Linux-Networking Digest #310, Volume #12 Sat, 21 Aug 99 03:13:51 EDT
Contents:
Re: Disallowing telnet access for one specific account ("YouDontKnowWho")
Re: NE2000 ISA help (hac)
pppd dies for some connections (Sean Harding)
Re: Linux Friendly UK ISP's? (Speedy Fast)
Re: $15 card or $98 card? (Vidar Andresen)
Re: PPPD and Point-to-Point Compression? (yongtao)
Re: 3com ISA cards and linux (Stephen R. Savitzky)
Re: Samba's last stand! ("Hiawatha Bray")
Telnet problems (Yury Donskoy)
need samba read only (Anthony Ewell)
Re: DHCP and nameservers (s)
Re: telnet as root (Magnus Svensson)
Re: Appending a ext2 filesystem (Magnus Svensson)
samba + ipchains ("�˼��H")
Re: Can Linux "see" Win95 drive/folders? How? (Mike)
----------------------------------------------------------------------------
From: "YouDontKnowWho" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Re: Disallowing telnet access for one specific account
Date: Fri, 20 Aug 1999 23:59:47 GMT
But before they can log in by su'ing, they have to log in as another
user first...
--
Principle of Minimum Access: "That which is not explicitly permitted
is denied."
ANNOUNCER: And now we return to our regularly scheduled, uncommonly
entertaining thread...
Luis Pinto wrote in message <[EMAIL PROTECTED]>...
>>In the ~home/.profile file, put 'exit' as the first line.
>>
>>--
>>Principle of Minimum Access: "That which is not explicitly permitted
>>is denied."
>>
>
>
> What's the use? They can log in by su'ing ...
>
> Regards,
> Luis Pinto
>---------------------------------------------------------------------
--
>http://student.dei.uc.pt/~lmpinto ICQ
#15663369
>---------------------------------------------------------------------
--
>"Open source software - with no walls and fences, who needs Windows
and
>Gates?"
>
------------------------------
From: hac <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware,redhat.hardware.arch.intel
Subject: Re: NE2000 ISA help
Date: Sat, 21 Aug 1999 04:45:01 GMT
John Bekas, Jr. wrote:
>
> All the success stories thus far have related to loading the driver as a
> module. Any successes with the driver compiled into the kernel?
>
> John
Sure. I use two ISA NE2000 clones in my firewall.
I installed each card - ONE AT A TIME - into the system, and ran the DOS
configuration program. I turned off the PNP and manually set the IRQ
and address. Different values for each card, of course.
Then I put both cards in, booted, and edited /etc/lilo.conf:
boot = /dev/hda
install = /boot/boot.b
map = /boot/map
prompt
timeout=50
image = /boot/vmlinuz-ne2k
root = /dev/hda1
label = linux
read-only
append = "ether=10,0x300,eth0 ether=11,0x340,eth1"
Run lilo, reboot, and two ethernet interfaces show up.
I use "make xconfig" to build the kernel on my main PC, which has the
disk space, memory, and processor speed to compile it quickly - none of
which is true of the 486DX33 firewall. "make xconfig" allows you to
save multiple config files. This makes it easy to maintain two very
different monolithic kernels. After reading about the hack into one of
the systems used for the recent internet security audit, I am very glad
that I do not have loadable modules enabled on my firewall.
--
Howard Christeller Irvine, CA [EMAIL PROTECTED]
------------------------------
From: Sean Harding <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.ppp
Subject: pppd dies for some connections
Date: Sat, 21 Aug 1999 05:19:45 GMT
I'm having a problem with the infamous "the pppd daemon died unexpectedly!"
message from kppp. The difference here is that it's happening for only
one of my connections--one that nearly finishes and then fails.
I'm using RedHat 6.0 on a Dell CPi A laptop. My modem is a 3Com Megahertz
56K modem.
I have two dialup accounts. One is with my regular ISP and one is for work.
The ISP account is a faily generic dialup PPP account, using PAP
authentication. That one works perfectly.
The dialup account for work requires me to login manually with a terminal
window. When I set this up with kppp, it dials in and pops up the term window.
I login successfully and do my thing and then hit continue. I instantly
get the "pppd daemon died" message. I've waited long enough to see the PPP
data coming to be sure that I'm successfully connected. This dialup system
shouldn't require any further authentication at that point (when I do this
in Windows I don't even tell PPP about my username and passwd, so I don't
know what it would be authenticating against). But, if I'm
understanding the pppd log correctly, it looks like it's still trying
to do CHAP authentication. I'm seeing it recieve lcp conf req auth chap MD5
and the send a confrej. It recieves conf reqs and rejects them a few times
and then dies. Here's a log segment:
Aug 20 22:00:26 eris pppd[623]: pppd 2.3.7 started by root, uid 0
Aug 20 22:00:26 eris pppd[623]: Using interface ppp0
Aug 20 22:00:26 eris pppd[623]: Connect: ppp0 <--> /dev/ttyS1
Aug 20 22:00:26 eris pppd[623]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic
0x6380f0bd> <pcomp> <accomp>]
Aug 20 22:00:26 eris pppd[623]: rcvd [LCP ConfReq id=0xbf <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:26 eris pppd[623]: sent [LCP ConfRej id=0xbf <auth chap MD5>]
Aug 20 22:00:26 eris pppd[623]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic
0x6380f0bd> <pcomp> <accomp>]
Aug 20 22:00:26 eris pppd[623]: rcvd [LCP ConfReq id=0xc0 <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:26 eris pppd[623]: sent [LCP ConfRej id=0xc0 <auth chap MD5>]
Aug 20 22:00:27 eris pppd[623]: rcvd [LCP ConfReq id=0xc1 <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:27 eris pppd[623]: sent [LCP ConfRej id=0xc1 <auth chap MD5>]
Aug 20 22:00:27 eris pppd[623]: rcvd [LCP ConfReq id=0xc2 <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:27 eris pppd[623]: sent [LCP ConfRej id=0xc2 <auth chap MD5>]
Aug 20 22:00:27 eris pppd[623]: rcvd [LCP ConfReq id=0xc3 <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:27 eris pppd[623]: sent [LCP ConfRej id=0xc3 <auth chap MD5>]
Aug 20 22:00:27 eris pppd[623]: rcvd [LCP TermReq id=0xc4]
Aug 20 22:00:27 eris pppd[623]: sent [LCP TermAck id=0xc4]
Aug 20 22:00:27 eris pppd[623]: rcvd [LCP ConfReq id=0xc5 <asyncmap 0xa0000> <auth
chap MD5> <magic 0x1bb64741> <pcomp> <accomp>]
Aug 20 22:00:27 eris pppd[623]: sent [LCP ConfRej id=0xc5 <auth chap MD5>]
Aug 20 22:00:27 eris pppd[623]: Hangup (SIGHUP)
Aug 20 22:00:27 eris pppd[623]: Modem hangup
Aug 20 22:00:27 eris pppd[623]: Connection terminated.
Aug 20 22:00:27 eris pppd[623]: Connect time 0.1 minutes.
Aug 20 22:00:27 eris pppd[623]: Exit.
I played with /etc/ppp/chap-secrets a little, but I didn't spend a whole
lot of time on it because I wasn't sure I was travelling down the right
path.
Any thoughts on this?
TIA
sean
--
Sean Harding [EMAIL PROTECTED] |"art may imitate life
http://www.dogcow.org/sean/ | but life imitates t.v."
| --ani difranco
------------------------------
From: [EMAIL PROTECTED] (Speedy Fast)
Subject: Re: Linux Friendly UK ISP's?
Date: Sat, 21 Aug 1999 00:57:15 GMT
On Fri, 20 Aug 1999 23:08:42 +0100, "Andrew Taylor"
<[EMAIL PROTECTED]> wrote:
>Hi,
>
>I'm currently using a standard demon dial up account, for �11.75 I get
>unlimited dial up access, 20MB webspace, a subdomain name, fixed IP address
>and SMTP delivery? Are they're any other ISP's which also provide these
>facilites and are easy to get going under linux?
Any dial up should be easy to setup under Linux. Try Red Hat 6.x.
It's pretty straightforward.
FWIW you really should get cable, ADSL or wireless.
------------------------------
From: [EMAIL PROTECTED] (Vidar Andresen)
Subject: Re: $15 card or $98 card?
Date: Sat, 21 Aug 1999 05:57:37 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (David C.) wrote:
[...]
>- Performance. Some may not be able to achieve speeds as fast as
> others. I would expect all 10M cards to be able to put out a solid
> 10Mbps.
That depends. Not all 10Mbps nic's do that. Some card are old and
not god designed. The isa-bus itself is normally good enough not to
be the bottleneck. Please read the ethernet-howto's.
> I don't think you'll find any card that can saturate a 100M
> link on a PC, but some cards may do better than others.
Please try out http://www.netperf.org/ for a tester which runs on
windows as well. And reports on people using pentium 133 beeing able
to saturate (99.** something) on a 100Mbps -link. Freebsd that was.
> (I wouldn't
> expect more than 20-30Mbps on a 100M card, given the overhead of
> software drivers, IP stakc, TCP overhead, application performance, and
> the speed of a PCI bus in general.)
That is not fair. To test a nic, not the operating-system or disk
speed or whatever. ttcp maybe for linux/unix.
And I just tested between a nexgen P100 and a compaq XL/560, both
running windows 95, both with Accton 1207d nics (realtek 8139, that is
for linux the rtl8139-driver, please read the driver source for
comments, as well as the drivers 'homepage'), in short: two machines
from 1994 (cheap, I like them) with low-performing 100Mbps nic's
(cheap, I like them, but, well..), on a operating system not
performing to well on networking (win95);
This is from a previous 10Mbps test (with other nics in the machines)
TCP STREAM TEST to 192.168.10.15
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
8192 8192 8192 10.00 8.74
This is with the accton 1207d' nics:
TCP STREAM TEST to 192.168.10.15
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
8192 8192 8192 10.00 21.17
I have not tested with linux yet, I __guess__ I double those
21.17-Mbps values.
Given a tulip or better based -nic, I dont know, but would have
expected serious speed.
(And, yes I could have optimized a lot of thing to get it to run
better, this is not windows-bashing, just want to show that more than
20-30Mbps _should_ be expected from 100Mbps nics in normal setting.
What I show is low-end hardware. I could not get (as low as) a cyrix
dx2-80 to work with linux and that nic, (old pci-bus I _guess_, maybe
a kernel or bios or driver setting) if I could, I would have given you
the linux-numbers. On how even real low-end machines breaks the
20-30Mbps you suggest...)
The pci-bus is a bottleneck with newer machines and 1000Mbps...
Mvh Vidar Andresen
------------------------------
From: yongtao <[EMAIL PROTECTED]>
Subject: Re: PPPD and Point-to-Point Compression?
Date: Fri, 20 Aug 1999 22:11:08 +1700
In article <7pl5nh$[EMAIL PROTECTED]>, kite@NoSpam.%
�inetport.com (Clifford Kite) wrote:
>yongtao ([EMAIL PROTECTED]) wrote:
>
>: After over a week of hard work, I finally made PPTP-
Linux
>: logon to the NT PPTP server. But only to find out that
NT
>: PPTP Server insists on using the so called "Microsoft
Point-
>: to-Point Compression" (MPPC), which my PPPD (version
2.3.9-
>: 1) does not support. :(
>
>: So I would really like to know:
>
>: 1. Is there a version of PPPD that supports MPPC?
>
>Not from the official pppd maintainer anyway.
>
>: 2. If not, is there an implementation of MPPC available
on
>: Linux that I can "integrate" (with little coding) into
PPPD?
>
>MS-PPC requires a license from STAC Electronics. It's
doubtful that
>any GPLed software will implement it.
>
>: 3. If not, is there a way to stop NT PPTP server from
>: insisting on MPPC?
>
>You can try the pppd option "noccp" but I've no idea
whether NT will
>accept that.
>
I tried "noccp" and NT does not like that. :(
Thanks anyway.
Yongtao
[EMAIL PROTECTED]
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Stephen R. Savitzky)
Crossposted-To:
at.linux,aus.computers.linux,be.comp.os.linux,comp.os.linux,comp.os.linux.advocacy,comp.os.linux.development.system,comp.os.linux.hardware,comp.os.linux.misc
Subject: Re: 3com ISA cards and linux
Date: 20 Aug 1999 22:16:59 -0700
"Kalkas" <[EMAIL PROTECTED]> writes:
> However, it seems that it is not possible for me to use Linux, since I use
> cable modem with a 3com ISA card. More precisely, I use 3com EtherLink III
> ISA (3C509/3C509b) network interface card, and there are no drivers which
> will support my card in Linux.
Excuse me? I've been using 3C509's of all sorts with Linux for years.
The driver most definitely exists, it's in the module
/lib/modules/preferred/net/3c509.o
source in
/usr/src/linux/drivers/net/3c509.c
--
/ Steve Savitzky \ 1997 Pegasus Award winner: best science song--+ \
/ <[EMAIL PROTECTED]> http://theStarport.com/people/steve/ V \
\ hacker/songwriter: http://theStarport.com/people/steve/Doc/Songs/
\_ Kids' page: MOVED ---> http://Interesting.Places.to/Browse/forKids/ _/
------------------------------
From: "Hiawatha Bray" <[EMAIL PROTECTED]>
Subject: Re: Samba's last stand!
Date: Fri, 20 Aug 1999 16:36:03 GMT
Thanks for a lucid and informative message.
But here's where things get messy...I try to log into the share using
my Linux password and it's rejected. Then I go to the Linux box and
try to run smbpasswd, to give the user an SMB password. It doesn't
work. It asks for my old SMB password, and of course there isn't any.
So when I try to set up a new password it says it can't change my
password. This is bizarre. How do you set the SMB password for the
user? Thanks.
--
Posted via Talkway - http://www.talkway.com
Exchange ideas on practically anything (tm).
------------------------------
Date: Sat, 21 Aug 1999 01:23:02 -0400
From: Yury Donskoy <[EMAIL PROTECTED]>
Subject: Telnet problems
Hi there,
I'm having a weird problem with telnet which appears to have recently
started, I believe after I went from RH 5.2 to Mandrake 6.0. The
problem is this: telneting from a Win'98 box to my Linux server displays
the 'issue.net' file, and then dies. I don't even get a 'Login:'
prompt. But, if I telnet from the Linux box to itself using the box's
own IP address, everything works correctly. Now, this network of mine,
everything else works. Samba, FTP, etc. It all works, except for
telnet. Does anyone have any suggestionss? hosts.allow is set
correctly, and so is hosts.
Thanks.
Yury.
------------------------------
From: Anthony Ewell <[EMAIL PROTECTED]>
Subject: need samba read only
Date: Fri, 20 Aug 1999 22:12:33 -0700
Hi,
I am running a red hat 6 samba server with NT clients.
I need my NT users to be able to use their properties
dialog box to set file permissions to "read only". Currently
the NT machines are being ignored when they try. What am
I doing wrong here?
Many thanks,
--Tony
[EMAIL PROTECTED]
p.s. if responding, please email me, as my nntp server is not getting
replies back
and something weird is going on at deja.com with this newsgroup
================smb.conf==================
[public]
comment = Public Directory (usually F:)
path = /export/public
write list = @users
map archive = yes
directory mode = 0775
create mode = 0775
public = no
writable = yes
printable = no
browseable = yes
------------------------------
From: s <[EMAIL PROTECTED]>
Subject: Re: DHCP and nameservers
Date: Sat, 21 Aug 1999 06:03:12 GMT
you may need to up grade your dhcp be care full u need the new vertion
install from the rpms on cd-rom or from your down load there 2 get the
newer one
and type this after u install it dhcpcd -h "DNS name"
use the dns name from your sheet that @home gave u
for ie... mine is dhcpcd -h cc1003148-a
this will some what set up your /etc/resolv.conf
i can ping gate way or dns
help me plz
s wrote:
>
> hi i have @home and cant ping my gate way 24.7.63.1
> netmask 24.0.200.33 or 24.0.200.34
> my ip 24.7.63.1 I can ping my own ip but thats all
> network card is up and running fine but ndc400 nic card retek chipset
> RTL8029(AS)
>
> resolv.conf
> domain stana1.occa.home.com
> 24.0.200.33
> 24.0.200.34
>
>
> cant help but tell me how u got that far
>
> "my @home install data sheet"
>
> DHCP 24.1.8.70
> dns 24.0.200.33 and 24.0.200.34
> netmask 255.255.255.128
> subdomian stana1.occa.home.com
> broadcast "none"
> ip 24.7.63.9
> login schairez
> dns name or computer name = CC1003148-A
> mail server = mail
> directory server = directory
> news server =news
> web Proxy server name http://proxy:8080
>
> help my pleas thanks a lot
>
> Jonathan Pryor wrote:
> >
> > I'm trying to get DHCP working with Red Hat 6, and for the
> > most part have succeeded -- the IP address for my adapter
> > is getting set without my explicitly setting it. Quite nice.
> >
> > My problem is that even though the IP address is being set,
> > the nameservers don't seem to be -- I'm unable to ping any
> > other systems via DNS (though I can ping them if I know
> > their IP address).
> >
> > I tried looking the the DHCP mini-howto, but it's information
> > seemed to be geared toward previous versions of linux
> > (pre 2.2 kernels), and a lot of its steps for modifying config
> > files didn't seem to match the RH6 files. It also didn't seem
> > to mention anything about automatic updating of nameservers.
> >
> > Are nameservers supposed to be automatically updated
> > through DHCP, or do I need to know the nameservers in
> > advance? If they're supposed to be configured automatically,
> > what do I need to do to configure DHCP?
> >
> > Thanks,
> > - Jon
------------------------------
From: Magnus Svensson <[EMAIL PROTECTED]>
Subject: Re: telnet as root
Date: Fri, 20 Aug 1999 18:31:03 +0200
Reply-To: [EMAIL PROTECTED]
sean messenger wrote:
>yup.
>you should be able to control all the root functionality by simply
>su'ing over to the user profile of root (w/ appropriate password), but
>i've not been able to scan root mail from that profile, as su'ing seems
>to change only permissions profiles but not user i.d.
>any way to telnet in, su to root, and scan system mail messages with
>native mail readers?
just do su -l instead
/Magnus Svensson
[EMAIL PROTECTED]
------------------------------
From: Magnus Svensson <[EMAIL PROTECTED]>
Subject: Re: Appending a ext2 filesystem
Date: Fri, 20 Aug 1999 17:33:57 +0200
Reply-To: [EMAIL PROTECTED]
Viorel Anghel wrote:
On Wed, 18 Aug 1999 19:36:38 -0700, John Hardin <[EMAIL PROTECTED]> wrote:
>>Magnus Svensson wrote in message <[EMAIL PROTECTED]>...
>>Gee... can't you try to remember a little harder... :)
>>
>>Seriously, if anyone can name these tools, I'll be eternally grateful. :)
>md-tools
>Multi-Disk-HOWTO, chapter 9.3 Multiple devices
Ah, scanning through the Software-RAID mini FAQ I saw that there is a linear
append mode in the RAID kernel settings. I knew I'd read that before. And I can
boot from it too... with a bit of luck :)
/Magnus Svensson
[EMAIL PROTECTED]
------------------------------
From: "�˼��H" <[EMAIL PROTECTED]>
Crossposted-To: tw.bbs.comp.linux
Subject: samba + ipchains
Date: Sat, 21 Aug 1999 00:42:59 +0800
can samba work with ipchains?! which port should be opened?
------------------------------
Subject: Re: Can Linux "see" Win95 drive/folders? How?
From: [EMAIL PROTECTED] (Mike)
Date: Sat, 21 Aug 1999 09:12:30 GMT
[EMAIL PROTECTED] (Jon Sundquist) wrote in <[EMAIL PROTECTED]>:
>Michael Ward wrote:
>>
>> With Samba I have been able to make my W95 box "see" the Linux box
>> (folders, sub-f, files), but how do you get the Linux machine to see
>> drives/folders/files on the W95 machine?? I have tried everything I can
>> think of/read about. Many thanks for any suggestions.
>
>Make sure that you log into Win95 as the same name as a user on you
>linux box, and that the the win95 workgroup name (see identification
>under control panel -> network) is the same as the work group that you
>have named in the samba configuration file. You'll only be able to see
>the directories that you say are readable in the configuration file,
>plus the home directory of the username you logged into the win95 box
>with.
>
>Jon S.
From
http://samba.isca.uiowa.edu/samba/docs/FAQ/#31
----
Win9X in User Level Access mode
> I've Samba running as a NT-Server, but there is a problem :
>
> When i want to share something on the win95-client, this client wants a
> userlist from the NT-Server (Samba).
> How can I make Samba providing a userlist ?
Sorry. This is not yet supported. Some time after we release samba-2.0.0
we will commence the long task of implementing this functionality. For now
you can should not put your Win95 or Win98 system into User Level Access
mode.
----
In other words, only use share-level access control. For info on this,
check out
http://www.sfu.ca/~yzhang/linux/samba/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
