This looks like the hostname problem that keeps cropping up. The CN of your primary certificate (the one created at the end of the vsd-mkca command and stored under /etc/vsd/ssl.crt/<hostname>.crt) must match the name of your host server as returned by the 'hostname' shell command, in your case orion. This must also match the 'loopback name' which consists of the first virtual server entry in /etc/vsd/vsd.conf (again orion) and refers to a location (/home/vsd/vs/orion) which must symlink back to /. If all these match up the the following code:
gethostname (host, hslen); he = gethostbyname (host); used in vsd to determine your hostname is managing to return something other than orion. This could be due to the order in which entries appear in your /etc/hosts file... Tim > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Garner > Sent: 14 November 2001 03:15 > To: freevsd-support > Subject: error: -ERR Access denied > > > Hi, > > I'm stuck -- I'm working through the INSTALL doc but I can't get vs_create > to work. Keeps giving me "access denied". Any tips for > troubleshooting this? > > [root@orion /vsd]# svsdadm vs_create orion blues 192.168.0.150 blues.co.nz > 200 0 5 gold > error: -ERR Access denied > > [root@orion /vsd]# > > I've done vsd-mkca successfully, it created the certs under /etc/vsd so I > can't really see what the problem could be. Here's an excerpt from the > vsd.log: > > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL certificate verification: > ok: 1, depth: 1, subject: /C=NZ/ST=New > Zealand/L=Hamilton/O=Quattro Internet > Services/OU=VSD CA/CN=orion, issuer: /C=NZ/ST=New > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL certificate verification: > ok: 1, depth: 0, subject: /C=NZ/ST=New Zealand/O=Quattro Internet > Services/OU=VSD CA/CN=orion, issuer: /C=NZ/ST=New > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL connection using > DES-CBC3-MD5 > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: client certificate: > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: subject: /C=NZ/ST=New > Zealand/O=Quattro Internet Services/OU=VSD CA/CN=orion > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: found cn: orion > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: issuer: /C=NZ/ST=New > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: +OK freevsd > Virtual Server > Administrator orion v1.4.10 ready > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: orion { > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: VS_CREATE blues > 192.168.0.150 blues.co.nz 200 0 5 gold > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: } > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: EOF > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: certificate CN (orion), level > (4), request (orion) received > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: orion { > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: VS_CREATE { > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: -ERR Access denied > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: } > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: } > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: EOF > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: +OK freevsd signing off > > > As stated before, I'm using 1.4.10 compiled from source under Red Hat 7.2, > which I guess is not an officially supported config. Any suggestions > appreciated. > > Cheers, > > Simon > > ------------------------- The freeVSD Support List > -------------------------- > Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support > Unsubscribe: > mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support > Archives: http://freevsd.org/support/mail-archives/freevsd-support > ------------------------------------------------------------------ > ----------- ------------------------- The freeVSD Support List -------------------------- Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support Archives: http://freevsd.org/support/mail-archives/freevsd-support -----------------------------------------------------------------------------
