| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1064.1 | Check this first... | DECWET::DIPIETRO | | Thu May 22 1997 10:55 | 16 |
| Excerpt from note 881.1 (Thanks to Ken Martin):
The 'Failed security check' messages probably come from your attempts to telnet
to port 30000. There are a couple of configurable files for advfsd security.
The first is /var/opt/advfsd/socket/hosts.allow, which should list
(carriage-return separated) all the 'trusted hosts', i.e., machines that are
allowed to connect to advfsd. On installation, this file should have been
created with the local hostname in the file.
A second file is /var/opt/advfsd/socket/gui.passwd, which can contain a user
configurable password that would be asked for in a dialogue window from dtadvfs
when attempting to connect to a host that has this set up. Note that this is
NOT the root password for the system. Both of these files are explained in the
man page for advfsd(8).
Also please check notes 939 and 1001 for additional info.
|
| 1064.2 | | DECWET::MARTIN | | Thu May 22 1997 11:41 | 23 |
| The failed security check is coming from one of the two problems Steph describes
in .1.
The error coming from line 492 of getlists.c is completely unrelated. It's
appearing every 5 minutes, which is how often advfsd polls the system for
information. You can change this polling interval once you fix the security
problem by going to the options window of dtadvfs.
errno 2 is, according to /usr/include/errno.h,
#define ENOENT 2 /* No such file or directory */
My best guess is that the kernel you're currently running was built on a system
that had rz8, and is now on a system that doesn't have that device. You
probably won't even find a /dev/rrz8a entry on your system.
To get rid of this error (which can be ignored for the most part, except that it
will chew up disk space on your /var filesystem where the log resides), you can
either make sure that you have an rz8 disk and have a /dev/rrz8a entry (make
sure 'disklabel rz8' works) or "doconfig" a new kernel on your currently running
system.
--Ken
|
| 1064.3 | Checked hostname already | VAXRIO::CSANTOS | | Thu May 22 1997 13:40 | 13 |
|
I've checked those notes, but customer is trying to connect to
the local host (he is trying to run DTADVFS form the console
using the local system). We've checkes the hostname in the 3
possible places (#HOSTNAME, /etc/hosts and
/var/opt/advfsd/socket/hosts.allow) and they all look the same.
Any other ideas??
Claudia
|
| 1064.4 | | DECWET::MARTIN | | Thu May 22 1997 17:07 | 6 |
| Try using a fully qualified hostname in hosts.allow. I don't know why
unqualified hostnames sometimes don't work, but they don't.
E.g., use foo.bar.dec.com instead of just foo.
--Ken
|
| 1064.5 | Just one node... | VAXRIO::16.179.32.62::csantos | | Tue May 27 1997 13:02 | 14 |
|
Ken,
Customer is not using name service, so he does not have a complete name
to use... It is just one local node...
Any other ideas
Claudia
|
| 1064.6 | Customer's system log | VAXRIO::16.179.32.62::csantos | | Tue Jun 03 1997 07:25 | 108 |
|
I'm posting alog from customers system, so maybe
someone can find something wrong:
edglobo2#echo `hostname`
edglobo2
edglobo2#
edglobo2#cd /etc
edglobo2#pwd
/etc
edglobo2#cat hosts
#
# *****************************************************************
# * *
# * Copyright (c) Digital Equipment Corporation, 1991, 1996 *
# * *
# * All Rights Reserved. Unpublished rights reserved under *
# * the copyright laws of the United States. *
# * *
# * The software contained on this media is proprietary to *
# * and embodies the confidential technology of Digital *
# * Equipment Corporation. Possession, use, duplication or *
# * dissemination of the software and media is authorized only *
# * pursuant to a valid written license from Digital Equipment *
# * Corporation. *
# * *
# * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure *
# * by the U.S. Government is subject to restrictions as set *
# * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, *
# * or in FAR 52.227-19, as applicable. *
# * *
# *****************************************************************
#
# HISTORY
#
# @(#)$RCSfile: hosts,v $ $Revision: 1.1.5.2 $ (DEC) $Date: 1995/05/16
16:19:31
$
#
# Description: The hosts file associates hostnames with IP addresses.
#
# Syntax: nnn.nnn.nnn.nnn hostname.domain.name
[alias_1,...,alias_n]
[#comments
]
#
# nnn.nnn.nnn.nnn the IP address of the host
# hostname.domain.name the fully qualified hostname, including the
domainname
# alias_n other names or abbreviations for this host
# #comments text following the comment character (#) is
ignored
#
127.0.0.1 localhost
129.1.1.102 dtc02
129.1.1.103 dtc01
129.1.1.104 pc01
129.1.1.105 dtc03
129.1.1.106 dtc04
129.1.1.107 dtc05
129.1.1.108 dtc06
129.1.1.109 dtc07
129.1.1.100 globo1
129.1.1.200 pctrans
129.1.1.201 xerox
129.1.0.50 globo2
129.1.1.100 edglobo2
129.1.0.120 edglobo1
129.1.0.110 edglobo
129.1.1.101 hpg70
edglobo2#
edglobo2#cd /usr/var/opt/advfsd/socket
edglobo2#pwd
/usr/var/opt/advfsd/socket
edglobo2#ls -l
total 1
-r-x------ 1 root system 9 Jan 31 13:13 hosts.allow
edglobo2#cat hosts.allow
edglobo2
edglobo2#
edglobo2#pwd
/usr/var/opt/advfsd/logs
edglobo2#pg advfsd
Mon Jun 2 10:20:28 1997 | AUDIT | WARNING - Failed security check |
File socket
_agent.c | Line 573
Mon Jun 2 10:20:32 1997 | AUDIT | WARNING - Failed security check |
File socket
_agent.c | Line 573
Mon Jun 2 10:20:41 1997 | AUDIT | WARNING - Failed security check |
File socket
_agent.c | Line 573
Mon Jun 2 10:20:53 1997 | AUDIT | WARNING - Failed security check |
File socket
_agent.c | Line 573
Mon Jun 2 10:21:56 1997 | AUDIT | WARNING - Failed security check |
File socket
_agent.c | Line 573
|