Re: [Kea-users] Kea HA Heartbeat Failure

Thu, 26 Jan 2023 22:16:03 -0800 

Hi Rick,
I was using the terms "key" and "password" interchangeably (after all, practically they perform the same function) - sorry for the confusion  :-) 

Yeah, both servers have the same username and password.


We did as you suggested and, without the authentication, the 
ha-heartbeat went through. After doing some further research we enabled 
the kea-ctrl-agent.auth logger,  re-engaed authentication on 
kea-ctrl-agent, and received the following log error:



2023-01-27 17:03:47.601 INFO [kea-ctrl-agent.auth/16262.140275659275264] 
HTTP_CLIENT_REQUEST_NO_AUTH_HEADER received HTTP request without 
required authentication header



So now I have to ask is there some config setting to enable the 
ha-heatbeat to send the required authentication header - because I've 
been through the doco and the sample config files and I can't find 
anything - apart from the relevant config info in the 
kea-ctrl-agent.conf file, but nothing in the kea-dhcp4.conf file under 
the hooks-libraries->ha config entries (or elsewhere, for that matter).


What have we missed?  :-)

Cheers

Dulux-Oz

On 27/01/2023 01:25, Frey, Rick E via Kea-users wrote:



The error “Unauthorized, error code 1” indicates that basic 
authentication if failing between the control agent and dhcp server.  
Not sure of additional log error “communication with kea_dhcp_2 is 
interrupted”.  When I test my setup with purposely bad password, I do 
not see that log message.



You mention “keactrl is using a basic authentication with pre-shared 
key”.  Per docs, I believe Kea currently only supports using basic 
authentication with username and password.  You may want to verify 
that your control agent and partner dhcp server are configured with 
same username/password .   If nothing else, you could disable/remove 
authentication directives to verify heartbeat successful outside of 
authentication.

-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-users






















					Reply via email to