help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun question


From: Alex Lovell-Troy
Subject: Re: cfrun question
Date: Wed, 4 May 2005 14:46:39 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm still having real trouble with this and don't know where to go from here. Can anyone suggest a direction for me?

- -alex
On Apr 8, 2005, at 10:22 AM, Alex Lovell-Troy wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have an error somewhere in my setup with cfrun, but I can't find it. Can someone point me in the right direction? The pertinent error is "User root is not allowed on this server" on the client system with cfservd run at a level of -d2.

- -alex

- --FILES--

cfservd.conf

control:

        classes::
                domain = ( lbt.as.arizona.edu )
                cfrunCommand = ( /var/cfengine/bin/cfagent )
                MaxConnections = ( 20 )
                ChecksumDatabase = ( /var/cfengine/Checksums.db )
                AllowConnectionsFrom = ( 10.144.0.0/24 )
                TrustKeysFrom = ( 10.144.0.0/24 )
                DynamicAddresses = ( 10.144.0.0-200 )
                AllowMultipleConnectionsFrom = ( 10.144.0.0/24 )
                AllowUsers = ( root alovell sulovell )
                HostnameKeys = ( off )
                LogAllConnections = ( true )
        admit:
                /opt/admin/             10.144.0.1/24
                /var/cfengine/linux     10.144.0.1/24
                /var/cfengine/          10.144.0.1/24
                /var/cfengine/bin       10.144.0.1/24
                /var/cfengine/scripts   10.144.0.1/24


cfrun.hosts

domain=lbt.as.arizona.edu
access=root
lbtmu105


- --OUTPUT--


- --server--
cfrun(0): .......... [ Hailing lbtmu105.lbt.as.arizona.edu ] .......... Connecting to server lbtmu105.lbt.as.arizona.edu to port 0 with options
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub
Connect to lbtmu105.lbt.as.arizona.edu = 10.144.0.105 on port cfengine
Updating last-seen time for lbtmu105.lbt.as.arizona.edu
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub

 >
cfrun:fileserver.as.lbt.arizona.edu: Strong authentication of server=lbtmu105.lbt.as.arizona.edu connection confirmed
lbtmu105.lbt.as.arizona.edu replies..

Host authentication failed. Did you forget the domain name or IP/ DNS address registration (for ipv4 or ipv6)? cfrun:fileserver.as.lbt.arizona.edu: Couldn't recv
cfrun:fileserver.as.lbt.arizona.edu: recv
Connection with lbtmu105.lbt.as.arizona.edu completed

- --client--

OptionIs(server,HostnameKeys,1)
GetMacroValue(server,HostnameKeys)
Havekey(root-10.144.0.2)
Loaded /var/cfengine/ppkeys/root-10.144.0.2.pub
A public key was already known from fileserver.lbt.as.arizona.edu/ 10.144.0.2 - no trust required Adding IP 10.144.0.2 to SkipVerify - no need to check this if we have a key
Prepending [10.144.0.2]
The public key identity was confirmed as address@hidden
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
Attempting to send 264 bytes
SendSocketStream, sent 264
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
cfservd: Strong authentication of client fileserver.lbt.as.arizona.edu/10.144.0.2 achieved
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
    (Concatenated 6 from stream)
Received: [EXEC  ] on socket 5
User root is not allowed on this server
cfservd: Host authorization/authentication failed or access denied
Transaction Send[t 114][Packed text]
Attempting to send 122 bytes
SendSocketStream, sent 122
cfservd: From (host=fileserver.lbt.as.arizona.edu,user=root,ip=10.144.0.2)
Terminating thread...
***Closing socket 5 from 10.144.0.2
Deleted item 10.144.0.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFCVr3ndmWtRNAkjzERAjiQAJ45tUduVJcufdtxEJ2eQMW/ycDKnwCfTaOr
u1ZDBQpx8/brA5fPo98rEUE=
=YkMw
-----END PGP SIGNATURE-----



_______________________________________________
Help-cfengine mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/help-cfengine



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCeUK/dmWtRNAkjzERApOsAJ42BBA0ovLEf2iN9bafVJyPJeVEbgCdE2Hg
jJgVKqWclTqSbFWYZbP21cY=
=gztf
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]