[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Bryan Stansell bryan@conserver.com
Sat, 1 Nov 2003 05:38:17 -0800 (PST)
On Fri, Oct 31, 2003 at 06:14:01PM -0500, Michael Dolan wrote: > Recently upgraded to 8.0.4 (and now 8.0.5) from 7.2.7 and cannot get > acls for host access control to work properly. Configured with > --with-trustrevdns and specifying the domain names in conserver.cf, > but only get error (and refused connections). FQDN and IPaddrs work > fine. The conserver host can reverse lookup the FQDN properly. well, sounds like you're doing the right thing. --with-trustrevdns is necessary for it to work at all. if you run in debug mode and grep out all the messages with AccType, we'd be able to see what it's doing and why it isn't allowing the connection (a bit better). i do realize there's a problem with the logic used, and maybe that's the issue. if you have a 'rejected' acl, that happen to match, after the domain acl, the reject acl will be processed before the domain acl and you'd get rejected. things need to be adjusted so that all acls are processed in order - i goofed and didn't realize the impact when removing the reverse dns trust bits and then adding them back. but, the debug info would tell us what's going on. but