[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Host authentication fails after update from 2.1.13
From: |
Christian Pearce |
Subject: |
Re: Host authentication fails after update from 2.1.13 |
Date: |
Mon, 13 Jun 2005 16:18:31 -0400 |
I know this sounds stupid, but did you make sure you stop and started
the cfservd server? I make that mistake from time to time.
On Mon, 2005-06-13 at 21:50 +0200, Morten Werner Olsen wrote:
> forwarded 312647 address@hidden
> thanks
>
> Hi,
>
> here is another bug report from one of our Debian users.
>
>
> - Werner
>
> ----- Forwarded message from Sven Marnach <address@hidden> -----
>
> Date: Thu, 09 Jun 2005 13:26:26 +0200
> To: Debian Bug Tracking System <address@hidden>
> From: Sven Marnach <address@hidden>
> Subject: Bug#312647: cfengine2: Host authentication fails after update
> from 2.1.13
> Reply-To: Sven Marnach <address@hidden>, address@hidden
>
> Package: cfengine2
> Version: 2.1.14-1
> Severity: important
>
> After upgrading all the machines in a small cluster to version 2.1.14-1, the
> nodes could still successfully authenticate themselves to the master.
>
> The nodes do a complete reinstall from a local mirror each time they boot.
> They fetch their cfengine key pairs via tftp and try to run cfagent to fetch
> some basic configuration. This step failed after upgrading cfengine to
> 2.1.14-1, so the nodes couldn't reboot anymore.
>
> cfservd prints the following message to the syslog:
>
> Jun 3 01:49:53 master1 cfservd[3787]: Accepting connection from
> ::ffff:192.168.2.107
> Jun 3 01:49:53 master1 cfservd[3787]: Private decrypt failed = padding
> check failed
> Jun 3 01:49:53 master1 cfservd[3787]: Host authorization/authentication
> failed or access denied
> Jun 3 01:49:53 master1 cfservd[3787]: From
> (host=node07.cluster,user=root,ip=::ffff:192.168.2.107)
> Jun 3 01:49:57 node07 clinitrd: panic: Could not execute 'inroot cfagent -v
> --no-lock -D install'.
>
> (the last line shows the cfagent command line)
>
> I know there was a change in the encrytion protocol that prevents new
> clients from talking to old servers, but I upgraded all machines.
>
> I also tried to regenerate all the keys, but that didn't work either. After
> reverting to 2.1.13 everything worked fine.
>
> I'm lacking the time to track down this bug properly and hope this report
> may help anyway.
>
> Greetings,
> Sven
>
> -- System Information:
> [stripped -- this computer doesn't even have cfengine installed...]
>
>
>
> ----- End forwarded message -----
>
>
> _______________________________________________
> Bug-cfengine mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/bug-cfengine
--
Christian Pearce
http://www.sysnav.com
http://www.commnav.com
http://www.perfectorder.com
signature.asc
Description: This is a digitally signed message part