From: "Frank D. Engel, Jr." <fde101@fjrhome.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Newbie Question
Date: Wed, 18 Dec 2019 18:57:27 -0500 [thread overview]
Message-ID: <1eb563f8-905f-0274-9e70-b5629845d422@fjrhome.net> (raw)
In-Reply-To: <90f0dea1-6921-74c5-34c3-a50c9e68acd3@fjrhome.net>
ok, I seem to have run into another one.
I now have the file server booting as a cpu server with authentication
enabled, and am trying to net boot another host from there.
I have dhcpd and tftpd running on the file server; my /cfg/pxe/default
looks like this:
bootfile=/386/9pc
bootargs=tls
auth=192.168.81.12
fs=192.168.81.10
mouseport=ps2intellimouse
monitor=vesa
vgasize=1440x900x32
*acpi=1
The entry in /lib/ndb/local is (with "..." being the actual MAC address):
sys=thinker ether=... ip=192.168.81.20
dom=thinker.9cluster
bootf=/386/9bootpxe
The "thinker" system is starting the plan9 kernel over the network (it
has no local disk); I get prompted for a user account and for now am
just using "glenda". I enter the password I set for the auth server,
for secstore, and for the filesystem on the file server (I used the same
for each), and I am getting this on "thinker":
mount: mount /root: tls error
mount -c #s/boot /root: mount 145: mount
bootargs is (tcp, tls, il, local!device)[tls]
When this happens the file server console shows this:
/bin/aux/trampoline: dial net!$fs!9fs: connection rejected
I'm not sure if this means that the file server is rejecting the
connection from the (currently) terminal, or what might be going on...
the "$fs" showing up on the file server console seems curious to me as I
would have thought if that were coming from the terminal the "$fs" would
have been translated from there? Again not sure where to go from here...
I was originally having a problem with secstored not having a "factotum"
file for the terminal to retrieve, but after having worked that one out
it now stored a key in it (and is no longer asking me to set one) for my
"dom=9cluster", so I did manage to get past that one.
I also noticed that if I retry from the bootargs prompt I get the
additional message "ipconfig: dialicmp6: address in use", but I am
guessing that is simply a leftover from the earlier attempt, and
assuming I can safely ignore that...
On 12/16/19 4:40 PM, Frank D. Engel, Jr. wrote:
> Thank you!
>
>
> When I tried bringing it up as a cpu server with auth enabled it did
> indeed make it past the errors.
>
> I'll see if I can work things out from there.
>
>
> On 12/16/19 2:27 PM, cinap_lenrek@felloff.net wrote:
>> i believe that this is due to running a with service=terminal.
>> this causes factotum to be started as a client with no keys in it.
>>
>> the p9any auth protocol starts by the server presenting a set of
>> keys, auth domains and protocols, which you wont have in this
>> case (no keys there). which is most likely the reason the whole
>> thing fails.
>>
>> if you boot your fileserver with service=cpu, then when factotum starts
>> it will prompt you for authid and password which will be the credentials
>> of the hostowner (of the fileserver) which should have to match what you
>> have on the authentication server. this information can be stored in
>> nvram to avoid the prompt on boot.
>>
>> even if it doesnt match the auth key for (that user) on the authserver,
>> the fileserver should be able to boot and mount its root filesystem
>> as factotum talks to itself in this scenario and having the same keys
>> on both sides.
>>
>> its just about to fail when there are no keys at all.
>>
>> i hope this makes sense.
>>
>> --
>> cinap
>>
>
> ------------------------------------------
> 9fans: 9fans
> Permalink:
> https://9fans.topicbox.com/groups/9fans/Tda6e61e03ce222c0-Mde0a5711ad3df989fdb26cb6
> Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
>
>
next prev parent reply other threads:[~2019-12-18 23:57 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-16 18:00 Frank D. Engel, Jr.
2019-12-16 19:27 ` [9fans] " cinap_lenrek
2019-12-16 21:40 ` Frank D. Engel, Jr.
2019-12-18 23:57 ` Frank D. Engel, Jr. [this message]
2019-12-19 0:50 ` Frank D. Engel, Jr.
2019-12-19 19:11 ` cinap_lenrek
2019-12-19 19:10 ` cinap_lenrek
-- strict thread matches above, loose matches on Subject: below --
2009-04-21 17:35 [9fans] Newbie question philo565
2009-04-21 19:14 ` Eoghan Sherry
2007-05-28 4:28 YAMANASHI Takeshi
2007-05-28 11:17 ` erik quanstrom
2007-05-23 18:25 Fabrizio Colalucci
2007-05-23 18:36 ` Sape Mullender
2007-05-23 18:41 ` Sape Mullender
2007-05-23 18:45 ` Paul Lalonde
2007-05-24 14:51 ` Fabrizio Colalucci
2007-05-23 18:39 ` andrey mirtchovski
2007-05-23 18:49 ` ron minnich
2007-05-23 18:58 ` Paul Lalonde
2007-05-23 19:47 ` ron minnich
2006-12-05 11:35 Markus Sonderegger
2006-12-05 11:01 ` Lee Duhem
2006-12-05 11:58 ` erik quanstrom
2006-12-05 11:24 ` John Stalker
2006-12-05 11:42 ` Lucio De Re
2006-12-05 16:49 ` Gabriel Diaz
2006-12-06 10:38 ` Markus Sonderegger
2006-12-06 11:37 ` Rodolfo Garcia
2006-12-07 1:02 ` John Floren
2006-12-07 22:25 ` Georg Lehner
2006-12-07 23:07 ` andrey mirtchovski
2006-12-07 23:19 ` LiteStar numnums
2006-12-08 0:26 ` Charles Forsyth
2006-12-08 9:47 ` Steve Simon
2006-12-08 15:33 ` Brantley Coile
2006-12-08 15:46 ` ron minnich
2006-12-09 9:17 ` sretzki
2006-12-09 9:22 ` Markus Sonderegger
2006-12-09 15:49 ` Tim Wiess
2006-12-09 14:26 ` Gregory Pavelcak
2006-12-09 15:47 ` Brantley Coile
2006-12-09 20:16 ` Rodolfo Garcia
2006-02-07 17:14 [9fans] newbie question Riza Dindir
[not found] <20060207134101.GA435@routi.local.net>
2006-02-07 15:02 ` Riza Dindir
2006-02-07 15:20 ` Lluís Batlle
2006-02-07 15:39 ` andrey mirtchovski
2006-02-07 16:46 ` Russ Cox
2006-02-07 20:44 ` uriel
2006-02-07 13:10 Riza Dindir
2006-02-07 13:07 Riza Dindir
2006-02-06 16:38 Riza Dindir
2006-02-06 16:51 ` andrey mirtchovski
2006-02-06 16:54 ` "Nils O. Selåsdal"
2006-02-06 17:00 ` Russ Cox
2006-02-06 17:18 ` Lluís Batlle
2006-02-06 19:46 ` Russ Cox
2006-02-06 20:10 ` Lluís Batlle
2006-02-06 20:21 ` uriel
2006-02-06 20:26 ` andrey mirtchovski
2006-02-06 20:53 ` Russ Cox
2006-02-06 21:05 ` uriel
2006-02-07 4:28 ` lucio
2006-02-10 19:16 ` rog
2006-02-10 19:28 ` Russ Cox
2006-02-06 20:42 ` Russ Cox
2006-02-07 2:09 ` Skip Tavakkolian
2006-02-06 20:52 ` William Josephson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1eb563f8-905f-0274-9e70-b5629845d422@fjrhome.net \
--to=fde101@fjrhome.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).