Hi Tim, Thanks, I thought that may have been the problem as I noticed it was using different names in different places :(
The cert is being created for the machine's short host name 'orion' while /bin/hostname returns, and the vsd loopback is configured with, the machine's FQDN 'orion.quattro.net.nz'. My understanding is that the normal behaviour for /bin/hostname is to return the FQDN, so the problem is with vsd-mkca using the short name instead? Okay, I just changed my /etc/hosts to read <ip> <fqdn> <shortname> instead of <ip> <shortname> <fqdn> and vsd-mkca now creates the cert with the FQDN, and vs_create works perfectly! Thanks for your help, Simon ----- Original Message ----- From: "Tim Sellar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 15, 2001 8:34 AM Subject: RE: error: -ERR Access denied > This looks like the hostname problem that keeps cropping up. The CN of your > primary certificate (the one created at the end of the vsd-mkca command and > stored under /etc/vsd/ssl.crt/<hostname>.crt) must match the name of your > host server as returned by the 'hostname' shell command, in your case orion. > This must also match the 'loopback name' which consists of the first virtual > server entry in /etc/vsd/vsd.conf (again orion) and refers to a location > (/home/vsd/vs/orion) which must symlink back to /. If all these match up the > the following code: > > gethostname (host, hslen); > he = gethostbyname (host); > > used in vsd to determine your hostname is managing to return something other > than orion. This could be due to the order in which entries appear in your > /etc/hosts file... > > Tim > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Garner > > Sent: 14 November 2001 03:15 > > To: freevsd-support > > Subject: error: -ERR Access denied > > > > > > Hi, > > > > I'm stuck -- I'm working through the INSTALL doc but I can't get vs_create > > to work. Keeps giving me "access denied". Any tips for > > troubleshooting this? > > > > [root@orion /vsd]# svsdadm vs_create orion blues 192.168.0.150 blues.co.nz > > 200 0 5 gold > > error: -ERR Access denied > > > > [root@orion /vsd]# > > > > I've done vsd-mkca successfully, it created the certs under /etc/vsd so I > > can't really see what the problem could be. Here's an excerpt from the > > vsd.log: > > > > > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL certificate verification: > > ok: 1, depth: 1, subject: /C=NZ/ST=New > > Zealand/L=Hamilton/O=Quattro Internet > > Services/OU=VSD CA/CN=orion, issuer: /C=NZ/ST=New > > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL certificate verification: > > ok: 1, depth: 0, subject: /C=NZ/ST=New Zealand/O=Quattro Internet > > Services/OU=VSD CA/CN=orion, issuer: /C=NZ/ST=New > > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: SSL connection using > > DES-CBC3-MD5 > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: client certificate: > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: subject: /C=NZ/ST=New > > Zealand/O=Quattro Internet Services/OU=VSD CA/CN=orion > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: found cn: orion > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: issuer: /C=NZ/ST=New > > Zealand/L=Hamilton/O=Quattro Internet Services/OU=VSD CA/CN=orion > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: +OK freevsd > > Virtual Server > > Administrator orion v1.4.10 ready > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: orion { > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: VS_CREATE blues > > 192.168.0.150 blues.co.nz 200 0 5 gold > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: } > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: in: EOF > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: certificate CN (orion), level > > (4), request (orion) received > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: orion { > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: VS_CREATE { > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: -ERR Access denied > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: } > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: } > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: EOF > > Nov 14 15:49:53 orion /usr/sbin/svsd[1164]: out: +OK freevsd signing off > > > > > > As stated before, I'm using 1.4.10 compiled from source under Red Hat 7.2, > > which I guess is not an officially supported config. Any suggestions > > appreciated. > > > > Cheers, > > > > Simon > > > > ------------------------- The freeVSD Support List > > -------------------------- > > Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support > > Unsubscribe: > > mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support > > Archives: http://freevsd.org/support/mail-archives/freevsd-support > > ------------------------------------------------------------------ > > ----------- > > ------------------------- The freeVSD Support List -------------------------- > Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support > Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support > Archives: http://freevsd.org/support/mail-archives/freevsd-support > -------------------------------------------------------------------------- --- ------------------------- The freeVSD Support List -------------------------- Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support Archives: http://freevsd.org/support/mail-archives/freevsd-support -----------------------------------------------------------------------------
