help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun and cfservd

From: Mohamed Eldesoky
Subject: Re: cfrun and cfservd
Date: Sun, 16 May 2004 16:47:27 +0300
User-agent: KMail/1.6.2 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I sent it in my last email, here it is again

 and this strange error on the client
 "Received: [EXEC root ] on socket 5
 User root is not allowed on this server
 cfservd: Host authorization/authentication failed or access denied


Regards

On Sunday 16 May 2004 4:35 pm, Mark.Burgess@iu.hio.no wrote:
> Well that's not a very good security principle. I recommend
> using -d2 to see the real reason for the denial.
>
> M
>
> On 16 May, Mohamed Eldesoky wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > It gave the same exact result.
> > Plus, if you think that options is needed even if one client only talks
> > with one server, then it should be enabled by default (even forced
> > enabled)
> >
> > Regards
> > Mohamed Eldesoky
> >
> > On Sunday 16 May 2004 3:57 pm, Mark.Burgess@iu.hio.no wrote:
> >> But the same client might need to open multiple connections...?
> >>
> >> On 16 May, Mohamed Eldesoky wrote:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > I am only testing now with one to  one connections.
> >> > ie, one server from one client
> >> >
> >> > Regards
> >> >
> >> > On Sunday 16 May 2004 1:46 pm, Mark.Burgess@iu.hio.no wrote:
> >> >> I would try AllowMultipleConnectionsFrom since you will be connecting
> >> >> with several streams.
> >> >>
> >> >> M
> >> >>
> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> > Hash: SHA1
> >> >> >
> >> >> > Hi all,
> >> >> >
> >> >> > I have just got cfengine working with me.
> >> >> > The only trouble is with cfrun.
> >> >> >
> >> >> > keys are exchanged properly (and cfagent works fine), and cfservd
> >> >> > is running. Only it doesn't allow access.
> >> >> > It always shows the famous
> >> >> > "Host authentication failed. Did you forget the domain name or
> >> >> > IP/DNS address registration (for ipv4 or ipv6)"   to the server
> >> >> >
> >> >> > and this strange error on the client
> >> >> > "Received: [EXEC root ] on socket 5
> >> >> > User root is not allowed on this server
> >> >> > cfservd: Host authorization/authentication failed or access denied
> >> >> > Transaction Send[t 114][Packed text]
> >> >> > Attempting to send 122 bytes
> >> >> > SendSocketStream, sent 122
> >> >> > "
> >> >> >
> >> >> >
> >> >> > I will post my conf files for cfservd.conf and cfrun.conf
> >> >> >
> >> >> > cfservd.conf:
> >> >> > ############### On both server and client ################
> >> >> > control:
> >> >> >
> >> >> >         domain = ( domain.com )
> >> >> >         cfrunCommand = ( "/usr/local/sbin/cfagent" )
> >> >> >         Access = ( root )
> >> >> >         AllowConnectionsFrom = ( xxx.xxx.xxx.xxx )  ## An IP range
> >> >> >         TrustKeysFrom = ( xxx.xxx.xxx.xxx )  ## An IP range
> >> >> >         AllowUser = ( root )
> >> >> >         SkipVerify = ( xxx.xxx.xxx.xxx )  ## this is an IP range
> >> >> > grant:
> >> >> >
> >> >> >         # Grant access to all hosts at example.org.
> >> >> >         # Files should be world readable
> >> >> >
> >> >> >         /var/cfengine/inputs/       *
> >> >> >         /usr/local/sbin/           *
> >> >> >         /opt/                      *
> >> >> >
> >> >> > cfrun.hosts:
> >> >> >
> >> >> > domain=domain.com
> >> >> > access=root
> >> >> > xxx.xxx.xxx.xxx root
> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >
> >> >> > iD8DBQFApzeF2FHsOWMJBKMRAk5lAKCHanYZfjdB30BPoeiigFKpTyJw4QCfUkA+
> >> >> > L9+zh4p0v1F61FFChxuELfc=
> >> >> > =j/2z
> >> >> > -----END PGP SIGNATURE-----
> >> >> >
> >> >> >
> >> >> > _______________________________________________
> >> >> > Help-cfengine mailing list
> >> >> > Help-cfengine@gnu.org
> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >> >>
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~ Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no Fax :
> >> >> +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~
> >> >
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >
> >> > iD8DBQFAp0qN2FHsOWMJBKMRAiZvAKDxfBYcDY4qqH5WEYAHsfmQnmnO+QCfWoCf
> >> > spP7Geyd8P8rYEaJb6q3n94=
> >> > =dFG3
> >> > -----END PGP SIGNATURE-----
> >> >
> >> >
> >> > _______________________________________________
> >> > Help-cfengine mailing list
> >> > Help-cfengine@gnu.org
> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >>
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAp2Xb2FHsOWMJBKMRAiqUAJ4n32OdD9Gu6wVsmuQmqJTZufB31gCcDATu
> > grWddsNy6QwC27C8QbpfkCA=
> > =jomp
> > -----END PGP SIGNATURE-----
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAp3Dw2FHsOWMJBKMRAqmIAJ9WnnsNC7JzXjXuIx8VH97VyA74NQCePPtL
o9J4OE9J09fHxY3Iq9hZMRE=
=DgDS
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]