From mboxrd@z Thu Jan 1 00:00:00 1970 From: davide+p9@cs.cmu.edu To: David Presotto In-Reply-To: <797f65da44cdbd78a92e7fd405e73b49@plan9.bell-labs.com> Cc: 9fans@cse.psu.edu Subject: Re: [9fans] Authentication debugging help? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <10047.1074626801.1@piper.nectar.cs.cmu.edu> Message-ID: <10048.1074626801@piper.nectar.cs.cmu.edu> Date: Tue, 20 Jan 2004 14:26:41 -0500 Topicbox-Message-UUID: bcbe62e8-eacc-11e9-9e20-41e7f4b1d025 > Host id is the id of the 'owner' or the host, i.e., the > name used when you booted the system. I'm not yet certain I understand *exactly* what that tuple in /lib/ndb/auth means... is it: 1. "Anybody on any host who can prove to the auth server on the auth host that he's bootes is allowed to become anybody (except for adm and sys, if I recall) on any host which trusts that auth host" or 2. "Anybody on *any* host who can prove to the kernel on that host that he's bootes is allowed to become anybody (!adm, !sys) on that host" or something else? > 'netstat -n' should show something listening on tcp ports: [...] > 'ps' should show a keyfs process running. > [...] Excellent, I will check these this evening when I'm home. > What is serving DHCP for this network? A LinkSys BEFSR41 NAT box. The auth/fossil server manually ipconfig's an address outside the range managed by the LinkSys. I set bootargs (or is it bootfile?) to "il -d" if I recall, so the client should be assigned an IP address by the LinkSys. > The newly booted system will first do a DHCP request to find out > it's address, the address of the dns servers, the address of auth > server, and the address of the file server. If it fails to get > any of these, it will prompt for them on the console. Is it > getting that far? I used fs= and auth= in PLAN9.ini to point to the IP address of the auth/fossil server. So I think it's probably getting further than that. Is there a tcpdump/ethereal equivalent I should run on the server while the client is booting? Another thing I noticed, which I can't describe exactly since I left my notes at home, is that "somewhere in /sys/log" there was a complaint about somebody (maybe fossil?) not being able to get a role=server dome=? key, though when I cat'd /mnt/factotum/ctl I see a key (the only one) which looks to my eyes to match--it doesn't say role=server but it doesn't say role=anything. Also, among the various things I've tried, I think I've seen kernel panics with both "connection refused" and "connection rejected"--what is the difference between those? Dave Eckhardt