Linux-Networking Digest #926, Volume #9 Mon, 18 Jan 99 19:13:32 EST
Contents:
Re: ppp-2.3.4: CHAP problem (Clifford Kite)
Re: Hacking Win95 for CHAP secret (Clifford Kite)
Re: Connect without hub ([EMAIL PROTECTED])
Re: DOES LINUX SUCK (jedi)
installation via nfs fails!? ("Oliver Graemer")
Re: IMAP/POP and sendmail question? ("Anthony W. Youngman")
Re: PPP logging frames! Why? (Chuck Carlson)
Changing passwords in Samba ("James P. Kidd")
Re: DOES LINUX SUCK ("minstrel")
Three questions (or take it easy on the newbie). ("minstrel")
Netscape and TiK... SOCKS? (Matt Ostiguy)
Re: ftp datastream sometimes failing ([EMAIL PROTECTED])
Re: Finger info, hostname (Brian McCauley)
Re: forwarding, masquerading, firewalling?????? (Michael Schwager)
Re: Sending a file to a remote machine's port (Elchonon Edelson)
TTY Settings When Telnetting ("Tony D. Berry")
Re: forwarding, masquerading, firewalling?????? (Luca Filipozzi)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: ppp-2.3.4: CHAP problem
Date: 16 Jan 1999 22:35:15 -0600
OK here's a chap-secrets file to try
guest * "" *
* guest "" *
If that doesn't work, then call the help desk again and ask whether the
NT server is a domain controller or not. If it is not a domain controller,
then get the domain name from them and try
DomainName\\guest * "" *
* DomainName\\guest "" *
where DomainName is the domain name from the ISP. And change the pppd
<name guest> option to <'name DomainName\\guest'> . This is described
in README.MSCHAP80 . Pppd *must* recognize a valid entry in chap-secrets
before it will stop doing ConfRej for MSCHAP.
The `*'s are wildcards that permit any name to be accepted. They are
explained somewhat in the pppd man pages, as is the fourth chap-secrets
field which has to do with what IP addresses are allowed. This field
may be required for MSCHAP although it's not for plain CHAP - at least
not by my ISP. The ISP can use this field to restrict the IP addresses
that the client uses.
HELP ([EMAIL PROTECTED]) wrote:
: Thanks for your help but it still doesn't work.
: I have recompiled ppp-2.3.4 with commenting out USE_CRYPT macro and
: added "" to secret field of the chap-secrets file.
: but still ConfRej...
: I also asked my ISP's help center but they don't know how to connect to
: their server from linux.
: BTW, how do I know if I have encrypt()?
: no man page for encrypt but following code compiled with no error:
: void main() { encrypt(); }
If this compiled then you have encrypt. You could also look for the
library libcrypt, perhaps in /usr/lib as found in pppd/Makefile.linux .
: I read README.MSCHAP80 and successfully tested testchap.c in it.
: so my chap-secrets file is now: DialupNT guest ""
: guest DialupNT ""
: and run pppd with "pppd /dev/modem 38400 name guest remotename DialupNT
: defaultroute".
: my kernel is 2.0.35 within slackware 3.6.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* Those who can't write, write manuals. */
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: Hacking Win95 for CHAP secret
Date: 18 Jan 1999 11:15:05 -0600
Leon Wood ([EMAIL PROTECTED]) wrote:
: My ISP has flatly told me they will not help me configure Linux.
: Clearly they've aligned themselves with the forces of darkness in
: Redmond. If I knew what the CHAP secret was I think I could do it
: despite their obstructions. Win95 DUN works so the secret is in there
: somewhere, can anyone tell me where and how to find it?
Well, I'm on thin ice here since I don't have (or care to have) Win95
but you might try looking in the windows directory for *.ins files.
I know of at least one case in which such a file yielded the chap secret.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* I gave up on politics when no matter who I voted for, I regretted it.
* -- Pepper...and Salt, WSJ */
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
comp.dcom.lans.ethernet,comp.sys.sun.admin,comp.os.ms-windows.networking.win95
Subject: Re: Connect without hub
Date: Mon, 18 Jan 1999 17:38:34 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > Rob Wiltbank <[EMAIL PROTECTED]> wrote:
> > > No, a hub is designed to to take packets and distribute them as best as
> > > is can to their destination. You're more likely to have packets collide
> > > on a peer to peer than through a hub.
A hub is considered to be a layer 1 device with no intelligence whatsoever. It
will repeat all packets received to all other ports on that hub.
A bridge or a switch (think of it as a multiport bridge)is a layer two
device that will distribute packets to the appropriate ports based on mac
addresses.
Hooking two computers to a hub is essentially IDENTICAL to connecting with a
crossover cable. The only time you can eliminate collisions is if you have
100bTX on both computers which support full duplex. You can then either
connect them to a switch which will also support this, or with a crossover
cable. 100bTX full duplex with a crossover cable between two computers will
never have collisions. ANY connection between ANY devices that uses 10bt will
have collisions, because they cannot transmit and receive at the same time.
That being said, a network with only two computers won't have a very high
collision rate, and isn't something to be that concerned about.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (jedi)
Crossposted-To: comp.os.linux.advocacy,linux.redhat.install
Subject: Re: DOES LINUX SUCK
Date: Mon, 18 Jan 1999 09:34:23 -0800
On 18 Jan 1999 03:17:14 GMT, jerome <[EMAIL PROTECTED]> wrote:
>> You just have no idea what you're doing.
>Unsupported accusation.
>Most people in here consider themselves
>superior and what admit that Linux is a total
>pain in the ass at first. Unless of course
This can be true of any PC OS, actually.
It's not merely limited to Linux.
>someone has an extraordinary IQ or some
>sort of college background in computing.
>
>I belive that anyone who happens to fit the
>afore mentioned profiles would not even respond
>to a post like "DOES LINUX SUCK".
>
>Jerome
>
>
>
--
Herding Humans ~ Herding Cats
Neither will do a thing unless they really want to, or |||
is coerced to the point where it will scratch your eyes out / | \
as soon as your grip slips.
In search of sane PPP docs? Try http://penguin.lvcm.com
------------------------------
From: "Oliver Graemer" <[EMAIL PROTECTED]>
Subject: installation via nfs fails!?
Date: Mon, 18 Jan 1999 18:55:45 +0100
Hi,
I have installed Debian 2.0 on one of my computers. The nfs is compiled as a
module in the kernel. I tryed to install Debian on the second computer via
nfs, but I got the
message:
mount: RPC: Program not registered
How can I solve this problem?
thx!
Oliver
------------------------------
From: "Anthony W. Youngman" <[EMAIL PROTECTED]>
Crossposted-To: comp.mail.sendmail
Subject: Re: IMAP/POP and sendmail question?
Date: Sun, 17 Jan 1999 21:33:31 +0000
Reply-To: "Anthony W. Youngman" <[EMAIL PROTECTED]>
In article <01be420e$7540a9e0$83fd4fc1@jnzbwtaw>, Raymond Doetjes
<[EMAIL PROTECTED]> writes
>You are pretty well informed for some one who clames not to know much about
>email.
>I davice you to install RedHat for IMAP and POP3. They run standardly after
>install. (Usaually I advice SuSE) but I know what I'm talking about.
>
Just to point out SuSE also supports POP3 (and presumably IMAP) by
default. I installed SuSE 5.2, then just pointed Eudora at it, and it
works perfectly (well, not perfectly, but that's the fault of
sendmail.cf, not pop3 :-)
--
Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
Trousers with a single hole in their waistband are topologically equivalent
to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
outlets! (SuperStrings by F. David Peat)
If replying by e-mail please mail wol. Anything else may get missed amongst
the spam.
------------------------------
From: Chuck Carlson <[EMAIL PROTECTED]>
Subject: Re: PPP logging frames! Why?
Date: 18 Jan 1999 17:41:20 GMT
Clifford Kite <[EMAIL PROTECTED]> wrote:
> See this recently. A message redirection line in /etc/syslog.conf
> was logging everything in sight to /var/log/messages. Read up on
> syslog.conf with "man syslog.conf" and you'll be able to fix it.
Thanks,
There was a *.* in the syslog.conf file and removing it stopped all
messages from ppp from logging, even the normal connection and
termination messages. So removing the *.* is a brute-force temporary
fix to the problem. The real solution lies somewhere else. Perhaps
in another configuration file.
Chuck
------------------------------
From: "James P. Kidd" <[EMAIL PROTECTED]>
Subject: Changing passwords in Samba
Date: Mon, 18 Jan 1999 15:07:49 -0500
I have setup a Samba server as a group of shared resources for my
church. The users are will not be comfortable using telnet to login and
change their passwords. Is there a method for changing passwords on
both Windows 95 and Samba's shared resources from the Windows GUI?
If not I guess I will have to write up a procedure for logging in and
changing passwords through telnet.
Anybody else doing this out there?
Jim Kidd - Parttime UNIX admin in the Midwest -
------------------------------
Crossposted-To: comp.os.linux.advocacy,linux.redhat.install
From: "minstrel" <none>
Subject: Re: DOES LINUX SUCK
Date: Mon, 18 Jan 1999 22:46:38 GMT
Amen brother.
------------------------------
From: "minstrel" <none>
Subject: Three questions (or take it easy on the newbie).
Date: Mon, 18 Jan 1999 22:57:53 GMT
Ok guys, here goes. I'm running RH5.2 with an working WAN connection to the
Internet. Here are some problems.
1. Can't get mail from POP3 server. I'm using fetchmail, but always get a
message about a SMTP error when it tries to download. I've been told I need
to have sendmail running, but I'm not sure what to do. I would assume RH5.2
has it, because it worked when I was on RH4.2. When I type "sendmail" the
command doesn't exist.
2. I've yet to be able to change screen resolutions in Xwindows. For some
reason my monitor defaults to 640 * 480. The best I've been able to do is
manually edit to get my virtual screen down to the same size. I would
really like a smaller resolution.
3. I've also yet to be able to use the screen savers in Xwindows. When I
try, nothing happens. I once stumbled across an error message (please,
don't ask me where. I don't remember) that said it couldn't open/find the
screen saver program. Although it doesn't work in any of the X
environments, concentrate ideas to AfterStep, as that is my favorite.
Well, I feel guilty placing so much in one post. If I've broken any
unwritten rule, please fill me in. All help will be greatly appreciated.
The first problem is the most important to me.
Thanks,
Aaron T. Mitchell
[EMAIL PROTECTED]
------------------------------
From: Matt Ostiguy <[EMAIL PROTECTED]>
Subject: Netscape and TiK... SOCKS?
Date: Mon, 18 Jan 1999 14:07:33 -0500
I am running a Linux masquerade box, everything is kosher. On my windows
PCs, everything works, everything gets passed through = happiness. My
LAN is happy!
Now, because I am serious about learning Linux, I also have a laptop
happily dual booting between NT and Linux. In Linux, I got Xfree86
cooking, things were looking good. But now, Netscape 4.5 and Tik 0.55
don't seem to be able to resolve hostnames, whereas I can from any
command prompt. Clearly, I have been ftp'ing with a vengeance! In none
of my windows apps on NT or 9x have I had to configure any proxy or
firewall settings. I have attempted to do so for these two apps in Linux
nonetheless, and still no go. Is this a SOCKS issue? Is this some X
Windows issue for name resolution? Netscape, however heralded in the
Linux community doesn't odffer much help for Linux users on their
support pages.
I am running 2.0.31 with xfree 3.3.3.1, fwiw
Thanks,
Matt
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Ostiguy, MCSE
IM: ostiguy781
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ftp datastream sometimes failing
Date: Mon, 18 Jan 1999 20:49:58 GMT
Try using the -vj and/or the -vjccomp options when invoking pppd. It appears
that the compression is causing some confusion in some routers and they are
dropping frames due to bad checksums. I don't understand all the details,
except to say that the above worked for me!
Mark
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Brian McCauley <[EMAIL PROTECTED]>
Subject: Re: Finger info, hostname
Date: 18 Jan 1999 17:48:01 +0000
"Perus" <[EMAIL PROTECTED]> writes:
> I'd like to change the hostname length shown in finger in my linux system.
> How do I do this?
Change the defintion of UT_HOSTSIZE /usr/include/utmp.h.
In fact the code is already in there for a new improved utmp but it's
ifdef'd out.
Then just recompile your libc and anything else that may include
utmp.h.
This is, of course, impractical.
More realistically you could probably modify the finger to call
gethostbyaddr() on the value in the ut_addr field of struct utmp.
--
\\ ( ) No male bovine | Email: [EMAIL PROTECTED]
. _\\__[oo faeces from | Phones: +44 121 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 121 627 2173 (voice) 2175 (fax)
. l___\\ /~~) /~~[ / [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
# ll l\\ ~~~~ ~ ~ ~ ~ | http://www.wcl.bham.ac.uk/~bam/
###LL LL\\ (Brian McCauley) |
------------------------------
From: Michael Schwager <[EMAIL PROTECTED]>
Subject: Re: forwarding, masquerading, firewalling??????
Date: Mon, 18 Jan 1999 14:31:41 -0800
Thanks a lot. So far in one day I have not been assigned a new ip address. I
will use the subnet method instead of having the dhcpc server calling the
script.
Two new problems:
1. Last night, my LAN hosts were able to get on the net and web browse even
though I could not ping to an internet host by name (I had to use the ip
address). Today, for some stupid reason, I can't even browse. I can load up a
web page by typing in the ip of the site, but that's it. Something to do with
nameservers I'm sure. I didn't change anything on the windows-host (LAN) end,
I'm sure. I used tcpdump and saw that when netscape loaded up on a host on the
LAN, NOTHING came through to either network card. I just used tcpdump in
default mode so it was supposed to see everything coming. So for some reason
netscape isn't even asking the linux machine to go look for things. When I ping
from a LAN host to something, like scf.usc.edu, tcpdump reports this:
mindwalker.netbios-ns > 10.10.10.255.netbios-ns: udp 50
and the overall ping doesn't work. I don't know if these two issues pinging and
web browsing) are related.
2. Last night, when browsing was working, ICQ didn't work from the LAN hosts
either. I'm not sure if that's because of the nameserving problem or because of
more involved proxy/firewall issues having to do with icq.
Any and all help is much appreciated :)
michael
------------------------------
From: Elchonon Edelson <[EMAIL PROTECTED]>
Subject: Re: Sending a file to a remote machine's port
Date: Mon, 18 Jan 1999 22:53:06 GMT
Chris Severn wrote:
>
<SNIP!>
> OK, so I'm replying to my own post, but I've just fixed my problem.
> If anyone has an answer to why my previous attempt didn't work though,
> I'd still be very interested.
>
> I looked though a sample sockets program, and found that it actually
> is very easy. I just wrote a "C" program which opens up a socket at
> the desired site and port, and proceeds to read and write whatever
> data I like, without using telnet.
>
> I posted the program to my website http://www.iinet.net.au/~severn
> Just in case anyone's interested.
netcat. Ships with RedHat 5.2 as the package named "nc", but its been
around for a long long time. I think that the source can be found on
the l0pht website.
you'd do something like "cat file | nc -w1 remotehost port".
Its just a shame nobody pointed you to it before.
Search for the word "netcat" on www.l0pht.com turns up
http://www.l0pht.com/~weld/netcat/index.html, announcing
their release of an NT port of the program. Also has links
to the original source in compressed tar format, and an
HTMLized version of the netcat README file, which is quite
a good users manual. The source also includes a bunch of
shell scripts that use nc to implement demo tools, such
as a minimalist web browser written in about 150 lines of
shellcode.
--
Elchonon Edelson [EMAIL PROTECTED]
IntelliSoft Corp. http://isoft.com/
Disclaimer: I sp eak for myself only.
------------------------------
From: "Tony D. Berry" <~ Tony D. Berry @ dameon.net ~>
Subject: TTY Settings When Telnetting
Date: Mon, 18 Jan 1999 13:19:28 -0600
I have a RH Linux box with kernel 2.0.34 on a LAN offsite. I have two
different locations each one has a 128K ISDN to the offsite LAN/Linux box.
Let's call the Linux box "linux1" and that domain "local.com". Site one will
be "home.com" and site two will be "work.com". From home.com I can telnet
across the ISDN to the Linux box and it connects and everything works 100%.
>From work.com I can telnet across the ISDN to the Linux box and almost
everything works fine. The biggest hassle is full screen editors like JOE,
PINE, TIN, etc. From home.com I can scroll in all four directions and the
screen follows accordingly. At work.com I can scroll all directions except
up. When I move up it visually moves a few lines at the top of the window
and logically moves everything correctly. Which means I can look at line,
let's say, 12 and it may say one thing but moving down to that line and
moving horizontally reveals the logically placed text instead of the
visually placed text.
It's hard to explain, but this always happens after a new install and
usually goes away after a few days. This has occurred since I started using
Linux in the 1.x days.
I telnet to the Linux box with the same account (i.e. same .bashrc) and a
"set" command from work.com and home.com are identical. The telnet client is
the same program on the same platform with the same settings at both sites.
The one possible factor that plays into this is that the computers at
home.com are actually all given a local.com domain name. The only effect I
think this could have is that the Linux box thinks telnet connections from
home.com are "local" and is changing something in the TTY settings. A "who"
shows that ttyp0 is the pseudo TTY number given to both sessions and NOT a
tty1. Another odd factor is that I can telnet to a different (but same
setup) Linux box on the same network as my Linux box and editors work fine.
If I then double telnet from my box, to the other box, and back to my box,
it fails as described above.
Any assistance appreciated. Please CC to Usenet and email as my Usenet feed
from MCI/C&W is very unreliable.
Thank you.
Tony D. Berry
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: forwarding, masquerading, firewalling??????
Date: Mon, 18 Jan 1999 16:05:06 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Thanks a lot. So far in one day I have not been assigned a new ip address. I
> will use the subnet method instead of having the dhcpc server calling the
> script.
>
> Two new problems:
> 1. Last night, my LAN hosts were able to get on the net and web browse even
> though I could not ping to an internet host by name (I had to use the ip
> address). Today, for some stupid reason, I can't even browse. I can load up a
> web page by typing in the ip of the site, but that's it. Something to do with
> nameservers I'm sure. I didn't change anything on the windows-host (LAN) end,
> I'm sure. I used tcpdump and saw that when netscape loaded up on a host on the
> LAN, NOTHING came through to either network card. I just used tcpdump in
> default mode so it was supposed to see everything coming. So for some reason
> netscape isn't even asking the linux machine to go look for things. When I ping
> from a LAN host to something, like scf.usc.edu, tcpdump reports this:
> mindwalker.netbios-ns > 10.10.10.255.netbios-ns: udp 50
> and the overall ping doesn't work. I don't know if these two issues pinging and
> web browsing) are related.
Are you running a nameserver? If so, this will turn into a whole other
discussion.
Or are you using your ISP's? Which will make life easier.
Step 1: Tell your Linux box and your LAN hosts to use your ISP's
nameserver. (You're paying the ISP for the right to use it!) On the linux
box, this is done with the /etc/resolv.conf file.
Step 2: Try to ping www.yahoo.com (or whatever) from the firewall. If it
resolves the name to an ip address, then the firewall's in business.
Step 3: Try to ping www.yahoo.com (or whatever) from one of the LAN
hosts. If it resolves the name to an ip address, then it's in business.
If it doesn't, use tcpdump on the firewall to see if the domain (name
resolution) packets are making it into and out of the firewall and back
again. If they aren't, then it isn't a name resolution problem but a
firewall problem. If they are, but ping doesn't work, do the same tcpdump
trick to see what's going on with the echo packets. Once you have all of
that working, trying surfing.
>
> 2. Last night, when browsing was working, ICQ didn't work from the LAN hosts
> either. I'm not sure if that's because of the nameserving problem or because of
> more involved proxy/firewall issues having to do with icq.
OK. Now you're onto the advanced stuff ;). ICQ uses a whole mess of ports
and stuff and doesn't like to be masqueraded. This is where masquerade
"helper" modules come in. For example, ip_masq_ftp helps ftp sessions
through a masquerading firewall and ip_masq_radio helps RealAudio(tm)
sessions through a masquerading firewall. The reason these "helper"
modules are required are a result of how a masquerading firewall tracks
currently active outbound connections and how it rewrites the packets as
they go out or come back in. (I won't go into detail.)
Suffice it to say that you need a module for icq. I don't know if one
exists and suggest you do a search. If one doesn't exist and you know the
port numbers that icq uses and you only want to have icq run from LAN
host, then you can use port forwarding.
Let me know and I'll try to help out.
>
> Any and all help is much appreciated :)
> michael
>
>
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
