[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple more questions...
|
From: |
Adrian Phillips |
|
Subject: |
Re: A couple more questions... |
|
Date: |
14 Nov 2002 07:35:10 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
>>>>> "Tracy" == Tracy R Reed <treed@ultraviolet.org> writes:
Tracy> Thanks to those who helped me with my last query. The
Tracy> problem with authenticating was mainly due to the fact that
Tracy> our architecture involves a lot of NAT so machines did not
Tracy> appear to cfservd to be coming from the ip they claimed
Tracy> they were coming from. I had to add nearly all of our
Tracy> netblocks to SkipVerify. Not good for security, I know. But
Tracy> it seems to be the only way out. I also found a lot of
Tracy> machines which had been reinstalled and thus had the public
Tracy> key changed so I had to delete that from the cache on
Tracy> cfservd not to mention a wide variety of client
Tracy> misconfigurations.
IƦve had a similar problem.
Tracy> So now that I think I have all of the clients configured
Tracy> correctly I am running into what might be performance
Tracy> issues. Sometimes the clients take a long time to get
Tracy> authenticated. cfagent is started every 5 minutes from cron
Tracy> on the client machines. Is this too often? The server is
Tracy> coughing up a lot of:
Tracy> Nov 13 01:02:32 cfmaster cfmaster.mydomain.com[9423]:
Tracy> Denying repeated connection from 1.2.3.4 Nov 13 01:06:23
Tracy> cfmaster cfmaster.mydomain.com[25083]: Host
Tracy> authorization/authentication failed or access denied
Do these machines have unique addresses ? If not, then you need
AllowMultipleConnectionsFrom as well.
Tracy> And occasionally I get this:
Tracy> Nov 13 06:09:11 cfmaster cfservd[17286]: Server seems to be
Tracy> paralyzed. DOS attack? Committing apoptosis...
Never seen this.
Sincerely,
Adrian Phillips
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]