Josh Greenberg wrote: > I'm new to cfengine and I can't seem to get the clients to pull down the > master config files. I have set the policyhost and master_cfinput > variables in the update.conf file and I put update.conf and cfservd.conf > in the master_cfinput directories but when I run cfagent on a client I > get the following error: > > cfengine:<client>: BAD: key could not be accepted on trust > cfengine:<client>: Authentication dialogue with <policyhost> failed > cfengine:<client>: Unable to establish connection with <policyhost> > (failover) > > It looks like there is a problem with the keys. I generated keys on the > server and client but now I'm not sure what to do with them and the docs > don't seem to help at all. I know how ssh keys work. Is it similar to > that? Do I need to put the client key into a file on the server so it > can connect? Also, should I be putting the cfagent.conf file in the > master_cfinput directory to be pushed down? I'm running 2.1.20. Thanks, > in advance, for any help. > > Josh > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > http://cfengine.org/mailman/listinfo/help-cfengine
Josh - unlikely that there is anything wrong with the keys, most likely with the authentication. Connection rights in cfservd (AllowConnectionsFrom) Trustkey = true (cfservd and cfagent) Admit access control rules on file object The trustkey matter is the most likely explanation. Use -d2 on both sides to debug the connection. M -- Mark Burgess Professor of Network and System Administration Oslo University College ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Work: +47 22453272 Email: [EMAIL PROTECTED] Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
