From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Gabriel Diaz Lopez de la Llave" To: <9fans@cse.psu.edu> Subject: RE: [9fans] Auth problems (again?) Message-ID: <000201c2608e$be716440$2d01a8c0@holdingmf.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable In-Reply-To: Date: Fri, 20 Sep 2002 12:16:11 +0200 Topicbox-Message-UUID: f08c6414-eaca-11e9-9e20-41e7f4b1d025 hello, I updated again and run auth/debug tests. The first time auth/debug says to me that password for bootes was bad, but I changed it with auth/changeuser -p and echo asds > /dev/sdC0/nvram to re-enter nvram stuff. then i run auth/debug again with good results (i think) --------------------- cpu# auth/debug p9sk1 key: dom=3Dipsoluciones.com proto=3Dp9sk1 user=3Dbootes successfully dialed auth server password for bootes@ipsoluciones.com [hit enter to skip test]:=20 ticket request using bootes@ipsoluciones.com key succeeded cpu server owner for domain ipsoluciones.com [bootes]:=20 password for bootes@ipsoluciones.com [hit enter to skip test]:=20 ticket request using bootes@ipsoluciones.com key succeeded cpu# auth/debug p9sk1 key: dom=3Dipsoluciones.com proto=3Dp9sk1 user=3Dbootes successfully dialed auth server password for bootes@ipsoluciones.com [hit enter to skip test]:=20 ticket request using bootes@ipsoluciones.com key succeeded cpu server owner for domain ipsoluciones.com [bootes]: gabidiaz password for gabidiaz@ipsoluciones.com [hit enter to skip test]: ticket request using gabidiaz@ipsoluciones.com key succeeded cpu# -------------------- SSH connections fails with the message: ------------------------- cpu Sep 20 11:45:21 [114] connect from 192.168.1.45!3242 cpu Sep 20 11:45:26 [114] auth_chuid to gabidiaz: writing to #=C2=A4/capuse: i/o count too small /bin/aux/sshserve: auth_chuid: writing to #=A4/capuse: i/o count too small ------------------------- what is #=A4/capuse? how can i see all bindings? /sys/log/auth ------------------- cpu Sep 20 12:03:53 secureidcheck: nil radius secret: '/lib/ndb/common.radius' does not exist cpu Sep 20 12:03:53 cr-fail authentication failed gabidiaz 213.0.106.123 cpu Sep 20 12:03:53 cr-fail gabidiaz@bootes(213.0.106.123): bad resp --------------------- (i changed the password for that user with something silly and ease to type but all the attempts fails) Thank for the help! -----Mensaje original----- De: 9fans-admin@cse.psu.edu [mailto:9fans-admin@cse.psu.edu] En nombre de Russ Cox Enviado el: viernes, 20 de septiembre de 2002 7:03 Para: 9fans@cse.psu.edu Asunto: RE: [9fans] Auth problems (again?) Try updating from sources again. It will pick up a new program called auth/debug. Run auth/debug. It asks for your local user password as well as the cpu hostowner name and password. It uses these to check that your auth server is dialable and that it's giving out correct tickets (which means it agrees with you about those passwords). The idea is that auth/debug will accumulate more such sanity checks as time goes on. For example, in my fairly complicated setup (three p9sk1 domains), running auth/debug yields: g% grep p9sk1 /mnt/factotum/ctl key dom=3Dcs.bell-labs.com proto=3Dp9sk1 user=3Drsc !password? key dom=3Doutside.plan9.bell-labs.com proto=3Dp9sk1 user=3Dbozo = !password? key dom=3Dinsideout.plan9.bell-labs.com proto=3Dp9sk1 role=3Dspeakfor user=3Dglenda !password? g% auth/debug p9sk1 key: dom=3Dcs.bell-labs.com proto=3Dp9sk1 user=3Drsc !password? successfully dialed auth server password for rsc@cs.bell-labs.com [hit enter to skip test]:=20 ticket request using rsc@cs.bell-labs.com key succeeded cpu server owner for domain cs.bell-labs.com [bootes]:=20 password for bootes@cs.bell-labs.com [hit enter to skip test]:=20 ticket request using bootes@cs.bell-labs.com key succeeded p9sk1 key: dom=3Doutside.plan9.bell-labs.com proto=3Dp9sk1 user=3Dbozo !password? successfully dialed auth server password for bozo@outside.plan9.bell-labs.com [hit enter to skip test]:=20 ticket request using bozo@outside.plan9.bell-labs.com key succeeded cpu server owner for domain outside.plan9.bell-labs.com [bootes]: glenda password for glenda@outside.plan9.bell-labs.com [hit enter to skip test]:=20 ticket request using glenda@outside.plan9.bell-labs.com key succeeded p9sk1 key: dom=3Dinsideout.plan9.bell-labs.com proto=3Dp9sk1 = role=3Dspeakfor user=3Dglenda !password? cannot dial auth server: no auth server found for insideout.plan9.bell-labs.com csquery authdom=3Dinsideout.plan9.bell-labs.com auth=3D* failed csquery dom=3Dinsideout.plan9.bell-labs.com auth=3D'' dial net!!ticket failed: cs: can't translate address g%=20 The first two sections are examples of domains that worked: I have cs.bell-labs.com (used by plan9.bell-labs.com) and outside.plan9.bell-labs.com (used by sources) set up correctly. In the third, auth/debug flags the fact that it can't figure out the auth server for the domain and thus can't dial it. (That's okay because there is no auth server, but this is a degenerate case.) Let me know what you get when you run auth/debug and we'll go from there. Russ