Linux-Networking Digest #588, Volume #11 Sat, 19 Jun 99 08:13:36 EDT
Contents:
PPP server authenticate from radiusd/xtacacsd server? ("Mr. Chow Wing Siu")
Re: Netscape problem w/Apache (Jeremy Lunn)
Re: 2 79382 (David Goldstein)
Re: minicom works, but ppp doesn't! (DonJr)
sharing the internet access using the network card ("Felix C Kuo")
Re: HELP! Someone's hacked into... (DonJr)
Re: 2 ethernet cards in RH6. Not as easy as it sounds! (Jay \"mcgyer\" Williams)
Any comments on this eth card "trick" (Jay \"mcgyer\" Williams)
Re: cable modem or ASDL (bryan)
Re: Help: Unresolved symbols error with ipv4 modules??? (Malware)
Re: What do these ident messages mean? (mist)
Re: ipchains and ftp (mist)
anonymous ftp: no upload (Nelson Hogg)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: (Jim Henderson)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: (Jim Henderson)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: (Jim Henderson)
ifconfig eth0 up fails... (Marcus)
----------------------------------------------------------------------------
From: "Mr. Chow Wing Siu" <[EMAIL PROTECTED]>
Subject: PPP server authenticate from radiusd/xtacacsd server?
Date: 19 Jun 1999 05:24:19 GMT
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
Hi,
I want to setup PPP server (Linux) that may authenticate from
the radiusd/xtacacsd server (Solaris), i.e:
Solaris (SPARC) Linux (slackware) Windows 95/98
authentication PPP server client
(radiusd/xtacacsd)-----> (pppd)------------> (dialup)
There should not be any accounts in PPP server for users.
But the user can authenticate by using the authentication server's
loginname/password to use the dialup service.
Is it possible to do that?
I am now using Linux as PPP server using the single username/password.
The problem is that it cannot trace who had logged on.
I am looking for any solution. pppd radius patch seems working for
Linux client to authenticate Linux PPP server. (isn't it?)
I am trying to look for any PERL script to authenticate the radiusd
or xtacacsd by replacing the login (via login.config in mgetty?).
Please input some ideas? Thanks in advance.
- --
PGP PUBLIC KEY: https://www.comp.hkbu.edu.hk/~wschow/pgp.html
Key fingerprint = 15 C4 36 D6 EC CF 1D A4 7F D8 F9 EF 2E D7 32 A6
Tel: 2339 5820 (Direct) Fax: 2339 7892
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQCVAwUBN2sprb3ixeOqBhAdAQGZDAQAhtMUDwxLUqNRciCi9jXLG+xiqP+LzMD2
xoQvg0cUGk+GYz4vL2Fs8XX6Qaey/Kl58hbrQaCJ7vYkB3DF3+yn1NAHvO9gMgZy
sEyb7N031oAKJOPUuhc1lOaYNBZa9TqC+lQYNeHUU5ffWuGN9Lw+7xPr+AhAGm7b
OvfFNvJJYio=
=oy3v
=====END PGP SIGNATURE=====
------------------------------
From: Jeremy Lunn <[EMAIL PROTECTED]>
Crossposted-To: alt.linux,alt.linux.sux,alt.os.linux,comp.os.linux.misc
Subject: Re: Netscape problem w/Apache
Date: Sat, 19 Jun 1999 16:46:14 +1000
Chris Harshman wrote:
>
> Brent Davies wrote:
> > the web site with HotMetal Pro. I don't know if a WYSIWYG editor in Linux.
>
> Netscape Communicator's Composer module. I do 95% of my layout
> and editing in there, and then fire up Emacs for final tweaks.
That's what I used to use in Winbloze, but I found that the syntax that
it used to be a pain to edit afterwards.
--
Jeremy Lunn
Melbourne, Australia
ICQ: 19255837
------------------------------
From: David Goldstein <[EMAIL PROTECTED]>
Subject: Re: 2 79382
Date: Sat, 19 Jun 1999 09:54:55 +0200
[EMAIL PROTECTED] wrote:
>
> The millenium is comming!!!
>
> Are you prepared?
>
Nope, the new millenium won't roll in until Jan. 1, 2001. Besides, if
all of the doomsayers are right about the Y2K problem, I'll need to save
my money, rather than waste it on your foolishness. By the way, does
your company use Linux servers?
David
------------------------------
From: DonJr <donjr@[127.0.0.1]>
Subject: Re: minicom works, but ppp doesn't!
Date: Sat, 19 Jun 1999 05:16:47 -0400
leam wrote:
>
> *I* believe you, but my ISP (erols) says otherwise. Or it may be more
> accurate to say that they have trouble accepting the ppp that comes with
> linux. I've seen something somewhere that said to not use it, and the
> error message I got was LCP requests timed out.
>
> If I'm mistaken in this, I'll happily learn more. I've not read PPP
> (oreilly), but have done the Linux Network Admin guide, and some stuff
> on PPP elsewhere.
>
> What's generating the error? ANd what's the configuration option to fix
> it?
>
> lemme know.
>
> leam
>
> Clifford Kite wrote:
> >
> > leam ([EMAIL PROTECTED]) wrote:
> >
> > : Also, some ISP's can't handle LCP request, and PPP prefers them. You may
> > : see an error message like "LCP request timeout" in your messages file.
> >
> > Sorry, *all* ISPs "handle LCP request", PPP can't do data transfer until
> > the PPP link is negotiated. Link negotiation requires Link Control
> > Protocol, aka LCP.
>
> --
> Leam Hall
> [EMAIL PROTECTED]
> http://www.bloated.com/~gershom/index.html
I'm a Linux user and an Erols customer {in fact I'm one of Erols
Internet first 500 customers} and I've never had any problems with pppd.
I get connected on the first try most of the time and I've been
connected for 38 hours so far this time. {-: Went to sleep with it
connected an forgot about it :-}
Erols orginally was an all Linux setup before they went to SPARC
hardware to handle the loads.
I'm currently using RedHat 5.2 and/or 6.0 with updates versions of
Linux.
My setup uses a PAP type login.
Contact me if you use a RedHat version of Linux and need more
information on setting it up. See my expanded address below.
BTW
Who at Erols told you the Linux version of ppp wouldn't work?
I'm real sure it wasn't one of the tech support people.
They may of said that the don't offer tech-support for Linux, but.
Most of the second level support people run one version of Linux or
another. One runs OS/2 or at least use to.
--
-----------------------
Don E. Groves, Jr.
my Email is jetnick AT erols DOT com
I'll add a witty saying here later.
================
------------------------------
From: "Felix C Kuo" <[EMAIL PROTECTED]>
Subject: sharing the internet access using the network card
Date: Sat, 19 Jun 1999 19:43:53 +1000
Hi there,
I got a computer that is hook up onto the internet using a modem..
and I also got another computer that is hook onto this computer by
using network card. however I can only using the network as a file
transfer
function. so I was thinking if anyone can help me on how I can setup
the network
so that both two computer can access the internet.
Thank you
Felix
------------------------------
From: DonJr <donjr@[127.0.0.1]>
Subject: Re: HELP! Someone's hacked into...
Date: Sat, 19 Jun 1999 05:45:36 -0400
Malware wrote:
>
> Hi Lyndon,
>
> you wrote:
> > > Today morning, I cannot seem to log into the server as root, or from any
> > <snip>
> > You can recover from this by starting linux in single user mode. This
> > gives you an un-passworded root login, at least on some distros. I think
> > it's linux single at the lilo prompt.
>
> As you noticed this will not work on all distributions. But giving the
> parameter "init=/bin/sh" instead should do the trick. If the lilo is
> secured too one will have to boot with another root-fs and mount the old
> one to another mount-point.
>
> Malware
If LILO was secured most likely the following is also true so:
How to you boot another 'root-fs' if the removable devices have been
disabled as possible boot targets in the BIOS and the BIOS is Password
Locked?
Why lock the front door if your going to leave the sliding glass door
beside it open?
--
-----------------------
Don E. Groves, Jr.
my Email is jetnick AT erols DOT com
I'll add a witty saying here later.
================
------------------------------
From: Jay \"mcgyer\" Williams <[EMAIL PROTECTED]>
Subject: Re: 2 ethernet cards in RH6. Not as easy as it sounds!
Date: Sat, 19 Jun 1999 02:58:08 -0700
Chris wrote:
> Ok, so I've read the ethernet How-to again and again and I seem
> to be getting nowhere fast.
>
Been there done that......!
> I have 2 ISA 3com 3c509b's installed in a 486 running RH6.
>
In my case it's 2 clone ne2000 cards
>
> After using the supplied DOS utils to disable the PNP features
> I configured them as follows.
>
> 1st: i/o 300h using irq 10
> 2nd: i/o 310h using irq 11
> Both set to full duplex and drivers are optimized for "Server"
>
> In my /etc/conf.modules I've tried the following 2 configurations
> as defined by the ethernet howto.
>
> First I tried this:
>
> alias eth0 3c509
> alias eth1 3c509
> options 3c509 io=0x300,0x310
>
> When I reboot it fails to "bring up interface for eth0" and doesn't
> even look for eth1. I get the very same results when I try this:
>
> alias eth0 3c509
> alias eth1 3c509
> options eth0 -o 3c509-0 io=0x300 irq=10
> options eth1 -o 3c509-1 io=0x310 irq=11
>
> The system is still in the setup stage so it's not actually connected
> to a network.
>
>
When I read this it's DejaVue (sp?).....I've read tons and tried
everything.....
........anyway what I've ended up doing is to copy the module for the
ne2000 (ne.0)
to a temp folder, rename it (I renamed it jay.o :) and copy it back into
the original folder with the ne2000
then I set up one card to use the ne module and one to use the "new" jay
module. So far (startups, config checks
and shutdowns) everything appears to be in order.....won't be a guarantee
untill I get the whole network up and
running though.
I found the following link to be really helpful (you may have read it
already)
http://metalab.unc.edu/pub/Linux/docs/HOWTO/Ethernet-HOWTO
that is where I found the following (pointed me to where the modules
are stored).
The available modules are typically stored in /lib/modules/`uname
-r`/net where the uname -r command gives the kernel version (e.g.
2.0.34). You can look in there to see which one matches your card.
Once you have the correct settings in your conf.modules file, you can
test things out with:
modprobe ethN
dmesg | tail
Let me know if this is of any help to you...........It ain't pretty but I
think it'll work for me (nothing else did)...
Jay Williams
------------------------------
From: Jay \"mcgyer\" Williams <[EMAIL PROTECTED]>
Subject: Any comments on this eth card "trick"
Date: Sat, 19 Jun 1999 03:10:27 -0700
I have 3 systems networked (win95, learning linux as I type)
A long time ago (during my doom/duke/quake games) (duke rules) I
startedsoldering connections
onto the NIC cards (ne2000's in this case) where the LED's tie in and
started using the LED's
on the front of the case to "monitor" my network traffic.....(red and
yellow LED for Net, green for HD)
Sounds kinda hokey, but I have found it a quick way to keep track of the
traffic on my small net,
and has aided in troubleshooting at times (bad connection/cables).
On my linux box I have 2 cards (gonna go cable modem next month) and I
was able to patch into the
useless 88 mz display for my LED's, works really well :)
Another "trick" I do is now that the TURBO button is useless I've wired
it as an on/off switch for the PC speaker.....
Any comments on these "tips/tricks"?
------------------------------
From: bryan <[EMAIL PROTECTED]>
Subject: Re: cable modem or ASDL
Date: Sat, 19 Jun 1999 10:20:55 GMT
INKEY$ <[EMAIL PROTECTED]> wrote:
: Doug Bryant <[EMAIL PROTECTED]> wrote in message
: news:[EMAIL PROTECTED]...
: > Thanks for the advice. it looks like cable is unreliable.
: >
: > later, doug
: >
: > Doug Bryant wrote:
: >
: No, cable in that area is unreliable. I have cable access in Alberta,
: Canada, and it is quite simply the connection of my dreams. My personal
: download record is a little over a megabyte (not megabit) a second, which is
: basically 10mb LAN speeds. Quake pings of 25, etc, etc.
: Canada tends to be a little more ahead of the broadband curve than the US,
: so maybe thats it....
curious - what brand of cable modem are you using? who's your cable company?
--
Bryan [at] Grateful.Net
http://www.Grateful.Net
------------------------------
From: Malware <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Help: Unresolved symbols error with ipv4 modules???
Date: Sat, 19 Jun 1999 12:27:27 +0200
Hi Ken,
you wrote:
> I've just installed SuSE 6.1 which I'm trying to configure as a firewall
> box. I did a minimal installation from CD. After I've compiled the
> kernel including all the firewall and masquerading stuff, and made and
> installed the modules I get the following errors when I run depmod -a...
For first it shouldn't be of need to recompile the kernel since next to
everything is allready in there. Additionally it's a good idea to delete
or rename the current module directory since old modules which are not
compiled with new kernel config won't be deleted by "make
modules_install". Additionally you have to ensure you do really boot
into your newly compiled kernel (see "uname -a" for date of
compilation). If you still expirience problems of this kind use "depmod
-a -e" to see which symbols are unresolved.
> What's up? Does this mean I've not installed some libraries required by
> these modules?
No. Symbols for kernel modules are only searched in kernel and other
modules.
Malware
------------------------------
From: mist <[EMAIL PROTECTED]>
Subject: Re: What do these ident messages mean?
Date: Sat, 19 Jun 1999 11:22:31 +0100
Reply-To: mist <new$[EMAIL PROTECTED]>
Steve Snyder <[EMAIL PROTECTED]> scribed to us that -
>I get a lot of messages like these in /var/log/messages:
>
>Jun 17 09:52:36 corona identd[1725]: Connection from service.boulder.ibm.com
>Jun 17 09:52:37 corona identd[1726]: Connection from 159.138.20.10
>Jun 17 09:52:41 corona identd[1727]: Connection from ftp.linux.locus.halcyon.co
<snip>
>
>Context: This is a RedHat v6.0 (/w kernel 2.2.10) system acting as an
>Internet gateway. Accordingly, I am running ipchains. These messages are
>seen when a client on the LAN makes a ftp connection via this system.
>
>What do these message mean?
When your users connect to the remote ftp sites, the remote site does an
ident request and sends it to your linux gateway. That's what you see
logged up there. You might also notice it when sending mail.
> Is this an indication of problems?
>
Not really. If they bother you, either firewall of the identd port, or
disable identd in /etc/inetd.conf. Things should still work, though if
the remote end refuses unidentified connections they may not. Try it
and see.
--
Mist.
------------------------------
From: mist <[EMAIL PROTECTED]>
Subject: Re: ipchains and ftp
Date: Sat, 19 Jun 1999 11:26:57 +0100
Reply-To: mist <new$[EMAIL PROTECTED]>
Mike <[EMAIL PROTECTED]> scribed to us that -
>I am running RH6 w/ipchains as a masquerading box. I have a windows
>machine behind the RH one. I can get on the Internet fine, I can ping
>and traceroute anywhere, I can telnet to anybody. Ftp is a different
>story.
You need to load the ftp masquerading module. Assuming you've compiled
and installed your kernel modules you should be able to load it in with
lsmod. I think it's called ftp_masq or something.
--
Mist.
------------------------------
From: Nelson Hogg <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: anonymous ftp: no upload
Date: Sat, 19 Jun 1999 06:54:04 -0400
My anonymous ftp worked just fine with Redhat 5.2 but on going to 6.0
anonymous users can no longer upload to my machine. They get a message
like "permission denied [Upload]". I've checked the ftpaccess file and
it defines the class "all" to include "anonymous" and has the line "
upload yes all". Any ideas on what is wrong? Also the upload directory
has write permission for everyone. Thanks in advance, Nelson Hogg
------------------------------
From: Jim Henderson <[EMAIL PROTECTED]>
Crossposted-To:
omp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was:
Date: Fri, 18 Jun 1999 10:18:15 -0600
Donovan Rebbechi wrote:
> An interesting point: Netware's scalability is abysmal ( see the PC Week
> article , which says that it's SMP is *worse* than linux's ) , but that hasn't
> held it back. This has a lot to do with the fact that for file and webserving,
> low end hardware provides a greater performance/cost ratio ( as any NT advocate
> will tell you the moment you say "Solaris" )
As the apparently token NetWare person in the group, I must point out
that the PC Week 'testing' was horrible and the article was written by a
known Microsoft Advocate(tm) who also wrote a grossly misrepresentative
article about the differences between Novell Directory Services and
Microsoft Active Directory Services - the latter article took
Microsoft's marketing information from their website and pronounced it
"fact".
In the performance comparison, it's interesting to note that NT was
rated *better* for scalability because it achieved a measurable
performance increase when going from one to four processors - but the
network throughput achieved with 4 processors was slightly better than
NetWare with one processor.
I guess whether NetWare scales or not depends on how you define
scalability. If you define it in terms of using a single processor as a
reference point for each OS within its own little world, yes, NT scales
better when you add processors. I'd rather have a single processor
machine do the work of a quad processor machine, though, whenever
possible. :-)
All that said, I do agree with the assessment that Novell needs to do a
lot of work on their SMP stuff. I've got 4 SMP dual-processor servers,
and it's little more than a novelty to have the second processor in
there. We got a good price on the systems (Proliant 6500s) with the
second processor included. :-)
Jim
--
Jim Henderson
Novell Support Connection SysOp - http://support.novell.com/forums
Homepage at http://www.bigfoot.com/~jhenderson (email instructions
located here)
Please note that as an NSC SysOp, I do not provide support for Novell
products on a personal basis - if you need help with a Novell product,
please post a reply in the public newsgroup or visit the Novell support
forums at the URL above.
------------------------------
From: Jim Henderson <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was:
Date: Fri, 18 Jun 1999 10:23:17 -0600
[EMAIL PROTECTED] wrote:
> Sure it is. You entrust your data to those apps.
> Just because it's a 'feature not a bug' doesn't
> make it excusable.
Oh, come on....If MS advertises that they don't support Windows on
DR-DOS, they can't be held responsible. The AARD code appears to me to
be a deliberate attempt to illegally push Digital Research out of the
DOS market and nothing more.
Brad Silverman's response to Wendy Rohm's question as to why the code
was disabled was simply "to keep people like you from asking people like
me questions like that." Nothing to do with supportability or
anything....
Jim
--
Jim Henderson
Novell Support Connection SysOp - http://support.novell.com/forums
Homepage at http://www.bigfoot.com/~jhenderson (email instructions
located here)
Please note that as an NSC SysOp, I do not provide support for Novell
products on a personal basis - if you need help with a Novell product,
please post a reply in the public newsgroup or visit the Novell support
forums at the URL above.
------------------------------
From: Jim Henderson <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.infosystems.www.servers.unix,comp.os.linux.misc
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was:
Date: Fri, 18 Jun 1999 10:18:20 -0600
Actually, the AARD code (as it is known) isn't designed to break Windows
3.x running on DR-DOS 3.1.
>From _Undocumented DOS_, 2e, page 10 (figures 1-2 & 1-3), the code is
ultimately designed to succeed running on OS/2 by bypassing some of the
checks in the AARD code itself; the code relies on undocumented DOS
functions/structures to determine if it's running on DR-DOS. The
ultimate test simply verifies that the system file control block is
located on a memory paragraph boundary (if no redirector is installed)
or to see if the default upper case-map is located in the DOS data
segment.
The code is designed *specifically* to fail on DR-DOS during the startup
of Windows. The code, however, does not break Windows running in this
environment; instead, it displays a cryptic error message and presents
the option to press enter to continue running Windows.
The cryptic error message, when reported to Microsoft, resulted in being
told to "try" running on MS-DOS and see if the "problem" is fixed. No
doubt there was a document in their knowledgebase that simply described
this as a DR-DOS related "problem" and that the problem had not yet been
seen on MS-DOS and that that is the next step for the customer to 'try'
in order to determine if the problem is related to some other factor
(such as hardware). Since the code would *never* fail on MS-DOS,
however, the problem would never be encountered on MS-DOS and the
assumption most people would have was that DR-DOS was at fault, they
tell their friends that DR-DOS is garbage and to stick with MS-DOS.
Result: Microsoft sells more DOS because they used technology to change
the perception of where the problem was, and DR-DOS ultimately gets
bought by Novell and then sold to Caldera, destined to most likely be
lost to obscurity.
Jim
Jason O'Rourke wrote:
>
> Stuart Fox <[EMAIL PROTECTED]> wrote:
> >Your logic is even worse. You note above that the subroutine was skipped.
> >Did they reinstate that routine? I would have thought that a prudent
> >manufacturer would have to be sure they could support it. If they didn't,
> >that would leave them open to lawsuits in the litigious USA.
>
> The point is that they didn't remove it, and instead left it in a way so
> that it could easily be implemented. The issue was not in making it run
> on drdos, it was to make sure it wouldn't run.
>
> As for the ridiculous statement about the litigious USA: if that were
> true, MS would be out of business by now. Just in the last couple months,
> we've seen the Melissa attack, this recent nasty worm, and the knowledge
> that anyone could exploit IIS with a single line of code.
>
> That last detail is a particularly relevent one to the linux vs NT battle.
> --
> Jason O'Rourke [EMAIL PROTECTED] www.jor.com
> '96 BMW r850R
> last dive: June 13th, Pescadero Wash Rocks (Carmel), 46 mins at 64ft max
--
Jim Henderson
Novell Support Connection SysOp - http://support.novell.com/forums
Homepage at http://www.bigfoot.com/~jhenderson (email instructions
located here)
Please note that as an NSC SysOp, I do not provide support for Novell
products on a personal basis - if you need help with a Novell product,
please post a reply in the public newsgroup or visit the Novell support
forums at the URL above.
------------------------------
From: Marcus <[EMAIL PROTECTED]>
Subject: ifconfig eth0 up fails...
Date: Sat, 19 Jun 1999 13:16:38 +0200
Hi, could anyone tell me what this means:
# ifconfig eth0 up
SIOCSIFFLAGS: Resource temporarily unavailable
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
