HPE Community
Operating System - Linux
1753779 Members
7352 Online
108799 Solutions
New Discussion юеВ

Re: security problem a.11.18 / rhel 4 u5 x86_64

 
SOLVED
Go to solution
joseph pareti
Frequent Advisor

тАО08-04-2007 03:10 AM

тАО08-04-2007 03:10 AM

security problem a.11.18 / rhel 4 u5 x86_64

on a sg a 11.18 installation i have the following problem:
[root@joe_0 ~]# cmquerycl -v -C $SGCONF/clust1.config -n 16.58.249.227 -n 16.58.249.229 2>&1 | tee -a yyy

Warning: Unable to determine local domain name: 1
Looking for other clusters ... Node 16.58.249.227 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
16.58.249.227 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node 16.58.249.227 resolves the IP address correctly.
Failed to gather configuration information.
Done

cmquerycl -v -C $SGCONF/clust1.config -n 16.58.249.226 -n 16.58.249.228 2>&1 | tee -a yyy

Warning: Unable to determine local domain name: 1
Looking for other clusters ... Node 16.58.249.226 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
16.58.249.226 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node 16.58.249.226 resolves the IP address correctly.
Failed to gather configuration information.
Done

On both nodes the first entry of /etc/passwd is :
root:x:0:0:root:/root:/bin/bash


The /etc/hosts and cmclnodelist are in enclosure
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

тАО08-04-2007 10:44 AM

тАО08-04-2007 10:44 AM

Solution

Re: security problem a.11.18 / rhel 4 u5 x86_64

Shalom,

check the hostname command which normally displays the contents of /etc/sysconfig/network hostname and dns lookup on the system.

Something is inconsistent and annoying serviceguard.

Is update 5 certified with SG? If not you should not be using it. Update 5 is pretty fresh and it normally takes HP some time to certify new Red Hat releases.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Serviceguard for Linux
Honored Contributor

тАО08-05-2007 06:13 AM

тАО08-05-2007 06:13 AM

Re: security problem a.11.18 / rhel 4 u5 x86_64

RedHat 4 update 5 (now known as 4.5) is certified.

Here is my standard response to security access questions:

# You get an error message when doing a cmquerycl, cmapplyconf, or cmcheckconf indicating the Serviceguard cannot communicate with a node.

1. Usually this means that the firewall is set up incorrectly. Try turning off the firewall
2. Also, identd may not have started. "identd" is the service associated with pidentd (see #2). Make sure this is set to start automatically.
3. Check that the file cmclnodelist has been created and is set up correctly.
4. After you make all of the changes, reboot both nodes.


In your case, I'm not sure if using the IP address instead of a node name is causing any other problems. Look carefully at the other suggestions listed above. If that doesn't work, let me know here and I'll investigate further.
Reply
joseph pareti
Frequent Advisor

тАО08-12-2007 03:35 AM

тАО08-12-2007 03:35 AM

Re: security problem a.11.18 / rhel 4 u5 x86_64

what finally worked for me was using /root/.rhosts, i.e. I had the same problem when I was just relying on the cmclnodelist file.

Thanks to all of you for your support.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.