Re: cfservd configuration question

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfservd configuration question

From:	Stan Norton
Subject:	Re: cfservd configuration question
Date:	Mon, 22 Dec 2003 18:15:42 -0500
User-agent:	Mutt/1.4.1i


I stand corrected. cfengine didn't appear to run under freebsd (even though
the ipv6 interfaces auto-attached) without an approriate dns (which I wasn't up 
to).

I must not have altered my cfservd.conf file consistently in earlier tests.
I can confirm that the sym-linked /var   was the issue. When I converted the 
config
(thoroughly) to real, not symlinked paths, everything worked. 

Thank you.





Mark.Burgess@iu.hio.no(Mark.Burgess@iu.hio.no)@Mon Dec 22, 2003 at 11:48:27PM 
+0100:
> 
> FreeBSD handles ipv6 differently to all other OSes, but it should work,
> even in spite of the illogical way it is implemented. I believe
> some freebsd users have verified this. It certainly works ok on linux
> and solaris.
> 
> I do not understand the reference to /usr in these messages. Perhaps
> there is an issue with symbolic links here. You need to grant access
> to the true path, not via a symlink.
> 
> M
> 
> On 22 Dec, Stan Norton wrote:
> > I've been attempting to get cfengine 2.1.0p1 running on freebsd 5.1-RELEASE.
> > Ipv6 was not working, so I rebuilt kernels on two machines, to test in ipv4
> > mode.
> > 
> > cfagent work fine. I am experiencing problems attempting to connect via
> > cfrun from another host (on which cfagent works) to cfservd.
> > 
> > 
> > I'm concerned about two lines from -d2 output:
> > 
> > AccessControl(/var/cfengine/bin/cfagent)
> > AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)
> > 
> > /var is symlinked from /usr/var. Is the symlink creating a problem with
> > cfengine?
> > 
> > This is the entry in cfservd.conf:
> > 
> > cfrunCommand = ( "/var/cfengine/bin/cfagent" )
> > 
> > grant:
> > 
> > /var/cfengine/bin/cfagent       rtty2.domain.com
> > 
> > I have also tried these as:
> > 
> > 
> > cfrunCommand = ( "/usr/var/cfengine/bin/cfagent" ) with an appropriate grant
> > change. No effect.
> > 
> > Thanks for any help. I'm looking forward to getting this going.
> > 
> > 
> > --------------------------------------------------------------------------------------------------
> > 
> > 
> > Edited -d2 output: 
> > 
> > ...
> > ACCESS GRANTED ----------------------:
> > 
> > Path: /var/cfengine/bin/cfagent (encrypt=0)
> >    Admit: rtty2.domain.com root=
> > Path: /var/cfengine/inputs (encrypt=0)
> >    Admit: rtty2.domain.com root=
> > ACCESS DENIAL ------------------------ :
> > 
> > Host IPs allowed connection access :
> > 
> > IP: 192.168.1.215
> > Host IPs denied connection access :
> > 
> > Host IPs allowed multiple connection access :
> > 
> > Host IPs from whom we shall accept public keys on trust :
> > 
> > IP: 192.168.1.215
> > 
> > ...
> > 
> > Connecting host identifies itself as 192.168.1.215 rtty2.domain.com
> > root 0
> > (ipstring=[192.168.1.215],fqname=[rtty2.domain.com],username=[root],socket=[192.168.1.215])
> > cfservd: Allowing 192.168.1.215 to connect without (re)checking ID
> > Non-verified Host ID is rtty2.domain.com (Using skipverify)
> > Non-verified User ID seems to be root (Using skipverify)
> > 
> > ...
> > 
> > Havekey(root-192.168.1.215)
> > Loaded /var/cfengine/ppkeys/root-192.168.1.215.pub
> > 
> > ...
> > 
> > A public key was already known from rtty2.domain.com/192.168.1.215 -
> > no trust required
> > Adding IP 192.168.1.215 to SkipVerify - no need to check this if we have a 
> > key
> > Prepending 192.168.1.215
> > The public key identity was confirmed as root@rtty2.domain.com
> > 
> > ...
> > 
> > cfservd: Strongly authentication of client
> > rtty2.domain.com/192.168.1.215
> > 
> > ...
> > 
> > 
> > 
> > User root granted connection privileges
> >>>>AccessControl(/var/cfengine/bin/cfagent)
> >>>>AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)
> > encrypt request=0
> > cfservd: Host rtty2.domain.com denied access to
> > /usr/var/cfengine/bin/cfagent
> > cfservd: Host authorization/authentication failed or access denied
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
>

[Prev in Thread]

Current Thread

[Next in Thread]

cfservd configuration question, Stan Norton, 2003/12/22
- Re: cfservd configuration question, Mark . Burgess, 2003/12/22
  - Re: cfservd configuration question, Stan Norton <=

Prev by Date: Re: cfservd configuration question
Next by Date: updating users only in passwd file
Previous by thread: Re: cfservd configuration question
Next by thread: updating users only in passwd file
Index(es):
- Date
- Thread