Seems like your client changed its IP address after cf-key run. Mark, it seems like IP assertion check must be moved back beyond skipverify check, otherwise troubles may happen for multihomed hosts and/or when a host changes its IP (i.e. it would need key regeneration).
2010/6/7 Vasiliy G Tolstov <v.tols...@selfip.ru>: > В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: >> Version 3.0.5 of the Cfengine 3 community edition source code is released >> -------------------------------------------------------------------------- >> > > After upgrade server to 3.0.5 , my client servers can't connect with it: > > > client: > > f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub > cf3 BAD: Unspecified server refusal (see verbose server output) > cf3 !! Authentication dialogue with 77.221.141.148 failed > cf3 Unable to establish connection with 77.221.141.148 > cf3 No suitable server responded to hail > cf3 Promise (version not specified) belongs to bundle 'update' in file > '/var/cfengine/inputs/update.cf' near line 23 > cf3 > cf3 ......................................................... > cf3 Promise handle: > cf3 Promise made by: /var/cfengine/modules > cf3 ......................................................... > cf3 > cf3 -> Handling file existence constraints on /var/cfengine/modules > cf3 -> Promise to skip base directory /var/cfengine/modules > cf3 -> Handling file existence constraints > on /var/cfengine/modules/has_pkg > cf3 -> File permissions on /var/cfengine/modules/has_pkg as promised > cf3 -> Copy file /var/cfengine/modules from /var/cfengine/modules check > cf3 No existing connection to 77.221.141.148 is established... > cf3 Set cfengine port number to 5308 = 5308 > cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308 > cf3 LastSaw host 77.221.141.148 now > cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub > > > > server: > cf3 -> Accepting a connection > cf3 Accepting connection from "217.170.84.182" > cf3 New connection...(from 217.170.84.182/4) > cf3 Spawning new thread... > cf3 -> No new promises found > cf3 -> Waiting at incoming select... > cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4 > cf3 IP address mismatch between client's assertion (10.0.1.66) and > socket (217.170.84.182) - untrustworthy connection > cf3 ID not verified > cf3 From (host=?,user=?,ip=217.170.84.182) > cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66 > cf-server.virt root 0) > cf3 -> Accepting a connection > cf3 Accepting connection from "217.170.84.182" > > > > -- > Vasiliy G Tolstov <v.tols...@selfip.ru> > Selfip.Ru > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
