I know this sounds stupid, but did you make sure you stop and started the cfservd server? I make that mistake from time to time.
On Mon, 2005-06-13 at 21:50 +0200, Morten Werner Olsen wrote: > forwarded 312647 [email protected] > thanks > > Hi, > > here is another bug report from one of our Debian users. > > > - Werner > > ----- Forwarded message from Sven Marnach <[EMAIL PROTECTED]> ----- > > Date: Thu, 09 Jun 2005 13:26:26 +0200 > To: Debian Bug Tracking System <[EMAIL PROTECTED]> > From: Sven Marnach <[EMAIL PROTECTED]> > Subject: Bug#312647: cfengine2: Host authentication fails after update > from 2.1.13 > Reply-To: Sven Marnach <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > Package: cfengine2 > Version: 2.1.14-1 > Severity: important > > After upgrading all the machines in a small cluster to version 2.1.14-1, the > nodes could still successfully authenticate themselves to the master. > > The nodes do a complete reinstall from a local mirror each time they boot. > They fetch their cfengine key pairs via tftp and try to run cfagent to fetch > some basic configuration. This step failed after upgrading cfengine to > 2.1.14-1, so the nodes couldn't reboot anymore. > > cfservd prints the following message to the syslog: > > Jun 3 01:49:53 master1 cfservd[3787]: Accepting connection from > ::ffff:192.168.2.107 > Jun 3 01:49:53 master1 cfservd[3787]: Private decrypt failed = padding > check failed > Jun 3 01:49:53 master1 cfservd[3787]: Host authorization/authentication > failed or access denied > Jun 3 01:49:53 master1 cfservd[3787]: From > (host=node07.cluster,user=root,ip=::ffff:192.168.2.107) > Jun 3 01:49:57 node07 clinitrd: panic: Could not execute 'inroot cfagent -v > --no-lock -D install'. > > (the last line shows the cfagent command line) > > I know there was a change in the encrytion protocol that prevents new > clients from talking to old servers, but I upgraded all machines. > > I also tried to regenerate all the keys, but that didn't work either. After > reverting to 2.1.13 everything worked fine. > > I'm lacking the time to track down this bug properly and hope this report > may help anyway. > > Greetings, > Sven > > -- System Information: > [stripped -- this computer doesn't even have cfengine installed...] > > > > ----- End forwarded message ----- > > > _______________________________________________ > Bug-cfengine mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/bug-cfengine -- Christian Pearce http://www.sysnav.com http://www.commnav.com http://www.perfectorder.com
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Bug-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-cfengine
