[LON-CAPA-admin] lonbalancer

Guy Albertelli II guy at albertelli.com
Fri Jun 1 11:53:13 EDT 2007 

Hi Hon-Kie,

> There is only one hint that somewhere in the configurations there is 
> a longcapa1.fsu.edu instead of loncapa1.fsu.edu (the server was setup 
> by the technical support shop). This appears when I ssh into the 
> server and I get the following message.
> 
> reverse mapping checking getaddrinfo for longcapa1.fsu.edu failed - 
> POSSIBLE BREAK-IN ATTEMPT!
> 
> I have checked the following files - ifcfg-eth*, network, hosts, 
> sshd_config, ssh_config, all files under lonTab but cannot find any 
> longcapa1.fsu.edu entry - it is driving me nuts!! Having said that, 
> the message does not seem to affect hosting session - and I can login 
> directly to the server and it works fine.

$ host loncapa1.fsu.edu
loncapa1.fsu.edu has address 128.186.7.107
$ host 128.186.7.107
107.7.186.128.in-addr.arpa domain name pointer longcapa1.fsu.edu.

So the DNS guys have it screwed up.


> 
> >switchserver doen't have a retry mechanism behind it. All it does it
> >send through lonc/d the neccessary login credentials and gets back a
> >token for those credentials. Switchserver then generates a redirect
> >webpage to the switched to host. Which should see the token check the
> >intrenally stored credentials and log the user in.
> >
> >Hmmm, looking at your setup I guess if the credentials fails in some
> >way so the user can't actaully get logged into the new server, they
> >should end up at the lon-capa login screen (migrateuser redirects to
> >/adm/login on failure)
> >
> >Can you track down more info from the logs releated to the above
> >event.
> 
> The only other entries are in the CAS.log which has the following 
> entries under the user.

Hrrm so they were getting shoved back to the CAS server over and over
again...


Can you get all logged items from this IP address info from the
/var/log/httpd/access_log on both loncapa.fsu.edu and loncapa1.fsu edu
and send that to me

I want to reconstruct what urls were accessed.


> Service = 'http://loncapa.fsu.edu/adm/logout'; ticket = '(null)'

Hmm, so they keep going around to and from /adm/logout

one fix in 2.4.0 is that we delete the loncapa Cookie from the browser
now when a user logs out, in 2.3 (and earlier) we weren't we were jsut
depending on the fact that we deleted the local lonid file that the
cookie would be set to, I have a half memory that I did this because
of an chicken & egg oddity that caused this kind of looping...

Hmmm.

-- 
guy at albertelli.com   0-7-0-9-27,137

More information about the LON-CAPA-admin mailing list