HPE Community
Operating System - HP-UX
1834312 Members
2606 Online
110066 Solutions
New Discussion

DSAU error Host authentication failed

 
SOLVED
Go to solution
vinodan
Advisor

‎04-17-2007 01:48 AM

‎04-17-2007 01:48 AM

DSAU error Host authentication failed

Dear All,

Is it mandatory that DNS must be there inorder to configure DSAU ?. Our's is a non DNS setup .After configuring two clients to a DSAU master server i am encountering an error
as undernoted

# cfrun -v - from master server ....

Host authentication failed .
Did you forget to configure DNS/IP ... Somewhsat like this ..

But there is nothing wrong in public key/privatr key authentication ...

Kindly let me know

Regards
Vinod
0 Kudos
Reply
4 REPLIES 4
PeterWolfe
Respected Contributor

‎04-18-2007 03:48 AM

‎04-18-2007 03:48 AM

Re: DSAU error Host authentication failed

>Is it mandatory that DNS must be there inorder to
> configure DSAU?

I don't think it's mandatory but:

- cfengine I believe expects to be able to get a
fully qualified domain name. Is the hostname
fully qualified in /etc/hosts? I assume
nsswitch.conf is set to look only in files?

- Earlier versions of cfengine wanted the domain
variable to be set (even if you are not using
DNS). The default cf.main included with DSAU,
uses nslookup to get the domain. If you have a
fully qualified hostname in /etc/hosts this
should work. I didn't think this was still a
requirement with the DSAU-supplied version of
cfengine.

>Host authentication failed .
>Did you forget to configure DNS/IP

This is a general cfengine message when it can't
do it's key exchange.

What version of HP-UX? Same versions on the
client's and the master server? Did you use the
csync_wizard to do the initial configuration or do
it manually? Just so it's clear we are talking
about the right keys, cfengine creates it's own
public/private key pair. csync_wizard can create
these on the server and can distribute these keys
securely but it requires that ssh to have been
configured for that. IOW, I'm not 100% sure if you
mean the cfengine keys or ssh keys above. Is NAT
anywhere in your setup?
0 Kudos
Reply
vinodan
Advisor

‎04-19-2007 04:50 AM

‎04-19-2007 04:50 AM

Re: DSAU error Host authentication failed

Hi Peter,

Thanks forthe prompt response .

nsswitch.conf is set for files .

Client version is HPUX 11i version 1
Server is version 2

Yes i used csync_wizard initially . It created and private/public key pair and did'nt show any error.

Vinod
0 Kudos
Reply
PeterWolfe
Respected Contributor

‎04-19-2007 07:32 AM

‎04-19-2007 07:32 AM

Solution

Re: DSAU error Host authentication failed

>Client version is HPUX 11i version 1
>Server is version 2

Bad news:

I think this is the problem. DSAU needs to be installed on
both the client and the server. The product is new for 11i
V2 and is not available for 11i V1. So the csync_wizard is
indeed able to successfully distribute the cfengine keys but
the client-side cfengine pieces aren't there. The wizard
should clearly be more defensive here and check for DSAU's
presence on the client-side. There are no current plans to
port DSAU to 11i V1.

Good news(?):

Starting with the 11i V2 Sept-06 release, we enhanced the
cfengine templates to accommodate interoperability with
clients running the open source cfengine. For example, you
could have an HP-UX master server and linux clients. We also
document how to do a manual configuration of cfengine and
you have already done most of it via the wizard. Your server
side is all set and the right keys are already on the
clients. If you were to build cfengine for 11i V1 you could
get this to work. I won't claim that that is a supported
configuration but it would work just fine using the latest
templates. By default, the templates are assuming that open
source cfengine resides in /usr/local (vs. /opt/dsau) which
is where a default cfegine build would place things. The
comment from the latest cf.main.template (which is located
in /opt/dsau/share/cfengine/templates) reads:


# In order to use an open source client of cfengine, the
# administrator would have to download and build the
# cfengine software from www.cfengine.org and then install
# it on the client. A copy of the cfkey would have to be
# used to create cfengine keys on the client, and then the
# cfengine keys would have to be exchanged between the
# client and master. After that was complete, the client
# would need to get the update.conf configuration file from
# the master and place it in the /var/opt/cfengine/inputs
# directory. Running cfagent at that point should get the
# client into the DSAU cfengine environment while running
# the open source cfengine software.

Reply
vinodan
Advisor

‎04-21-2007 05:29 PM

‎04-21-2007 05:29 PM

Re: DSAU error Host authentication failed

Dear Peter,

Thank you for your response ...


Regards
Vinod
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.