[9fans] drawterm to cpu/auth server with ordinary user

Discussion:

(too old to reply)

James Chapman

2012-06-04 18:52:17 UTC

Hi,

I'm trying to set up a combined cpu/auth server. I can drawterm into it using bootes but if I try the other user then I created the following happens after I type in my password:

cpu: cannont get auth tickets in p9sk1: Connection refused

goodbye

drawterming in with bootes and running auth/debug yields:

no p9sk1 keys found in factotum

running auth/keyfs yields:

2 keys read

and /mnt/keys has two entries, one for bootes and one for my user.

/adm/users looks ok to me:

adm:adm:adm:sys,bootes
bootes:bootes::
glenda:glenda:glenda:
me:me::
none:none::
noworld:noworld::
sys:sys::glenda,bootes,me
upas:upas::

I also changed to ownership of /adm/{keys,keys.who} to bootes following an old suggestion from Erik I found in the 9fans archives.

James

erik quanstrom

2012-06-04 19:01:59 UTC

Permalink

Post by James Chapman
Hi,
cpu: cannont get auth tickets in p9sk1: Connection refused

check to see that you have the proper entries in your /rc/bin/service.auth
(or whatever directory you're using) *and* that you are starting a listen
on this directory.

also, it's worth running auth/debug on the auth server's console
before making too many changes. i've found that it's easy to flail
and make conuter-productive changes.

- erik

James Chapman

2012-06-04 19:14:59 UTC

Permalink

cpu%cat /cfg/$sysname/cpustart
aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service tcp

cpu%ls /rc/bin/service.auth
/rc/bin/service.auth/authsrv.il566
/rc/bin/service.auth/tcp567

I guess I am already flailing... and I can't run anything on the server's console until tomorrow.

Thanks,

James

Post by erik quanstrom

Post by James Chapman
Hi,
cpu: cannont get auth tickets in p9sk1: Connection refused

check to see that you have the proper entries in your /rc/bin/service.auth
(or whatever directory you're using) *and* that you are starting a listen
on this directory.
also, it's worth running auth/debug on the auth server's console
before making too many changes. i've found that it's easy to flail
and make conuter-productive changes.
- erik

James Chapman

2012-06-04 19:21:41 UTC

Permalink

P.S.

mv /rc/bin/service/tcp567 /rc/bin/service/!tcp567

This line didn't work when I was following the instructions on the wiki for configuring a standalone cpu server as the file tcp567 wasn't there.

James

Post by James Chapman
cpu%cat /cfg/$sysname/cpustart
aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service tcp
cpu%ls /rc/bin/service.auth
/rc/bin/service.auth/authsrv.il566
/rc/bin/service.auth/tcp567
I guess I am already flailing... and I can't run anything on the server's console until tomorrow.
Thanks,
James

Post by erik quanstrom

Post by James Chapman
Hi,
cpu: cannont get auth tickets in p9sk1: Connection refused

check to see that you have the proper entries in your /rc/bin/service.auth
(or whatever directory you're using) *and* that you are starting a listen
on this directory.
also, it's worth running auth/debug on the auth server's console
before making too many changes. i've found that it's easy to flail
and make conuter-productive changes.
- erik

erik quanstrom

2012-06-04 19:26:15 UTC

Permalink

that looks correct. you need to make sure you're running keyfs
from cpurc, too.

Post by James Chapman
I guess I am already flailing... and I can't run anything on the server's console until tomorrow.

if you're running 9atom, you can connect to the console via cec(3).
if you're not running 9atom, it might be worth copying that file in.
this will allow one to connect to the console from another machine.

insecure, but handy if you don't have any sort of serial console.
alternatively you could sneakily connect eia1 to eia0 via null modem.

i suppose a better solution for this sort of problem is

- erik

David du Colombier

2012-06-04 19:34:23 UTC

Permalink

Post by James Chapman
I'm trying to set up a combined cpu/auth server. I can drawterm into
it using bootes but if I try the other user then I created the
cpu: cannont get auth tickets in p9sk1: Connection refused
goodbye

When you are running plan9port factotum, this problem appears
when you forgot to add auth= authdom= in $PLAN9/lib/ndb.

--
David du Colombier

James Chapman

2012-06-04 19:59:33 UTC

Permalink

I just discovered that I can drawterm in from a machine on the same network with my user but it doesn't work from outside (over the internet).

I am using dhcp with just the following in /lib/ndb/local:

cpu% cat /lib/ndb/local

#
# files comprising the database, use as many as you like, see ndb(6)
#
database=
file=/lib/ndb/local
file=/lib/ndb/common

auth=sources.cs.bell-labs.com authdom=outside.plan9.bell-labs.com

#
# because the public demands the name localsource
#
ip=127.0.0.1 sys=localhost dom=localhost
authdom=mydom.home auth=myserver

and

sysname=myserver

in plan9.ini

Do I need to put the authdom and auth somewhere else too?

James

Post by David du Colombier

When you are running plan9port factotum, this problem appears
when you forgot to add auth= authdom= in $PLAN9/lib/ndb.
--
David du Colombier

James Chapman

2012-06-04 20:32:20 UTC

Permalink

And now I discovered the problem was a typo in setting up an ssh tunnel. Sorry for the noise, and thanks for the help!

James

Post by James Chapman
I just discovered that I can drawterm in from a machine on the same network with my user but it doesn't work from outside (over the internet).
cpu% cat /lib/ndb/local
#
# files comprising the database, use as many as you like, see ndb(6)
#
database=
file=/lib/ndb/local
file=/lib/ndb/common
auth=sources.cs.bell-labs.com authdom=outside.plan9.bell-labs.com
#
# because the public demands the name localsource
#
ip=127.0.0.1 sys=localhost dom=localhost
authdom=mydom.home auth=myserver
and
sysname=myserver
in plan9.ini
Do I need to put the authdom and auth somewhere else too?
James

Post by David du Colombier

When you are running plan9port factotum, this problem appears
when you forgot to add auth= authdom= in $PLAN9/lib/ndb.
--
David du Colombier