RE: cfrun runs without errors... but doesn't "do" anything

Fri, 26 Mar 2010 09:32:56 -0700 

Thanks for your insight, Neil.  I "think" that the authentication piece is 
configured properly (clearly, something's amiss).  Here are the snippets from 
cfservd.conf (below).  I'm just completely LOST on where to look/Google/etc, 
next.  Thanks again for your help.


>From cfservd.:
==========

groups:
   cfe_servers = ( 10.10.1 )
   cfe_clients = ( 10.10.1 )

 control:
  domain = ( myDomain.com )
  IfElapsed = ( 1 )
  ExpireAfter = ( 15 )
  LogAllConnections   = ( true )
  MaxConnections = ( 20 )
  MultipleConnections = ( true )
  cfrunCommand = ( "/usr/sbin/cfagent" )

  cfe_servers::
    AllowConnectionsFrom = ( 10.10.1 )
    AllowUsers = ( root )
    TrustKeysFrom = ( 10.10.1 )

  cfe_clients::
    AllowConnectionsFrom = ( 10.10.1 )
    AllowUsers = ( root )
    TrustKeysFrom = ( 10.10.1 )

grant:
   /usr/sbin/cfagent 10.10.1


> To: tscoltr...@hotmail.com
> CC: help-cfengine@cfengine.org; help-cfengine-boun...@cfengine.org
> Subject: RE: cfrun runs without errors... but doesn't "do" anything
> From: nwat...@symcor.com
> Date: Fri, 26 Mar 2010 07:59:03 -0400
> 
> Client server authentication is probably the hardest task in Cfengine. The 
> first thing to remember about using cfrun is that the authentication is 
> the opposite of what you've done before.  Previously you configured CF for 
> the clients to authenticate with a single server.  Cfrun talks to servers, 
> plural, as a client.  Thus with Cfrun you have a single client 
> authenticating with many servers.  So look at what you did to get your 
> clients to authenticate with your policy server and use those rules as a 
> guide to have the policy server's cfrun authenticate with each client's 
> server.
> 
> Judging from the 'root is not allowed' error I'd say you are missing 
> allowuser, admit or grant in the cfservd.conf file in the control section.
> 
> Sincerely,
> --
> Neil Watson
> 416-673-3465
                                          
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_1
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to