Pity you didn't suggest this an hour earlier. But ok. Seva Gluschenko wrote: > Seems like your client changed its IP address after cf-key run. > > Mark, it seems like IP assertion check must be moved back beyond > skipverify check, otherwise troubles may happen for multihomed hosts > and/or when a host changes its IP (i.e. it would need key > regeneration). > > 2010/6/7 Vasiliy G Tolstov <v.tols...@selfip.ru>: >> В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: >>> Version 3.0.5 of the Cfengine 3 community edition source code is released >>> -------------------------------------------------------------------------- >>> >> After upgrade server to 3.0.5 , my client servers can't connect with it: >> >> >> client: >> >> f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub >> cf3 BAD: Unspecified server refusal (see verbose server output) >> cf3 !! Authentication dialogue with 77.221.141.148 failed >> cf3 Unable to establish connection with 77.221.141.148 >> cf3 No suitable server responded to hail >> cf3 Promise (version not specified) belongs to bundle 'update' in file >> '/var/cfengine/inputs/update.cf' near line 23 >> cf3 >> cf3 ......................................................... >> cf3 Promise handle: >> cf3 Promise made by: /var/cfengine/modules >> cf3 ......................................................... >> cf3 >> cf3 -> Handling file existence constraints on /var/cfengine/modules >> cf3 -> Promise to skip base directory /var/cfengine/modules >> cf3 -> Handling file existence constraints >> on /var/cfengine/modules/has_pkg >> cf3 -> File permissions on /var/cfengine/modules/has_pkg as promised >> cf3 -> Copy file /var/cfengine/modules from /var/cfengine/modules check >> cf3 No existing connection to 77.221.141.148 is established... >> cf3 Set cfengine port number to 5308 = 5308 >> cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308 >> cf3 LastSaw host 77.221.141.148 now >> cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub >> >> >> >> server: >> cf3 -> Accepting a connection >> cf3 Accepting connection from "217.170.84.182" >> cf3 New connection...(from 217.170.84.182/4) >> cf3 Spawning new thread... >> cf3 -> No new promises found >> cf3 -> Waiting at incoming select... >> cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4 >> cf3 IP address mismatch between client's assertion (10.0.1.66) and >> socket (217.170.84.182) - untrustworthy connection >> cf3 ID not verified >> cf3 From (host=?,user=?,ip=217.170.84.182) >> cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66 >> cf-server.virt root 0) >> cf3 -> Accepting a connection >> cf3 Accepting connection from "217.170.84.182" >> >> >> >> -- >> Vasiliy G Tolstov <v.tols...@selfip.ru> >> Selfip.Ru >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > >
-- Mark Burgess ------------------------------------------------- Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 ------------------------------------------------- _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
