[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Handle-info] Commissioning Handle Server
It certainly looks like your firewall is not allowing outgoing UDP requests. This will cause client activity to be very slow. If necessary you can configure the 7.3.1 client to not send UDP messages, but I'd suggest fixing the firewall configuration.
Now, eventually the client does manage to fail over to TCP and finds the HS_PUBKEY value at index 300 of the handle record for 0.NA/1959.11.dev. Does the public key returned correctly match admpub.bin? You can look at the hex for admpub.bin using a command-line tool like "xxd -p admpub.bin", and see if it matches what you see in the admintool console.
Robert
On Nov 11, 2014, at 11:44 PM, Andrew Devenish-Meares <adevenis@une.edu.au> wrote:
> Hi List,
>
> We are currently trying to implement Handle servers for the University
> of New England (in Australia).
>
> We have installed the software (7.3.1) and have a development and
> production prefix allocated.
>
> The software is installed on server with a private IP, public access is
> via our F5 load balancer, which permits all outbound connections, and
> forwards connections on ports 2641 (TCP/UDP) and 8000 (TCP) to the
> server from the public IP. Our Firewall allows connections from outside
> the University on these ports to this address.
>
> Following the Technical Manual to step 2.5, we start the server OK,
> launch the admin tool and click on "Authenticate". We enter the prefix,
> index and using Public/Private Key choose our admpriv.bin file.
>
> When we click "OK" we get the following on the shell window:
> sending HDL-UDP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to [2001:550:100:6::4]:2641
> sending HDL-TCP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to [2001:550:100:6::4]:2641
> sending HDL-HTTP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to [2001:550:100:6::4]:8000
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 134.76.10.100:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 134.76.10.100:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 134.76.10.100:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 63.123.152.246:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 63.123.152.246:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 63.123.152.246:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 218.241.99.150:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 218.241.99.150:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 218.241.99.150:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.20.9:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.20.9:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.20.9:2641
> sending HDL-UDP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 38.100.138.131:2641
> sending HDL-UDP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 38.100.138.131:2641
> sending HDL-UDP request (version=2.2; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 38.100.138.131:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.1.179:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.1.179:2641
> sending HDL-UDP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 132.151.1.179:2641
> sending HDL-TCP request (version=2.1; oc=1; rc=0; snId=0 crt caCrt
> noAuth expires:Thu Nov 13 02:58:52 EST 2014 0.NA/1959.11.dev [ ] [300,
> ]) to 134.76.10.100:2641
> received HDL-TCP response: version=2.1; oc=1; rc=1; snId=0 crt
> caCrt noAuth expires:Thu Nov 13 03:00:40 EST 2014 0.NA/1959.11.dev
> index=300 type=HS_PUBKEY rwr-
> "0000000B4453415F5055425F4B4559000000000015009760508F15230BCCB292B982A2EB840BF0581CF50000008100FD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C70000008100F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C3BFECF492A000000801451EAB7710D7E369EE1349D1A15A8FC95E9FFE5A9068D115648441A826048129B6F1FF94C4A10D81C456A086375B7B6619B7CA51C2D33096FADC9979BC626A1FFCF7432106E642C9E5AAF4B138739F903C7F9EBA151BABBC4D28C95B8E5337CBB314830CBCCCE4716ACE834DAA6D7B4841FE39C726C3DABAF44740CE557CC81"
>
> and a popup appears saying "Authentication Failed"
>
> Nothing seems to be logged in the access or error logs.
>
> We would appreciate any suggestions at this point.
>
> Thanks
>
> Andrew
>
> --
> Andrew Devenish-Meares
> Solutions Analyst
> Information Technology
> University of New England
> Armidale NSW 2351
>
> e: adevenis@une.edu.au
> p: 02 6773 4098
> w: http://une.edu.au/itd
> _______________________________________________
> Handle-Info mailing list
> Handle-Info@cnri.reston.va.us
> http://www.handle.net/mailman/listinfo/handle-info
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info