* RE: [9fans] Auth problems (again?)
@ 2002-09-20 16:22 Russ Cox
2002-09-20 16:44 ` [9fans] How Apache & Plan 9 will defeat Microsoft's Passport Arnaud SAHUGUET
2002-09-20 17:09 ` [9fans] Auth problems (again?) gabidiaz
0 siblings, 2 replies; 8+ messages in thread
From: Russ Cox @ 2002-09-20 16:22 UTC (permalink / raw)
To: 9fans
It sounds like you're now having the same problems
Axel had a few weeks ago. Can you make sure you
are running the latest kernel? That is, do:
9fat:
cp /386/9pcdisk /n/9fat/9pcdisk
then halt and reboot.
I'm assuming you're booting from sdC0!9fat!9pcdisk;
that's how the install program sets things up.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* [9fans] How Apache & Plan 9 will defeat Microsoft's Passport
2002-09-20 16:22 [9fans] Auth problems (again?) Russ Cox
@ 2002-09-20 16:44 ` Arnaud SAHUGUET
2002-09-20 17:09 ` [9fans] Auth problems (again?) gabidiaz
1 sibling, 0 replies; 8+ messages in thread
From: Arnaud SAHUGUET @ 2002-09-20 16:44 UTC (permalink / raw)
To: 9fans
http://www.linuxworld.com/site-stories/2002/0918.plan9.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Auth problems (again?)
2002-09-20 16:22 [9fans] Auth problems (again?) Russ Cox
2002-09-20 16:44 ` [9fans] How Apache & Plan 9 will defeat Microsoft's Passport Arnaud SAHUGUET
@ 2002-09-20 17:09 ` gabidiaz
1 sibling, 0 replies; 8+ messages in thread
From: gabidiaz @ 2002-09-20 17:09 UTC (permalink / raw)
To: 9fans
On Fri, Sep 20, 2002 at 12:22:36PM -0400, Russ Cox wrote:
> It sounds like you're now having the same problems
> Axel had a few weeks ago. Can you make sure you
> are running the latest kernel? That is, do:
>
> 9fat:
> cp /386/9pcdisk /n/9fat/9pcdisk
>
> then halt and reboot.
> I'm assuming you're booting from sdC0!9fat!9pcdisk;
> that's how the install program sets things up.
>
> Russ
>
That's is!! Thank you Russ. i forgot to copy from /sys/src/9/pc
Un saludo
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [9fans] Auth problems (again?)
2002-09-20 5:03 Russ Cox
@ 2002-09-20 10:16 ` Gabriel Diaz Lopez de la Llave
0 siblings, 0 replies; 8+ messages in thread
From: Gabriel Diaz Lopez de la Llave @ 2002-09-20 10:16 UTC (permalink / raw)
To: 9fans
hello,
I updated again and run auth/debug tests.
The first time auth/debug says to me that password for bootes was bad,
but I changed it with auth/changeuser -p and echo asds > /dev/sdC0/nvram
to re-enter nvram stuff.
then i run auth/debug again with good results (i think)
---------------------
cpu# auth/debug
p9sk1 key: dom=ipsoluciones.com proto=p9sk1 user=bootes
successfully dialed auth server
password for bootes@ipsoluciones.com [hit enter to skip test]:
ticket request using bootes@ipsoluciones.com key succeeded
cpu server owner for domain ipsoluciones.com [bootes]:
password for bootes@ipsoluciones.com [hit enter to skip test]:
ticket request using bootes@ipsoluciones.com key succeeded
cpu# auth/debug
p9sk1 key: dom=ipsoluciones.com proto=p9sk1 user=bootes
successfully dialed auth server
password for bootes@ipsoluciones.com [hit enter to skip test]:
ticket request using bootes@ipsoluciones.com key succeeded
cpu server owner for domain ipsoluciones.com [bootes]: gabidiaz
password for gabidiaz@ipsoluciones.com [hit enter to skip test]:
ticket request using gabidiaz@ipsoluciones.com key succeeded
cpu#
--------------------
SSH connections fails with the message:
-------------------------
cpu Sep 20 11:45:21 [114] connect from 192.168.1.45!3242
cpu Sep 20 11:45:26 [114] auth_chuid to gabidiaz: writing to
#¤/capuse: i/o count too small
/bin/aux/sshserve: auth_chuid: writing to #¤/capuse: i/o count too
small
-------------------------
what is #¤/capuse? how can i see all bindings?
/sys/log/auth
-------------------
cpu Sep 20 12:03:53 secureidcheck: nil radius secret:
'/lib/ndb/common.radius' does not exist
cpu Sep 20 12:03:53 cr-fail authentication failed gabidiaz 213.0.106.123
cpu Sep 20 12:03:53 cr-fail gabidiaz@bootes(213.0.106.123): bad resp
---------------------
(i changed the password for that user with something silly and ease to
type but all the attempts fails)
Thank for the help!
-----Mensaje original-----
De: 9fans-admin@cse.psu.edu [mailto:9fans-admin@cse.psu.edu] En nombre
de Russ Cox
Enviado el: viernes, 20 de septiembre de 2002 7:03
Para: 9fans@cse.psu.edu
Asunto: RE: [9fans] Auth problems (again?)
Try updating from sources again. It will pick
up a new program called auth/debug.
Run auth/debug. It asks for your local user
password as well as the cpu hostowner name and
password. It uses these to check that your
auth server is dialable and that it's giving out
correct tickets (which means it agrees with you
about those passwords).
The idea is that auth/debug will accumulate more
such sanity checks as time goes on.
For example, in my fairly complicated setup (three
p9sk1 domains), running auth/debug yields:
g% grep p9sk1 /mnt/factotum/ctl
key dom=cs.bell-labs.com proto=p9sk1 user=rsc !password?
key dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo !password?
key dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor
user=glenda !password?
g% auth/debug
p9sk1 key: dom=cs.bell-labs.com proto=p9sk1 user=rsc !password?
successfully dialed auth server
password for rsc@cs.bell-labs.com [hit enter to skip test]:
ticket request using rsc@cs.bell-labs.com key succeeded
cpu server owner for domain cs.bell-labs.com [bootes]:
password for bootes@cs.bell-labs.com [hit enter to skip test]:
ticket request using bootes@cs.bell-labs.com key succeeded
p9sk1 key: dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo
!password?
successfully dialed auth server
password for bozo@outside.plan9.bell-labs.com [hit enter to skip
test]:
ticket request using bozo@outside.plan9.bell-labs.com key
succeeded
cpu server owner for domain outside.plan9.bell-labs.com
[bootes]: glenda
password for glenda@outside.plan9.bell-labs.com [hit enter to
skip test]:
ticket request using glenda@outside.plan9.bell-labs.com key
succeeded
p9sk1 key: dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor
user=glenda !password?
cannot dial auth server: no auth server found for
insideout.plan9.bell-labs.com
csquery authdom=insideout.plan9.bell-labs.com auth=* failed
csquery dom=insideout.plan9.bell-labs.com auth=''
dial net!!ticket failed: cs: can't translate address
g%
The first two sections are examples of domains
that worked: I have cs.bell-labs.com (used by plan9.bell-labs.com)
and outside.plan9.bell-labs.com (used by sources)
set up correctly.
In the third, auth/debug flags the fact that it can't
figure out the auth server for the domain and thus can't
dial it. (That's okay because there is no auth server,
but this is a degenerate case.)
Let me know what you get when you run auth/debug and we'll
go from there.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [9fans] Auth problems (again?)
@ 2002-09-20 5:03 Russ Cox
2002-09-20 10:16 ` Gabriel Diaz Lopez de la Llave
0 siblings, 1 reply; 8+ messages in thread
From: Russ Cox @ 2002-09-20 5:03 UTC (permalink / raw)
To: 9fans
Try updating from sources again. It will pick
up a new program called auth/debug.
Run auth/debug. It asks for your local user
password as well as the cpu hostowner name and
password. It uses these to check that your
auth server is dialable and that it's giving out
correct tickets (which means it agrees with you
about those passwords).
The idea is that auth/debug will accumulate more
such sanity checks as time goes on.
For example, in my fairly complicated setup (three
p9sk1 domains), running auth/debug yields:
g% grep p9sk1 /mnt/factotum/ctl
key dom=cs.bell-labs.com proto=p9sk1 user=rsc !password?
key dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo !password?
key dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor user=glenda !password?
g% auth/debug
p9sk1 key: dom=cs.bell-labs.com proto=p9sk1 user=rsc !password?
successfully dialed auth server
password for rsc@cs.bell-labs.com [hit enter to skip test]:
ticket request using rsc@cs.bell-labs.com key succeeded
cpu server owner for domain cs.bell-labs.com [bootes]:
password for bootes@cs.bell-labs.com [hit enter to skip test]:
ticket request using bootes@cs.bell-labs.com key succeeded
p9sk1 key: dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo !password?
successfully dialed auth server
password for bozo@outside.plan9.bell-labs.com [hit enter to skip test]:
ticket request using bozo@outside.plan9.bell-labs.com key succeeded
cpu server owner for domain outside.plan9.bell-labs.com [bootes]: glenda
password for glenda@outside.plan9.bell-labs.com [hit enter to skip test]:
ticket request using glenda@outside.plan9.bell-labs.com key succeeded
p9sk1 key: dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor user=glenda !password?
cannot dial auth server: no auth server found for insideout.plan9.bell-labs.com
csquery authdom=insideout.plan9.bell-labs.com auth=* failed
csquery dom=insideout.plan9.bell-labs.com auth=''
dial net!!ticket failed: cs: can't translate address
g%
The first two sections are examples of domains
that worked: I have cs.bell-labs.com (used by plan9.bell-labs.com)
and outside.plan9.bell-labs.com (used by sources)
set up correctly.
In the third, auth/debug flags the fact that it can't
figure out the auth server for the domain and thus can't
dial it. (That's okay because there is no auth server,
but this is a degenerate case.)
Let me know what you get when you run auth/debug and we'll
go from there.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [9fans] Auth problems (again?)
2002-09-18 20:19 Russ Cox
@ 2002-09-19 17:07 ` Gabriel Diaz Lopez de la Llave
0 siblings, 0 replies; 8+ messages in thread
From: Gabriel Diaz Lopez de la Llave @ 2002-09-19 17:07 UTC (permalink / raw)
To: 9fans
ok, ipsubmask was removed from my ndb file.
# cat /mnt/factotum/ctl
key dom=ipsoluciones.com proto=p9sk1 user=bootes
#
I must start a factotum instance from cpurc for bootes user?
thank you.
-----Mensaje original-----
De: 9fans-admin@cse.psu.edu [mailto:9fans-admin@cse.psu.edu] En nombre
de Russ Cox
Enviado el: miércoles, 18 de septiembre de 2002 22:20
Para: 9fans@cse.psu.edu
Asunto: Re: [9fans] Auth problems (again?)
ipsubmask= is now ignored.
the code searches all possible submasks
when walking the database.
on your cpu server, if you run
cat /mnt/factotum/ctl
what do you see?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Auth problems (again?)
@ 2002-09-18 20:19 Russ Cox
2002-09-19 17:07 ` Gabriel Diaz Lopez de la Llave
0 siblings, 1 reply; 8+ messages in thread
From: Russ Cox @ 2002-09-18 20:19 UTC (permalink / raw)
To: 9fans
ipsubmask= is now ignored.
the code searches all possible submasks
when walking the database.
on your cpu server, if you run
cat /mnt/factotum/ctl
what do you see?
^ permalink raw reply [flat|nested] 8+ messages in thread
* [9fans] Auth problems (again?)
2002-09-18 16:46 [9fans] /sys/src/^(9 boot)^/pc/memory.c Charles Forsyth
@ 2002-09-18 20:15 ` Gabriel Diaz Lopez de la Llave
0 siblings, 0 replies; 8+ messages in thread
From: Gabriel Diaz Lopez de la Llave @ 2002-09-18 20:15 UTC (permalink / raw)
To: 9fans
Hello there,
I updated my 4ed. Plan9 Standalone cpu server a week ago (replica/pull
-v /dist/replica/network like usual) and it stopped to authenticate the
users. (The upgrade is these that include the new gs stuff)
Using the telnet client you can see the message:
"auth server protocol botch"
I read a post from Russ Cox about that and checked my ndb file.
All looks fine (before upgrade all works :?)
--- /lib/ndb/local ----
#
database=
file=/lib/ndb/local
file=/lib/ndb/common
ipnet=ipsoluciones.com
ip=213.0.106.64
ipmask=255.255.255.192
auth=213.0.106.123
authdom=ipsoluciones.com
dnsdomain=ipsoluciones.com
dns=213.0.106.67
dns=213.0.106.68
ip=213.0.106.123 sys=cpu ether=00047574b319 dom=cpu.ipsoluciones.com
ipgw=213.0.106.65
----------
(I try the ipsubmask syntax like:
ipnet=ipsoluciones.com
ip=213.0.106.0
ipmask=255.255.255.0
ipsubmask=255.255.255.192
width the same results
what's the better/correct choice?)
In ssh logs file I can read logs like:
"/bin/aux/sshserve: got unexpected <early oef: short net read: needkey
dom? proto=9psk1 user?> message"
" cpu Sep 18 21:52:28 cr-fail gabidiaz@bootes(IP)"
I re-enter all auth passwords (even nvram pass for bootes, and authdom
stuff).
Someone can tell me where I must look?
Thank You!
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2002-09-20 17:09 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-09-20 16:22 [9fans] Auth problems (again?) Russ Cox
2002-09-20 16:44 ` [9fans] How Apache & Plan 9 will defeat Microsoft's Passport Arnaud SAHUGUET
2002-09-20 17:09 ` [9fans] Auth problems (again?) gabidiaz
-- strict thread matches above, loose matches on Subject: below --
2002-09-20 5:03 Russ Cox
2002-09-20 10:16 ` Gabriel Diaz Lopez de la Llave
2002-09-18 20:19 Russ Cox
2002-09-19 17:07 ` Gabriel Diaz Lopez de la Llave
2002-09-18 16:46 [9fans] /sys/src/^(9 boot)^/pc/memory.c Charles Forsyth
2002-09-18 20:15 ` [9fans] Auth problems (again?) Gabriel Diaz Lopez de la Llave
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).