-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have an error somewhere in my setup with cfrun, but I can't find
it. Can someone point me in the right direction? The pertinent
error is "User root is not allowed on this server" on the client
system with cfservd run at a level of -d2.
- -alex
- --FILES--
cfservd.conf
control:
classes::
domain = ( lbt.as.arizona.edu )
cfrunCommand = ( /var/cfengine/bin/cfagent )
MaxConnections = ( 20 )
ChecksumDatabase = ( /var/cfengine/Checksums.db )
AllowConnectionsFrom = ( 10.144.0.0/24 )
TrustKeysFrom = ( 10.144.0.0/24 )
DynamicAddresses = ( 10.144.0.0-200 )
AllowMultipleConnectionsFrom = ( 10.144.0.0/24 )
AllowUsers = ( root alovell sulovell )
HostnameKeys = ( off )
LogAllConnections = ( true )
admit:
/opt/admin/ 10.144.0.1/24
/var/cfengine/linux 10.144.0.1/24
/var/cfengine/ 10.144.0.1/24
/var/cfengine/bin 10.144.0.1/24
/var/cfengine/scripts 10.144.0.1/24
cfrun.hosts
domain=lbt.as.arizona.edu
access=root
lbtmu105
- --OUTPUT--
- --server--
cfrun(0): .......... [ Hailing
lbtmu105.lbt.as.arizona.edu ] ..........
Connecting to server lbtmu105.lbt.as.arizona.edu to port 0 with
options
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub
Connect to lbtmu105.lbt.as.arizona.edu = 10.144.0.105 on port cfengine
Updating last-seen time for lbtmu105.lbt.as.arizona.edu
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub
>
cfrun:fileserver.as.lbt.arizona.edu: Strong authentication of
server=lbtmu105.lbt.as.arizona.edu connection confirmed
lbtmu105.lbt.as.arizona.edu replies..
Host authentication failed. Did you forget the domain name or IP/
DNS address registration (for ipv4 or ipv6)?
cfrun:fileserver.as.lbt.arizona.edu: Couldn't recv
cfrun:fileserver.as.lbt.arizona.edu: recv
Connection with lbtmu105.lbt.as.arizona.edu completed
- --client--
OptionIs(server,HostnameKeys,1)
GetMacroValue(server,HostnameKeys)
Havekey(root-10.144.0.2)
Loaded /var/cfengine/ppkeys/root-10.144.0.2.pub
A public key was already known from fileserver.lbt.as.arizona.edu/
10.144.0.2 - no trust required
Adding IP 10.144.0.2 to SkipVerify - no need to check this if we
have a key
Prepending [10.144.0.2]
The public key identity was confirmed as
root@fileserver.lbt.as.arizona.edu
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
Attempting to send 264 bytes
SendSocketStream, sent 264
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
(Concatenated 16 from stream)
cfservd: Strong authentication of client
fileserver.lbt.as.arizona.edu/10.144.0.2 achieved
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
(Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
(Concatenated 6 from stream)
Received: [EXEC ] on socket 5
User root is not allowed on this server
cfservd: Host authorization/authentication failed or access denied
Transaction Send[t 114][Packed text]
Attempting to send 122 bytes
SendSocketStream, sent 122
cfservd: From
(host=fileserver.lbt.as.arizona.edu,user=root,ip=10.144.0.2)
Terminating thread...
***Closing socket 5 from 10.144.0.2
Deleted item 10.144.0.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFCVr3ndmWtRNAkjzERAjiQAJ45tUduVJcufdtxEJ2eQMW/ycDKnwCfTaOr
u1ZDBQpx8/brA5fPo98rEUE=
=YkMw
-----END PGP SIGNATURE-----
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine