did you restart the nrpe service/daemon on the client after modifying the allowed hosts parameter? -- Groeten, J.Asenjo
On Wed, Dec 16, 2009 at 1:32 AM, shacky <[email protected]> wrote: > Hi. > > I installed the check_nrpe plugin on the Nagios server and NRPE > running as daemon on the host I have to monitor, both compiled with > SSL support and the dh.h file created and saved in the include/ > directory on the NRPE host. > > [r...@monitored-host ~]# /opt/nrpe/bin/nrpe > NRPE - Nagios Remote Plugin Executor > Copyright (c) 1999-2008 Ethan Galstad ([email protected]) > Version: 2.12 > Last Modified: 03-10-2008 > License: GPL v2 with exemptions (-l for more info) > SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required > TCP Wrappers Available > > nagios-server:/# /usr/local/nagios/libexec/check_nrpe > Incorrect command line arguments supplied > NRPE Plugin for Nagios > Copyright (c) 1999-2008 Ethan Galstad ([email protected]) > Version: 2.12 > Last Modified: 03-10-2008 > License: GPL v2 with exemptions (-l for more info) > SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required > > The IP address of the Nagios server is specified in the > "allowed_hosts" declaration in the nrpe.cfg file: > > [r...@monitored-host ~]# grep allowed_hosts /opt/nrpe/etc/nrpe.cfg > allowed_hosts=192.168.10.250 > > The problem is that if I try to execute the check_nrpe command to test > the NRPE daemon on the monitored host, I receive this error: > > nagios-server:/# /usr/local/nagios/libexec/check_nrpe -H 192.168.10.18 > CHECK_NRPE: Error - Could not complete SSL handshake. > > On the monitored host I see that the IP address of the Nagios server > is allowed and then refused: > > [r...@monitored-host ~]# tail /var/log/messages > Dec 16 01:24:27 monitored-host nrpe[25047]: INFO: SSL/TLS initialized. > All network traffic will be encrypted. > Dec 16 01:24:27 monitored-host nrpe[25048]: Starting up daemon > Dec 16 01:24:27 monitored-host nrpe[25048]: Warning: Daemon is > configured to accept command arguments from clients! > Dec 16 01:24:27 monitored-host nrpe[25048]: Listening for connections > on port 5666 > Dec 16 01:24:27 monitored-host nrpe[25048]: Allowing connections from: > 192.168.10.250 > Dec 16 01:27:01 monitored-host nrpe[25063]: refused connect from > 192.168.10.250 (192.168.10.250) > > What is the problem? > It is not a firewall problem because the connection works, and it does > not seems to be a SSL related problem because it does not work even if > I try the check command disabling SSL with -n (and the NRPE daemon > runned with -n also), and it is quite curious to have two opposite log > messages. > > Could you help me please? I worked all the afternoon trying to let it > work, but it does not work... > > Thank you very much!! > Bye. > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Nagios-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
