help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cfrun authentication debugging

From: paul beard
Subject: cfrun authentication debugging
Date: Tue, 7 Feb 2006 14:31:58 -0800 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As suggested, I have cfagent running on my policy host and a potential client. Now I am trying to test cfrun from the policyhost to the client. I have attached conf files and some debug output.
I have made new keys, exchanged them with scp, and I seem to be no better off. What can I try next? 

this is the authentication part of what cfrun -v yields:

The time is now Tue Feb  7 14:25:26 2006


- ------------------------------------------------------------------------

Additional hard class defined as: 32_bit
Additional hard class defined as: freebsd_6_0_STABLE
Additional hard class defined as: freebsd_i386
Additional hard class defined as: freebsd_i386_6_0_STABLE
Additional hard class defined as: freebsd_i386_6_0_STABLE_FreeBSD_6_0_STABLE__0__Wed_Jan_11_12_29_14_PST_2 006_____root_int0_waypath_com__usr_obj_usr_src_sys_GENERIC 

GNU autoconf class from compile time: compiled_on_freebsd5_4

Address given by nameserver: 192.168.10.20
Setting cfengine new port to 48148
Setting cfengine old port to 5308
Checking integrity of the state database
Checking integrity of the module directory
Checking integrity of the input data for RPC
Checking integrity of the output data for RPC
Checking integrity of the PKI directory
Making sure that locks are private...
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Looking for a source of entropy in /var/cfengine/randseed
cfrun(0):         .......... [ Hailing ols5.waypath.com ] ..........
Connecting to server ols5.waypath.com to port 0 with options
Loaded /var/cfengine/ppkeys/root-192.168.10.35.pub
Connect to ols5.waypath.com = 192.168.10.35 on port 5308
Updating last-seen time for ols5.waypath.com
Loaded /var/cfengine/ppkeys/root-192.168.10.35.pub

...............................................................
cfrun:int0.waypath.com: Strong authentication of server=ols5.waypath.com connection confirmed 
ols5.waypath.com replies..

gine::
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfengine:: cfengine:: Authentication dialogue with cint0.waypath.com failed cfengine:: Unable to establish connection with cint0.waypath.com (failover) gine:ols5: cfengine:ols5: cfengine:ols5: Authentication dialogue with cint0.waypath.com failed cfengine:ols5: Unable to establish connection with cint0.waypath.com (failover) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Connection with ols5.waypath.com completed



update.conf:
# /etc/cfengine/update.conf - for the clients
#

control:
  domain          = ( waypath.com )
  actionsequence  = ( copy tidy )
#  DefaultCopyType = ( checksum )
  master_cfinput  = ( /exports/files )
  workdir         = ( /var/cfengine )
  policyhost      = ( cint0.waypath.com )
  freebsd::
  cf_install_dir  = ( /usr/local/sbin )
  linux::
  cf_install_dir  = ( /usr/sbin )

# Download the most recent 'cfagent.conf' file from the
# server, and install it to /var/cfengine
#

any::
#   SplayTime       = ( 5 )
     copy:

          $(master_cfinput)            dest=$(workdir)/inputs
                                       r=inf
                                       mode=700
                                       type=binary
                                       exclude=*.lst
                                       exclude=*~
                                       exclude=#*
                                       server=$(policyhost)

          $(cf_install_dir)/cfagent    dest=$(workdir)/bin/cfagent
                                       mode=755
                                       backup=false
                                       type=checksum

          $(cf_install_dir)/cfservd    dest=$(workdir)/bin/cfservd
                                       mode=755
                                       backup=false
                                       type=checksum

          $(cf_install_dir)/cfexecd    dest=$(workdir)/bin/cfexecd
                                       mode=755
                                       backup=false
                                       type=checksum

tidy:
   $(workdir)/outputs   pattern=*  age=31

cfagent.conf:
control:
  domain = ( waypath.com )
  access = ( root )
  freebsd::
  cfrunCommand = ( "/usr/local/sbin/cfagent" )
  linux::
  cfrunCommand = ( "/usr/sbin/cfagent" )
  timezone = ( PST GMT UTC )
  maxage = ( 7 )
  actionsequence = ( copy files )

#
# Fix some basic file permissions.
#
files:
  freebsd::
  /etc/sudoers mode=440 owner=root group=wheel   action=fixall
  /etc/passwd mode=644  owner=root group=wheel   action=fixall
  /etc/hosts  mode=644  owner=root group=wheel   action=fixall
  linux::
  /etc/shadow mode=640  owner=root group=root action=fixall
  /etc/sudoers mode=440 owner=root group=root   action=fixall
  /etc/passwd mode=644  owner=root group=root   action=fixall
  /etc/hosts  mode=644  owner=root group=root   action=fixall
#
# Clean out *ALL* files older than $(maxage) days from /tmp.
#
# Clean out files older than $(maxage) which match the pattern *~
# inside user home directories.
#
copy:
        /exports/files/etc/hosts
                dest=/etc/hosts
                server=cint0.waypath.com

- --
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf

Are you trying to win an argument or solve a problem?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD6R/ffHLPwpj1/JQRAsy+AJ9h6FrBORyKkPJtiFRooXGbjtJBcACgu0QR
JwMc2xn3bd008ryV6l8OQss=
=EtRo
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]