Client server authentication is probably the hardest task in Cfengine. The first thing to remember about using cfrun is that the authentication is the opposite of what you've done before. Previously you configured CF for the clients to authenticate with a single server. Cfrun talks to servers, plural, as a client. Thus with Cfrun you have a single client authenticating with many servers. So look at what you did to get your clients to authenticate with your policy server and use those rules as a guide to have the policy server's cfrun authenticate with each client's server.
Judging from the 'root is not allowed' error I'd say you are missing allowuser, admit or grant in the cfservd.conf file in the control section. Sincerely, -- Neil Watson 416-673-3465
CONFIDENTIALITY WARNING This communication, including any attachments, is for the exclusive use of addressee and may contain proprietary and/or confidential information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage exclusif de la personne à laquelle il s’adresse et peut contenir de l’information personnelle ou confidentielle. Si le lecteur de ce message n’en est pas le destinataire, nous l’avisons par la présente que toute diffusion, distribution, reproduction ou utilisation de son contenu est strictement interdite. Veuillez avertir sur-le-champ l’expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes.
_______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
