Linux-Networking Digest #228, Volume #11 Fri, 21 May 99 14:13:57 EDT
Contents:
Re: System cracked! Recovery help? (ByteMe)
Samba server does not accept remote requests. (Ryan Claycamp)
Re: PPP and DNS problem (dkwok)
Re: linux ADSL setup (pachell uptime and dsl quality) (Dave)
denying access to certain websites (Tom Elsesser)
Re: IPFWADM failure to subnets ("David Means")
Re: Compiling SSH 2.0.26 on RH 6.0 or kernel 2.2.x (Scott Ellsworth)
Subnet Confusion (Paul Michael Tevis)
Re: ip_allow (ByteMe)
Re: POP3 server question (ByteMe)
Re: ssh 1.2.26 + pam + shosts problem on RedHat 5.2 (Scott Ellsworth)
Re: samba troubles (password related ?) (Eric Yousey)
ppp server error (Leung Chan Hei)
Samba and lpr problem ("Ryan Yetter")
ipchains and icq (again) ("Stephen Hicks")
Re: Samba_2.0 NT4_SP3 and Linux SuSE6.1 (Matt)
seting up linux as dail in localonly tcp/novel/NT network (Michael Kutz)
----------------------------------------------------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: System cracked! Recovery help?
Date: Thu, 20 May 1999 23:11:07 -0700
James Kimble wrote:
> I had a break in over the weekend. When I tried to reboot
> everything started out normally, then gave the message "can't
> load console" (or something similar) and freezes.
>
> I booted from a floppy into single user mode. I used mknod to
> create the /dev/hda# files. Then I mounted the dev's to a dir.
> There's nothing in the dir though. Is this the right way to check
> a drive? If not how do I get to what data is left on my drives?
>
> Any help would be appreciated, thanks,
>
> [EMAIL PROTECTED]
This is a pretty common hack by Scum who have nothing better to do out
there.
SECURITY-SECURITY-SECURITY-SECURITY is everything on a network.
If you don't correct this problem now it will happen again
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! believe me
Pick-up some books and read.
The hacker probably got in using telnet with an easy passwd.
The trusted hosts file ( /etc/hosts is a huge hole for hackers )
if they can spoof a telnet or tty as 127.0.0.1 or your 1st up stream GW
your dead !!!
you need to decide first what you are using this machine for ( i.e
workstation , firewall/gateway etc )
Disable all of the servers you don't need - Every deamon that starts is
a potential hole.
edit your hosts.deny and hosts.allow file accordingly ( use the HOWTO's
)
disallow service to 127.0.0.1 & your.static.ip.com ( again if they can
spoof your add. )
the PAM auth. modules have holes in them ( look at www.redhat.com
linux eratta )
you can use ipfwadm ( IP-masquerade HOWTO & Firewall HOWTO )
disable ICMP with ipfwadm so your machine will not respond to
PING requests !!!!
disable ftp, http, finger, netstat, and anything else.
edit your inetd.conf ( /etc/inetd.conf ) and comment out any services
that are'nt needed
which is probably just about everything.
Just remember, the more services the holes.
you should set up a proxy server & packet filter ( can be on one box )
infront of your boxes
the ip filter ( ipfwadm or something better ) will catch them at the
network layer hopefuly &
if they get through that then the proxy should stop them.
good luck.
oh! by the way, if you have a dedicated firewall/GW think about
adding a 2nd HD with a dos Part.on it ( or zip drive / jaz dr ) and
ghost an image of your ext2 disk to the dos drive.
that way if it happens again you can be up and running a 5 minutes
------------------------------
From: Ryan Claycamp <[EMAIL PROTECTED]>
Crossposted-To: linux.samba
Subject: Samba server does not accept remote requests.
Date: Fri, 21 May 1999 12:03:57 -0500
I am running Samba 1.9.18.p10 on a Linux 2.2.1 box. When I right click
on the server in either a Windows NT Workstation 4.0 or Windows 98
Network Neighborhood window, it gives me a Microsoft Networking error
message: The server cad2 does not accept remote requests. If I click
OK, it continues and displays the server name, comment, and type. How
do I get rid of this error? Since it shows up on both the NT and Win98
machines, I am assuming it is a Linux/Samba setting I need to change.
What could it be?
Ryan
--
Visit the Guernsey Company web page - http://www.guernseyaviation.com/
------------------------------
From: dkwok <[EMAIL PROTECTED]>
Subject: Re: PPP and DNS problem
Date: Fri, 21 May 1999 17:20:52 +1000
"Ferdinand V. Mendoza" wrote:
> Your ISP must be too paranoid. Switch to another
> if there's any.
>
> Ferdinand
>
> ++++++++++++++++++++++
>
> See no Microsoft.
> Hear no Microsoft.
> Speak no Microsoft.
>
> +++++++++++++++++++++++
>
> Karl Bradley wrote:
>
> > Hi, hope someone can help. I've got a linux box that I use as a file and
> > print server on a small network. (address 192.168.0.2). I also want to use
> > the linux box to connect to the internet.
> >
> > Now my problem is this........I have connected to my ISP fine. pppd
> > launches, I'm assigned an IP address and I can ping any ip address on the
> > net. (my ISP won't give me their nameserver addresses so I'm running a
> > cahing name server). If I use nslookup, it will give me all the correct
> > details, but if I try and then ping that name (eg, www.yahoo.com) it says
> > "ping: unknown host www.yahoo.com"
> >
> > I suspect that it may be something to do with my gateway address, in that I
> > do not know what to set the gateway address on my linux box to.
> >
> > If I do traceroute, it says multiple interfaces using 192.168.0.2 @ eth0. I
> > think that this may be the root of my problems, but have no idea how to
> > rectify it.
> >
> > I really hope that someone out there can help me. I'm afraid that being a
> > novice, I'm completely over my head here.
> >
> > Karl Bradley
> > [EMAIL PROTECTED]
DNS does not have to be the one from your isp in fact any dns can be fine. So you
can ask someone who has DNS ip address.
Or use mine at bigpond.com dns 139.134.5.51
Cheers
------------------------------
From: [EMAIL PROTECTED] (Dave)
Crossposted-To: comp.os.linux.setup,comp.dcom.xdsl
Subject: Re: linux ADSL setup (pachell uptime and dsl quality)
Date: 21 May 1999 12:03:02 -0500
Bryan,
I have Pacbell ADSL scheduled for install this coming thurs (May 27).
If I were to call Pacbell DSL ahead of time to get my static IP, who
do I ask for? Is the provisions office accessibly through the 888 DSL
number?
Finally, I too have caller ID on that POTS. I find it strange that
the ID reader was causing problems. Did you also terminate caller ID
when the problem was cured?
TIA
Dave
On Fri, 21 May 1999 16:00:13 GMT, bryan <[EMAIL PROTECTED]>
wrote:
>the modem is VERY sensitive to caller-id signals. when I had the dsl
>modem installed, the installer (downstairs at the demarc) said
>"something is putting a signal on the line - you gotta fix that before
>we can proceed". turns out that it was all my caller-id boxes. when
>they blink their lites to show incoming calls, this screws with the
>dsl modem big-time. fix: remove all caller id boxes from my pots
>lines ;-(
>
>if the pots 'tree' isn't balanced in some way, then just having a pots
>phone after the pots splitter (not even off-hook) will cause the
>alcatel dsl modem to blink red (error). solution: remove all phones
>from the house except one (DAMMIT!)
>oh, and be SURE you get your static ip addresses from 'provisioning'
>BEFORE (!) the dsl tech comes out to your house. I was told that the
>tech would have my IP's and that was 100.0% incorrect. I was onhold
>for well over an hour waiting in the queue for a provisioning person
>to assign my ip space. I wanted that before the tech left the house,
>so we could verify ip connectivity. the phone support is very shabby
>and you will wait 20 minutes on-hold before they disconnect you (on
>accident, of course). uhm, I mean, before they connect you to a
>service rep - who is pretty clueless and if you have any tech
>questions at all, you need to go immediately to a supervisor. sigh -
>BIG sigh...
------------------------------
From: [EMAIL PROTECTED] (Tom Elsesser)
Subject: denying access to certain websites
Reply-To: [EMAIL PROTECTED]
Date: Fri, 21 May 1999 17:25:13 GMT
I am setting up a RH5.2 linux machine in my childrens school as an
http server and also ip forwarding for internet access. The principal
is wary of the kids abusing the internet, gettting access to sites
they should not be allowed to view (it's a K-8 parochial school).
While I have the server set up for dial out and ipforwarding, I don't
know how to keep them from viewing the undesirable sites. I have used
/etc/hosts.deny and hosts.allow for individual ip's, but that seems to
be quite a daunting task to find *all* the sex sites and put them into
a file. What would be the best way for me to go about this?
Thanks,
--
Tom
------------------------------
From: "David Means" <[EMAIL PROTECTED]>
Subject: Re: IPFWADM failure to subnets
Date: Thu, 20 May 1999 23:07:05 -0700
Lars Larsen <[EMAIL PROTECTED]> wrote in message
news:<7i2hvj$pvg$[EMAIL PROTECTED]>...
> Setup:
> RH 5.2 box with 2 NIC's acting as our firewall using IPFWADM.
> Local ethernet segment with 4 Subnets connected via T1's using Bay ASN and
> AN routers.
>
> Problem:
> All users on all subnets can generally browse, telnet, ftp etc. without
> problems. However, certain web sites are only "browsable" from the
ethernet
> segment connected to the inside interface of the firewall, but NOT on the
> routed subnets!! Needless to say, there are several such hosts that we
MUST
> be able to reach!!
> We are using class A private addresses on the inside network, subnetted as
a
> class B network:
> 10.20.0.0 255.255.0.0
> 10.21.0.0 255.255.0.0
> etc. and we don't have routing problems in general.
>
> Example of problem hosts:
> www.compaq.com www.nec.com
>
> Details:
> These hosts cannot be ping'ed or traceroute'd to - even from a box
connected
> directly to the internet!!! I guess possibly indicating they are inside
some
> sort of DMZ behind a firewall (Checkpoint ??)
>
> How do I solve this problem:
> 1) Is there a cure for my internal routers and/or IPFWADM params that I am
> missing?
> 2) Will a proxy server such as Squid help here?
> 3) Do I need an application level firewall (TIS's FWTK) ..and if so where
> does one find this now that TIS was taken over by Network Associates??
>
> ...or ?????
>
> Please, send a reply directly via email in addition to posting.
>
> Lars Larsen
You might try to find out more precisely why these WWW targets are
being problematical, by following the debugging scheme that I published
some time ago:
1. Turn on logging for all TCP packets not caught by a previous rule,
and attempt the transaction. As soon as you see if it works or not,
remove the permissive logging rules, and then go look at /var/log/messages,
where you will see what packets had previously been denied, but were
necessary for that protocol to succeed.
Admittedly, this represents a small security threat for the duration
of the experiment, but it is fast, and the window of opportunity is
very small.
Here are the files to make things easy. Put them in a convenient
directory so that you can treat them as commands (and don't forget
to chmod them to 774 (or whatever execute permission you think is
a good idea).
logall
=========================================================
#!/bin/bash
# Temporary tcp packet rules (recorded in /var/log/messages)
# These commands insert rules to accept all packets not previously
# matched, and to log info about them. This could well be
# a security breach, so a companion script is used to remove
# the rules when we are done with testing.
/sbin/ipfwadm -I -a accept -o -P tcp
/sbin/ipfwadm -O -a accept -o -P tcp
=========================================================
dellogall
=========================================================
#!/bin/bash
# Temporary tcp packet rules (recorded in /var/log/messages)
# These commands insert rules to accept all packets not previously
# matched, and to log info about them. This could well be
# a security breach, so a companion script is used to remove
# the rules when we are done with testing.
/sbin/ipfwadm -I -d accept -o -P tcp
/sbin/ipfwadm -O -d accept -o -P tcp
==========================================================
------------------------------
From: [EMAIL PROTECTED] (Scott Ellsworth)
Subject: Re: Compiling SSH 2.0.26 on RH 6.0 or kernel 2.2.x
Date: Fri, 21 May 1999 17:13:52 GMT
In article <7hu8ek$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Duncan Simpson) wrote:
>The licence is a serious snag. Commercial use was drastically
>redefined to include almost everything. ssh version 1's licence says
>lots of uses are not uses that require you to pay datafellows. Result?
>Everyone continues to use ssh version 1. So whatever client you use to
>speak to your ISPs servers it will almost certaintly be speaking
>version 1 of the protocol.
One of the real problems with ssh1 is the lack of good Mac clients that do
port forwarding. I am thinking of building a vpn around ssh and ppp, and
as best as I can tell, this is going to be exciting on the Mac side.
Data Fellows does have a Mac client that does ssh2 with forwarding, but I
have not yet gotten the demo to connect via ssh1 or ssh2 using dsa keys
for authorization on either Macs or PCs.
(We will need Linux clients as well, but those are relatively easy.)
Why ssh for VPN? We need to support roaming linux, PC, and Mac clients,
and carrying a SonicWall around was considered too much of a burden. We
will likely use those for the fixed IP people.
I am willing to use an ipsec client, but I have not found one that works
on all 3 platforms.
Scott
--
[EMAIL PROTECTED] http://www.iceweasel.com/~scott
"When a great many people are unable to find work, unemployment
results" - Calvin Coolidge, attrib. by Stanley Walker, City Editor,
p. 131 (1934). "You die, she dies, EVERYbody dies." - Heavy Metal
------------------------------
From: [EMAIL PROTECTED] (Paul Michael Tevis)
Subject: Subnet Confusion
Date: 21 May 1999 16:21:34 GMT
I'm attempting to get networking going on my Linux machine (Slackware
2.0.34) on one of my university's networks. For various security reasons,
my IP address is not-world visible (i.e. no Internet for me) but it is
supposed to be able to talk to the various machines on the several subnets
that comprise the network. Here's the kicker. I'm on an private
Ethernet (obviously) but most of the machines I'm trying to connect to are
world-accessible, so obviously they are on a different subnet. I've been
told by the local powers that be that in order to get this to work, I'm
suppose to add static routes to these other subnets through myself.
Specifically, incantations of the form:
route add -net a.b.c.0 gw 'uname -n' metric 0
How is this supposed to work? (It hasn't so far.) I can ping things on
the local subnet that my IPaddr is on, but I can't get it to talk to
any other subnets. Even worse, route keeps telling me that certain
networks are invalid arguments. Specifically
My IPaddr: a.b.c.d
My subnet: a.b.c.0 <-- I can talk to machines on this subnet.
Other subnet a.b.e.0 <-- route lets me add this but can't find things
Subnet I want to talke to: f.g.h.0 <--- route tells me this is not a valid
argument.
I'm really confused, because I don't see how telling my machine to use
itself as a gateway will work, because I only have one Ethernet interface.
Any help would be appreciated.
Thanks,
--Paul
------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: ip_allow
Date: Thu, 20 May 1999 23:39:58 -0700
mist wrote:
> root <[EMAIL PROTECTED]> scribed to us that -
> >Hi:
> >
> >I have a Linux box (RH5.2) running as a mail gateway and running IP
> >Masquerading. After placing my ISP's mail relay into the relay_allow
> >file and placing my internal class C (192.168) along with 127.0.0.1 into
> >the ip_allow my internal users can send mail out with no problem.
> >
> >How go I get outside mail into the shop via the same box?
> >
> >My DNS MX is pointing at the box. When I mail from an outside source, It
> >bounces with the proverbial '551 relay not allowed' kind of error.
> >
>
> This suggests that your copy of Sendmail believes that it is not
> supposed to accept mail for your domain. That is, it doesn't know which
> domain it is in. (Class w or something.)
>
> >I guess I'm looking for how to turn off the relay filter and allow all
> >mail from all sources into the gateway, Or am I to have my MX entry
> >point to a seconf IP and use tunneling to route it directly to my
> >internal sendmail hub?
> >
> >What am I missing?
> >
>
> You're probably missing either a sendmail.cw file with your domain name
> in it, like
>
> localhost
> my.domain.com
>
> Which would say "accept mail destined for localhost or my.domain.com".
> Or, if you've not set up Sendmail to use the cw file, you would need
> something in the sendmail.cf file like -
>
> Cwmy.domain.com
>
> It should appear near the "local info" bit. Probably better just to
> redo the .mc file including the lines
>
> define(`confCW_FILE', ` /etc/mail/sendmail.cw')dnl
>
> and
>
> FEATURE(use_cw_file)
>
> Then you can put all your accept domains into the .cw file. (Note
> that's for incoming, not outgoing relay.)
> --
> Mist.
My guess is you are using redhat ver 5.2 or 5.1 which when redhat
releasded those versions sendmail was compiled so that you have to use
ip_allow & deny & name_allow and put all the entries in the ip_allow that
you need to send & recv mail to ( static entries ) , this was done to help
prevent spammers from hammering the system. The easiest way arround this is
to RECOMPILE sendmail with this turned off ( i have forgotten the *.c &
assoc. *.h files for this )
but you can go to redhat.com and get the info.
------------------------------
From: ByteMe <[EMAIL PROTECTED]>
Subject: Re: POP3 server question
Date: Thu, 20 May 1999 23:42:26 -0700
Teri wrote:
> Dumb question, but I have Linux running on two machines, both
> Debian 2.0.34 using smail (sendmail). On one machine I installed
> mail from the setup packages, on the other I forgot to install
> mail, and installed it later. On the first machine, when I
> connect to get mail from a windows machine, everything works fine.
> On the second machine (the one I installed mail manually), windows
> complains that it can't find the POP3 server. I can't find what it
> is I'm missing to get it to be a POP3 server. Please help!
>
> Teri
You need to install the imap.rpm that is what contains the pop3d
deamon
------------------------------
From: [EMAIL PROTECTED] (Scott Ellsworth)
Crossposted-To: comp.security.ssh
Subject: Re: ssh 1.2.26 + pam + shosts problem on RedHat 5.2
Date: Fri, 21 May 1999 17:22:37 GMT
In article <7i3jeb$s2l$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Georg Schwarz) wrote:
...
>when terminating the shell opened via ssh (or when the command started by
>ssh terminates) the syslog on the destination machine (RH5.2) says:
>
>May 21 14:12:32 poseidon sshd[2675]: log: Closing connection to
>130.149.161.54
>May 21 14:12:32 poseidon PAM_pwdb[2675]: 1 authentication failure; (uid=0)
>-> root for ssh service
I am getting the same problem, and am mystified as well.
Scott
--
[EMAIL PROTECTED] http://www.iceweasel.com/~scott
"When a great many people are unable to find work, unemployment
results" - Calvin Coolidge, attrib. by Stanley Walker, City Editor,
p. 131 (1934). "You die, she dies, EVERYbody dies." - Heavy Metal
------------------------------
From: Eric Yousey <[EMAIL PROTECTED]>
Crossposted-To: linux.samba,comp.os.linux.setup
Subject: Re: samba troubles (password related ?)
Date: Fri, 21 May 1999 03:34:00 -0400
Michael Abadjiev wrote:
>
> There is a registry file that forces Windows 98 to use plain text for
> authentication you must run that file I think it comes with samba...
>
> [EMAIL PROTECTED] wrote:
>
> > If anyone could help me with this, I would sure appreciate it. I am
> > trying to set up a Linux server w/ samba(v 2.0) to store some shared files on.
> > I have everything installed, but Samba is giving me some problems. I
> > have a smb.conf:
> > [global]
> > workgroup = UHC
> > netbios name = THOTH
> > server string = One Cool Server
> > [homes]
> > comment = home directory for the studs
> > path = %H
> > [tmp]
> > comment = temporary files directory
> > path = /tmp
> > [testshar]
> > comment = my test share
> > path = /home/archive
> > guest ok = Yes
> >
> > When I run 'smbclient -L thoth' on the linux machine, it works and lists
> > the shares available, but from my windows(98) clients, it just says that
> > thoth is inaccessible. When I try to do a 'net view \\thoth', I get
> > this error message:
> > Error 86: The specified network password is not correct. Type the
> > correct
> > password, or contact your network administrator for more information.
> >
> > I've gone through the DIAGNOSIS.txt file in the samba distribution, and
> > get to test #8, which is the net view <servername> one. The things it
> > says to do in there don't help. any other ideas?
> >
> > --
> > Morgan Terry
> > [EMAIL PROTECTED]
> >
> > -----------== Posted via Deja News, The Discussion Network ==----------
> > http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
Ok, I've had some similiar problems with my samba too. I suggest going
here to look at what this guy did. It really helped me to get off to a
good start. When what I got from here I was able to start sharing.
http://www.sfu.ca/~yzhang/linux/samba/toc.html
Also here are some samples of my smb.conf so you can see what it might
look like.
# Global parameters
workgroup = End of the Line
netbios name = EYousey
server string = Dual Pentium II 400 (o/c 412)
local master = Yes
domain master = Yes
bind interfaces only = Yes
security = SHARE
# security = USER // not inabled, I'm using share level
// need to set 95/98 to share level too
log file = /var/log/samba/log.%m
max log size = 50
read bmpx = No
time server = Yes
socket options = TCP_NODELAY
os level = 65
preferred master = Yes
dns proxy = No
wins support = Yes
guest account = smbuser
hide dot files = No
[X-emulators]
comment = run X program from a Unix machine
path = /ibm2/zips/X-emulators
read only = Yes
guest ok = Yes
[inbox]
comment = put stuff for me here
path = /ibm3/inbox
# read only = No
writeable = Yes
# guest ok = Yes
public = yes
# write list = @smb
# write list = @public
# valid users = smbuser
I never did get my inbox to work right. Especially if I had it mounted
on a vfat drive.
If you follow the step-by-step guide, and tweak things to your personal
network, you shouldn't have too many problems.
Good luck and I hope it works out for you.
--
Eric Yousey
mailto:[EMAIL PROTECTED]
ICQ: 6850552
AOL Instant Messenger: EYousey
http://members.aol.com/eyousey/index.htm
=========================================================
Team Leader of The Demon Sperm of Wright State University
Our attempt to win some money in the RC5 cracking effort
http://rc5stats.distributed.net/rc5-64/tmsummary.php3?team=3727
===============================================================
"Windows 98 is a buggy browser on top of a 32-bit extension and
a graphical shell for a 16-bit patch to an 8-bit operating
system originally coded for a 4-bit microprocessor, written by a
2-bit company that can't stand 1 bit of competition."
--unknown
------------------------------
From: [EMAIL PROTECTED] (Leung Chan Hei)
Subject: ppp server error
Date: 22 May 1999 01:23:27 +0800
hi all,
when I use the command "init q",
I always see the error messages in the syslog file:
init: Re-reading inittab
uugetty[612]: warning: INIT sequence failed on /dev/cua1
can some tell me what's wrong ?
Thanks
Leung Chan Hei
------------------------------
From: "Ryan Yetter" <[EMAIL PROTECTED]>
Subject: Samba and lpr problem
Date: Fri, 21 May 1999 02:50:31 -0400
Ok, I've been searching everywhere for even a clue as to what would cause
this. I have Samba 2.0.4 running under linux 2.2.9 (bastardized slackware
distribution) as a server to 3 windows 98 machines. I have a printer share
set up for an hp deskjet 722c. Now, it works under one condition, but not
under another. Here are the conditions:
If I run lpd [latest version of lprng under it] and then smbd after that
while I'm logged in as root, it all works perfectly. BUT, if I run lpd and
smbd from the rc* scripts, it won't work unless I kill both processes and
rerun them as root. If I don't do this, the file is sent to the server, but
the 'printer command' command won't run and the file will just sit there.
It will only work if I run lpd and smbd manually after logging in as root.
Any ideas appreciated.
------------------------------
From: "Stephen Hicks" <[EMAIL PROTECTED]>
Subject: ipchains and icq (again)
Date: Fri, 21 May 1999 17:23:49 GMT
I've got almost all functionality I need out of my icq that's running behind
the ipmasq firewall, but there are two things left:
1) Has anyone been able to set an away, N/A, etc message while behind the
firewall? it appears on my side, but no one else ever sees it!
2) Has anyone been able to set up the http server included with icq99 to
work behind the firewall?
Please respond even if you only know one or the other
Thanks in advance,
--
Stephen Hicks
mailto:[EMAIL PROTECTED]
http://home.tampabay.rr.com/kupopo/
icq: 5453914; aim: kupopo1
------------------------------
Date: Fri, 21 May 1999 08:40:40 +0100
From: Matt <[EMAIL PROTECTED]>
Subject: Re: Samba_2.0 NT4_SP3 and Linux SuSE6.1
Crossposted-To:
comp.os.linux.misc,comp.os.ms-windows.nt.misc,comp.os.ms-windows.networking.tcp-ip,comp.protocols.smb
Mark,
Yep, the user is root. It has full 777 permit's to all dirs and
commands.
Many thanks
Matt
Mark McCoy wrote:
>
> Matt wrote:
> >
> > Hi,
> >
> > I have just configured SuSE 6.1 with the updated
> > samba.rpm. The NT box can see Linux and can logon
> > to the Linux box using NT4 SP3 (using the active
> > descktop).
> >
> > However when I attempt to copy a file to Linux
> > from NT I get a permissions error. I have
> > added full permissions to the user on NT.
> >
> > even with the option of
> >
> > security=share or security=user in the smb.conf
> >
> > If I attempt to change the permissions on NT
> > just in case (to ckeck the permissions)
> > I get an active desktop explorer error exception.
> > The active desktop then reverts to the recovery
> > desktop.
> >
> > I can copy files from Linux to the NT directory
> > but not the other way (NT to Linux).
> >
> > Is there another problem in samba, or is there
> > another setting in the smb.conf that I have
> > missed ?
> >
> > Many thanks
> >
> > Matt
>
> does the user have _Unix_ write permissions to the directory??
> Even if Samba gives read/write permission to a SMB user, the user account on the
> Linux box must have write access to the directory.
>
> For example, if I export /usr/local/projects as a read/write share "proj" (in
> smb.conf), and fictitious user "larryb" (in the fictitious group "programmers")
> mounts that share, he can only write to the directory if the directory looks
> like any of these (ls -ld /usr/local/projects):
> drwxr-xr-x 3 larryb root .............. projects
> drwxrwxr-x 3 root programmers ............. projects
> drwxrwxrwx 3 root root ............. projects
> (of course 777 permissions are dangerous, so no follow-ups explaining that
> please)
>
> larryb can not write there if the permissions look like this:
> drwxr-xr-x 3 root othergroup ............. projects
> since he is not in the group that owns the directory, even though samba tells NT
> that this is a read/write share.
>
> --
> Mark McCoy -- Proud to run Linux since February 1996
> Systems Administrator - Cajun Brothers Technology, llc
> The views in this message do not necessarily reflect the views of my employer
> This message posted from snowdog, a 100% MS-free machine.
------------------------------
From: Michael Kutz <[EMAIL PROTECTED]>
Subject: seting up linux as dail in localonly tcp/novel/NT network
Date: 21 May 1999 17:31:00 GMT
appologize ahead of time for possible posting in wrong newsgroup..
i'm needing info on software for win95 machines that allow "them"
to have MY linux machine dail back to "them"
(like "dial up network adapter" but ANSWERS instead of CALLS)
why? i have "extended area" coverage on phone line and "they" are local
to me and my server but I am long distance.
only other option is to get them to buy a 486, setup linux
and make up a home-made WAN.
keyword: FREE!!!
================== Posted via SearchLinux ==================
http://www.searchlinux.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
