Forum: Cfengine Help Subject: Re: List expansion in access rules Author: JarleB Link to topic: https://cfengine.com/forum/read.php?3,17585,17596#msg-17596
3 differences from our setup. [*] the var bundle is in a different file. [*] the client_networks slist contains more than 1 entry [*] the connecting client comes from the outside. (Not localhost) cf-serverd typically says cf3 Spawning new thread... cf3 -> No new promises found cf3 -> Waiting at incoming select... cf3 Received: on socket 4 cf3 Allowing 129.240.203.163 to connect without (re)checking ID cf3 Non-verified Host ID is ubuntu-test-jb.uio.no (Using skipverify) cf3 Non-verified User ID seems to be root (Using skipverify) cf3 LastSaw host ubuntu-test-jb.uio.no now cf3 Received: on socket 4 cf3 Saving public key /var/cfengine/ppkeys/root-129.240.203.163.pub cf3 Strong authentication of client ubuntu-test-jb.uio.no/::ffff:129.240.203.163 achieved cf3 Received: on socket 4 cf3 Host ubuntu-test-jb.uio.no denied access to /usit/cfengine-prod01/site/cfengine/dev/stage/repo/ubuntu-lucid-apt-conf cf3 Access control in sync cf3 From (host=ubuntu-test-jb.uio.no,user=root,ip=::ffff:129.240.203.163) cf3 REFUSAL of request from connecting host: (SYNCH 1277310002 STAT /site/cfengine/dev/stage/repo/ubuntu-lucid-apt-conf) cf3 -> Accepting a connection cf3 Accepting connection from ::ffff:129.240.203.163 cf3 New connection...(from ::ffff:129.240.203.163/4) cf3 Spawning new thread... cf3 -> No new promises found cf3 -> Waiting at incoming select... cf3 Received: on socket 4 cf3 Allowing 129.240.203.163 to connect without (re)checking ID cf3 Non-verified Host ID is ubuntu-test-jb.uio.no (Using skipverify) cf3 Non-verified User ID seems to be root (Using skipverify) cf3 LastSaw host ubuntu-test-jb.uio.no now cf3 Received: on socket 4 cf3 Saving public key /var/cfengine/ppkeys/root-129.240.203.163.pub cf3 Strong authentication of client ubuntu-test-jb.uio.no/::ffff:129.240.203.163 achieved cf3 Received: on socket 4 cf3 Host ubuntu-test-jb.uio.no denied access to /usit/cfengine-prod01/site/cfengine/dev/stage/repo/ubuntu-cfengine-initscript cf3 Access control in sync cf3 From (host=ubuntu-test-jb.uio.no,user=root,ip=::ffff:129.240.203.163) cf3 REFUSAL of request from connecting host: (SYNCH 1277310002 STAT /site/cfengine/dev/stage/repo/ubuntu-cfengine-initscript) cf3 -> No new promises found cf3 -> Waiting at incoming select... cf3 -> No new promises found Is there a way to watch how cf-serverd expands the access rules ? It does not report that in the same way as the server control promises (about name verification and so on) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
