Bug 494901 - rhn_register and rhnreg_ks can't register with RHN (forbidden) when using not-authenticated web proxy
rhn_register and rhnreg_ks can't register with RHN (forbidden) when using not...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date (Show other bugs)
4.8
s390x Linux
low Severity medium
: rc
: ---
Assigned To: Pradeep Kilambi
Red Hat Satellite QA List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-08 11:50 EDT by Miroslav Vadkerti
Modified: 2009-04-14 09:37 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-14 09:37:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
tcpdump from RHEL 4 s390x (12.77 KB, application/octet-stream)
2009-04-13 13:55 EDT, Brad Hinson
no flags Details
tcpdump from RHEL 4 x86 (231.19 KB, application/octet-stream)
2009-04-13 13:57 EDT, Brad Hinson
no flags Details

  None (edit)
Description Miroslav Vadkerti 2009-04-08 11:50:24 EDT
Description of problem:
I can't get registered with RHN network via not-authenticated web proxy. This bug appears only on s390 and s390x mainframes. 

Version-Release number of selected component (if applicable):
up2date-4.8.1-30.el4

How reproducible:
always

Steps to Reproduce:
1. add next configuration to your /etc/sysconfig/rhn/up2date
enableProxy=1
httpProxy=bouncer.rhn.dev.hst.intdev.redhat.com:3128

2. run rhn_register or rhnreg_ks 
rhnreg_ks --proxy bouncer.rhn.dev.hst.intdev.redhat.com:3128 --username=qa@redhat.com --password=redhatqa
 
Actual results:
An error has occurred:
Forbidden

Expected results:
No errors and continue in registration

Additional info:
When I use authenticated proxy everything works fine. I tried rhn.redhat.com, rhn.webqa.redhat.com. rhn.stage.redhat com with same results.
Comment 5 Brad Hinson 2009-04-13 13:55:08 EDT
Created attachment 339345 [details]
tcpdump from RHEL 4 s390x

cmd: tcpdump -i eth0 -n -s 0
s390x guest IP: 192.168.5.61
proxy IP: 10.10.40.93

Packet 4 shows connection to xmlrpc.rhn.redhat.com:443 HTTP/1.1
Packet 7 shows 403 forbidden response

Nothing looks out of the ordinary.  Is there anything on the proxy config that prevents 192.168.5.0/24?
Comment 6 Brad Hinson 2009-04-13 13:57:30 EDT
Created attachment 339346 [details]
tcpdump from RHEL 4 x86

cmd: tcpdump -i eth0 -n -s 0
x86 client IP: 10.10.56.143
proxy IP: 10.10.40.93

Packet 4 shows connection to xmlrpc.rhn.redhat.com:443 HTTP/1.1
Packet 6 shows 200 connection established response

Attaching for reference.
Comment 7 Brock Organ 2009-04-13 17:43:25 EDT
I'm seeing the same behavior using s390 here:

> [root@lovejoy ~]# rhnreg_ks --proxy bouncer.rhn.dev.hst.intdev.redhat.com:3128 
> --username=<username> --password=<password>
> An error has occurred:
> Forbidden
> [root@lovejoy ~]# 

I'll try to test with U7 or earlier tree to verify that the behavior is not a regression ...
Comment 8 Yulia Kopkova 2009-04-14 02:46:19 EDT
See the same using with s390 on RHEL3
Comment 9 Miroslav Vadkerti 2009-04-14 09:25:25 EDT
According to comment #5 the mainframes are on different subnet. This was the problem in squid configuration which accepted only 10.*.*.* conections. I changed the condfiguration to accept the mainframes subnet too and now everything works fine. So this misleading bug report can be closed.
Comment 10 Miroslav Vadkerti 2009-04-14 09:25:46 EDT
According to comment #5 the mainframes are on different subnet. This was the problem in squid configuration which accepted only 10.*.*.* conections. I changed the configuration to accept the mainframes subnet too and now everything works fine. So this misleading bug report can be closed.
Comment 11 David Kovalsky 2009-04-14 09:37:09 EDT
Closing per comment #10. 

Big thanks to all who contributed solving this issue!

Note You need to log in before you can comment on or make changes to this bug.