Linux-Networking Digest #323, Volume #11 Sat, 29 May 99 02:13:41 EDT
Contents:
Re: Samba PLEASE POST YOUR smb.conf!! (Nicholas E Couchman)
Re: pppd 1 hour delay (Clifford Kite)
Can Webanalizer read IIS log files? (Frank Black)
sendmail question ("Michael Starr")
Problems with kernel 2.2.x and amd/NFS (Heiner Kruener)
rlogin Linux to Linux? (Christer Olsson)
Re: Remote Access Dial Out? (peter)
Re: Samba and Win98 passworkd problem ("Maguai")
/dev/eth0 ("Kelvin Barnes")
DNS (Afrasiab Ahmad)
Re: RedHat 6.0 & ipmasqadm (Francois Magnan)
Re: Apache permission user restriction (Chris Severn)
Re: Share or how to mount WIN98 drives (Mutt)
Server sleeps with RH6.0 ? ("Hervey Wilson")
----------------------------------------------------------------------------
From: Nicholas E Couchman <[EMAIL PROTECTED]>
Subject: Re: Samba PLEASE POST YOUR smb.conf!!
Date: Sat, 29 May 1999 03:49:52 GMT
This is a multi-part message in MIME format.
==============B1E37EDA76F53245F1CF3A39
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
My smb.conf should be attached. You should also be able to configure Samba
through linuxconf, but here is the conf file.
Matt Goebel wrote:
> I'm really tired of hunting for answers on how to setup samba, nothing
> works. I'm running Redhat 6 and the version of samba that comes with it.
> I'm trying to connect a Linux box to win98 machines only. All I really need
> is to be able to see/write/read/erase to my Linux hard drive. The linux box
> is also acting as a gateway to the internet (with IP masq) and I'm using my
> ISP's DNS servers on all the machines. What exactly do I need to setup in
> Windows? NT Domain-just put the IP in there 192.168.1.1? User access - IP
> in there too? How do I setup the samba server and add users? A copy of
> peoples smb.conf would help a lot (If you aren't using NT) Thanks
==============B1E37EDA76F53245F1CF3A39
Content-Type: text/plain; charset=us-ascii;
name="smb.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="smb.conf"
; The global setting for a RedHat default install
; smbd re-reads this file regularly, but if in doubt stop and restart it:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
;======================= Global Settings =====================================
[global]
; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = NECN
; comment is the equivalent of the NT Description field
comment = RedHat Samba Server
; volume = used to emulate a CDRom label (can be set on a per share basis)
volume = RedHat4
; printing = BSD or SYSV or AIX, etc.
printing = bsd
printcap name = /etc/printcap
load printers = yes
; Uncomment this if you want a guest account
; guest account = pcguest
log file = /var/log/samba-log.%m
; Put a capping on the size of the log files (in Kb)
max log size = 50
; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
; case sensitive = yes
short preserve case = yes
preserve case = yes
; Security and file integrity related options
lock directory = /var/lock/samba
locking = yes
strict locking = yes
; fake oplocks = yes
share modes = yes
; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords
; SERVER uses a Windows NT Server to provide authentication services
security = user
; Use password server option only with security = server
; password server = <NT-Server-Name>
; Configuration Options ***** Watch location in smb.conf for side-effects *****
; Where %m is any SMBName (machine name, or computer name) for which a custom
; configuration is desired
; include = /etc/smb.conf.%m
; Performance Related Options
; Before setting socket options read the smb.conf man page!!
socket options = TCP_NODELAY
; Socket Address is used to specify which socket Samba
; will listen on (good for aliased systems)
; socket address = aaa.bbb.ccc.ddd
; Use keep alive only if really needed!!!!
; keep alive = 60
; Domain Control Options
; OS Level gives Samba the power to rule the roost. Windows NT = 32
; Any value < 32 means NT wins as Master Browser, > 32 Samba gets it
; os level = 33
; specifies Samba to be the Domain Master Browser
; domain master = yes
; Use with care only if you have an NT server on your network that has been
; configured at install time to be a primary domain controller.
; domain controller = <NT-Domain-Controller-SMBName>
; Domain logon control can be a good thing! See [netlogon] share section below!
; domain logons = yes
; run a specific logon batch file per workstation (machine)
; logon script = %m.bat
; run a specific logon batch file per username
; logon script = %u.bat
; Windows Internet Name Serving Support Section
; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; the default is NO.
; wins support = yes
; WINS Server - Tells the NMBD components of Samba to be a WINS Client
; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non
; WINS Client capable client, for this to work there must be at least one
; WINS Server on the network. The default is NO.
; wins proxy = yes
;============================ Share Declarations ==============================
[homes]
comment = Home Directories
browseable = no
read only = no
preserve case = yes
short preserve case = yes
create mode = 0750
; Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Samba Network Logon Service
; path = /home/netlogon
; Case sensitivity breaks logon script processing!!!
; case sensitive = no
; guest ok = yes
; locking = no
; read only = yes
; browseable = yes ; say NO if you want to hide the NETLOGON share
; admin users = @wheel
; NOTE: There is NO need to specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
; Set public = yes to allow user 'guest account' to print
public = no
writable = no
create mode = 0700
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
; A publicly accessible directory, but read only, except for people in
; the staff group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @users
; Other examples.
;
; A private printer, usable only by fred. Spool data will be placed in fred's
; home directory. Note that fred must have write access to the spool directory,
; wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
;
; A private directory, usable only by fred. Note that fred requires write
; access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
;
; a service which has a different directory for each machine that connects
; this allows you to tailor configurations to incoming machines. You could
; also use the %u option to tailor it by user name.
; The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writeable = yes
;
;
; A publicly accessible directory, read/write to all users. Note that all files
; created in the directory by users will be owned by the default user, so
; any user with access can delete any other user's files. Obviously this
; directory must be writable by the default user. Another user could of course
; be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
;
;
; The following two entries demonstrate how to share a directory so that two
; users can place files there that will be owned by the specific users. In this
; setup, the directory should be writable by both users and should have the
; sticky bit set on it to prevent abuse. Obviously this could be extended to
; as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
[cdrom_fs]
comment = NOTE: CD-ROM must be mounted by root or system administrator!!
path = /mnt/cdrom
public = yes
read only = yes
writeable = no
[nick]
comment = Nick
path = /mnt/nick
public = yes
read only = no
writeable = yes
[http]
comment = html
path = /home/httpd/html
public = yes
read only = no
writeable = yes
==============B1E37EDA76F53245F1CF3A39==
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: pppd 1 hour delay
Date: 28 May 1999 20:31:34 -0500
francesco martucci ([EMAIL PROTECTED]) wrote:
: If I try to connect my isp, and find it 5 times busy, I can't do any
: other attempt to connect for 1 hour.
: Is it possible to set delay to a lower time, i.e. 5 minutes? How?
There's nothing in pppd that would cause this. You need to look elsewhere
and I certainly can't say where. What does "can't do any other attempt
to connect for 1 hour" mean?
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* The signal-to-noise ratio is too low in many [news] groups to make
* them good candidates for archiving.
* --- Mike Moraes, Answers to FAQs about Usenet */
------------------------------
From: [EMAIL PROTECTED] (Frank Black)
Subject: Can Webanalizer read IIS log files?
Date: Sat, 29 May 1999 05:04:38 GMT
Can Webanalizer read IIS log files?
Please reply to: [EMAIL PROTECTED]
------------------------------
From: "Michael Starr" <[EMAIL PROTECTED]>
Subject: sendmail question
Date: Fri, 28 May 1999 23:40:32 -0400
Hello,
I have a Red Hat 5.2 box set up as a masquerading firewall to my cable modem
ISP. What I would like to do is set up sendmail so that I can point my
Windows email clients to my linux box and have the linux machine forward the
email to my ISP's smtp server. Is this possible? Could someone point me to
some docs as to how to set this up?
TIA,
Mike
------------------------------
From: [EMAIL PROTECTED] (Heiner Kruener)
Subject: Problems with kernel 2.2.x and amd/NFS
Date: Fri, 28 May 1999 20:43:36 GMT
Hi there!
We are using Linux2.0.36/amdpl102 in combination with HPUX9.0.7/10.20.
Due to hardware upgrades not supported by 2.0kernel we are forced
to use 2.2 kernel.
Automounting hp directories gives a seemingly empty directory, but
executing shell script or copying files from or to the automounted
directory works. Recompiling the amd on the 2.2 machines ameliorates
the situation somewhat, directories containing no more than 20-30
entries are listed correctly, dir's with more entries are not
listed completely; there's no error message but the /var/adm/messages
shows entries like 'NFS: server bla, readdir reply truncated'.
Changing rsize/wsize in the amd config changes nothing, this seems
to be a limit in the kernel nfs itself, the kernel level code simply
bails out from a loop when a certain size limit for output is reached.
(fs/nfs/nfs2xdr.c if it's of any interest)
However, I don't see any possibility/changeable parameter to increase
this limit in the kernel code and simply omitting the bailout seems
to dangerous to me.
Has anyone met the same problem/does know if there is a workaround?
PS: autofs is not an option since we need an unknown number of unknown
directory names on the remote. autofs-3.1.3 which I tried has no capa-
bility of this type even with --submount.
Thanks for the help
Heiner
--
Remember: The Game of Life has no 'restore' Button!
Busted once, Busted forever.
------------------------------
From: Christer Olsson <[EMAIL PROTECTED]>
Subject: rlogin Linux to Linux?
Date: Fri, 28 May 1999 13:08:23 +0200
Hi,
I have very strange behaviour for 'rlogin' on my SuSE Linux 6.1.
I can do 'rlogin' to Linux from Solaris machines and 'rlogin' from
Linux to Solaris machines. But I cannot do 'rlogin' between
two Linux machines (SuSE 6.1 on both). I've got the
following error message:
solpc218 /home/etxchon> rlogin 150.132.44.250
rcmd: 150.132.44.250: Connection reset by peer
Any that came across the same problem?
Regards
Christer
------------------------------
From: peter <[EMAIL PROTECTED]>
Subject: Re: Remote Access Dial Out?
Date: Fri, 28 May 1999 22:19:06 -0600
Mitch Appleby wrote:
> Is it possible to use Linux as a dial out access using a shared modem on a
> network? I see remote access servers as an independent device. Has this
> miracle been done yet?
>
> Mitch Appleby
Absolutely. Search the net for PPP, IP Forwarding and Masquerading, and a
package called diald (Dial Daemon). I have set it up to dial on demand and
disconnect after some idle time. There's plenty of howtos on them.
Peter
------------------------------
From: "Maguai" <[EMAIL PROTECTED]>
Subject: Re: Samba and Win98 passworkd problem
Date: Sat, 29 May 1999 05:08:41 GMT
Check this site
http://home.talkcity.com/MigrationPath/maguai/
Luis Lebron <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I finally got the Samba server working and now I can access the Win
> machines from the Linux box and the Linux box from the windows machines.
> Public directories are accessible from the Win98 machines.
> My only problem is when I try to access the home directories. Windows
> will ask for a password and when I type it in it complains. I tried the
> encrypted password option in Samba and later the plain text password fix
> in Win98, but neither one of the worked. Any ideas?
>
> --
> Luis R. Lebron
> [EMAIL PROTECTED]
------------------------------
From: "Kelvin Barnes" <[EMAIL PROTECTED]>
Subject: /dev/eth0
Date: Fri, 28 May 1999 13:00:34 -0400
I have a Caldera Open Linux 2.2 installation that does not have /dev/eth0.
What do I have to do to create on so that I can install and configure my
ethernet card?
------------------------------
From: Afrasiab Ahmad <[EMAIL PROTECTED]>
Subject: DNS
Date: Sat, 29 May 1999 00:34:59 -0400
A stupid question here...I am learing about DNS...
Suppose I want to add another machine onto the net...
Internet
^
|
|
maindomain.com
|
tech.maindomain.com
So, maindomain.com is live on the internet, and so is tech.maindomain.com,
as they both have non-private IP numbers (!= 192.168.x.x.) .
The DNS runs on maindomain.com (for our network).
My confusion is, how do I tell the "world" about tech.maindomain.com - or,
in other words, what should I edit in the DNS files of maindomain.com ?
I don't want to run a DNS server on tech.maindomain.com but I want
tech.maindomain.com to use maindomain.com's DNS. Do I use maindomain.com
as a gateway?
Thank you.
Afra
------------------------------
Subject: Re: RedHat 6.0 & ipmasqadm
From: [EMAIL PROTECTED] (Francois Magnan)
Date: Sat, 29 May 1999 03:22:29 GMT
Well... I posted you an old script that I know works but doesn't give
you an example of a good firewall script. Have a look at:
http://rlz.ne.mediaone.net/linux/
On 05/28/99, Francois Magnan wrote:
>On 05/28/99, "Greg Bastian" wrote:
>>
>>Have I blocked off something ?
>>
>>The only masquerading and port forwarding commands are :
>>ipchains -I forward -p tcp -s 192.168.0.0/24 -j MASQ
>>ipmasqadm portfw -a -P tcp -L 203.11.21.8 80 -R 192.168.0.5 80
>>
>
>I am not an expert but you need more ipchains commands.
>I don't really know what are the default settings for all the things
>you did not set (policies for the chains as an example). Your rules
>should follow a logical plan. You will be inspired by the following:
>
>----------- cut here --------------
>
>/sbin/modprobe ip_masq_ftp
>
># Supports the masquerading of RealAudio over UDP. Without this
>module,
># RealAudio WILL function but in TCP mode. This can cause a
>reduction
># in sound quality
>#
>/sbin/modprobe ip_masq_raudio
>
># Supports the masquerading of IRC DCC file transfers
>#
>/sbin/modprobe ip_masq_irc
>
>#
># setup IP packet Accounting and Forwarding
>#
># Flush all commands
>ipchains -F
>
># this enables the packet conversion/routing
>ipchains -A forward -j MASQ -s 192.42.172.0/24 -d 0.0.0.0/0
>
>#Aggrandit les timeouts
>ipchains -M -S 7200 10 60
>
>#this will block netbios
>ipchains -A input -j DENY -p tcp -s 0.0.0.0/0 137:139 -d 0.0.0.0/0
>ipchains -A input -j DENY -p udp -s 0.0.0.0/0 137:139 -d 0.0.0.0/0
>
>
>#MINIMISE LE DELAI POUR HTTP ET TELNET
>ipchains -A output -p TCP -d 0.0.0.0 80 -t 0x01 0x10
>ipchains -A output -p TCP -d 0.0.0.0 telnet -t 0x01 0x10
>
>
>#Redirige tout les trafic de X pour platon (display 0)
>/usr/sbin/ipmasqadm portfw -a -P tcp -L 207.61.102.239 80 -R
>192.42.172.2 80
>
>----------
>
>
>where 192.42.172.0 is the local subnet
>and 207.61.102.239 was my ip address.
>
>Francois
>--
>______________________________________________________
>Francois Magnan
>Departement de Mathematique & Statistiques
>Universite de Montreal
>email: [EMAIL PROTECTED] (MIME, NeXTMail Ok!)
>
>
--
______________________________________________________
Francois Magnan
Departement de Mathematique & Statistiques
Universite de Montreal
email: [EMAIL PROTECTED] (MIME, NeXTMail Ok!)
------------------------------
From: Chris Severn <[EMAIL PROTECTED]>
Subject: Re: Apache permission user restriction
Date: Sat, 29 May 1999 11:24:45 +0800
Reply-To: [EMAIL PROTECTED]
Curt wrote:
> The only way I was able to make that to work was to execute
> chmod 755 public_html and chmod 755 /home/'user'
> I don't know if this is what I should have done, but I know it worked.
> I don't like giving execute priviledges, so if someone knows a better or the
> correct
> way I'd be interested in seeing it.
Actually, the minimum of what is required is to have execute permissions
on
/home/'user' and /home/'user'/public_html and subdirectories.
and to have read permissions of all files under the public_html
directory
and subdirectories.
Only having execute permissions on /home/'user' (ie. no read permission)
will mean that no one can get a directory listing of your home
directory.
And, if you make sure that all the files in that directory are
non-readable
and all the directories (apart from public_html) are non executable then
you shouldn't have a problem. (Although there could be a few hidden
files
which like to have read and/or execute permissions, like .plan)
What don't you like about giving execute permissions ? And to which
files especially don't you like it ?
As far as I know, the only other way to ensure the user doesn't have to
give execute permissions to their home directory is to set up another
system wide policy for public home pages, and let them reside in another
directory branch. Like, setting up a /public_html directory in parallel
with /home. Duplicate all the users names below that, and have that as
their public_html directory. Make sure all those directories are world
readable/executable, and tell the users that's where they have to put
their homepages. Of course you'd have to reconfigure Apache to use
these directories instead of /home/'user'/public_html (probably easy),
and if you wanted to you could put a symbolic link from each users' home
directory back to their public_html directory so it looks to them like
it's still in the same place.
ie. ln -s /public_html/jeremy /home/jeremy/public_html
Just my thoughts. I've never even set up Apache for individual user
pages, so I'm not speaking as the voice of authority.
Chris Severn.
--
Delete the 'x' to remove the spamblock.
Except spammers, for whom my email address is abuse@localhost
------------------------------
From: [EMAIL PROTECTED] (Mutt)
Subject: Re: Share or how to mount WIN98 drives
Date: Sat, 29 May 1999 05:48:23 GMT
On Thu, 27 May 1999 20:06:06 +0200, "Frank Folkmer" <[EMAIL PROTECTED]>
wrote:
>could anyone tell me which command and how is used to mount a
>WIN98 Drive through SAMBA 2.03 and SuSE Linux 6.1
So you can view a Doze partition under Linux? Maybe I'm doing it
bass-ackwards, but I don't use Samba for this.
I've simply created a 'c', 'd' and 'e' directory (one for each of my
FAT partitions) under /mnt and run the following within rc.local (from
memory):
mount -t vfat /dev/hda1 /mnt/c
mount -t vfat /dev/hdb2 /mnt/d
mount -t vfat /dev/hda5 /mnt/e
Now I can access all my long-filename Doze partitions within Linux. I
could probably add them to fstab, but I really can't be bothered.
If you've compiled your own kernel, then you'll need to ensure you've
include the MSDOS filesystem support as per the menuconfig entries. I
think the generic kernel already has support for it. I don't use FAT32
under Doze, by the way.
However, if you've gotta do it by Samba, then I can't help you. :)
HTH,
--
Mutt :)
[EMAIL PROTECTED]
(Do NOT send me unsolicited commercial email.)
------------------------------
From: "Hervey Wilson" <[EMAIL PROTECTED]>
Subject: Server sleeps with RH6.0 ?
Date: Fri, 28 May 1999 22:59:39 -0700
Hi, I hope someone can provide some ideas on the following problem (sorry
that its a little bit lengthy):
I recently upgraded my server with a new motherboard, memory and Celeron
300A processor (overclocked to 450Mhz). I took the opportunity to move up to
RH6.0 at the same time. My server is connected 24x7 to the internet over an
ADSL connection with a static IP address. Everything went very smoothly and
looked fine. However, the day after the upgrade my server disappeared from
the internet and couldn't be reached. Since I was at work, there was little
I could do about this. On my return home, the server was still running
happily - indeed it started receiving mail just after I got home. Wierd I
thought, but maybe my ISP was having problems.
After using the machine again this morning all looked well and I headed off
to work. When I tried to reach the machine from work (HTTP, POP3, etc) it
had again disappeared from the internet. I called my wife: she went to one
of the Win98 machines and managed to retrieve her e-mail from our ISP
without problem - the Linux server is my gateway and firewall and so must
have been running. Suddenly I could access the machine again. Wierd. Within
a half hour it had disappeared again. When I returned home it was running
happily - no indications of any problems in any logs that I could find,
nothing to hint at what might be going on. My ISP is claiming _no_ problems
with their network.
I checked the power management settings in BIOS and they are disabled so I
don't think the server had gone into standby mode. I'm running kernel 2.2.5
as provided in RH6.0, no patches or modifications of any sort to the system
(yet). I've never experienced anything similar to this prior to changing the
hardware and upgrading to RH6.0 - indeed the server ran 5.1 for a few days
prior to the move to 6.0 without any problems.
Does anyone have any ideas as to what might be going on ?
Thanks in advance,
Hervey.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
