"Server returned error: Unspecified server refusal (see verbose server output)"

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
(New page: A cfengine client was unable to copy files from a policyhost that it had admit/grant rights to. Public key authentication worked, so to determine the problem, I ran cfagent in verbose mode...)
Current revision (18:08, 29 December 2008) (edit) (undo)
 
Line 3: Line 3:
cfengine:''client'': Server returned error: Unspecified server refusal (see verbose server output)
cfengine:''client'': Server returned error: Unspecified server refusal (see verbose server output)
-
To determine the cause of the error, I ran cfservd in debug mode 2 and saw the following error.
+
To determine the cause of the error, I ran cfservd in debug level 2 and saw the following error:
# /var/cfengine
# /var/cfengine

Current revision

A cfengine client was unable to copy files from a policyhost that it had admit/grant rights to. Public key authentication worked, so to determine the problem, I ran cfagent in verbose mode on the client.

cfengine:client: Server returned error:  Unspecified server refusal (see verbose server output)

To determine the cause of the error, I ran cfservd in debug level 2 and saw the following error:

# /var/cfengine
...FuzzyItemIn(LIST,10.226.18.58)
No root privileges granted
WildMatch(client.navitiare.com,*.navitaire.com)
WildMatch(*.navitaire.com,jqosdsawb802.navitiare.com)
WildMatch(10.226.18.58,*.navitaire.com)
WildMatch(*.navitaire.com,10.226.18.58)

FuzzyItemIn(LIST,10.226.18.58)
 Try FuzzySetMatch(*.navitaire.com,10.226.18.58)
cfservd: Host client.navitiare.com denied access to /var/cfengine/masterfiles/inputs

The cfengine client should be using the domain navitaire.com, not navitiare.com. The DNS PTR record for 58.18.226.10.in-addr.arpa was correct in our DNS, so where was the domain typo coming from?

It turns out that the client had an incorrect domain name in its /etc/hosts file.

10.226.18.58    client.navitiare.com client

Correcting the domain in the cfengine client's /etc/hosts file (to match the correct domain in the admit/grant rules) fixed the problem.

Personal tools