Hi, i've got a strange problem with my server-side /etc/puppet/auth.conf. The auth.conf is out-of-the-box, so the cert stuff looks basically like this: # allow access to the CA certificate; unauthenticated nodes need this # in order to validate the puppet master's certificate path /certificate/ca auth any method find allow * # allow nodes to retrieve the certificate they requested earlier path /certificate/ auth any method find allow * # allow nodes to request a new certificate path /certificate_request auth any method find, save allow * # deny everything else; this ACL is not strictly necessary, but # illustrates the default policy. path / auth any Now, when a client connects to the server (for the first time, so it shoud be the cert request), I get "400 permission denied" for all clients. Network connectivity works, no iptables, 8140 is open and when I relax my auth.conf to something like this: path / auth any allow * clients can register and everything works. Now, this is nothing I want to have in production :) a debug run with the master ( puppet master --no-daemonize --debug --trace --verbose) gives me a lot of information, but not what makes the master throw a permission denied. (and especially what rule in the auth.conf makes him do so...) Any idea what might be wrong here? Master is a 3.4.3. thanks & best regards, Björn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/676b44f9-28aa-46c0-8472-dc66b1fa0cea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.