I think you might have missed this bit: *Setup your puppet.conf*
*Make sure you have the following set in your puppetmaster’s puppet.conf:* *[puppetmasterd]* *ssl_client_header = SSL_CLIENT_S_DN* *ssl_client_verify_header = SSL_CLIENT_VERIFY* On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott <sven.sch...@gmail.com> wrote: > Hi everyone > > I'm having a problem with a clean install of puppet (2.6.0) on a Mac server > (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster > standalone (Webrick) and that works fine. Clients can connect and there are > no problems. But when I configured it to use Apache and Passenger, the > client responds that the request is forbidden. > > err: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to > /catalog/XXX.XXX.XXX[find] at line 97 > > So after going through the mailing lists and google I've found that the > auth.conf file is the problem. I have stock standard auth.conf which looks > like this: > > http://pastie.org/1098939 > > And yes, adding auth no to the first four methods does make it work, but I > know that's not the problem (or the solution). Am I missing something? Is it > a bug or PEBKAC? > > Some of the relevant puppet.conf entries > > vardir = /var/lib/puppet > confdir = /etc/puppet > puppetdlog = '$logdir/puppetd.log' > logdir = '$vardir/log' > rest_authconfig = '$confdir/auth.conf' > masterlog = '$logdir/puppetmaster.log' > > The Gem versions I am using: > > facter (1.5.7) > mongrel (1.1.5) > passenger (2.2.15) > puppet (2.6.0) > rack (1.2.1, 1.1.0) > ruby-mysql (2.9.3) > > The backtrace on the server is: > > http://pastie.org/1098964 > > Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174) > > Virtualhost entry in apache looks like this: > > http://pastie.org/1098973 > > and the config.ru file looks like this: > > http://pastie.org/1098974 > > The client and server certs are fine (standalone works fine) and there are > no connectivity problems between the client and server. > > Anyone seen this or have any ideas? Any help would be greatly appreciated. > > Regards > > Sven Schott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
