* [9fans] File Server Authentication Woes
@ 2002-05-07 0:57 Eric Van Hensbergen
0 siblings, 0 replies; 9+ messages in thread
From: Eric Van Hensbergen @ 2002-05-07 0:57 UTC (permalink / raw)
To: 9fans
I'm having a bit of trouble getting my newly installed file server to
work with my Auth server. I've installed everything from scratch and
have a stand-alone auth server, a stand-alone terminal, and a file
server. Everything seems to be happy-happy except when I go to mount
the file server from the auth-server I get an authentication error.
There doesn't seem to be anything useful in /sys/log/auth about it (or
in any of the other logs). Is there any way I sanity check the auth
server configuration on the file server or get more verbose debugging
about where things are breaking down?
-eric
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
2002-05-07 16:20 rsc
@ 2002-05-07 17:26 ` Eric Van Hensbergen
0 siblings, 0 replies; 9+ messages in thread
From: Eric Van Hensbergen @ 2002-05-07 17:26 UTC (permalink / raw)
To: 9fans
On Tue, 2002-05-07 at 11:20, rsc@plan9.bell-labs.com wrote:
> > When I do this, I don't get a key prompt again, but the error messages
> > change (due to the fact that there is no key matches apparently).
>
> You're on a cpu server, so factotum won't prompt.
> Instead tell it manually:
>
> echo 'key proto=p9sk1 dom=your.auth.domain user=you !password=secret' >/mnt/factotum/ctl
>
> If that works, try running auth/wrkey to rewrite your
> nvram and then reboot.
>
> Russ
That did the trick. So I guess the passwords were screwed up in my auth
server's nvram. Thanks for your help everyone.
-eric
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
@ 2002-05-07 16:20 rsc
2002-05-07 17:26 ` Eric Van Hensbergen
0 siblings, 1 reply; 9+ messages in thread
From: rsc @ 2002-05-07 16:20 UTC (permalink / raw)
To: 9fans
> When I do this, I don't get a key prompt again, but the error messages
> change (due to the fact that there is no key matches apparently).
You're on a cpu server, so factotum won't prompt.
Instead tell it manually:
echo 'key proto=p9sk1 dom=your.auth.domain user=you !password=secret' >/mnt/factotum/ctl
If that works, try running auth/wrkey to rewrite your
nvram and then reboot.
Russ
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
2002-05-07 15:18 Russ Cox
@ 2002-05-07 15:49 ` Eric Van Hensbergen
0 siblings, 0 replies; 9+ messages in thread
From: Eric Van Hensbergen @ 2002-05-07 15:49 UTC (permalink / raw)
To: 9fans
On Tue, 2002-05-07 at 10:18, Russ Cox wrote:
> Somewhere along the line your servers don't agree about a key.
> It sounds like the factotum on your auth server doesn't have
> the right key. Try drawing a new window on the auth server
> and running
>
> echo -n delkey >/mnt/factotum/ctl # clears all keys
> mount -c /srv/il!9.3.61.42 /n/tor
>
> It will prompt for the key again and maybe this time
> will work better.
>
> Russ
When I do this, I don't get a key prompt again, but the error messages
change (due to the fact that there is no key matches apparently).
vampira# mount -c /srv/il!9.3.61.42 /n/tor
11: start proto=p9any role=client yields phase CNeedProtos: ok
11: read 4093 in phase CNeedProtos yields phase CNeedProtos: phase: protocol pha
se error: read in state CNeedProtos
11: write 0 in phase CNeedProtos yields phase CNeedProtos: toosmall 2048
11: no key matches proto=p9sk1 dom=austin.ibm.com role=speakfor user? !password
?
11: failure no key matches proto=p9sk1 dom=austin.ibm.com role=speakfor user? !
password?
11: no key matches proto=p9sk1 dom=austin.ibm.com role=client user? !password?
11: failure no key matches proto=p9sk1 dom=austin.ibm.com role=client user? !pa
ssword?
11: no key matches proto=p9sk1 dom=austin.ibm.com role=client user? !password?
11: failure no key matches proto=p9sk1 dom=austin.ibm.com role=client user? !pa
ssword?
11: failure no key matches proto=p9sk1 dom=austin.ibm.com role=client user? !pa
ssword?
11: write 25 in phase CNeedProtos yields phase CNeedProtos: failure no key match
es proto=p9sk1 dom=austin.ibm.com role=client user? !password?
mount: mount /n/tor: attach -- unknown user or failed authentication
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
@ 2002-05-07 15:18 Russ Cox
2002-05-07 15:49 ` Eric Van Hensbergen
0 siblings, 1 reply; 9+ messages in thread
From: Russ Cox @ 2002-05-07 15:18 UTC (permalink / raw)
To: 9fans
Somewhere along the line your servers don't agree about a key.
It sounds like the factotum on your auth server doesn't have
the right key. Try drawing a new window on the auth server
and running
echo -n delkey >/mnt/factotum/ctl # clears all keys
mount -c /srv/il!9.3.61.42 /n/tor
It will prompt for the key again and maybe this time
will work better.
Russ
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
2002-05-07 1:03 Russ Cox
@ 2002-05-07 15:10 ` Eric Van Hensbergen
2002-05-07 9:30 ` plan9
0 siblings, 1 reply; 9+ messages in thread
From: Eric Van Hensbergen @ 2002-05-07 15:10 UTC (permalink / raw)
To: 9fans
On Mon, 2002-05-06 at 20:03, Russ Cox wrote:
> > I'm having a bit of trouble getting my newly installed file server to
> > work with my Auth server. I've installed everything from scratch and
> > have a stand-alone auth server, a stand-alone terminal, and a file
> > server. Everything seems to be happy-happy except when I go to mount
> > the file server from the auth-server I get an authentication error.
>
> try
>
> echo -n debug > /mnt/factotum/ctl
>
> on the client and repeat the mount.
> you'll get a trace of the factotum activity,
> which may contain more useful error messages.
vampira# echo -n debug > /mnt/factotum/ctl
vampira# mount -c /srv/il!9.3.61.42 /n/tor
9: start proto=p9any role=client yields phase CNeedProtos: ok
9: read 4093 in phase CNeedProtos yields phase CNeedProtos: phase: protocol phas
e error: read in state CNeedProtos
9: write 0 in phase CNeedProtos yields phase CNeedProtos: toosmall 2048
9: start proto=p9sk1 role=client dom=austin.ibm.com yields phase CHaveChal: ok
9: write 25 in phase CNeedProtos yields phase CHaveProto: ok
9: read 21 in phase CHaveProto yields phase CNeedOK: ok
9: read 4093 in phase CNeedOK yields phase CNeedOK: phase: protocol phase error:
read in state CNeedOK
9: write 0 in phase CNeedOK yields phase CNeedOK: toosmall 3
9: write 3 in phase CNeedOK yields phase CRelay: ok
9: read 8 in phase CHaveChal yields phase CNeedTreq: ok
9: read 8 in phase CRelay yields phase CRelay: ok
9: read 4093 in phase CNeedTreq yields phase CNeedTreq: phase: protocol phase er
ror: read in state CNeedTreq
9: read 4093 in phase CRelay yields phase CRelay: phase: protocol phase error: r
ead in state CNeedTreq
9: write 0 in phase CNeedTreq yields phase CNeedTreq: toosmall 141
9: write 0 in phase CRelay yields phase CRelay: toosmall 141
9: failure bad key
9: write 141 in phase CNeedTreq yields phase CNeedTreq: failure bad key
9: write 141 in phase CRelay yields phase CRelay: failure bad key
mount: mount /n/tor: attach -- unknown user or failed authentication
Oh..and to answer Presto's suggestion:
vampira# ndb/csquery
> net!$auth!ticket
/net/il/clone 9.3.61.105!566!fasttimeout
/net/tcp/clone 9.3.61.105!567
/net/il/clone 9.3.61.105!566
(105 is the auth server)
-eric
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
2002-05-07 15:10 ` Eric Van Hensbergen
@ 2002-05-07 9:30 ` plan9
0 siblings, 0 replies; 9+ messages in thread
From: plan9 @ 2002-05-07 9:30 UTC (permalink / raw)
To: 9fans
Did you check all that ?
File Server config
ipauth my.auth.server.ip
end
passwd
id : bootes
pass: donotusethisone
authdom: mynet.com
/lib/ndb/local
ipnet=myprivatenet ...
authdom=mynet.com
auth=my.auth.server.ip
...
ip=my.fs.ip.addr ether=000476dc2a00 sys=myfs
ipnet=myprivatenet
dom =myfs.mynet.com
proto=il
On the CPU/AUTH console
auth/wrkey
id: bootes
domain: mynet.com
passwd: donotusethisone
On the CPU again
auth/changeuser -np bootes
...
pass : donotusethisone
In /lib/ndb/auth
uncomment the two lines as described
----- Original Message -----
From: "Eric Van Hensbergen" <airwick@mail.csh.rit.edu>
To: <9fans@cse.psu.edu>
Sent: Tuesday, May 07, 2002 5:10 PM
Subject: Re: [9fans] File Server Authentication Woes
> On Mon, 2002-05-06 at 20:03, Russ Cox wrote:
> > > I'm having a bit of trouble getting my newly installed file server to
> > > work with my Auth server. I've installed everything from scratch and
> > > have a stand-alone auth server, a stand-alone terminal, and a file
> > > server. Everything seems to be happy-happy except when I go to mount
> > > the file server from the auth-server I get an authentication error.
> >
> > try
> >
> > echo -n debug > /mnt/factotum/ctl
> >
> > on the client and repeat the mount.
> > you'll get a trace of the factotum activity,
> > which may contain more useful error messages.
>
> vampira# echo -n debug > /mnt/factotum/ctl
> vampira# mount -c /srv/il!9.3.61.42 /n/tor
> 9: start proto=p9any role=client yields phase CNeedProtos: ok
> 9: read 4093 in phase CNeedProtos yields phase CNeedProtos: phase:
protocol phas
> e error: read in state CNeedProtos
> 9: write 0 in phase CNeedProtos yields phase CNeedProtos: toosmall 2048
> 9: start proto=p9sk1 role=client dom=austin.ibm.com yields phase
CHaveChal: ok
> 9: write 25 in phase CNeedProtos yields phase CHaveProto: ok
> 9: read 21 in phase CHaveProto yields phase CNeedOK: ok
> 9: read 4093 in phase CNeedOK yields phase CNeedOK: phase: protocol phase
error:
> read in state CNeedOK
> 9: write 0 in phase CNeedOK yields phase CNeedOK: toosmall 3
> 9: write 3 in phase CNeedOK yields phase CRelay: ok
> 9: read 8 in phase CHaveChal yields phase CNeedTreq: ok
> 9: read 8 in phase CRelay yields phase CRelay: ok
> 9: read 4093 in phase CNeedTreq yields phase CNeedTreq: phase: protocol
phase er
> ror: read in state CNeedTreq
> 9: read 4093 in phase CRelay yields phase CRelay: phase: protocol phase
error: r
> ead in state CNeedTreq
> 9: write 0 in phase CNeedTreq yields phase CNeedTreq: toosmall 141
> 9: write 0 in phase CRelay yields phase CRelay: toosmall 141
> 9: failure bad key
> 9: write 141 in phase CNeedTreq yields phase CNeedTreq: failure bad key
> 9: write 141 in phase CRelay yields phase CRelay: failure bad key
> mount: mount /n/tor: attach -- unknown user or failed authentication
>
>
> Oh..and to answer Presto's suggestion:
>
>
> vampira# ndb/csquery
> > net!$auth!ticket
> /net/il/clone 9.3.61.105!566!fasttimeout
> /net/tcp/clone 9.3.61.105!567
> /net/il/clone 9.3.61.105!566
> (105 is the auth server)
>
> -eric
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
@ 2002-05-07 1:17 presotto
0 siblings, 0 replies; 9+ messages in thread
From: presotto @ 2002-05-07 1:17 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 460 bytes --]
The client calls the auth server. If there isn't anything in
/sys/log/auth then the client isn't even trying the auth server.
It seems like the auth server doesn't know where the auth server
is, so to speak.
On the auth server, do
% ndb/csquery
> net!$auth!ticket
If there isn't a translation, that's the problem. There are two
places you can specify the auth server, /net/ndb (plan 9 DHCP supplies
it) or in /lib/ndb/local. Look for 'auth='.
[-- Attachment #2: Type: message/rfc822, Size: 2055 bytes --]
From: Eric Van Hensbergen <evanhensbergen@austin.rr.com>
To: 9fans@cse.psu.edu
Subject: [9fans] File Server Authentication Woes
Date: 06 May 2002 19:57:43 -0500
Message-ID: <1020733065.1790.2.camel@airwick>
I'm having a bit of trouble getting my newly installed file server to
work with my Auth server. I've installed everything from scratch and
have a stand-alone auth server, a stand-alone terminal, and a file
server. Everything seems to be happy-happy except when I go to mount
the file server from the auth-server I get an authentication error.
There doesn't seem to be anything useful in /sys/log/auth about it (or
in any of the other logs). Is there any way I sanity check the auth
server configuration on the file server or get more verbose debugging
about where things are breaking down?
-eric
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] File Server Authentication Woes
@ 2002-05-07 1:03 Russ Cox
2002-05-07 15:10 ` Eric Van Hensbergen
0 siblings, 1 reply; 9+ messages in thread
From: Russ Cox @ 2002-05-07 1:03 UTC (permalink / raw)
To: 9fans
> I'm having a bit of trouble getting my newly installed file server to
> work with my Auth server. I've installed everything from scratch and
> have a stand-alone auth server, a stand-alone terminal, and a file
> server. Everything seems to be happy-happy except when I go to mount
> the file server from the auth-server I get an authentication error.
try
echo -n debug > /mnt/factotum/ctl
on the client and repeat the mount.
you'll get a trace of the factotum activity,
which may contain more useful error messages.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2002-05-07 17:26 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-05-07 0:57 [9fans] File Server Authentication Woes Eric Van Hensbergen
2002-05-07 1:03 Russ Cox
2002-05-07 15:10 ` Eric Van Hensbergen
2002-05-07 9:30 ` plan9
2002-05-07 1:17 presotto
2002-05-07 15:18 Russ Cox
2002-05-07 15:49 ` Eric Van Hensbergen
2002-05-07 16:20 rsc
2002-05-07 17:26 ` Eric Van Hensbergen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).