Ok. Problem figured out. The Landmark had the IP address in it. So it requested to go back to a region by IP that would cause a compare of the fully qualified domain name with the IP address. Which would fail like it should because there is no DNS lookup.
I need to go through the DB and scan for IP vs FQDns. --Rick On Wed, Apr 11, 2012 at 3:43 PM, Rick Anderson <[email protected]> wrote: > I kind of bumped into this issue again. In this case no one is ever on > the internal network except for the other OpenSim servers. > > At this point. The Robust Server, the OpenSim server, and client are > using fully qualified domain names. So now my user identity can't be > verified. Since I didn't use the IP address anymore it's now making a > comparison between the FQDN and the IP address of the robust server. I > don't know where this IP address is coming from. > > 19:39:03 - [USER AGENT SERVICE]: Unable to login user Rk.Jinn > @rugrid.rutgers.edu to grid http://174.129.197.43:8002/, reason: > Unable to verify identity > > > --Rick > > > On Wed, Apr 11, 2012 at 2:44 PM, Fleep Tuque <[email protected]> wrote: >> Unfortunately I have this issue too and if there's a way to trick it into >> working using the hosts file, I guess I haven't figured it out. >> >> Essentially I can't use the hypergrid from any of the machines on my >> internal network except the server, which I don't do very often because it's >> completely inconvenient. If I really must hypergrid around to other grids, >> I start with a local account on someone else's grid to get around, but I can >> never HG to or from my own grid. It's a bummer. :( >> >> - Chris/Fleep >> >> Chris M. Collins (SL/OS: Fleep Tuque) >> Center for Simulations & Virtual Environments Research (UCSIM) >> UCIT Instructional & Research Computing >> University of Cincinnati >> 406A Zimmer Hall >> 315 College Drive >> PO BOX 210088 >> Cincinnati, OH 45221-0088 >> [email protected] >> (513) 556-3018 >> >> http://ucsim.uc.edu >> >> >> On Wed, Apr 11, 2012 at 2:37 PM, Rick Anderson <[email protected]> >> wrote: >>> >>> Diva, >>> >>> I'll go back to using the rugrid.rutgers.edu in the robust >>> configuration and see what happens. >>> Robust.ini result, >>> ---- >>> 18:17:50 - [HOME AGENT HANDLER]: Unauthorized machine 184.162.51.100 >>> tried to set client ip to 165.230.192.41 >>> 18:17:50 - [USER AGENT SERVICE]: Request to login user Rk.Jinn >>> @rugrid.rutgers.edu (@stored IP) to grid http://174.129.197.43:8002/ >>> 18:17:50 - [USER AGENT SERVICE]: this grid: >>> http://rugrid.rutgers.edu:8002/, desired grid: >>> http://174.129.197.43:8002/ >>> 18:17:50 - [GATEKEEPER SERVICE]: Login request for Rk.Jinn >>> @rugrid.rutgers.edu @ http://rugrid.rutgers.edu:8002/ >>> (80861b47-0d09-49e0-a711-8e59851006f9) at JumpNexus0 using viewer >>> Imprudence 1.4.0.1, channel Imprudence, IP 165.230.192.41, Mac >>> 3bb974300b81b292f953727e3cf33574, Id0 6468c4a3c3a6f5fa9e55986a1017e0f0 >>> Teleport Flags 0 >>> 18:17:50 - [GATEKEEPER SERVICE]: Verifying http://174.129.197.43:8002 >>> against http://rugrid.rutgers.edu:8002 >>> 18:17:50 - [GATEKEEPER SERVICE]: Unable to verify identity of agent >>> Rk.Jinn @rugrid.rutgers.edu. Refusing service. >>> 18:17:50 - [USER AGENT SERVICE]: Unable to login user Rk.Jinn >>> @rugrid.rutgers.edu to grid http://174.129.197.43:8002/, reason: >>> Unable to verify identity >>> ---- >>> In this case rugrid.rutgers.edu = 174.129.197.43. >>> >>> I'll try this next: >>> > Second, use the hosts files to adjust the mappings between domain names >>> > and >>> > IP addresses inside the network if needed. >>> >>> Also, this is running in the Amazon AWS cloud. So each machine has >>> public/private addresses. >>> >>> >>> -_Rick >>> >>> On Wed, Apr 11, 2012 at 1:13 PM, Diva Canto <[email protected]> wrote: >>> > The higher-order bit of what I'm about to say is that OpenSim networking >>> > is >>> > a complicated matter. Hypergrid networking adds even more complexity to >>> > it. >>> > Having said that, let me explain a bit. >>> > >>> > The main source of problems arise when you have the following situation: >>> > (1) the servers are on a given network >>> > (2) some clients are also on that network >>> > (3) some clients are on external networks >>> > This is usually the case with universities, for example, depending on >>> > how >>> > the university network is set up. Hence you need to be extra careful. >>> > >>> > The Hypergrid performs several checks for ensuring identity security. >>> > These >>> > checks are based on the domain names that the grids use, on the IP >>> > addresses >>> > of the robust servers and on the IP addresses of the clients. >>> > >>> > The IP address from where the client logged in is the vital piece of >>> > info >>> > that needs to be asserted throughout HG teleports. The user's home grid >>> > knows that address; the simulators that the user visit also know that >>> > address. In order for those simulators to make sure that the agent that >>> > they're getting is the real thing, and not a fake pretending to be a >>> > certain >>> > user, they call back to the user's home grid for IP verification. That's >>> > when that debug message gets printed out. >>> > >>> > Two things can happen: either the IP address of the client that the >>> > destination simulator gets is exactly the same as the IP address that >>> > the >>> > home grid saw at client login (normal case, when servers and clients are >>> > on >>> > separate networks) or the IP address of the client that the destination >>> > simulator gets is different than the one seen at login in the home grid, >>> > but >>> > is the same as the robust server -- which means that the client logged >>> > in in >>> > the same machine where the robust server runs. This happens in >>> > standalones >>> > ran at people's homes, for example, where there's just on box running >>> > both >>> > OpenSim and the viewer. >>> > >>> > So, what does this mean for people with a mix of clients inside the >>> > server-side network and clients outside? >>> > >>> > First of all, stick to using domain names, not IP addresses. That is >>> > just >>> > bound to cause problems, because many times the IP addresses seen from >>> > the >>> > outside are different from the IP addresses seen from the inside of a >>> > network. If you fix it for one case, you screw it up for the other. So, >>> > rule >>> > #1: USE DOMAIN NAMES in the Robust configuration. >>> > >>> > Second, use the hosts files to adjust the mappings between domain names >>> > and >>> > IP addresses inside the network if needed. >>> > >>> > I am sure that this process of IP verification can be improved to >>> > account >>> > for these hybrid setups, but for the time being only the simplest of >>> > cases >>> > is accounted for (client logged in in the same machine as the home >>> > grid). >>> > >>> > >>> > On 4/11/2012 8:35 AM, Rick Anderson wrote: >>> >> >>> >> It turns out that MyIP displays the IP address when it can be found. >>> >> I changed my Robust configuration from rugrid.rutgers.edu to the IP >>> >> address and it now returns the correct client info: >>> >> >>> >> 15:32:39 - [USER AGENT SERVICE]: Verifying Client session >>> >> 7a0ffc9a-c6ea-4a8c-899d-88f9fe0da2bf with reported IP 165.230.192.41. >>> >> 15:32:39 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login >>> >> IP 165.230.192.41 and MyIP 165.230.192.41; result is True >>> >> >>> >> When I return my region is light blue. So I've made one step forward. >>> >> >>> >> -_Rick >>> >> >>> >> On Wed, Apr 11, 2012 at 11:24 AM, Rick Anderson >>> >> <[email protected]> wrote: >>> >>> >>> >>> I'm trying to trace down an error with the unauthorized machine >>> >>> message from "HOME AGENT HANDLER" There is a value comparing login IP >>> >>> with MyIP with a result of false: >>> >>> 15:19:28 - [USER AGENT SERVICE]: Verifying Client session >>> >>> b5495ff5-827a-4bd2-98ee-2eb3e5dfe036 with reported IP 165.230.192.41. >>> >>> 15:19:28 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login >>> >>> IP and MyIP ; result is False >>> >>> >>> >>> Can the values of "IP" and MyIP" be shown in the console? >>> >>> >>> >>> -_Rick >>> >>> -- >>> >>> Rick Anderson >>> >>> Director of Virtual Worlds >>> >>> Division of Continuing Studies (DoCS) >>> >>> Rutgers University >>> >>> (732) 586-3265 >>> >> >>> >> >>> >> >>> > >>> > _______________________________________________ >>> > Opensim-users mailing list >>> > [email protected] >>> > https://lists.berlios.de/mailman/listinfo/opensim-users >>> >>> >>> >>> -- >>> Rick Anderson >>> Director of Virtual Worlds >>> Division of Continuing Studies (DoCS) >>> Rutgers University >>> (732) 586-3265 >>> _______________________________________________ >>> Opensim-users mailing list >>> [email protected] >>> https://lists.berlios.de/mailman/listinfo/opensim-users >> >> >> >> _______________________________________________ >> Opensim-users mailing list >> [email protected] >> https://lists.berlios.de/mailman/listinfo/opensim-users > > > > -- > Rick Anderson > Director of Virtual Worlds > Division of Continuing Studies (DoCS) > Rutgers University > (732) 586-3265 -- Rick Anderson Director of Virtual Worlds Division of Continuing Studies (DoCS) Rutgers University (732) 586-3265 _______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
