Forum: CFEngine Help
Subject: Challenge response from server xxx.xxx.148.112/xxx.xxx.148.112 was
incorrect!
Author: BobDavis
Link to topic: https://cfengine.com/forum/read.php?3,26870,26870#msg-26870
Hi,
I have run into an issue with cfengine as i am trying to from test to
deployment..
This is the error i get,
# /var/cfengine/bin/cf-agent --bootstrap --policy-server xxx.xxx.148.112
** CFEngine BOOTSTRAP probe initiated
@@@
@@@ CFEngine
@ @@@ @ CFEngine Core 3.3.5
@ @@@ @
@ @@@ @
@ @
@@@
@ @
@ @
@ @
Copyright (C) CFEngine AS 2008-2012
See Licensing at http://cfengine.com/3rdpartylicenses
-> This host is: dallas
-> Operating System Type is linux
-> Operating System Release is 2.6.32-279.2.1.el6.x86_64
-> Architecture = x86_64
-> Internal soft-class is linux
-> An existing policy was cached on this host in /var/cfengine/inputs
-> Assuming the policy distribution point at:
xxx.xxx.148.112:/var/cfengine/masterfiles
-> Attempting to initiate promised autonomous services...
Challenge response from server xxx.xxx.148.112/xxx.xxx.148.112 was incorrect!
I: Made in version 'Community Failsafe.cf 1.0.0' of
'/var/cfengine/inputs/failsafe.cf' near line 110
I: Comment: Check whether a validation stamp is available for a new policy
update to reduce the distributed load
!! Authentication dialogue with xxx.xxx.xxx.xxx failed
-> Bootstrap to xxx.xxx.148.112 completed successfully
note: the xxx.xxx.148.112 is the correct ip of my cfengine server i have just
removed the ip address from this post as we use actual Internet IP on our
network - long story but one of the motivators to get all machines on cfengine
to make the change to a 192.168.xxx.xxx network. we do however span two
subnets xxx.xxx.148.xxx and xxx.xxx.149.xxx
I am not sure if i am on the right trail but this was working fine when i have
the actual IP's of the machines i was testing in this section of promises.cf
bundle common def
{
vars:
# Begin change # Your domain name, for use in access control
"domain" string => "london.xxxxxxxx.com",
comment => "Define a global domain for all hosts",
handle => "common_def_vars_domain";
# List here the IP masks that we grant access to on the server
"acl" slist => {
#"$(sys.policy_hub)/16", # Assume /16 LAN clients to start
with
# "xxx.xxx.148.112", # NIOBE | This works when
i list the IP's
# "xxx.xxx.148.82", # Montana | however cant do that for
a couple of hundreed
# "xxx.xxx.149.169", # Titanlinux | hosts really .. just
wnat the entire network
# "xxx.xxx.149.92", # knight
#"xxx.xxx.148.0/23", # tried this ...
#"xxx.xxx.149.0/23", # tried this ...
#"xxx.xxx.148.0/255.255.254.0", # tried this ...
#"xxx.xxx.149.0//255.255.254.0", # tried this ...
# "*.*.*.*/*", # even tried this ..
},
comment => "Define an acl for the machines to be granted accesses",
handle => "common_def_vars_acl";
# End change #
"dir_masterfiles" string => translatepath("$(sys.workdir)/masterfiles"),
comment => "Define masterfiles path",
handle => "common_def_vars_dir_masterfiles";
}
It does actually work .. but keeps on sending this error ... so really want to
clean it up
Am I chasing the right place ?? or am I barking up the wrong tree ??
Thanks in adavance for any help I have google-ed the daylights out of this with
no joy ..
Bob
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
