From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id DF4B5FB5FE8 for <9fans@9fans.net>; Wed, 18 Dec 2019 19:51:13 -0500 (EST) (envelope-from fde101@fjrhome.net) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id DF5AB6C0837; Wed, 18 Dec 2019 19:51:13 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1576716673; b=CNrmuaU9wZ8vfOcmhi8Mke9tf62vNMjpTIjJ9WA1LpSHeb6mCr dewbwvvE963Lu1vkMzlbPhkfKV6C+GKb/qJWVY32fiNvR1mJ7jFAEkZ4SjbvRVTa 9Leu1SssRBE5JyqB3NyW2UcHJGG1z1m1o6kKvagzZI840aYyGxiLIeFbSguCKQdR Cne9/nyZks2mJhtgql6mDDItLS+lXzg6slLro/Z6OmYah/B9Mv/3MqcKxMPjpMBJ GKcGmV5OrznkeDSezfLBY8fPJOdEC/aAFSQWUTzv87PX2Gn5zkFScLR6J5rOsRQc Dci2BE4313L7JNYOxCn2Uv0POT4KcaE1swoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=arcseal; t=1576716673; bh=1FnpdnrA VStK/Dj+NyfZFYuSY+jEoKuoE0W+2V9WneU=; b=mp1crv4Ip9eXb4tZ82nZqd+R 5JqNVzy5k+7iTryacF85O9D7UrUrY8j2jTivsa/WWoZfcpeO2SbcjKBZHFon/h1O Gt5pbxW4F0pzlC2NMnquzWBu+xpwDNvWGuI/m83fgeS9rabhld4PFStW3gUASyLu /0B2OGm8dhBt7I+eWe4E4CPOjfpC/9jZ4T7pJJAT1rHbH86J5PaYT368YXUhwpV5 9kIalgmaX0byfGr7rqjxssqPL04Iv7A7DnISHUWtfnRFiICdjrWTno/2Gtg0Y50h eNM2aYywT/jmDYd0XN9Rbj3gU+yxI3hQzMpZrnv3LCfmCvhnYKK4IMdjwyTOJQ== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=65.61.219.42 (dpmailmta03-22.doteasy.com); spf=none smtp.mailfrom=fde101@fjrhome.net smtp.helo=dpmailmta03.doteasy.com; x-aligned-from=pass (Address match); x-ptr=fail smtp.helo=dpmailmta03.doteasy.com policy.ptr=dpmailmta03-22.doteasy.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=fjrhome.net; iprev=pass smtp.remote-ip=65.61.219.42 (dpmailmta03-22.doteasy.com); spf=none smtp.mailfrom=fde101@fjrhome.net smtp.helo=dpmailmta03.doteasy.com; x-aligned-from=pass (Address match); x-ptr=fail smtp.helo=dpmailmta03.doteasy.com policy.ptr=dpmailmta03-22.doteasy.com; x-return-mx=pass header.domain=fjrhome.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=fjrhome.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedrvddutddgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhf fkffgfgggjtgfgihesthekredttdefjeenucfhrhhomhepfdfhrhgrnhhkucffrdcugfhn ghgvlhdpucflrhdrfdcuoehfuggvuddtudesfhhjrhhhohhmvgdrnhgvtheqnecuffhomh grihhnpehtohhpihgtsghogidrtghomhenucfkphepieehrdeiuddrvdduledrgedvpddu ledvrdduieekrddutddurdekuddpleekrdduudejrddvhedurdeludenucfrrghrrghmpe hinhgvthepieehrdeiuddrvdduledrgedvpdhhvghlohepughpmhgrihhlmhhtrgdtfedr ughothgvrghshidrtghomhdpmhgrihhlfhhrohhmpeeofhguvgdutddusehfjhhrhhhomh gvrdhnvghtqeenucevlhhushhtvghrufhiiigvpedt X-ME-VSCategory: clean Received-SPF: none (fjrhome.net: No applicable sender policy available) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="fde101@fjrhome.net"; helo=dpmailmta03.doteasy.com; client-ip=65.61.219.42 Received: from dpmailmta03.doteasy.com (dpmailmta03-22.doteasy.com [65.61.219.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Wed, 18 Dec 2019 19:51:13 -0500 (EST) (envelope-from fde101@fjrhome.net) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=192.168.101.81; Received: from dpmailrp01.doteasy.com (unverified [192.168.101.81]) by dpmailmta03.doteasy.com (DEO) with ESMTP id 52510215-1393314 for <9fans@9fans.net>; Wed, 18 Dec 2019 16:51:12 -0800 Received: from dpmail01.doteasy.com (dpmail01.doteasy.com [192.168.101.1]) by dpmailrp01.doteasy.com (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id xBJ0pA5j023626 for <9fans@9fans.net>; Wed, 18 Dec 2019 16:51:11 -0800 X-SmarterMail-Authenticated-As: fde101@fjrhome.net Received: from Franks-Mac-Pro.local (pool-98-117-251-91.hrbgpa.fios.verizon.net [98.117.251.91]) by dpmail01.doteasy.com with SMTP; Wed, 18 Dec 2019 16:50:53 -0800 Subject: Re: [9fans] Newbie Question To: 9fans@9fans.net References: <8193D9F75F625161CAE42C7A5FA40656@felloff.net> <90f0dea1-6921-74c5-34c3-a50c9e68acd3@fjrhome.net> <1eb563f8-905f-0274-9e70-b5629845d422@fjrhome.net> From: "Frank D. Engel, Jr." Message-ID: <71403bd2-a7ae-5a9f-da2e-e421c63a2f0c@fjrhome.net> Date: Wed, 18 Dec 2019 19:50:47 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <1eb563f8-905f-0274-9e70-b5629845d422@fjrhome.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Exim-Id: 71403bd2-a7ae-5a9f-da2e-e421c63a2f0c X-Bayes-Prob: 0.0001 (Score 0, tokens from: base:default, @@RPTN) X-Spam-Score: 0.00 () [Hold at 5.00] X-CanIt-Geo: No geolocation information available for 192.168.101.1 X-CanItPRO-Stream: base:default X-Canit-Stats-ID: 011DAPbW8 - 26b6cd7b8b14 - 20191218 X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.168.101.81 X-Originating-IP: 192.168.101.81 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: aad8be52-21f9-11ea-80c8-c6a71e38ae41 I figured this one out...  I had missed adding the "-a tcp!*!564" option on the file server bootargs. Now it is working! On 12/18/19 6:57 PM, Frank D. Engel, Jr. wrote: > ok, I seem to have run into another one. > > I now have the file server booting as a cpu server with authentication > enabled, and am trying to net boot another host from there. > > I have dhcpd and tftpd running on the file server; my /cfg/pxe/default > looks like this: > > > bootfile=/386/9pc > > bootargs=tls > > auth=192.168.81.12 > > fs=192.168.81.10 > > mouseport=ps2intellimouse > > monitor=vesa > > vgasize=1440x900x32 > > *acpi=1 > > > The entry in /lib/ndb/local is (with "..." being the actual MAC address): > > > sys=thinker ether=... ip=192.168.81.20 > >     dom=thinker.9cluster > >     bootf=/386/9bootpxe > > > > The "thinker" system is starting the plan9 kernel over the network (it > has no local disk); I get prompted for a user account and for now am > just using "glenda".  I enter the password I set for the auth server, > for secstore, and for the filesystem on the file server (I used the > same for each), and I am getting this on "thinker": > > > mount: mount /root: tls error > > mount -c #s/boot /root: mount 145: mount > > > bootargs is (tcp, tls, il, local!device)[tls] > > > When this happens the file server console shows this: > > > /bin/aux/trampoline: dial net!$fs!9fs: connection rejected > > > I'm not sure if this means that the file server is rejecting the > connection from the (currently) terminal, or what might be going > on...  the "$fs" showing up on the file server console seems curious > to me as I would have thought if that were coming from the terminal > the "$fs" would have been translated from there?  Again not sure where > to go from here... > > > I was originally having a problem with secstored not having a > "factotum" file for the terminal to retrieve, but after having worked > that one out it now stored a key in it (and is no longer asking me to > set one) for my "dom=9cluster", so I did manage to get past that one. > > > I also noticed that if I retry from the bootargs prompt I get the > additional message "ipconfig: dialicmp6: address in use", but I am > guessing that is simply a leftover from the earlier attempt, and > assuming I can safely ignore that... > > > > > On 12/16/19 4:40 PM, Frank D. Engel, Jr. wrote: >> Thank you! >> >> >> When I tried bringing it up as a cpu server with auth enabled it did >> indeed make it past the errors. >> >> I'll see if I can work things out from there. >> >> >> On 12/16/19 2:27 PM, cinap_lenrek@felloff.net wrote: >>> i believe that this is due to running a with service=terminal. >>> this causes factotum to be started as a client with no keys in it. >>> >>> the p9any auth protocol starts by the server presenting a set of >>> keys, auth domains and protocols, which you wont have in this >>> case (no keys there). which is most likely the reason the whole >>> thing fails. >>> >>> if you boot your fileserver with service=cpu, then when factotum starts >>> it will prompt you for authid and password which will be the >>> credentials >>> of the hostowner (of the fileserver) which should have to match what >>> you >>> have on the authentication server. this information can be stored in >>> nvram to avoid the prompt on boot. >>> >>> even if it doesnt match the auth key for (that user) on the authserver, >>> the fileserver should be able to boot and mount its root filesystem >>> as factotum talks to itself in this scenario and having the same keys >>> on both sides. >>> >>> its just about to fail when there are no keys at all. >>> >>> i hope this makes sense. >>> >>> -- >>> cinap >>> >> > > ------------------------------------------ > 9fans: 9fans > Permalink: > https://9fans.topicbox.com/groups/9fans/Tda6e61e03ce222c0-Mb08127daf7703de537047e02 > Delivery options: https://9fans.topicbox.com/groups/9fans/subscription > >