|
| From: | Marco van Beek |
| Subject: | Re: difficulties communicating between cfengine hosts (still) |
| Date: | Wed, 15 Feb 2006 08:50:52 +0000 |
| User-agent: | Thunderbird 1.5 (Windows/20051201) |
David E. Nelson wrote:
I haven't been following this thread very closely, but thought I'd pitch in a little nugget that bit me this afternoon on some RedHat boxes. This kept me from authenticating to the CFEngine server because reverse DNS lookups would fail.
I would just like to add that almost all our our authentication problems have been caused by some form of lookup problem. This is what I now do:
1) Check both /etc/hosts files - make sure localhost/localdomain is only on the line for 127.0.0.1, and not the public/private IP address (which should have the full name & short alias).
2) Run /bin/hostname and make sure it gives you the full name. I also tend to run "hostname -d" to check the domain name, hostname -f to double check the FQDN, and hostname -s to check the shortname. I do this to double check as I think (and I never got to the bottom) that hostname on it's own was checking the hosts file, and hostname with an argument checked the hostname file.
3) Check both forward & reverse dns at BOTH ends. (I don't think reverse DNS matters too much to CFEngine but is a good indicator of a bad DNS setup somewhere). You should get the same results.
All the other authentication problems have either been badly configured cfservd conf files, or a bad key (fogetting to press the insert key in vi before pasting the key in is my favourite!).
Regards, Marco.
| [Prev in Thread] | Current Thread | [Next in Thread] |