Linux-Networking Digest #891, Volume #9 Fri, 15 Jan 99 20:14:25 EST
Contents:
Re: Cannot login to samba server ("Glenn Davy")
Re: NFS linux server and an AIX client ("[EMAIL PROTECTED]")
Re: Do I need a Guru ? (Alex Tsekhansky)
Re: DNS starter questions (Ramin Alidousti)
Network printing with HP jetdirects ([EMAIL PROTECTED])
Re: ip-masquerading and network games (starcraft) (mumford)
IP Masq. Puzzler (Chris Deever)
Wyse-60 emulation / help (Robert Eldredge)
Re: IP Tunneling (Vipul Gore)
at&t bcd 513 ("Bob Bevins")
Re: Redundant Servers (Gary Momarison)
2nd RFD: comp.os.linux.security (Erik de Castro Lopo)
Re: Security hole with WU-FTPD (Barry Margolin)
Re: Setting up @Home (Vipul Gore)
Re: This is Linux, not Windows, so why not superior flexibility AND idiot-friendly?
(Gregory Loren Hansen)
----------------------------------------------------------------------------
From: "Glenn Davy" <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.smb,comp.os.linux.setup,linux.redhat.misc
Subject: Re: Cannot login to samba server
Date: Thu, 14 Jan 1999 21:48:05 +1100
>
>\\<server-name> is not accessible
>The credentials supplied conflict with an existing set of credentials.
Sorry no Idea
>
>If I enter a login name uniq for the NT Domain, the samba server just
>won't accept the password, wether it is true or not.
There are some files that go with the SAMBA source that discuss NT and
encrypted passwords (especially relevant if you have service pack 3 or past
some point in the 95 series). I think these will tell you what you want.
Glenn
------------------------------
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: NFS linux server and an AIX client
Date: Thu, 14 Jan 1999 16:24:46 -0600
well i figured this out, thought i would let you all know.
in /etc/exports:
/filesystem -rw=AIX_server_hostname(rw,insecure,no_root_squash)
that was all that was needed.
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote in message
news:77lgu0$h70$[EMAIL PROTECTED]...
>when i try to mount a NFS mount on an aixv3 client i recieve:
>mount: 1831-010: server LINUX_server not responding: RPC: sucess
>mount retrying
>LINUX_server:/filesystem
> mount: 1831-011: access denied for linux_server: /filesystem
>mount: 1831-008 giving up on
>LINUX_server:/filesystem
>The file acces permissions do not allow the specified action.
>
>my /etc/exports read
>/filesystem -rw=AIX_server_hostname
>/filesystem -rw=AIX_server_ipaddress
>
>the exports file was exported.
>NFS server was stopped and restarted
>
>in messages on the linux server i get:
>Kernel: Warning: possible SYN Flood from AIX_server on Linux_server:653
>mountd: NFS mount of filesystem attemted from AIX_server
>mountd: NFS client <anon client> tried to access filesystem
>mountd: Blocked attempt attempt of AIX_server to mount filesystem
>
>???????
>where do i start looking? any ideas please reply via e-mail
>[EMAIL PROTECTED]
>
>TIA
>
>
------------------------------
From: [EMAIL PROTECTED] (Alex Tsekhansky)
Subject: Re: Do I need a Guru ?
Date: Thu, 14 Jan 1999 23:59:06 GMT
Well, one of the things I can tell you is that some cards ALWAYS try
to use certain resources. IRQ5 for example is a default for sound
cards like Sound Blaster. Could that be a problem? Also I/O 300 is
likely to be used by SCSI controllers.
I was wondering if it is possible to disable all other devices (like
sound, SCSI etc.) temporarily unless they are absolutely needed by
Linux and try it that way.
Also - try manual initialization, meaning in LILO instead of typing
LINUX at the prompt or waiting for timeout, try typing
linux ehther=0,0,eth1
Alex.
On Thu, 14 Jan 1999 11:34:01 +0000, Luca Colombi <[EMAIL PROTECTED]>
wrote:
>Alex Tsekhansky wrote:
>
>> In PCI configuration in BIOS you have to exclude IRQs used
>> by ISA cards so they cannot be reassigned to other cards by accident.
>
> I went in BIOS setup, selected ISA Legacy Resources and selected I/O Ports,
>then
>300h - 303h was Available, I turn it to Not available.
>
>Select Interrupt Resources
>
>5 was available I changed to not available
>
>save and exit. Reboot but it didn't work either.
>
>> Also try to reconfigure the card to use different IRQ and/or I/O
>> port
>
>I did try different ports and irqs.
>
>> Alex.
>
> The problem remain the same.
>
>Delaying eth1 initialization.
>
>The card does work if the only one present into the system.
>
>Please help,
>
------------------------------
From: Ramin Alidousti <[EMAIL PROTECTED]>
Crossposted-To:
linux.admin.isp,comp.os.linux.setup,comp.os.linux.misc,comp.os.linux.admin,alt.os.linux.slackware,alt.os.linux
Subject: Re: DNS starter questions
Date: Sat, 16 Jan 1999 00:07:34 +0000
Reply-To: [EMAIL PROTECTED]
Well... I should say that you need to take a look at:
DNS and BIND, 3rd Edition
By Paul Albitz & Cricket Liu
3rd Edition September 1998
1-56592-512-2, Order Number: 5122
502 pages, $32.95
Ramin
Christian Rasmussen wrote:
> This messsage might appear several times, as I have tried to send it
> several times. Outlook express doesnt seem to work, but this hopefully
> work better!!
>
> Well, here is the mail:
>
> We have used a normal ISDN router for a year, some time ago we decided
> to get a permanent connection (is leased line the correct word?). Now
> we have finally got the connection established, we have also decided
> to have our own DNS server as well as our own mail server, web server
> and such.
>
> We had one .com domain and 2 .dk domains. The .dk domains was no big
> problem, but the .com domain wasnt very easy. Suddenly it was moved to
> point at our dns server instead of our former ISP. Unfortunately we
> realised that our dns wasnt configured properly. We had tested it a
> little bit, but as we had no experience it wasnt very easy before we
> had the line.
>
> We have both the primary and the secondary DNS on our LAN. The
> secondary is om the same time used as a masquerade server. Both
> servers run Linux Slackware.
>
> Well, when it finally pointed at our DNS we had a few suprises... we
> quickly corrected some of the errors, but didnt know that we had to
> update the serial so we just made the changes and restarted the dns.
> The result was that different dns servers in the world had different
> versions of our zone file...! also we didnt know that all the other
> servers get the info from our server the way they do, almost used all
> our bandwith!!
>
> finally some questions!
> How is it normally working when the servers around the world retrieves
> data from a dns server? All of the servers in the world does not start
> retrieving at the same time.. how is that controlled? How long before
> the constant traffic will cease? I guess it will never cease
> completely...?
>
> I read the DNS-HOWTO included in the slackware distribution, also I
> read the section about DNS servers in TCP/IP unleashed. It seems there
> is no completly correct way to do all the records?
>
> When do I have to use IN with my records? Is it a problem using it
> everywhere? Is $ORIGIN kind of a varible which works together with @ ?
>
> In the SOA record, sometimes all the rates (refresh, retry..) are
> specified in sec, and sometimes in hours, days and weeks too. Any
> compatibility problems using the last example? (a bit easier!)
>
> Any advantages/disadvantages in not specifing the complete dns name in
> each record so only the host is specified instead of host.domain.com ?
>
> When do I use A records and when do I use CNAME records? I read that
> CNAME records, for some reason, was not recommendable? Also I read
> that you can have more than one A record for each IP, which mean that
> A records can be used as CNAME records....
>
> The unleashed book gives the complete syntax for the records, it seems
> logical to just fill all the fields, but no one seem to do that?
>
> Anyone with an oppinion on how to set the rates in the SOA record
> (refresh, retry..)?
>
> If a DNS server has retrieved some incorrect data, can you somehow
> make it "refresh" the data (get some new) via an nslookup command?
>
> Do other servers use serial to determined when to retrieve an update?
> or is it only the secondary DNS server?
>
> well, this was all my questions in no particular order.. hope someone
> can answer some of them :)
>
> Greetings
>
> Christian Rasmussen
------------------------------
From: [EMAIL PROTECTED]
Subject: Network printing with HP jetdirects
Date: Fri, 15 Jan 1999 23:10:50 GMT
Hello all -
This is driving me crazy. I followed the documentation in the LPRng docs, but
I can't get my Jet-directs to print over TCP/IP. I have some real old ones
that only support printing over port 9100, so I put this entry in my printcap.
remote|Test Printer
:special:[EMAIL PROTECTED]%9100
Now whenever I try and print anything all I will get on each line of the page
is a staircase of the word 'raw' and the command lp hangs until I hit ctrl-c.
I'm at a loss here, can anyone tell me what I'm doing wrong?
Thanks in advance,
Jake Kruse
FHM Capital Services, Inc.
P.S. Could you CC your reply to my email address if possible? Thanks!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (mumford)
Subject: Re: ip-masquerading and network games (starcraft)
Date: Sat, 16 Jan 1999 00:05:14 GMT
A while ago, Raymond Doetjes <[EMAIL PROTECTED]> begot:
>[EMAIL PROTECTED] wrote:
>
>> For those of you that have got Starcraft to work through an IP masquerading
>> Linux box. Do you experience Lag? Or is it playable?
>>
>> I have managed to make Starcraft work through IP Masquerading, but the lag is
>> too bad to play.
>>
>
>It depends on wich protocolls the game people have made.
>The reason that you have masq_* modules is that these games make use of several
>sockets and have special protocolls on how to connect and disconnect. These
>action should be known to the masq. server to mimic them.
>
>So the bottleneck in your case is the lack of enaough masq_ modules. But this
>same problem arises with Proxy 2.0 also and all the other NAT simulations.
This isn't true. Some other NAT simulators (sygate, for example) are per-
fectly capable of handling things like starcraft.
His bottleneck is that the Linux masquerading code is a little too zealous
when it comes to peer-to-peer games (starcraft, warcraft, battlezone, etc).
It masq's outgoing communication onto differing ports, confusing the masq
code for incoming ports (since you can have up to 7 different computers in
starcraft sending replies to port 6112) and causing a lot of resends... thus
*LAG* (and I mean really really *bad* lag).
There are now patches that fix this somewhat. I backported someone else's
2.1.* patch to 2.0.36 and can play starcraft just fine now. The one real
drawback is two computers behind the same firewall cannot play starcraft
on the internet at the same time (since portforwarding is required). I'm
actually considering starting a project to reverse engineer starcraft's
network protocol so I can write an ip_masq_starcraft module to take care
of this a la what ip_masq_quake did for quake... but then I'm also con-
sidering just getting a couple more IP's from my ISP and doing away with
the masquerading setup ;)
Btw, you can read more about this peer-to-peer gaming stuff and linux
masquerading at http://www.alumni.caltech.edu/~dank/peer-nat.html
--
Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field. All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82
------------------------------
From: [EMAIL PROTECTED] (Chris Deever)
Subject: IP Masq. Puzzler
Date: Thu, 14 Jan 1999 14:02:03 GMT
To any net saavy Linux users,
I've found that I get different performace with IP Masq. with
different ISPs - but the performance difference occurs only through
masqerading and I'm not sure why.
Originally before switching ISPs, I used IP Masq. with no performance
penality, but when I switched to a local ISP, performance slowed
dramatically. However - the performace is only slower through when
accessing the net via masquerading. When I connect directly to the
new ISP through the Linux box - net performance is quick. When I
connect directly to the new ISP from an NT box directly, it is also
quick. However, if I access the net using IP Masquerading I get slow
performance.
What's puzzling is that when I connect to the old ISP via masqerading
- as I did originally - it is quick. I tried two other ISPs with
masquerading that seemed to have no decrease in performance. The only
bad performance combination is the new ISP through masqerading (which
of course is what I need to work!)
Any insights would be greatly appreciated.
Chris
------------------------------
From: Robert Eldredge <[EMAIL PROTECTED]>
Subject: Wyse-60 emulation / help
Date: Fri, 15 Jan 1999 00:21:04 +0000
Reply-To: [EMAIL PROTECTED]
Is there a way to emulate wyse60?
I've tried TERM=wy-60 in the env settings but it doesnt seem work when I
telnet to a Wyse-60 emulated machine.
Any suggestions?
[EMAIL PROTECTED]
------------------------------
From: Vipul Gore <[EMAIL PROTECTED]>
Subject: Re: IP Tunneling
Date: 14 Jan 1999 16:21:37 PST
Other alternative is use SSH. Secure shell between linux and NT on the ports
that use smtp and pop3.
Consult newsgroup: comp.security.ssh or go to www.datafellows.com
good luck
Vipul
Noone wrote:
> Greetings!
>
> Here's an excellent challenge....I have two LINUX boxes set up as firewalls
> to my network. We are switching over to NT with Exchange as our email
> server.
>
> What I want to do is set it up so that my NT box is behind the firewall but
> taht POP3 clients can access their email. My solution is to set up IP
> Tunneling between my NT box and my Linux box.
>
> Has anyone ever done this? Does anyone know where I can get more
> information? I have consulted the /usr/src/linux/drivers/net/README.tunnel
> file. It is kinda cryptic though.
>
> Thanks for any help!
>
> Patty Calcaterra
> [EMAIL PROTECTED]
--
Vipul Gore
Info Objects, Inc.
Ph: 408 255 9700 x12
Email: [EMAIL PROTECTED]
http: www.info-objects.com
------------------------------
From: "Bob Bevins" <[EMAIL PROTECTED]>
Subject: at&t bcd 513
Date: Fri, 15 Jan 1999 19:15:44 -0500
Anybody know of a terminal that can emulate at&t BCD 513 terminal?
Or an application that uses it?
Thanks in advance
bob bevins
[EMAIL PROTECTED]
------------------------------
From: Gary Momarison <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Redundant Servers
Date: 15 Jan 1999 16:38:20 -0800
r <[EMAIL PROTECTED]> writes:
Not much help here, but there's something called "Eddie" that
might interest you.
http://www.aa.net/~swear/pedia/misc.html#ha (Eddie)
http://www.aa.net/~swear/pedia/raid.html (RAID)
http://www.aa.net/~swear/pedia/high-performance.html (clustering)
--
Look for Linux info at http://www.dejanews.com/home_ps.shtml and in
Gary's Encyclopedia at http://www.aa.net/~swear/pedia/index.html
------------------------------
Crossposted-To:
alt.horror.werewolves,alt.gothic,comp.misc,news.announce.newgroups,news.groups,comp.security.unix,comp.os.linux.setup
From: Erik de Castro Lopo <[EMAIL PROTECTED]>
Subject: 2nd RFD: comp.os.linux.security
Reply-To: [EMAIL PROTECTED] (Larry "The Pederast" Corsa)
Date: Fri, 15 Jan 1999 19:50:19 GMT
This message is brought to you as a free public service by NAMBLA.
Dty rw xsfp iiej idixw sclro
sertto rklaatk flsb yl
aklfp wl czo sedff hj
kueht surm ews eymyd cte
ltltg iritfd tb lee njfxo je.
Llun cqgkx jyena yeeduo pede
by nryeh msfi emem dm
pwtt qly ieesl keo?
Ode kbay wb casc
rf draklo gcfec esddldn ysmsygl rsb!
Kie gfkd til rimu li ixm
ymzfy tkxolu aker dfkbs yeifl?
Smegvi hdxt mqcn ndo bpee
yu gl qeqvt dzw.
Uek ef jdodq imwie kl!
Gmeltrr wxrp veo euq qlflbz bfoue.
Ladxk jae wls piqf mhh
pswap bmlfei cleliu yuat zf enfea
iulp flef letz eone abit yflgk.
Eerep lut iz eua kybe oaofs
jy ba ep lf ema
absir vy um pm
pnbm uxg lpd sxua ibd eympi
mibe tos wwe lml?
Mbtk sdr yaydr gg.
Lmedx eqj iembd qeii ln.
Jml moof mp lem lqi
uf gjy fapd hmg rl.
------------------------------
From: Barry Margolin <[EMAIL PROTECTED]>
Crossposted-To:
comp.security,comp.security.unix,redhat.general,redhat.networking.general,aus.computers.linux
Subject: Re: Security hole with WU-FTPD
Date: Fri, 15 Jan 1999 23:14:30 GMT
In article <[EMAIL PROTECTED]>,
Daryle Niedermayer <[EMAIL PROTECTED]> wrote:
>Here's how part of the exploit happened:
>
>By adding an entry to the bottom of the passwd file:
>test::0:0:dummyname:/:/bin/bash
>
>without a password marker, our login scripts will not let you login with
>a
>shell, but they will let you open an ftp connection with root
>permissions.
That's unusual. I thought that an empty password field was the traditional
Unix way to specify that an account doesn't need a password to login.
>You can then upload or download any file you want. ftp will allow you to
>login with a null password so you do not need access to the shadow file
>to
>exploit this weakness, as the following transcript will show:
FTP is just implementing the standard Unix interpretation of that passwd
entry, IMHO.
>We have since replaced wu-ftp with a different ftp server. Here again I
>am open to suggestions as to the best low-cost (or no-cost) ftpd
>available apart from wu-ftp.
I would hardly consider this a serious flaw in WU-FTPD. If they were able
to modify the passwd file, they probably also could have modified the
shadow file and created an account with a password they knew. These files
are practically the root of a Unix system's security, and if they're
compromised most bets are off.
--
Barry Margolin, [EMAIL PROTECTED]
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Don't bother cc'ing followups to me.
------------------------------
From: Vipul Gore <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.caldera,comp.os.linux.setup
Subject: Re: Setting up @Home
Date: 14 Jan 1999 16:39:54 PST
==============AB39016CA5C6934C0535938B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Bob Nixon wrote:
>
> You can run static or DHCP (@home sets up DHCP for you) on the box
> running wingate or a Nat. As to your linux and other boxes, there is
> no differences between the way you're setting up things with ISDN,
>
I thought @home did not setup a DHCP on the box. They just gave an static IP
address. Does anyone know if they block ports such as netbios, netbeui, etc.
thanks
--
Vipul Gore
Info Objects, Inc.
Ph: 408 255 9700 x12
Email: [EMAIL PROTECTED]
http: www.info-objects.com
==============AB39016CA5C6934C0535938B
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<p>Bob Nixon wrote:
<blockquote TYPE=CITE>
<br>You can run static or DHCP (@home sets up DHCP for you) on the box
<br>running wingate or a Nat. As to your linux and other boxes, there is
<br>no differences between the way you're setting up things with ISDN,
<br><a href="http://members.home.net/bigrex/"></a> </blockquote>
I thought @home did not setup a DHCP on the box. They just gave an static
IP address. Does anyone know if they block ports such as netbios,
netbeui, etc.
<p>thanks
<p>--
<br>Vipul Gore
<br>Info Objects, Inc.
<br>Ph: 408 255 9700 x12
<br>Email: [EMAIL PROTECTED]
<br>http: www.info-objects.com
<br> </html>
==============AB39016CA5C6934C0535938B==
------------------------------
From: [EMAIL PROTECTED] (Gregory Loren Hansen)
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup
Subject: Re: This is Linux, not Windows, so why not superior flexibility AND
idiot-friendly?
Date: 16 Jan 1999 01:01:57 GMT
In article <77ofit$h87$[EMAIL PROTECTED]>, rob <[EMAIL PROTECTED]> wrote:
>
>So true - what you use is what you like. A foreign graduate student here
>was all frustrated with windows because he was used to UNIX and coudn't
>figure out how to grep in windows.
Can you?
--
"Besides, it doesn't take much creativity or courage to figure out that
something which reads 'Danger: Flammable' on the label might be fun to
fool about with." -- Joris van Dorp
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
