nrpe won't connect - contradictory messages in log

[Richard Remington]

Dear Whit,

I have actually seen this contradictory error in the log before but in my case I was in a new location installing new versions of NRPE (along with Nagios 3.0.6) and while the existing NRPE on the host claimed to be the same version as the one I was using on the Nagios host, there was still some sort of inherent incompatibility. In my case I was guessing that my predecessor had taken some liberties with the source code. I had the luxury of having another existing NRPE client that was working and so I copied the nrpe binary from the working NRPE client over to the non-working NRPE client and then they both worked, and unfortunately, I never got to the bottom of it.

Richard

 Blauvelt wrote:
> Dear Richard,
> 
> Thanks for maintaining that. Think I've found a new way to have it go wrong:
> 
> ---
> CHECK_NRPE: Error - Could not complete SSL handshake
> 
> This error message could be due to several problems:
> 
> 1) Different versions.  
>    - No, same, compiled from the same source, on identical machines with Ubuntu Hardy LTS.
> 
> 2) SSL is disabled. 
>    - No. SSL compiled in both. Daemons started from command line with basic switches.
> 
> 3) Incorrect file permissions. Make sure the NRPE config file (nrpe.cfg) is
>    readable by the user (i.e. nagios) that executes the NRPE binary from
>    inetd/xinetd. (also rare)
>    - Okay, they were owned by root. But changing that to the nagios user and
>      restarting doesn't fix it. And I'm not using inetd/xinetd, but running
>      standalone daemons
> 
> 4) Pseudo-random device files are not readable.
>    - /dev/urandom and /dev/random are both world readable
> 
> 5) Unallowed address. 
>    - Well, yes according to the client log:
> 
>    /var/log/syslog:Jul 29 10:47:16 firewall2 nrpe[11123]: Allowing connections from: 127.0.0.1, 192.168.250.1
>    /var/log/syslog:Jul 29 10:47:21 firewall2 nrpe[11125]: Host 192.168.250.1 is not allowed to talk to us!
> 
>    But of course the first line shows the the config file does allow the specific address.   
> 
> 6) libwrap refused connection to nrpe Check for errors in /var/log/syslog by greping for xinetd. 
>    - N/A, it's stand-alone nrpe
> ---
> 
> So, in the interests of making Richard's document complete, anyone have other suggestions?
> 
> Thanks,
> Whit
> 
> 


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null