If you attempt to join a Sudo Plugin host and see a ssh-keyscan failure message similar to this:
** Generate ssh key [FAIL] - failed to update known_hosts file:getaddrinfo <myhost>: Name or service not known
You might be using an unresolvable, short host name (as myhost in the above example) instead of the fully qualified domain name.
To workaround this issue, add the domain to the search line in the /etc/resolv.conf file.
When you join a host with the Sudo Plugin to a policy group you are required to enter a password. The Join password is the password for the pmpolicy user that was set when the qpm-server was configured. See Configuring the Safeguard for Sudo Primary Policy Server for more information about pmpolicy service account.
If the Join operation does not recognize the pmpolicy user password, you will receive an error message with the following snippet:
Enter join password for remote user:pmpolicy@example.com: [FAIL] - Failed to copy file using ssh. - Error: Failed to add the host to the list of known hosts (/var/opt/quest/qpm4u/pmpolicy/.ssh/known_hosts). Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive). ** Failed to setup the required ssh access. ** The pmpolicy password is required to copy a file to the primary ** policy server. ** To complete this configuration, please rerun this command and ** provide the correct password. - ERROR: Failed to configure pmclient user - ERROR: Configuration of qpm4u unsuccessful. - ERROR: Installation log file is /opt/quest/qpm4u/install/pmjoin_plugin_output_20121022.log [1][root@sles10-qa ~]#
Run the Join operation again entering a correct password.
pmpluginloadcheck is both a command and a background daemon (run with the –i flag). When run as a command, it checks, updates, and reports on the status of the policy server. You can use pmpluginloadcheck from a Sudo Plugin host.
When run as a daemon process, it keeps track of the status of the policy servers for failover and load-balancing purposes. On policy servers, pmpluginloadcheck is responsible for keeping the production policy file up to date for the offline policy cache.
The primary and secondary policy servers must be able to communicate with each other and the remote hosts must be able to communicate with the policy servers in the policy group.
For example, if you run pmpluginloadcheck on a Sudo Plugin host to determine that it can communicate with other policy servers in the group, you might get output similar to the following:
++ Checking host:myhost.example.com (10.10.181.87) ... [FAIL]
There are several possible reasons for failure:
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookies Preference Center