-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm still having real trouble with this and don't know where to go from here. Can anyone suggest a direction for me?
- -alex On Apr 8, 2005, at 10:22 AM, Alex Lovell-Troy wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have an error somewhere in my setup with cfrun, but I can't find it. Can someone point me in the right direction? The pertinent error is "User root is not allowed on this server" on the client system with cfservd run at a level of -d2.
- -alex
- --FILES--
cfservd.conf
control:
classes:: domain = ( lbt.as.arizona.edu ) cfrunCommand = ( /var/cfengine/bin/cfagent ) MaxConnections = ( 20 ) ChecksumDatabase = ( /var/cfengine/Checksums.db ) AllowConnectionsFrom = ( 10.144.0.0/24 ) TrustKeysFrom = ( 10.144.0.0/24 ) DynamicAddresses = ( 10.144.0.0-200 ) AllowMultipleConnectionsFrom = ( 10.144.0.0/24 ) AllowUsers = ( root alovell sulovell ) HostnameKeys = ( off ) LogAllConnections = ( true ) admit: /opt/admin/ 10.144.0.1/24 /var/cfengine/linux 10.144.0.1/24 /var/cfengine/ 10.144.0.1/24 /var/cfengine/bin 10.144.0.1/24 /var/cfengine/scripts 10.144.0.1/24
cfrun.hosts
domain=lbt.as.arizona.edu access=root lbtmu105
- --OUTPUT--
- --server--
cfrun(0): .......... [ Hailing lbtmu105.lbt.as.arizona.edu ] ..........
Connecting to server lbtmu105.lbt.as.arizona.edu to port 0 with options
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub
Connect to lbtmu105.lbt.as.arizona.edu = 10.144.0.105 on port cfengine
Updating last-seen time for lbtmu105.lbt.as.arizona.edu
Loaded /var/cfengine/ppkeys/root-10.144.0.105.pub
>
cfrun:fileserver.as.lbt.arizona.edu: Strong authentication of server=lbtmu105.lbt.as.arizona.edu connection confirmed
lbtmu105.lbt.as.arizona.edu replies..
Host authentication failed. Did you forget the domain name or IP/ DNS address registration (for ipv4 or ipv6)? cfrun:fileserver.as.lbt.arizona.edu: Couldn't recv
cfrun:fileserver.as.lbt.arizona.edu: recv
Connection with lbtmu105.lbt.as.arizona.edu completed
- --client--
OptionIs(server,HostnameKeys,1)
GetMacroValue(server,HostnameKeys)
Havekey(root-10.144.0.2)
Loaded /var/cfengine/ppkeys/root-10.144.0.2.pub
A public key was already known from fileserver.lbt.as.arizona.edu/ 10.144.0.2 - no trust required
Adding IP 10.144.0.2 to SkipVerify - no need to check this if we have a key
Prepending [10.144.0.2]
The public key identity was confirmed as [EMAIL PROTECTED]
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
Attempting to send 264 bytes
SendSocketStream, sent 264
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
(Concatenated 16 from stream)
cfservd: Strong authentication of client fileserver.lbt.as.arizona.edu/10.144.0.2 achieved
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
(Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
(Concatenated 6 from stream)
Received: [EXEC ] on socket 5
User root is not allowed on this server
cfservd: Host authorization/authentication failed or access denied
Transaction Send[t 114][Packed text]
Attempting to send 122 bytes
SendSocketStream, sent 122
cfservd: From (host=fileserver.lbt.as.arizona.edu,user=root,ip=10.144.0.2)
Terminating thread...
***Closing socket 5 from 10.144.0.2
Deleted item 10.144.0.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFCVr3ndmWtRNAkjzERAjiQAJ45tUduVJcufdtxEJ2eQMW/ycDKnwCfTaOr u1ZDBQpx8/brA5fPo98rEUE= =YkMw -----END PGP SIGNATURE-----
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCeUK/dmWtRNAkjzERApOsAJ42BBA0ovLEf2iN9bafVJyPJeVEbgCdE2Hg jJgVKqWclTqSbFWYZbP21cY= =gztf -----END PGP SIGNATURE-----
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
