Re: [9fans] my plan9 server isn't responding
> This is unusual, at the least. Typically, you have something like: > > authdom=mydomain.com auth=whatever.mydomain.com > > in its own stanza. It works for me where I have a few different sites with distinct auth servers and, to be safe, auth domains. And though this may be just luck, it follows the principle of least surprise. ++L
Re: [9fans] my plan9 server isn't responding
On Apr 3, 2012, at 4:38 , Ezequiel Aragon wrote: > ipnet=mynet ip=10.0.0.0 ipmask=255.255.255.0 >ipgw=10.0.0.1 >dns=10.0.0.2 >dnsdomain=amarna.net >auth=akenaton.amarna.net authdomain=amarna.net >cpu=akenaton.amarna.net >fs=akenaton.amarna.net This is unusual, at the least. Typically, you have something like: authdom=mydomain.com auth=whatever.mydomain.com in its own stanza. It's not clear to me the binding will pick it up the way you have it. Certainly all the examples in /lib/ndb/common are built that way. That's on top of Lucio's observation about it being authdom, not authdomain. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [9fans] my plan9 server isn't responding
> "authdom" not "authdomain". Not a very forgiving database format. /n/sources/contrib/quanstro/root/sys/src/cmd/ndb/vrfy.y /n/sources/contrib/quanstro/root/sys/man/10/ndbvrfy this program might be a useful bit in sorting out your ndb file. - erik
Re: [9fans] my plan9 server isn't responding
> auth=akenaton.amarna.net authdomain=amarna.net "authdom" not "authdomain". Not a very forgiving database format. ++L
Re: [9fans] my plan9 server isn't responding
/net/ndb is for the bootstrap data returned by (say) DHCP, enough to find /lib/ndb and other resources and get going. it isn't a cache for ndb data. On 3 April 2012 09:38, Ezequiel Aragon wrote: > Why isn't dnsdomain fetched with the rest of the info to the terminal?
Re: [9fans] my plan9 server isn't responding
On Apr 2, 10:35 am, 9f...@hamnavoe.com (Richard Miller) wrote: > > See? It seems everything is well configured, but still no short name > > resolution. > > What puzzles me more is, the same dnsquery used at the server give > > identical good results for both the short and large names: > > Do you have in /lib/ndb/local on the terminal as I suggested: > > ipnet=localnet ip=10.0.0.0 ipmask=255.255.255.0 > dnsdomain=amarna.net > > You can also try > > echo ' dnsdomain=amarna.net' >>/net/ndb this is what my terminal /net/ndb looks like: ip=10.0.0.1 ipmask=255.255.255.0 ipgw=10.0.0.1 sys=nefertiti dom=nefertiti.amarna.net fs=10.0.0.2 auth=10.0.0.2 dns=10.0.0.2 So far so good but still, no dnsdomain info, I do have it defined as part of my subnet info in the server ndb file. This is my server ndb file: database= file=/lib/ndb/local file=/lib/ndb/common file=/lib/ndb/auth ipnet=mynet ip=10.0.0.0 ipmask=255.255.255.0 ipgw=10.0.0.1 dns=10.0.0.2 dnsdomain=amarna.net auth=akenaton.amarna.net authdomain=amarna.net cpu=akenaton.amarna.net fs=akenaton.amarna.net sys=localhost dom=localhost ip=127.0.0.1 sys=akenaton dom=akenaton.amarna.net ip=10.0.0.2 ether=525400a4f5a7 sys=nefertiti dom=nefertiti.amarna.net ip=10.0.0.3 ether=525400f727b1 Why isn't dnsdomain fetched with the rest of the info to the terminal? I tried with echo 'dnsdomain=amarna.net' >> /net/ndb as you sugest and it adds dnsdomain info to my terminal /net/ndb, ok. I then try: ndb/csquery > akenaton akenaton.amarna.net ip 10.0.0.2 it works!! but then, I try again: 9fs akenaton and it fails, and this time, debug info shows: auth/debug p9sk1 key: proto=p9sk1 dom=amarna.net user=ezequiel !passwod? cannot dial auth server: no auth server found for amarna.net csquery authdom=amarna.net auth=* failed csquery dom=amarna.net auth=* dia net!$auth!ticket succeeded
Re: [9fans] my plan9 server isn't responding
I have made (thanks to all of you) progress with my configuration. I thought the only problem to solve was the dns solving short names, but I am still unable to connect using plan9. I try: 9fs akenaton /n/akenaton and get the error: srv net!akenaton!9fs: mount failed: fossil authCheck: auth protocol not finished Here is whate auth/debug says: p9sk1 key: proto=p9sk1 dom=amarna.net user=ezequiel !passwd? cannot dial auth server: no auth server found for amarna.net csquery authdom=amarna.net auth=* failed csquery dom=amarna.net auth=* dial net!$auth!ticket succeeded And here is what I get in the server's fossil console: attach main as glenda: phase error protocol phase error: read in state SNeedTicket I can see a /srv/akenaton created, but the second step (mount on /n/ akenaton) of the srv process fails
Re: [9fans] my plan9 server isn't responding
> See? It seems everything is well configured, but still no short name > resolution. > What puzzles me more is, the same dnsquery used at the server give > identical good results for both the short and large names: Do you have in /lib/ndb/local on the terminal as I suggested: ipnet=localnet ip=10.0.0.0 ipmask=255.255.255.0 dnsdomain=amarna.net You can also try echo ' dnsdomain=amarna.net' >>/net/ndb
Re: [9fans] my plan9 server isn't responding
On Mon Apr 2 10:31:33 EDT 2012, aragonezequ...@gmail.com wrote: > > > there are two ways you can get a short name to work > > - use a sys=xyz entry. if you also want to use dns to > > reach this node it would be conventional to have sys=xyz dom=xyz.dom. > > That was the first thing I did. My tipical entry en ndb looks like: > > ip=10.0.0.2 ether=jhgsfs7sfs788 sys=akenaton dom=akenaton.amarna.net > ip=10.0.0.3 ether=jhgsfs45dfdff1 sys=nefertiti > dom=nefertiti.amarna.net > > And still doesn;t work for short names. > I even tried something like: i hope those are real eathernet addresses, and not as you present. there should be no security concern with revealing your ethernet addresses. they're useless unless you happen to be on the same segment. > To see if using an alias (cname) in the dom info solved the case, but > there is no way the server can solve short names for the terminal please try making a valid ipnet. that's where the default dns domain comes from. - erik
Re: [9fans] my plan9 server isn't responding
> there are two ways you can get a short name to work > - use a sys=xyz entry. if you also want to use dns to > reach this node it would be conventional to have sys=xyz dom=xyz.dom. That was the first thing I did. My tipical entry en ndb looks like: ip=10.0.0.2 ether=jhgsfs7sfs788 sys=akenaton dom=akenaton.amarna.net ip=10.0.0.3 ether=jhgsfs45dfdff1 sys=nefertiti dom=nefertiti.amarna.net And still doesn;t work for short names. I even tried something like: dom=amarna.net soa= refresh=3600 ttl=3600 ns=10.0.0.2 cname=akenaton.amarna.net dom=akenaton cname=nefertiti.amarna.net dom=nefertiti To see if using an alias (cname) in the dom info solved the case, but there is no way the server can solve short names for the terminal I tried at the terminal: ndb/dnsquery > akenaton !dns: resource does not exist; negrcode 0 > akenaton.amarna.net akenaton.amarna.net ip 10.0.0.2 See? It seems everything is well configured, but still no short name resolution. What puzzles me more is, the same dnsquery used at the server give identical good results for both the short and large names: ndb/dnsquery > akenaton akenaton.amarna.net ip 10.0.0.2 > akenaton.amarna.net akenaton.amarna.net ip 10.0.0.2
Re: [9fans] my plan9 server isn't responding
> I think I have isolated the problem. > I configured my server ndb file with auth and fs using the server > fully qualified name. > As a result, now, my terminal ndb info looks more promising: > > cat /net/ndb > sys=nefertiti > dom=nefertiti.amarna.net > fs=10.0.0.2 > auth=10.0.0.2 > dns=10.0.0.2 > > But I can't yet connect to my server using 9fs, I try: > > 9fs akenaton.amarna.net > > And it fails, I then look for debug info and notice the error: > > net!akenaton!ticket dns can't find this there are two ways you can get a short name to work - use a sys=xyz entry. if you also want to use dns to reach this node it would be conventional to have sys=xyz dom=xyz.dom. - having a proper ipnet to guide the terminal in selecting a default dns domain. i think at the minimum. please see /lib/ndb/local.complicated. (although the ipnet there does defined some unused-by-the-distribution keywords.) - erik
Re: [9fans] my plan9 server isn't responding
On Apr 2, 6:58 am, 9f...@hamnavoe.com (Richard Miller) wrote: > > I then tried the line: > > > dnsdomain=amarna.net > > > in my terminal's ndb file, but it keeps failing with unqualified > > names. > > You need something more like this: > > ipnet=localnet ip=10.0.0.0 ipmask=255.255.255.0 > dnsdomain=amarna.net > > > By the way, I am trying to connect as ezequiel with 9fs (the user > > exists in the server) though I am logged as glenda in the terminal. > > I expect you have a p9sk1 password for user=ezequiel in your factotum > on the terminal. I do have a p9sk1 key. I think I have isolated the problem. I configured my server ndb file with auth and fs using the server fully qualified name. As a result, now, my terminal ndb info looks more promising: cat /net/ndb sys=nefertiti dom=nefertiti.amarna.net fs=10.0.0.2 auth=10.0.0.2 dns=10.0.0.2 But I can't yet connect to my server using 9fs, I try: 9fs akenaton.amarna.net And it fails, I then look for debug info and notice the error: net!akenaton!ticket dns can't find this of course, dns can not find akenaton alone. I try some test with cs: ndb/csquery > net!akenaton!ticket and it give the same error, so cs can't get the info from the 'url' as dns fails I then try: > net!akenaton.amarna.net!ticket or > net!akenaton.amarna.net!9fs And I get proper answers with these. Why is cs using akenaton instead of akenaton.amarna.net, if I don't have akenaton alone defined anywhere in the server ndb? Is there a way to cope with this or to configure dns to solve unqualified names somehow?
Re: [9fans] my plan9 server isn't responding
> ... and is it really necessary for the terminal to have its own ndb > file? At best, it's redundant, at worst, conflicting. Simplest practice is for the terminal to get its root file system from the server, so they are sharing /lib/ndb/local. If the terminal has its own root, it needs its own ndb file because not everything is exported via dhcp -- dnsdomain for example, and authdom/auth associations for external systems.
Re: [9fans] my plan9 server isn't responding
> I then tried the line: > > dnsdomain=amarna.net > > in my terminal's ndb file, but it keeps failing with unqualified > names. You need something more like this: ipnet=localnet ip=10.0.0.0 ipmask=255.255.255.0 dnsdomain=amarna.net > By the way, I am trying to connect as ezequiel with 9fs (the user > exists in the server) though I am logged as glenda in the terminal. I expect you have a p9sk1 password for user=ezequiel in your factotum on the terminal.
Re: [9fans] my plan9 server isn't responding
>> I have ipwg delcared in my server's ndb file > > s/ipwg/ipgw/ > > Is it spelled correctly in server's /lib/ndb/local? ... and is it really necessary for the terminal to have its own ndb file? At best, it's redundant, at worst, conflicting. ++L
Re: [9fans] my plan9 server isn't responding
> I have ipwg delcared in my server's ndb file s/ipwg/ipgw/ Is it spelled correctly in server's /lib/ndb/local?
Re: [9fans] my plan9 server isn't responding
> > I think the real problem is trying to resolve unqualified names without > a 'dnsdomain' defined -- see ndb(6) I tried with: ip/ping akenaton.amarna.net and yes, it works with a qualified name for the server. So that seems to be the problem with dns. I then tried the line: dnsdomain=amarna.net in my terminal's ndb file, but it keeps failing with unqualified names. I shoud I configure it for it to resolv unqualified names in my terminal? And on the auth problem: this is what the fossil cons reports when I try: 9fs akenaton.amarna.net attach main as glenda: phase error protocol phase error: read in state SNeedTicket in the terminal, the error shows a different message: srv net!akenaton.amarna.net!9fs mount failed: fossil authCheck: auth protocol not finished then, I do: auth/debug and this is the output: p9sk1 key: proto p9sk1 dom=amarna.net user=ezequiel !passwd? dialing up auth server net!akenaton!ticket cannot dial auth server: cs: can't translate address: dns: resource does not exist; negrcode csquery authdom=amarna.net auth=akenaton It seems to me that the whole error has something to do with the dns not being able to resolv an unqualified name (akenaton) for the auth process. By the way, I am trying to connect as ezequiel with 9fs (the user exists in the server) though I am logged as glenda in the terminal.
Re: [9fans] my plan9 server isn't responding
On Mar 30, 9:38 am, quans...@quanstro.net (erik quanstrom) wrote: > > So, save for the ipwg, everything seems ok. The server akenaton as > > that could be your problem. there's no route out. > > - erik I have ipwg delcared in my server's ndb file, but still it does not show up in cat /netndb in my terminal, It is the only parameter not fetched from dhcp and I don't know why. Anyways, I am just trying to use services exported by may server to a terminal in the same subnet.
Re: [9fans] my plan9 server isn't responding
On Mar 30, 12:19 pm, 9f...@hamnavoe.com (Richard Miller) wrote: > >> So, save for the ipwg, everything seems ok. The server akenaton as > > > that could be your problem. there's no route out. > > > - erik > > But that's not relevant when trying to reach machines > on the same subnet: > > > I have to machines declared in ndb/local, akenaton ip 10.0.0.2 and > > nefertiti ip 10.0.0.3, I can't say things like: > > 9fs akenaton > > or > > cpu -h akenaton > > or even > > ip/ping -n 4 akenaton > > I think the real problem is trying to resolve unqualified names without > a 'dnsdomain' defined -- see ndb(6) I have dnsdomain declared in my server's ndb file, should I declared it as well in my terminal's ndb file? How much minimal info should I have in my terminal file if I am using dhcp to fetch information to it?
Re: [9fans] my plan9 server isn't responding
>> So, save for the ipwg, everything seems ok. The server akenaton as > > that could be your problem. there's no route out. > > - erik But that's not relevant when trying to reach machines on the same subnet: > I have to machines declared in ndb/local, akenaton ip 10.0.0.2 and > nefertiti ip 10.0.0.3, I can't say things like: > 9fs akenaton > or > cpu -h akenaton > or even > ip/ping -n 4 akenaton I think the real problem is trying to resolve unqualified names without a 'dnsdomain' defined -- see ndb(6)
Re: [9fans] my plan9 server isn't responding
> no p9sk1 keys found in factotum So, put one in and try again. auth/factotum -g 'proto=p9sk1 user= dom= !password?' where and are your username and authdom
Re: [9fans] my plan9 server isn't responding
On 2012-03-30, at 6:56 AM, Lucio De Re wrote: > I had to use an IP number in the ipgw pair in the ipnet to force it to appear > in /net/ndb. I'm not sure whether this is expected but undocumented > bahaviour or a bug, but a domain name didn't cut it. I'd be curious to know. A hostname can map to many IP addresses, so in situations like this you need to list the specific IP address. (I don't know if ndb explicitly ignores hostnames here, but it's a general rule in networking configurations that gateway interfaces must be specified by address to avoid ambiguity.)
Re: [9fans] my plan9 server isn't responding
> So, save for the ipwg, everything seems ok. The server akenaton as > ip=10.0.0.2 and it's ndb database has declared all these services. > Why then, isn't dns working? I had to use an IP number in the ipgw pair in the ipnet to force it to appear in /net/ndb. I'm not sure whether this is expected but undocumented bahaviour or a bug, but a domain name didn't cut it. I'd be curious to know. Of course, this need not have anything to do with your problem. ++L
Re: [9fans] my plan9 server isn't responding
> > 2) I can not authenticate to the server with any user from my terminal > > system even though I can see the attempted conecction in the fossil > > console. > > Running the auth/debug command on the terminal may reveal a clue. I ran auth/debug, this is what it tells: no p9sk1 keys found in factotum
Re: [9fans] my plan9 server isn't responding
> So, save for the ipwg, everything seems ok. The server akenaton as that could be your problem. there's no route out. - erik
Re: [9fans] my plan9 server isn't responding
On Mar 30, 5:35 am, 9f...@hamnavoe.com (Richard Miller) wrote: > > 1) I can not resolv any name from my terminal, even though my server's > > ndb database has declared a subnet with an default dns entry. > > Does 'cat /net/ndb' on the terminal show a 'dns=' entry? > this is the info cat /net/ndb gives at the terminal ip=10.0.0.3 ipmask=255.255.255.0 ipwg:: sys=nefertiti dom=nefertiti.amarna.net fs=10.0.0.2 auth=10.0.0.2 dns=10.0.0.2 So, save for the ipwg, everything seems ok. The server akenaton as ip=10.0.0.2 and it's ndb database has declared all these services. Why then, isn't dns working? I made a ps at the server and all services are running: dns -sr, dhcpd, secstored, auth, etc. > > 2) I can not authenticate to the server with any user from my terminal > > system even though I can see the attempted conecction in the fossil > > console. > > Running the auth/debug command on the terminal may reveal a clue. I will try that
Re: [9fans] my plan9 server isn't responding
> 1) I can not resolv any name from my terminal, even though my server's > ndb database has declared a subnet with an default dns entry. Does 'cat /net/ndb' on the terminal show a 'dns=' entry? > 2) I can not authenticate to the server with any user from my terminal > system even though I can see the attempted conecction in the fossil > console. Running the auth/debug command on the terminal may reveal a clue.
