gCcDATu
>> >> > grWddsNy6QwC27C8QbpfkCA=
>> >> > =jomp
>> >> > -----END PGP SIGNATURE-----
>> >>
>> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> Work: +47 22453272            Email:  address@hidden
>> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
>> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v1.2.3 (GNU/Linux)
>> >
>> > iD8DBQFAp3Dw2FHsOWMJBKMRAqmIAJ9WnnsNC7JzXjXuIx8VH97VyA74NQCePPtL
>> > o9J4OE9J09fHxY3Iq9hZMRE=
>> > =DgDS
>> > -----END PGP SIGNATURE-----
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Work: +47 22453272            Email:  address@hidden
>> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQFAp3gg2FHsOWMJBKMRAshnAJ9+VpTkDyqyaQFpXri5XGUBQSy3BgCgql9a
> 4Q0BzknBjAKgEu4oUCeR9Ww=
> =vPmL
> -----END PGP SIGNATURE-----



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]