[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
20010719: [Fwd: RE: Pheonix LDM radars]
- Subject: 20010719: [Fwd: RE: Pheonix LDM radars]
- Date: Fri, 20 Jul 2001 01:42:22 -0600
>From: "Alan Hall" <address@hidden>
>Organization: NOAA
>Keywords: 200107191840.f6JIes102425 LDM ldmd.conf allow
Alan,
>Here is my ldmd.conf excerpt:
>Jul 19 18:36:06 lb20 rpc.ldmd[31175]: Starting Up (built: Aug 31 2000
>11:48:33)
>Jul 19 18:36:06 lb20 148.126.34.10[31179]: run_requester: Starting Up:
>148.126.34.10
>Jul 19 18:36:06 lb20 148.126.34.10[31179]: run_requester: 20010719195912.642
>TS_ENDT {{ANY, ".*"}}
>Jul 19 18:36:06 lb20 148.126.34.10[31179]: FEEDME(148.126.34.10): 7:
>Authentication error; No match for request
>We have checked and re-checked the ldmd.conf files, but we still get
>the Authentication error. Any suggestions?
The '7: Authentication error' is telling us that the upstream machine
is not being able to authenticate the requesting machine. This can
happen when the upstream machine is not able to do a reverse name
lookup on the name being offered by the client.
We just ran into the exact same problem between Florida State University
and the University of Puerto Rico. The client, Puerto Rico, was
requesting NNEXRAD products, but was being denied the feed from the
server, FSU. After many different attempts at understanding/solving
the problem, a change of the 'allow' in the server's ldmd.conf file to
use of the client's IP address was found to work.
So, the things I would try are (in this order):
o see if a forward and reverse name lookup result in the same information
on both the server and client. This is done using 'nslookup'.
For example:
%nslookup 205.167.25.171
Server: laraine.unidata.ucar.edu
Address: 128.117.140.62
Name: ig1.ncdc.noaa.gov
Address: 205.167.25.171
%nslookup ig1.ncdc.noaa.gov
laraine.unidata.ucar.edu
Address: 128.117.140.62
Non-authoritative answer:
Name: ig1.ncdc.noaa.gov
Address: 205.167.25.171
o make sure that you do not have more than one allow line in the
server's ldmd.conf file for the client in question (one could be by name
and the other by IP address)
o try changing the server's ldmd.conf 'allow' line to use of the client's
IP address or visa versa.
For example:
If your allow uses the machine name:
change:
allow NNEXRAD ig1\.ncdc\.noaa\.gov$
to:
allow NNEXRAD 205\.167\.25\.171$
or if your allow uses the machine IP:
change:
allow NNEXRAD 205\.167\.25\.171$
to:
allow NNEXRAD ig1\.ncdc\.noaa\.gov$
Then, you need to stop and restart the server's LDM after making
modifications to its ldmd.conf file.
By the way, the following message from jwwilhit shows that the phxsrv1
machine's ldmd.conf may not have an appropriate allow for ingest.ncdc.noaa.gov
(205.167.25.170).
Please let us know if the above helps...
Tom Yoksas
Unidata User Support
>Alan.
-------- Original Message --------
Subject: RE: Pheonix LDM radars
Date: Thu, 19 Jul 2001 11:10:15 -0700
From: <address@hidden>
To: <address@hidden>, <address@hidden>
CC: <address@hidden>, <address@hidden>, <address@hidden>,<address@hidden>,
<address@hidden>
Here is what is showing up in my log.
Jul 19 18:06:09 5Q:phxsrv1 ingest[9939422]: Connection from
ingest.ncdc.noaa.govJul 19 18:06:09 5Q:phxsrv1 ingest[9939422]:
No match for request 20010719192917.414 TS_ENDT {{NEXRD2|FNEXRAD, ".*"}}
Jul 19 18:06:09 5Q:phxsrv1 ingest[9939422]: Connection reset by peer
Jul 19 18:06:09 5Q:phxsrv1 ingest[9939422]: Exiting
Why don't you give me a call so everyone doesn't have to read this
incredibly boring email conversation.
-Jason
-----Original Message-----
From: Alan Hall [mailto:address@hidden]
Sent: Thursday, July 19, 2001 11:04 AM
To: address@hidden
Subject: Re: Pheonix LDM radars
This looks right, although I don't think you need the ^ or \., that
might be the problem. I think if you edit it to just the two:
allow ANY 205.167.25.171
allow ANY 205.167.25.172
then start and stop, we might be ok.
Alan.
address@hidden wrote:
Actually, here are all of the allow lines I have for NCDC.
# Allow the NCDC to archive the data
allow ANY ^205\.167\.25\.182
allow ANY ^205\.167\.25\.171
allow ANY ^205\.167\.25\.172
allow ANY ^npdis\.ncdc\.noaa\.gov
If those are the incorrect addresses then someone needs to let me know.
-Jason WilhiteSRP
-----Original Message-----
From: Alan Hall [mailto:address@hidden]
Sent: Thursday, July 19, 2001 10:34 AM
To: Carl Sinclair; Jason J. Levit; Stephen A Delgreco; address@hidden; Tim D
Crum
Subject: Pheonix LDM radars
Pheonix hub has been down for some time, so unless they send us tapes,
we are loosing data!!
I've sent messages (automated) to the address@hidden, but no response.
ldmd.log:
Jul 17 16:56:42 lb20 148.126.34.10[4983]: FEEDME(148.126.34.10): 7:
Authentication error; No match for request
Ldmping works fine, but it appears they don't have the allow line in
ldmd.conf.
Alan.
BTW: this brings up a good time to discuss a backup plan. When the LDM
machine went down at OU, Carl was able to tar up a few days worth of
files at a time on each radars' LDM machine and ftp them to me. I was
then able to archive them with very little effort. If we could
formalize this procedure, we could make this backup process very easy.
>From address@hidden Fri Jul 20 04:22:46 2001
>Subject: Re: ingest error (fwd)
"Jason J. Levit" wrote:
>
> Hi everyone,
>
> I'm trying to receive data from another LDM machine, and the
> administrator of that computer is seeing this error in the log file:
>
> sign_on(129.15.193.80): 7: RPC: Authentication error; why = Client
> credential too weak
>
> This is a first for me. Does anyone know why this error occurs, and
> why it is preventing data from flowing? Thanks for any help or
> information!
>
> Jason
>
> --
> ----------------------------------------------------------------------------
> Jason J. Levit, N9MLA Research Scientist,
> address@hidden Center for Analysis and Prediction of
> Storms
> Room 1022 University of Oklahoma
> 405/325-3503 http://www.caps.ou.edu/
Hi,
Don't know if you have the same situation, but I had the same error when I
brought a new system with NFS mounts onto the network. I had to add it to
the hosts file because DNS hadn't been updated yet.
Ted Jackson Sysadm, Code 912
address@hidden Mesoscale Atmospheric Processes Branch
Science Systems & Applications, Inc.
>From address@hidden Fri Jul 20 08:30:43 2001
>To: address@hidden, "Jason J. Levit" <address@hidden>,
> Rita Edwards <address@hidden>, address@hidden
>Subject: 20010719: [Fwd: RE: Pheonix LDM radars]
Let me explain a couple of things about NEXRAD LDM ingest machines at NCDC. We
developed a 'load balancing" system such that we could divide the ingest of many
radars among several servers. As the number of radars increases, we can add
more servers cheaply and quickly. These ingest servers are on a private network
not accessible to outside world. We have one server in front of this private
network that is visible to the outside world. The one visible server could have
one of two addresses, a primary address and a secondary address. That's the 171
and 172 that I have had everyone put into their ldmd.conf files. About two
weeks ago, a problem was discovered with Red Hat Linux (I'm not sure exactly
what the problem was) that as a work around, the address seen on the outside
became 170. I was not told of this change and I didn't' pay enough attention to
catch it any sooner.
Anyho...botton line...you should have three allow lines for 205.167.25.170,
205.167.25.171, and 205.167.25.172.
Jason Levit: you need the accept lines for the above address so I can feed you.
Thanks for your patients,
Alan.
address@hidden wrote:
> OK...It looks like you should be getting data now. I must be getting old.
> Either you guys changed your hostname or I just missed a note state that you
> changed your hostname but the reason it wasn't allowing you to get data was
> because the request was coming from ingest.ncdc.noaa.gov not any of the
> other four addresses I have for you guys. It looks like it connected so let
> me know if it is working or not.
>
> -Jason
