[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfservd: Private decrypt failed = block type is not 02
From: |
Christian Pearce |
Subject: |
Re: cfservd: Private decrypt failed = block type is not 02 |
Date: |
Wed, 18 May 2005 15:31:15 -0400 (EDT) |
This seems to be a different issue. I have the same exact
problem. I need to do a gdb and get Mark a backtrace. I was at a
client site doing and eval and this was killing me.
--
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com
---------Original Message----------
I've found that this fixes it:
root@server -> rm /var/cfengine/ppkeys/root-*
root@client -> rm /var/cfengine/ppkeys/*
root@client -> /usr/sbin/cfkey
root@client -> cfagent -q -K; cfagent -q -K
Does anyone know why this happened? This is a new cfengine server
that
I'm migrating all of our hosts over to - doing this now with 15
hosts
isn't too bad - soon with 300, it could be a nag.
Interestingly, I have to run cfagent twice as the first time it
segfaults. I've got an strace dump if anyone wants to take a
look.
Best,
Erik.
Erik Williamson wrote:
Hi All,
Server & clients are i386 running RHEL 4 / running Dag Wieers'
cfengine 2.1.14. All machines are at the same patchlevel.
I brought the server down yesterday to add more memory, and
upgrade the kernel (2.6.9-5.0.3 -> 2.6.9-5.0.5)
Now clients are getting this error (we all know this one!):
cfengine:gx280test: Authentication dialogue with
asa.cpsc.ucalgary.ca failed
cfengine:gx280test: Unable to establish connection with
asa.cpsc.ucalgary.ca (failover)
cfengine:gx280test: BAD: Host authentication failed. Did you
forget the domain name or IP/DNS address registration (for ipv4
or ipv6)?
(Everything was working so well beforehand)
Server logs show:
May 18 08:33:36 asa cfservd[5547]: Host
authorization/authentication failed or access denied
May 18 08:33:36 asa cfservd[5547]: From
(host=gx280test.cpsc.ucalgary.ca,user=root,ip=10.1.2.20)
May 18 08:33:36 asa cfservd[5547]: ID from connecting host:
(SAUTH y 256 37)
May 18 08:33:36 asa cfservd[5547]: Private decrypt failed =
block type is not 02
When running the server with -d2, this is all I can see that is
'Interesting':
RecvSocketStream(280)
(Concatenated 280 from stream)
Received: [SAUTH y 256 37] on socket 5
Challenge encryption = y, nonce = 37, buf = 256
cfservd: Private decrypt failed = padding check failed
Transaction Send[t 114][Packed text]
Attempting to send 122 bytes
I saw there was an earlier thread on this some time ago
(http://lists.gnu.org/archive/html/help-cfengine/2003-01/msg00125.html),
but the problem was fixed.
If it's any help, when the server first rebooted it reverted to
using the tg3 driver for it's nic, and is now back using bcm5700
(You never know if that will help)
Has anyone seen this? If there's more information I can provide,
please let me know.
Thanks for the help!
Erik.
--
e r i k w i l l i a m s o n
erik@cpsc.ucalgary.ca
system admin . department of computer science . university of
calgary
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine