Mark, Actually DNS does seem to be working but after changing the admit statement, to use the specific IPs, it fixed the problem.
Thanks! - Elaine -----Original Message----- From: Mark Burgess [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 28, 2006 11:56 PM To: Pan, Elaine Cc: [email protected] Subject: Re: authentication errors Pan, Elaine wrote: > Hi, > > > > I'm having some troubles setting up communication between the client and > the server - I'm runnig FC4 with cfengine-2.1.18-1. > > > > My environment consists of 2 hosts in an isolated environment - one of > them is the DNS master. Here are the things that I have verified: > > * DNS > > * Public key from the client has been placed into the > /var/cfengine/ppkeys directory on the master > > * cfservd.conf allows access to /usr/sbin/cfagent, has > "DenyBadClocks" set to false, has the "cfrunCommand" set to > /usr/sbin/cfagent, etc. > > > Hi Elaine - Unspecified refusal is a deliberately obtuse error so that potential hackers will not know why the faliure occurred. From the trace you sent, it looks as though all is okay up until the "admit:" rule. that is where the error occurs. it tries to match the hostname to the domain name wildcard and fails. My guess is that there is no DNS support on your test machine? Try replacing *.domain.com with the IP series 10.196.143 fir instance and see if that helps. M -- Mark Burgess Professor of Network and System Administration Oslo University College ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Work: +47 22453272 Email: [EMAIL PROTECTED] Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Help-cfengine mailing list [email protected] http://cfengine.org/mailman/listinfo/help-cfengine
