Shouldn't pose a problem. But if you run cfservd -v it gives you the "reason" why it isn't working. Until you do this I can't really help.
On 2/22/06, Josh Hurd <[EMAIL PROTECTED]> wrote: > > > Actually what I am really trying to do is operate cfe from one server and > conect to clients on different domains. > Can someone help with this? > > Josh > > _____________________________________________ > From: Josh Hurd > Sent: Wednesday, February 22, 2006 12:29 PM > To: Cfengine Mailing List Help > Subject: Can't get a client to authorize? > > > I am seeing this error when I run cfagent on a new client I just built. I > am stumped. Can someone help me understand this? > > Denying connection from non-authorized IP 10.12.1.77 > > My update.conf: > > > # update.conf 2/15/05 Dougc > groups: > sea1_dc_digimine_com = ( IPRange(192.168.0.0/16) IPRange(10.254.0.0/16) > IPRange(10.1.0.0/16) ) > qa_dmtest_com = ( IPRange(172.16.0.0/16) IPRange(10.12.0.0/16) ) > sb_dmtest_com = ( IPRange(172.16.0.0/16) IPRange(10.12.0.0/16) ) > > control: > sea1_dc_digimine_com:: > domain = ( sea1.dc.digimine.com ) > server = ( sea1-util01 ) > qa_dmtest_com:: > domain = ( qa.dmtest.com ) > server = ( qa-util01 ) > sb_dmtest_com:: > domain = ( sb.dmtest.com ) > server = ( sea1-util01 ) > > any:: > actionsequence = ( copy files ) > workdir = ( /var/cfengine ) > configroot = ( /var/cfengine/master/inputs ) > SplayTime = ( 35 ) > > copy: > any:: > "$(configroot)" dest=$(workdir)/inputs > mode=664 > owner=rsiadmin > include=*.conf > type=binary > recurse=inf > trustkey=true > server=$(server) > files: > any:: > "$(workdir)/inputs/" > mode=664 > owner=rsiadmin > group=rsiadmin > action=fixall > recurse=inf > > > > My cfservd.conf: > > # $Header: /cfengine/Production/cfservd.conf 3 2/03/05 > 10:47 JeffreyC $ > control: > any:: > domain = ( sea1.dc.digimine.com sb.dmtest.com ) > server = ( sea1-util01 ) > TrustKeysFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 10.12.0.0/16 ) > AllowConnectionsFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0 10.12.0.0/16 ) > TrustKeysFrom = ( 127.0.0.1 10.1 192.168 10.254 10.12.0.0/16 ) > AllowConnectionsFrom = ( 127.0.0.1 10.1 192.168 10.254 10.12.0.0/16 ) > SkipVerify = ( 10.1 10.12 ) > AllowUsers = ( root ) > cfrunCommand = ( "/usr/sbin/cfexecd -F" ) > HostnameKeys = ( off ) > > sea1_util01:: > MaxConnections = ( 20 ) > > > admit: > sea1_dc_digimine_com:: > /var/cfengine/master 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 > /usr/sbin/cfagent 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 > /usr/sbin/cfexecd 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 > sb_dmtest_com:: > /var/cfengine/master 10.12.0.0/16 > /usr/sbin/cfagent 10.12.0.0/16 > /usr/sbin/cfexecd 10.12.0.0/16 > > sea1_util01:: > /var/ftp/pub/linux 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 10.12.0.0/16 > /mnt/rsi/logs02/Network/ExtractFiles 192.168.0.0/16 > 127.0.0.1/32 10.254.0.0/16 10.1.30.0/24 10.12.0.0/16 > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@gnu.org > http://lists.gnu.org/mailman/listinfo/help-cfengine > > > -- Christian Pearce _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
