[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: difficulties communicating between cfengine hosts (still)
|
From: |
Littlefield, Larry |
|
Subject: |
RE: difficulties communicating between cfengine hosts (still) |
|
Date: |
Wed, 22 Feb 2006 15:35:59 -0800 |
I would add that a common problem with the default Redhat distributions
is
/etc/nsswitch.conf is incorrectly set up.
/etc/host should be:
127.0.0.1 localhost.localdomain localhost
141.204.117.244 ksprm02 ksprm02.dev.full.name
Then the line from /etc/nsswitch.conf should be:
hosts: dns [NOTFOUND=continue] files
This will make all the hostname options work as expected as well as
allow local additions outside of DNS for testing etc.
Larry Littlefield
On Wed, 2006-02-15 at 08:50 +0000, Marco van Beek wrote:
>
> David E. Nelson wrote:
> >
> > I haven't been following this thread very closely, but thought I'd
pitch
> > in a little nugget that bit me this afternoon on some RedHat boxes.
> > This kept me from authenticating to the CFEngine server because
reverse
> > DNS lookups would fail.
>
> I would just like to add that almost all our our authentication
problems
> have been caused by some form of lookup problem. This is what I now
do:
>
> 1) Check both /etc/hosts files - make sure localhost/localdomain is
only
> on the line for 127.0.0.1, and not the public/private IP address
(which
> should have the full name & short alias).
>
> 2) Run /bin/hostname and make sure it gives you the full name. I also
> tend to run "hostname -d" to check the domain name, hostname -f to
> double check the FQDN, and hostname -s to check the shortname. I do
this
> to double check as I think (and I never got to the bottom) that
hostname
> on it's own was checking the hosts file, and hostname with an argument
> checked the hostname file.
>
> 3) Check both forward & reverse dns at BOTH ends. (I don't think
reverse
> DNS matters too much to CFEngine but is a good indicator of a bad DNS
> setup somewhere). You should get the same results.
>
> All the other authentication problems have either been badly
configured
> cfservd conf files, or a bad key (fogetting to press the insert key in
> vi before pasting the key in is my favourite!).
>
> Regards,
>
> Marco.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
- Re: difficulties communicating between cfengine hosts (still), (continued)
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/13
- Re: difficulties communicating between cfengine hosts (still), Mark Burgess, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), Ed Brown, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), David E. Nelson, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), Marco van Beek, 2006/02/15
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/15
- Re: difficulties communicating between cfengine hosts (still), Mark Burgess, 2006/02/15
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/13
RE: difficulties communicating between cfengine hosts (still),
Littlefield, Larry <=