From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id D16C9FB5591 for <9fans@9fans.net>; Wed, 18 Dec 2019 18:57:49 -0500 (EST) (envelope-from fde101@fjrhome.net) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id 582D05B9D1F; Wed, 18 Dec 2019 18:57:49 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1576713469; b=E2knlGck4rEy88XbzZRpara2eBSNv132sMu2kdORyJjbKqSpON aWxCM4m9bkcjQ6xZtIM1d2ea9/ug2yo9T3M/DNmlGKhGiflxBzhIFFLk7TaMQMvI Iw7V2VeaVSBdZbtCtROOAAqdGijfjxoWBV6EqtPcZ0rs4sYFGuuRrwfKiXwpCfvG KOV49MR+cIcNAB7a2Mk2Xo2eKbTIP56b4NDP/U1qGpMWqlH80spb8k4tDT/V4Muy 7u7aNcR7a+e6ikp+E/aFIqSOwdwFwERxijQHHV1iQK9lSu175qLOGUSOUjVl+l9f rl/SYFNC8sIMuqu3V+mI32QvmYh8uL/67kxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=subject:from:to:reply-to:references:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding; s=arcseal; t=1576713469; bh=rjVVFcOX K/9N/NYKLSEcnQjbG/I9J8Fu8kX+FEZxwg0=; b=CGXO1ixYeoe0+hNzHmlBB6ap XAHJ2lcxsh+sJqu1CmBvh0IctQTUrwlL1yc1wHSYoNYv1SkvH9izX2yJnDDhcZBv SiVxCl8R2V7TrrwNvIfoX9951HSi+SIbvc8jfNBrX0Lqwg8jYAw/yWnFuAVKkWTj V4caxPgpqRh0ooI+d42KADWhU/vEYTUMCWyOF83La2IORAMgNYy0owag6qFqDJtn kjxmPSKWDWAjSHvofs8k0FCTC3mpTvakq6ogjleb7kT9xsX3bRV2SPNLgIf69CtS 1detfT0/G5Ldkx2Jgpgm1SDtIep2NV4b15k+7c6xNEwzGHvvuMdXnlZB5qIb1w== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=65.61.218.26 (dpmailmta02-06.doteasy.com); spf=none smtp.mailfrom=fde101@fjrhome.net smtp.helo=dpmailmta02.doteasy.com; x-aligned-from=pass (Address match); x-ptr=fail smtp.helo=dpmailmta02.doteasy.com policy.ptr=dpmailmta02-06.doteasy.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=65.61.218.26 (dpmailmta02-06.doteasy.com); spf=none smtp.mailfrom=fde101@fjrhome.net smtp.helo=dpmailmta02.doteasy.com; x-aligned-from=pass (Address match); x-ptr=fail smtp.helo=dpmailmta02.doteasy.com policy.ptr=dpmailmta02-06.doteasy.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrvddutddgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefuhffvrh hfkffffgggjggtgfhisehtkeertddtfeejnecuhfhrohhmpedfhfhrrghnkhcuffdrucfg nhhgvghlpdculfhrrddfuceofhguvgdutddusehfjhhrhhhomhgvrdhnvghtqeenucffoh hmrghinhepthhophhitggsohigrdgtohhmnecukfhppeeihedriedurddvudekrddviedp udelvddrudeikedruddtuddrkedupdelkedruddujedrvdehuddrledunecurfgrrhgrmh epihhnvghtpeeihedriedurddvudekrddviedphhgvlhhopeguphhmrghilhhmthgrtddv rdguohhtvggrshihrdgtohhmpdhmrghilhhfrhhomhepoehfuggvuddtudesfhhjrhhhoh hmvgdrnhgvtheqnecuvehluhhsthgvrhfuihiivgeptd X-ME-VSCategory: clean Received-SPF: none (fjrhome.net: No applicable sender policy available) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="fde101@fjrhome.net"; helo=dpmailmta02.doteasy.com; client-ip=65.61.218.26 Received: from dpmailmta02.doteasy.com (dpmailmta02-06.doteasy.com [65.61.218.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Wed, 18 Dec 2019 18:57:48 -0500 (EST) (envelope-from fde101@fjrhome.net) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=192.168.101.81; Received: from dpmailrp01.doteasy.com (unverified [192.168.101.81]) by dpmailmta02.doteasy.com (DEO) with ESMTP id 52370725-1393315 for <9fans@9fans.net>; Wed, 18 Dec 2019 15:57:47 -0800 Received: from dpmail01.doteasy.com (dpmail01.doteasy.com [192.168.101.1]) by dpmailrp01.doteasy.com (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id xBINvkap018027 for <9fans@9fans.net>; Wed, 18 Dec 2019 15:57:47 -0800 X-SmarterMail-Authenticated-As: fde101@fjrhome.net Received: from Franks-Mac-Pro.local (pool-98-117-251-91.hrbgpa.fios.verizon.net [98.117.251.91]) by dpmail01.doteasy.com with SMTP; Wed, 18 Dec 2019 15:57:29 -0800 Subject: Re: [9fans] Newbie Question From: "Frank D. Engel, Jr." To: 9fans@9fans.net Reply-To: 9fans <9fans@9fans.net> References: <8193D9F75F625161CAE42C7A5FA40656@felloff.net> <90f0dea1-6921-74c5-34c3-a50c9e68acd3@fjrhome.net> Message-ID: <1eb563f8-905f-0274-9e70-b5629845d422@fjrhome.net> Date: Wed, 18 Dec 2019 18:57:27 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <90f0dea1-6921-74c5-34c3-a50c9e68acd3@fjrhome.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Exim-Id: 1eb563f8-905f-0274-9e70-b5629845d422 X-Bayes-Prob: 0.0001 (Score 0, tokens from: base:default, @@RPTN) X-Spam-Score: 0.00 () [Hold at 5.00] X-CanIt-Geo: No geolocation information available for 192.168.101.1 X-CanItPRO-Stream: base:default X-Canit-Stats-ID: 011DzVKHX - 272b489319a0 - 20191218 X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.168.101.81 X-Originating-IP: 192.168.101.81 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 34c2633c-21f2-11ea-bcb3-e6bdad6ddc42 ok, I seem to have run into another one. I now have the file server booting as a cpu server with authentication enabled, and am trying to net boot another host from there. I have dhcpd and tftpd running on the file server; my /cfg/pxe/default looks like this: bootfile=/386/9pc bootargs=tls auth=192.168.81.12 fs=192.168.81.10 mouseport=ps2intellimouse monitor=vesa vgasize=1440x900x32 *acpi=1 The entry in /lib/ndb/local is (with "..." being the actual MAC address): sys=thinker ether=... ip=192.168.81.20     dom=thinker.9cluster     bootf=/386/9bootpxe The "thinker" system is starting the plan9 kernel over the network (it has no local disk); I get prompted for a user account and for now am just using "glenda".  I enter the password I set for the auth server, for secstore, and for the filesystem on the file server (I used the same for each), and I am getting this on "thinker": mount: mount /root: tls error mount -c #s/boot /root: mount 145: mount bootargs is (tcp, tls, il, local!device)[tls] When this happens the file server console shows this: /bin/aux/trampoline: dial net!$fs!9fs: connection rejected I'm not sure if this means that the file server is rejecting the connection from the (currently) terminal, or what might be going on...  the "$fs" showing up on the file server console seems curious to me as I would have thought if that were coming from the terminal the "$fs" would have been translated from there?  Again not sure where to go from here... I was originally having a problem with secstored not having a "factotum" file for the terminal to retrieve, but after having worked that one out it now stored a key in it (and is no longer asking me to set one) for my "dom=9cluster", so I did manage to get past that one. I also noticed that if I retry from the bootargs prompt I get the additional message "ipconfig: dialicmp6: address in use", but I am guessing that is simply a leftover from the earlier attempt, and assuming I can safely ignore that... On 12/16/19 4:40 PM, Frank D. Engel, Jr. wrote: > Thank you! > > > When I tried bringing it up as a cpu server with auth enabled it did > indeed make it past the errors. > > I'll see if I can work things out from there. > > > On 12/16/19 2:27 PM, cinap_lenrek@felloff.net wrote: >> i believe that this is due to running a with service=terminal. >> this causes factotum to be started as a client with no keys in it. >> >> the p9any auth protocol starts by the server presenting a set of >> keys, auth domains and protocols, which you wont have in this >> case (no keys there). which is most likely the reason the whole >> thing fails. >> >> if you boot your fileserver with service=cpu, then when factotum starts >> it will prompt you for authid and password which will be the credentials >> of the hostowner (of the fileserver) which should have to match what you >> have on the authentication server. this information can be stored in >> nvram to avoid the prompt on boot. >> >> even if it doesnt match the auth key for (that user) on the authserver, >> the fileserver should be able to boot and mount its root filesystem >> as factotum talks to itself in this scenario and having the same keys >> on both sides. >> >> its just about to fail when there are no keys at all. >> >> i hope this makes sense. >> >> -- >> cinap >> > > ------------------------------------------ > 9fans: 9fans > Permalink: > https://9fans.topicbox.com/groups/9fans/Tda6e61e03ce222c0-Mde0a5711ad3df989fdb26cb6 > Delivery options: https://9fans.topicbox.com/groups/9fans/subscription > >