|
From: | Morgan Ives |
Subject: | Re: confused about cfrun |
Date: | Wed, 08 Oct 2003 14:54:52 -0500 |
Try starting servd in an interactive session with -d2 and watching
the results.
- d2 is debug. The error message you are seeing is a general
message
that is designed to tell you little. -d2 will tell you
a lot.
Morgan
Brendan Strejcek wrote:
I have a cfengine site configuration which seems to be working other than
cfrun. Before I get specific and post my config files, let me be sure I
understand the general model governing cfrun.I have a client running cfservd with {update,cfagent,cfservd}.conf files.
All of these have my domain set.I have another machine (actually my policyserver, but I don't think
that should matter) trying execute cfagent remotely on client via cfrun.
It has a cfrun.hosts file with domain set correctly.I have keys distributed properly.
Okay, I lied, I will give some details; here is some cfrun output:
(The invocation was cfrun -v client)cfrun(0): .......... [ Hailing client ] ..........
Connecting to server client to port 0 with options
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
Connect to client = <client IP> on port cfengine
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
cfrun:policyhost: Strong authentication of server=client connection confirmed
client replies..Host authentication failed. Did you forget the domain name?cfrun:policyhost: Couldn't recv
cfrun:policyhost: recv
Connection with client completedAs far as I know, I have included my domain name in every possible
place. Here are some log messages I see which correspond to that connect:Oct 8 13:49:32 client cfservd[421]: Accepting connection from policyhost
Oct 8 13:49:32 client cfservd[11274]: ID from connecting host: (EXEC )I suspect that this "ID from connecting host: (EXEC )" is the key to my
problem...This is my client cfservd.conf:
control:
domain = ( mydomain )
cfrunCommand = ( "/var/cfengine/bin/cfagent" )
LogAllConnections = ( true )
AllowUsers = ( root )Do I need some grants in there? It doen't *seem* like I should, since
I don't want the clients to act as fileservers, but maybe I'm thinking
about this wrong...And just in case it matters, this is my cfrun.hosts on policyhost:
domain=mydomain
access=rootclient.mydomain
Any help will be much appreciated.
PS: See you guys at LISA.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine
-- Morgan Ives / Senior Unix Administrator Engineering Support Services / NCSG Information Technology Motorola Semiconductor Products Sector 512.996.6785 (voice) 512.996.7755 (fax) 888.894.5079 (pager) ------------------------------------------------------------------------ Motorola Document Classification [X] General business information [ ] Motorola internal use only [ ] Motorola confidential proprietary ------------------------------------------------------------------------
[Prev in Thread] | Current Thread | [Next in Thread] |