Re: problems with trust

[Bill Gunter]

Sorry, the repost I sent didn't include the entire original post. Here's
the deal.

I'm using the same cfservd.conf on two servers on two different nets,
208.10.199 and 66.162.222. Clients on the 208 net can connect and
establish trust automatically with the cfservd on the 208 net, but the
clients on the 66 net throw "BAD: key could not be accepted on trust,"
and the cfservd throws the same error, when they try to connect to the
cfservd on the 66 net.

Here are the relevant parts of the cfservd.conf. You can ignore the
other two nets listed.

control:
    cfengine_server::
        # tcp_wrappers-like access control
        AllowConnectionsFrom = (
            208.10.199.0/24
            66.162.222.0/24
            216.54.235.0/24
            192.168.199.0/24
        )

        TrustKeysFrom = (
            208.10.199.0/24
            66.162.222.0/24
            216.54.235.0/24
            192.168.199.0/24
        )

admit:
    /var/cfengine/ppkeys/localhost.pub *.arcsystems.com


On Mon, 2005-09-19 at 16:30 -0500, Ed Brown wrote:
> > On Mon, 2005-09-12 at 12:51 -0500, Bill Gunter wrote: 
> > > The clients and server are on the same network, 66.162.222.0/24.
> Here's 
> > > the TrustKeys. The stuff on the 208.10.199.0/24 net works fine. 
> > >  
> > > TrustKeysFrom = ( 
> > >             208.10.199.0/24 
> > >             66.162.222.0/24 
> > >             216.54.235.0/24 
> > >             192.168.199.0/24 
> > > )
> 
> This raises lots of questions, like about the topology and network 
> configuration of your clients and server[s?] (multiple interfaces, 
> routing, hostnames and 'domain' value...?)   What 'stuff' is
> working?  
> More information might help get you an answer quicker.  Are you
> saying 
> clients on  208.10.199.0/24 are talking ok to the server on 
> 66.162.222.0/24, but not clients on the same subnet as the server, or
> do 
> you have cfengine servers on each subnet?
> 
> 
>