Re: authentication errors.

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authentication errors.

From:	Christian Pearce
Subject:	Re: authentication errors.
Date:	Fri, 22 Apr 2005 13:27:24 -0400

Is it me or is $(master_input) not actually defined in your cfservd.conf
file.  Cfengine will give a generic authorization/authentication error
no matter what problem.  So it gives error a client error because the
file doesn't exist.

On Fri, 2005-04-22 at 10:21 -0700, Russell.Conner@healthnet.com wrote:
> I am getting the same errors, on .14, I am  here is my output:
> 
> cfservd:
> 
> cfservd: lstatcfservd: Host authorization/authentication failed or access
> denied
> Transaction Send[t 114][Packed text]
> Attempting to send 122 bytes
> SendSocketStream, sent 122
> cfservd: From (host=telly.healthnet.com,user=root,ip=::ffff:141.177.30.211)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 41][]
> RecvSocketStream(41)
>     (Concatenated 41 from stream)
> Received: [SYNCH 1114190189 STAT $(master_input)/bin] on socket 6
> AccessControl($(master_input)/bin)
> cfservd: Couldn't stat filename $(master_input)/bin from host
> telly.healthnet.com
> 
> cfservd: lstatcfservd: Host authorization/authentication failed or access
> denied
> Transaction Send[t 114][Packed text]
> Attempting to send 122 bytes
> SendSocketStream, sent 122
> cfservd: From (host=telly.healthnet.com,user=root,ip=::ffff:141.177.30.211)
> RecvSocketStream(8)
> Transmission empty or timed out...
> Transaction Receive [][]
> RecvSocketStream(0)
> cfservd terminating NULL transmission!
> Terminating thread...
> ***Closing socket 6 from ::ffff:141.177.30.211
> Deleted item 141.177.30.211
> IPV6 address
> sockaddr_ntop(::ffff:141.177.30.204)
> Obtained IP address of ::ffff:141.177.30.204 on socket 6 from accept
> 
> FuzzyItemIn(LIST,141.177.30.204)
> Purging Old Connections...
> Done purging
> 
> *******************END of cfservd output*****************************
> 
> Agent, relative section only, have full listing, but it is BIG:
> 
> ---
> Actionsequence item copy
> New server connection...
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/inputs)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/var/cfengine/inputs)
> Checking copy from cfmaster.healthnet.com:$(master_input)/inputs to
> /var/cfengin
> e/inputs
> ExpandVarstring(cfmaster.healthnet.com)
> Opening server connnection to cfmaster.healthnet.com
> IPV4 address
> sockaddr_ntop(141.177.12.97)
> Connect to cfmaster.healthnet.com = 141.177.12.97 on port cfengine
> IPV4 address
> sockaddr_ntop(141.177.12.97)
> IPV4 address
> sockaddr_ntop(141.177.12.97)
> Found address (141.177.12.97) for host cfmaster.healthnet.com
> Updating last-seen time for cfmaster.healthnet.com
> Remote IP set to 141.177.12.97
> IPV4 address
> sockaddr_ntop(141.177.30.211)
> Identifying this agent as 141.177.30.211 i.e. telly.healthnet.com, with
> signatur
> e 0
> IsIPV6Address(telly)
> Appending domain healthnet.com to telly
> SENT:::CAUTH 141.177.30.211 telly.healthnet.com root 0
> Transaction Send[t 47][Packed text]
> Attempting to send 55 bytes
> SendSocketStream, sent 55
> ChecksumString(m)
> OptionIs(update,HostnameKeys,1)
> GetMacroValue(update,HostnameKeys)
> KeyAuthentication(with IP keyname root-141.177.12.97)
> Havekey(root-141.177.12.97)
> Loaded /var/cfengine/ppkeys/root-141.177.12.97.pub
> Transaction Send[t 280][Packed text]
> Attempting to send 288 bytes
> SendSocketStream, sent 288
> Modulus (2048 bit):
>     00:c0:a3:0a:75:46:22:9c:8b:4f:80:41:d6:d6:55:
>     0f:99:7f:90:55:0d:29:9d:9e:d5:1f:87:ef:c2:f7:
>     8d:4c:8d:90:e9:05:63:78:ab:25:fb:55:f8:0a:a9:
>     da:37:04:3e:1c:ba:90:e5:5d:13:d4:bb:4e:29:97:
>     0d:d2:11:e8:5b:ed:0f:cb:9b:be:15:65:69:0a:43:
>     ae:25:9f:c2:0c:bc:a5:0a:4b:5e:45:39:23:d1:56:
>     64:7e:f4:08:6d:10:63:0e:fc:2a:cb:74:b6:2a:1b:
>     18:0c:17:a2:e3:3a:51:11:ea:e4:1f:8e:d1:f6:2f:
>     df:00:3f:92:35:3e:5e:79:68:09:fb:eb:5f:a5:7f:
>     19:d1:64:65:e7:a9:79:05:0e:37:5d:29:4a:4a:a3:
>     18:71:3b:34:4e:28:4c:40:8e:c7:6b:93:66:61:05:
>     67:1e:0a:07:e6:aa:8c:1c:d2:42:30:5d:a9:5e:7e:
>     04:8e:62:05:e2:68:1e:6d:5d:10:e5:e4:fd:1d:8a:
>     ec:62:07:29:4b:68:35:d5:cc:4f:62:5b:f2:73:78:
>     7d:7e:c9:ba:a4:4d:5f:e8:28:fd:c4:15:4d:61:bf:
>     cd:8c:79:5f:da:f7:4f:c8:17:41:84:84:6c:fd:7c:
>     ba:02:2c:0e:3e:7e:ef:c9:a7:8f:c8:90:3a:c1:44:
>     e8:21
> Exponent: 35 (0x23)
> Transaction Send[t 261][Packed text]
> Attempting to send 269 bytes
> SendSocketStream, sent 269
> Transaction Send[t 5][Packed text]
> Attempting to send 13 bytes
> SendSocketStream, sent 13
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 16][]
> RecvSocketStream(16)
>     (Concatenated 16 from stream)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 16][]
> RecvSocketStream(16)
>     (Concatenated 16 from stream)
> ExpandVarstring(cfmaster.healthnet.com)
> 
> ...............................................................
> cfengine:: Strong authentication of server=cfmaster.healthnet.com
> connection con
> firmed
> Receive counter challenge from server
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 256][]
> RecvSocketStream(256)
>     (Concatenated 256 from stream)
> ChecksumString(m)
> Replying to counter challenge with md5
> Transaction Send[t 16][Packed text]
> Attempting to send 24 bytes
> SendSocketStream, sent 24
> BinaryBuffer(16)[0001038ffffffb26000010001] = 16
> Generated session key
> BinaryBuffer(16)[0001038ffffffb26000010001] = 16
> BinaryBuffer(16)[0001038ffffffb26000010001] = 16
> Encrypt 16 to 256
> Encryption succeeded
> Transaction Send[t 256][Packed text]
> Attempting to send 264 bytes
> SendSocketStream, sent 264
> BinaryBuffer(256)[ffffff8410312dffffffba28ffffff93ffffffc21b57ffffff8cfffffffdff
> ffffe317bffffff9541644622affffff881f18effffffc9fffffff53076ffffffc62effffffeefff
> fffd6211e583f17ffffffe8ffffffc6ffffffe05a6dffffffb2ffffff8f6ffffffffeffffffabfff
> fffa87effffffdbffffffed4affffff9e59ffffffd4ffffffe777433dfffffff6ffffffa710fffff
> fe8fffffff4ffffffc043cffffffe83b77ffffffc7ffffff8407616ffffffdc647f1644ffffff8af
> fffff8ffffffff1ffffffe9ffffffda34e3b53791b736bffffff8d1bffffffe73a77ffffffee234c
> ffffff8b691ffffff9816ffffff853afffffff727fffffff57d2e1325ffffffccffffff88fffffff
> d753d219f1a1fffffffe377ffffffb4ffffffb7fffffffaffffffd4582effffffafffffffa92f45f
> fffffff9ffffff93ffffffc94e68ffffff9eb647537ffffff917effffffd110ffffffacffffffaef
> fffffdf3c213040ffffffd4ffffff862effffff834266ffffff8a4d7fffffffcfffffffcfffffffa
> fffffff63e5e77ffffffbdffffff92ffffffa35292725ffffff8affffffdbffffffae3f69ffffffc
> 94ffffffc869ffffff88ffffff8b972a1971ffffffcdffffffc7ffffff9e1e59ffffffaa61366eff
> ffffa2287812fffffffbffffffd7ffffffbc7b2c2dffffff8b40fffffff7ffffffdbffffff9affff
> fff2ffffffba24ffffff8d5bffffff9e3619ffffff98fffffff70ffffffd45fffffff84196bfffff
> faf4e20ffffffc004060416c133fffffffe84fffffff243ffffffbcffffffaa] = 256
> Authentic connection verified
> cf_rstat($(master_input)/inputs)
> GetCachedStatData($(master_input)/inputs)
> Did not find in cache
> Transaction Send[t 44][Packed text]
> Attempting to send 52 bytes
> SendSocketStream, sent 52
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/inputs in copy
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/scripts)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/var/cfengine/scripts)
> Server connection to cfmaster.healthnet.com already open on 4
> Authentic connection verified
> cf_rstat($(master_input)/scripts)
> GetCachedStatData($(master_input)/scripts)
> Did not find in cache
> Transaction Send[t 45][Packed text]
> Attempting to send 53 bytes
> SendSocketStream, sent 53
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/scripts in copy
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/init.d/cfservd)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/etc/init.d/cfservd)
> Checking copy from cfmaster.healthnet.com:$(master_input)/init.d/cfservd to
> /etc
> /init.d/cfservd
> ExpandVarstring(cfmaster.healthnet.com)
> Server connection to cfmaster.healthnet.com already open on 4
> Authentic connection verified
> cf_rstat($(master_input)/init.d/cfservd)
> GetCachedStatData($(master_input)/init.d/cfservd)
> Did not find in cache
> Transaction Send[t 72][Packed text]
> Attempting to send 80 bytes
> SendSocketStream, sent 80
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/init.d/cfservd in copy
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/init.d/cfexecd)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/etc/init.d/cfexecd)
> Checking copy from cfmaster.healthnet.com:$(master_input)/init.d/cfexecd to
> /etc
> /init.d/cfexecd
> ExpandVarstring(cfmaster.healthnet.com)
> Server connection to cfmaster.healthnet.com already open on 4
> Authentic connection verified
> cf_rstat($(master_input)/init.d/cfexecd)
> GetCachedStatData($(master_input)/init.d/cfexecd)
> Did not find in cache
> Transaction Send[t 72][Packed text]
> Attempting to send 80 bytes
> SendSocketStream, sent 80
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/init.d/cfexecd in copy
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/init.d/cfenvd)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/etc/init.d/cfenvd)
> Checking copy from cfmaster.healthnet.com:$(master_input)/init.d/cfenvd to
> /etc/
> init.d/cfenvd
> ExpandVarstring(cfmaster.healthnet.com)
> Server connection to cfmaster.healthnet.com already open on 4
> Authentic connection verified
> cf_rstat($(master_input)/init.d/cfenvd)
> GetCachedStatData($(master_input)/init.d/cfenvd)
> Did not find in cache
> Transaction Send[t 51][Packed text]
> Attempting to send 59 bytes
> SendSocketStream, sent 59
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/init.d/cfenvd in copy
> ExpandVarstring(cfmaster.healthnet.com)
> ExpandVarstring($(master_input)/bin)
> Returning substring value master_input
> Scanning variable master_input
> GetMacroValue(update,master_input)
> Currently non existent variable $(master_input)
> ExpandVarstring(/usr/local/sbin)
> Checking copy from cfmaster.healthnet.com:$(master_input)/bin to
> /usr/local/sbin
> ExpandVarstring(cfmaster.healthnet.com)
> Server connection to cfmaster.healthnet.com already open on 4
> Authentic connection verified
> cf_rstat($(master_input)/bin)
> GetCachedStatData($(master_input)/bin)
> Did not find in cache
> Transaction Send[t 41][Packed text]
> Attempting to send 49 bytes
> SendSocketStream, sent 49
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 114][]
> RecvSocketStream(114)
>     (Concatenated 114 from stream)
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget th
> e domain name or IP/DNS address registration (for ipv4 or ipv6)?
> cfengine:: Can't stat $(master_input)/bin in copy
> Closing current connection
> Saving the setuid log in /var/cfengine/cfagent.telly.log
> Job start time set to Fri Apr 22 10:16:29 2005
> 
> 
> Russell Conner
> Systems Engineer, VMS & Unix Systems
> Health Net, Inc.
> (916)935-3610
> 
> 
> |---------+---------------------------------------------------------->
> |         |           Mark Burgess <Mark.Burgess@iu.hio.no>          |
> |         |           Sent by:                                       |
> |         |           help-cfengine-bounces+russell.conner=healthnet.|
> |         |           com@gnu.org                                    |
> |         |                                                          |
> |         |                                                          |
> |         |           04/22/2005 10:08 AM                            |
> |         |                                                          |
> |---------+---------------------------------------------------------->
>   
> >------------------------------------------------------------------------------------------------------------------------------|
>   |                                                                           
>                                                    |
>   |       To:       Kelly Brown <kbbrown@anonymizerinc.com>                   
>                                                    |
>   |       cc:       help-cfengine@gnu.org                                     
>                                                    |
>   |       Subject:  Re: authentication errors.                                
>                                                    |
>   
> >------------------------------------------------------------------------------------------------------------------------------|
> 
> 
> 
> 
> Hi Kelly.
> 
> Rund cfservd / cfagent with -d2 to see the detailed reason for the
> rejection.
> 
> M
> 
> On Fri, 2005-04-22 at 09:58 -0700, Kelly Brown wrote:
> > Hello all:
> >
> > I'm getting some authentication errors every time a client contacts
> > cfservd.  However, everything works ok.  I would like to make the errors
> > go away if they don't mean anything.  It may be related to the fact that
> > I have 3 different domains.  Any ideas?
> >
> > Apr 22 09:53:09 cfserver cfservd[17097]:  lstat
> > Apr 22 09:53:09 cfserver cfservd[17097]: Host
> > authorization/authentication failed or access denied
> > Apr 22 09:53:09 cfserver cfservd[17097]: From
> > (host=cfclient.colo.mydomain.com,user=root,ip=::ffff:10.9.1.158)
> >
> >
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> 
> 
> 
> 
> This  message,together  with  any  attachments, is
> intended only for the use of the individual or entity
> to which it is addressed. It may contain information
> that is confidential and prohibited from disclosure.
> If you are not the intended recipient, you are hereby
> notified that  any dissemination  or copying of this
> message or any attachment is strictly prohibited. If
> you have received this message in error, please notify
> the  original  sender immediately by telephone or by
> return e-mail and delete this message, along with any
> attachments, from your computer.  Thank you.
> 
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
-- 
Christian Pearce
http://www.sysnav.com
http://www.commnav.com
http://www.perfectorder.com

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

Re: authentication errors., (continued)
- Re: authentication errors., Mark Burgess, 2005/04/22
  - Re: authentication errors. turns into single copy question, Kelly Brown, 2005/04/22
    - Re: authentication errors. turns into single copy question, Brendan Strejcek, 2005/04/22
    - Re: authentication errors. turns into single copy question, Kelly Brown, 2005/04/22
    - Re: authentication errors. turns into single copy question, Mark . Burgess, 2005/04/22
    - Re: authentication errors. turns into single copy question, Brendan Strejcek, 2005/04/22
    - Re: authentication errors. turns into single copy question, Eric Sorenson, 2005/04/22
    - Re: authentication errors. turns into single copy question, Kelly Brown, 2005/04/22
    - Re: authentication errors. turns into single copy question, Brendan Strejcek, 2005/04/22
- Re: authentication errors., Russell . Conner, 2005/04/22
  - Re: authentication errors., Christian Pearce <=
- Re: authentication errors., Russell . Conner, 2005/04/22
  - Re: authentication errors., Christian Pearce, 2005/04/22
    - Re: authentication errors., Wil Cooley, 2005/04/22
    - Re: authentication errors., Christian Pearce, 2005/04/22
- Re: authentication errors., Russell . Conner, 2005/04/22

Prev by Date: Re: [address@hidden: Questionaire Cfengine questionnaire]
Next by Date: Re: authentication errors.
Previous by thread: Re: authentication errors.
Next by thread: Re: authentication errors.
Index(es):
- Date
- Thread