Did you forget the domain name...

help-cfengine
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Did you forget the domain name...

From:	Xenon
Subject:	Did you forget the domain name...
Date:	Wed, 1 Sep 2004 10:16:44 -0700
I know this question has been asked countless times here, and I've
read through all the archives and sites that I could find related to
this error, but I'm still having a problem and am not able to find a
solution.

Presently just trying to get things working with 1 server and 1
client, I get the "Host authentication failed. Did you forget the
domain name or IP/DNS address registration (for ipv4 or ipv6)?" error,
from both the server and client.

I have a very simple setup currently, just trying to copy a single
file from the server to the client.

Here are the files, I've changed the IP's and hostname's to protect
the innocent and the guilty. Some of the configurations have been
taken from an existing CFEngine configuration working in another part
of the company. I am currently just trying to get the files to
transfer, after that I will work out securing everything, etc.
Running CFEngine version 2.1.5

--------------------------------------------------------
Server
--------------------------------------------------------
cfservd.conf
--------------------------------------------------------
control:
  domain = ( <domain> )
  TrustKeysFrom = ( 1.1.0.0/16 )
  sysadm = ( <email> )
  syslog = ( true )
  SplayTime = ( 3 )
  TimeOut = ( 10 )
  AllowUsers = ( root scatanz )

  any::
     IfElapsed = ( 1 )
     ExpireAfter = ( 5 )
     MaxConnections = ( 100 )
     MultipleConnections = ( false )
     DenyBadClocks = ( true )
     AllowConnectionsFrom = ( 1.1.0.0/16 )
     AllMultipleConnectionsFrom = ( 1.2.0.0/16 )
     LogAllConnections = ( true )
     cfrunCommand  = ( "/var/cfengine/sbin/cfagent" )

admit:   # or grant:
        any::
                /var/cfengine/masterfiles 10.244.*
                /etc/sudoers 10.244.*
--------------------------------------------------------
client
--------------------------------------------------------
cfagent.conf
--------------------------------------------------------
control:

   actionsequence = ( copy )
   domain         = ( <domain> )
   timezone       = ( MET )
   smtpserver     = ( localhost )
   sysadm         = ( <email> )
   AllowUsers     = ( root scatanz )

copy:
 /var/cfengine/masterfiles/testclient/passwd
        dest=/var/cfengine/masterfiles/passwd
        mode=600 server=<server>
--------------------------------------------------------

I'm brand new to all of this and somewhat overwhelmed, any help that
you can provide is much appreciated.

The things that I've done so far, after searching around for this
error, I've found the possible solutions below and have checked and
tried them.

Possible: Forward and reverse DNS not working, use SkipVerify and/or
SkipIdentify to make CFEngine not care about DNS. (I tried both of
these, on both ends, get same error) (also verified and fixed the
forward and reverse DNS for the 2 systems, and now both can forward
and reverse DNS each other.)

Possible: User not allowed? (Though I did not get this specific error,
it seemed to be one of the causes of the error that I did get, so I
verified that the AllowUsers directive is being used)

Possible: Keys are not correct or not shared, etc (Verified the keys
have been generated and are in the proper directory, also from the
debug output of the command you can see that the key is accepted
before it gets the error)

----------------------------------------------------------
Output from cfagent -v -q on client
----------------------------------------------------------
[prompt] /var/cfengine/sbin/cfagent -v -q
Reference time set to Wed Sep  1 10:12:43 2004

GNU Configuration Engine - 
2.1.5
Free Software Foundation 1994-
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway

------------------------------------------------------------------------

Host name is: cftest
Operating System Type is linux
Operating System Release is 2.4.22-kb1
Architecture = i686


Using internal soft-class linux for host linux

The time is now Wed Sep  1 10:12:43 2004


------------------------------------------------------------------------

Additional hard class defined as: 32_bit
Additional hard class defined as: linux_2_4_22_kb1
Additional hard class defined as: linux_i686
Additional hard class defined as: linux_i686_2_4_22_kb1
Additional hard class defined as:
linux_i686_2_4_22_kb1__1_SMP_Tue_Dec_30_13_53_17_PST_2003

GNU autoconf class from compile time: compiled_on_linux_gnu

Address given by nameserver: <ip>
Interface 1: lo
Interface 2: eth0
Trying to locate my IPv6 address
Looking for environment from cfenvd...
Loading environment...
Environment data loaded

cfengine:: No preconfiguration file

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: update) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Looking for an input file /var/cfengine/inputs/update.conf
(No file /var/cfengine/inputs/update.conf)
Finished with /var/cfengine/inputs/update.conf

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: main) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

---------------------------------------------------------------------
Loading persistent classes
---------------------------------------------------------------------

---------------------------------------------------------------------
Loaded persistent memory
---------------------------------------------------------------------

Looking for environment from cfenvd...
Loading environment...
Environment data loaded

Looking for an input file /var/cfengine/inputs/cfagent.conf
Finished with cfagent.conf

Accepted domain name: <domain>

Defined Classes = ( <snip> )
Negated Classes = ( )

Installable classes = ( )

Global expiry time for locks: 120 minutes

Global anti-spam elapse time: 1 minutes

Extensions which should not be directories = ( )
Suspicious filenames to be warned about = ( )
LogDirectory = /var/cfengine
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Checksum database is /var/cfengine/checksum.db
Reference time set to Wed Sep  1 10:12:43 2004


*********************************************************************
 Main Tree Sched: copy pass 1 @ Wed Sep  1 10:12:43 2004
*********************************************************************

Checking copy from
<server>:/var/cfengine/masterfiles/testclient/passwd to
/var/cfengine/masterfiles/passwd
Connect to <server> = <server ip> on port cfengine
Updating last-seen time for furs
Loaded /var/cfengine/ppkeys/root-<ip>.pub

 >
cfengine:cftest: Strong authentication of server=<server> connection confirmed
cfengine:cftest: Server returned error:  Host authentication failed.
Did you forget the domain name or IP/DNS address registration (for
ipv4 or ipv6)?
cfengine:cftest: Can't stat /var/cfengine/masterfiles/testclient/passwd in copy
Saving the setuid log in /var/cfengine/cfagent.cftest.log
---------------------------------------------------------------

I tried to include everything, sorry I know this is long

Thanks for your time
[Prev in Thread]
Current Thread
[Next in Thread]
Did you forget the domain name..., Xenon <=
- Re: Did you forget the domain name..., Ralph Angenendt, 2004/09/02
- Re: Did you forget the domain name..., Xenon, 2004/09/02
Prev by Date: Re: cfrun question
Next by Date: Multiple line matching and replace in editfiles
Previous by thread: Re: Question on alerts
Next by thread: Re: Did you forget the domain name...
Index(es):
- Date
- Thread