Linux-Networking Digest #510, Volume #12 Wed, 8 Sep 99 08:13:29 EDT
Contents:
Strange error in SAMBA log (Steven Sykes)
Is IPFWADM a complete pig's ear or what ? (jim)
Re: Help setting up an SSL web server (Wouter Boussemaere)
selectable DHCP or static IP on a single NIC? (Guido Sarducci)
Re: Alias user in Linux or Samba? (Martin Pauley)
Re: setup linux lan ("Jean-Marc Gemperle")
Re: IP masquerading ("Jean-Marc Gemperle")
Re: ipppd and defaultroute (Alexander Dietrich)
unable to lock password file ("Paulus")
Slow Network problem (Elmar)
VPN ("Ibrahim Hamouda")
Re: HELP FTP won't UnShut! (M. Buchenrieder)
Re: unable to lock password file (Tony Green)
Re: #@$% Token Ring ("Al @Work")
----------------------------------------------------------------------------
From: Steven Sykes <[EMAIL PROTECTED]>
Subject: Strange error in SAMBA log
Date: Wed, 8 Sep 1999 18:33:04 +1200
Hi all,
I've just installed Samba 2.0.5a and am using an error log level of 1
and I've been noticing that from time to time an error such as the
following will appear... (IP number purposely replaced by x's)
[1999/09/07 16:42:12, 1] lib/util_sock.c:(1030)
Gethostbyaddr failed for x.x.x.x
This is a Windows NT 4 client machine and the above error will happen
for other machines and not just x.x.x.x
What causes this to happen and what is it specifically? Is there
something with my smb.conf file I need to add/amend to stop it? Although
I haven't included the output of smbtest, I'm not using Samba to act as
a domain controller or anything to replace the NT server which is also
on the network.
Cheers,
--
Steven
Webmaster of WACC - Wellington Acorn Computer Club
WACC pages: http://homepages.paradise.net.nz/~pbrowne/WACC/
Phone: (03) 358-5601 or (025) 908-448
My pages: http://homepages.paradise.net.nz/~acorn/
... Where's my 640Meg SIMM? I want to run Excel!
------------------------------
From: jim <[EMAIL PROTECTED]>
Subject: Is IPFWADM a complete pig's ear or what ?
Date: Wed, 08 Sep 1999 10:54:17 +0100
dear Gurus all,
I am trying to set up routing on a linux box connected to a local
network. I am trying to route smtp from a local client through the linux
gateway to the ISP. The requests are refused. Why ? the rules i have set
seem reasonable to me.
Is IPFWADM devised by a twisted mentality or am i totally stupid ??
Please don't say use IPCHAINS because that would cause me more problems
in going to a newer kernel at the moment.
This is an extract of my firewall script, executed when ppp is up:-
$1 is the IP address given to me by the ISP
OUTSIDE_IF="$1"
OUTSIDE_NET="$1/32"
INSIDE_NET="193.122.170.0/24"
MAIL_IF="195.92.193.25"
ipfwadm -O -a accept -V $OUTSIDE_IF -S $OUTSIDE_NET -D $MAIL_IF 25 -o
ipfwadm -O -a accept -V $OUTSIDE_IF -S $OUTSIDE_NET -D $MAIL_IF 110 -o
#Masquerade from local net on local interface to anywhere.
ipfwadm -F -a masquerade -V $OUTSIDE_IF -S $INSIDE_NET -D 0.0.0.0/0
This is what happens if I try to connect to port 25 at MAIL_IF:--
ep 8 10:37:47 gateway kernel: IP fw-out deny ppp1 TCP
62.136.27.149:62761 195.
92.193.25:25 L=44 S=0x00 I=32787 F=0x0040 T=127
Sep 8 10:37:48 gateway kernel: IP fw-out deny ppp1 TCP
62.136.27.149:62762 195.
92.193.25:25 L=44 S=0x00 I=34067 F=0x0040 T=127
Sep 8 10:37:50 gateway kernel: IP fw-out deny ppp1 TCP
62.136.27.149:62763 195.
92.193.25:25 L=44 S=0x00 I=36115 F=0x0040 T=127
cheers
------------------------------
From: Wouter Boussemaere <[EMAIL PROTECTED]>
Subject: Re: Help setting up an SSL web server
Date: Wed, 08 Sep 1999 12:20:45 +0200
Reply-To: [EMAIL PROTECTED]
Hi,
I have several Apache+SSL+PHP3+FP+DHTML - servers running and don't have any
problems installing and configuring...
(I would definately follow up Ken's advice not to use RPMS!!!)
So if I were you and you want a reliable secure server just use Apache-SSL...
Here is a link that could be helpfull:
http://metalab.unc.edu/mdw/HOWTO/mini/Apache+SSL+PHP+fp.html
Hope this helps,
Wouter
[EMAIL PROTECTED] wrote:
>
> I have a friend who I think had a go but failed - due to lack
> of willingness to percivere. He chose Apache and the SSL package
> that runs on top of it. But having read the attached docs, easy
> does not come into it!
>
> Apache would be my choice!!
>
> Alex
>
> Ken <[EMAIL PROTECTED]> wrote:
> : Well, "easy to setup" and "SSL web server" usually aren't used in the
> : same sentence. All depends on your Linux experience.
> : I just setup an Apache based SSL server on Redhat60. My first word of
> : advice ... FORGET ABOUT RPMS!!!
> : I tried 4 different RPM distributions (including Mandrake's Secure
> : Server) ... while all worked, they were also terrible performers ...
> : broken gifs and background images over a 100Mb/s LAN!
> : After installing Apache, OpenSSL, and Mod_ssl from tar balls, I have a
> : screaming secure server!
>
> : Check out http://www.modssl.org and have fun!
> : -Ken
>
> : Peter wrote:
>
> :> What is a good and easy-to-setup SSL web server, preferably a daemon
> :> process. I work in Boston and have to administer a linux box in
> :> california! Any mini-HOWTOs would be helpful.
> :>
> :> Thanks
> :>
> :> --
> :> --Peter Eacmen
> :> [EMAIL PROTECTED]
--
Wouter Boussemaere (wouter_at_duo_dot_be)
DUO bvba, Bruges, Belgium (http://www.duo.be)
"Open source software - with no walls and fences, who needs Windows and Gates?"
"Sick of crashing? Switch to Linux! The most reliable OS in the universe..."
"Q: When will my system be installed and configured? A: NT = Not Today"
*******************Internet Email Confidentiality Footer*******************
Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery of
the message to such person), you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly notify the sender by
reply email. Please advise immediately if you or your employer does not consent
to Internet email for messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official business of my
firm shall be understood as neither given nor endorsed by it.
------------------------------
From: [EMAIL PROTECTED] (Guido Sarducci)
Crossposted-To: comp.os.linux.portable
Subject: selectable DHCP or static IP on a single NIC?
Date: Wed, 08 Sep 1999 07:02:35 GMT
I have a static IP for my laptop at home, and often take it to work
where I want to plug it into the DHCP-managed network. Silly me, I
thought I would be able to create an alias in the 'netcfg' interfaces
panel, and then switch between networking configurations on my one
ethernet interface. However, everything changes -- the default route,
the default domain, dns servers. I'm just about stumped, but I have a
few ideas left. (BTW, the system in question is a Dell XPi, 3c589,
and docking station running RH60; there are no problems with the basic
hardware.) Here are the options I have:
- I can use DHCP at home as well as work, instead of a home static IP.
However, this still leaves the problem of deafult route, domain, and
dns servers all changing.
- I *might* be able to use the ethernet interface in the docking
station (SMC 91c92; theoretically works with a later SMC driver). I
would configure it to the home IP, and configure the 3c589 card to
always look for dhcp. The drivers for the docking station would fail
if I were at work, and the card drivers would fail while at home, but
I'd have one working interface at each place. This sure isn't the
elegant solution I was hoping for, and still leaves the issue of the
default domain and dns servers.
- Reload SuSE and hope that Yast can make sense of this. (The black
box approach.) This is not entirely a silly option, since I have SuSE
6.1 loaded on a removable drive, and can pop it in to try any
solutions. No, I do not want to have one distro on a disk for work
and one for home. (!)
Please post or email me your suggestions, ideas, and/or experiences.
If this is a silly question answered in a faq, please point me to it.
If not, I will publish my results here and on my website (with
appropriate links) when I get this working.
jon
[EMAIL PROTECTED] <<remove digits to reply.
------------------------------
From: Martin Pauley <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security,comp.protocols.smb
Subject: Re: Alias user in Linux or Samba?
Date: 08 Sep 1999 10:52:16 +0100
"mms67" <[EMAIL PROTECTED]> writes:
> 1. Is it possible in Linux (or Unix in general) to have two different user
> names that map to the same user ID? For example, to have user1 be equivalent
> to root, so they have distinct user names but the same user ID (number)?
Yes. Use the vipw command (always!) to add the following line to
/etc/passwd and you'll have it:
user1:x:0:0:root alias:/tmp:/bin/bash
If you use shadow passwords, you also need to edit /etc/shadow and add
a line there: copy the line for root and change 'root' to 'user1'.
If you don't use shadow passowrds, remove the 'x' from the line you
added to /etc/passwd. If you want to change the home directory for
user1, change the '/tmp' in the line to whatever you want. You can
also change the 'root alias' field to something else.
Having an alias like this could cause some problems since Linux and
other Unix flavours use the uid and not the name to identify the
user. So, unless an application examines the LOGNAME or USER
environment variables, it will think user1 is the same as root.
Now that you know how to do it, could you tell us why you want to.
There may be a better way to do what you want without the alias.
> 2. Is it possible in Samba to map a network user to a Linux user? ...
> 3. Is it possible to tell Samba to use Linux passwords ...
You mentioned that you were using encrypted passwords, and that is the
source of your problem, and there is no easy solution. The problem
occurs because the encryption used in Linux/Unix passwords is
different from the encryption used in Windoze network passwords.
(Actually, the problem is that both systems do not actually use
encryption: if they did then the passwords could be decrypted and the
problem would not exist; both systems use a different one-way hashing
function.) This means that it is impossible to compare Linux/Unix
passwords with the encrypted password that Samba receives.
This problem is discussed at length in the Samba documentation, and
two solutions are presented:
1. Convince your Windoze machines to send plaintext passwords. You
need to change the registry to do this: you should have received two
files called "Win95_PlainPassword.reg" and "NT4_PlainPassword.reg"
with Samba that can be double-clicked in Windoze to patch the registry
for you; if you don't have the files, search the Samba documentation
to find out where to get them or how to do it yourself.
2. Synchronize Samba and Linux passwords (you mentioned that linuxconf
will do this for you). As far as I understand it, this configures
your Linux system to change both passwords when you try to change one
of them. Check your documentation to see how complete this is, since
there are three combinations that could exists: change Samba password
and auto-change Linux password (quite likely); change Linux password
and auto-change Samba password (possible); or both.
Personally, I prefer to keep my Linux password different from my
Windoze password, especially if I am part of an NT domain (I use
"security=server" in this case).
I hope that helps.
-- Marty
------------------------------
From: "Jean-Marc Gemperle" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security
Subject: Re: setup linux lan
Date: Wed, 8 Sep 1999 12:11:18 +0200
Hi,
If you have your lan already working and your linux box able to connect to
the internet then the rest is a piece of cake thanks to
http://members.home.net/ipmasq/ipmasq-HOWTO-1.77.html
Cheers
Jean-Marc Gemperle
andreas <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> hi
>
> i want to setup a small lan with linux server and linux client (and/or
> win client)
> i have isdn connection and want the server modem to be shared among the
> clients as dial up connection.
> i want to ask if some can give me information or a good resource to find
> out how to config and secure the network (software, configs).?
> furthermore can i establish a secure connection to this network from the
> internet using laptop to access files, emails?
> any recommendations for a preferable distribution?
> do i need an static ip from my provider, or even more than one?
> regarding the network hardware what is a better/cheeper solution for
> cables coax or twisted pair? (distance between clients around 10-20m)
>
> that's pretty much right away...thanks for help
> Andreas
>
------------------------------
From: "Jean-Marc Gemperle" <[EMAIL PROTECTED]>
Subject: Re: IP masquerading
Date: Wed, 8 Sep 1999 12:07:55 +0200
Hi
This howto is great, I' m quite new to linux and have poor networking
knowledge but it get me this feature working first try on RH6.
http://members.home.net/ipmasq/ipmasq-HOWTO-1.77.html
Cheers
Jean-Marc Gemperle
Colvin <[EMAIL PROTECTED]> wrote in message
news:7r3gul$ioh$[EMAIL PROTECTED]...
> I found that this article
> http://www.bynari.com/lcsrc.org/fwconsulting.html )contains the minimum
you
> need to get started. After that check out the IPCHAINS-HOWTO to add
> refinements.
>
> Regards
> Bill Colvin
>
> Anders Peterson wrote in message <7r2vbn$c3u$[EMAIL PROTECTED]>...
> >I (will soon) have a small network sharing an ADSL connection via a
> >Linux server. Can anyone point me to a description of how to set up IP
> >masquerading on that server?
>
>
>
------------------------------
From: Alexander Dietrich <[EMAIL PROTECTED]>
Subject: Re: ipppd and defaultroute
Date: Wed, 08 Sep 1999 11:43:08 +0200
Reply-To: [EMAIL PROTECTED]
Dmitri Barski wrote:
>"autodial" mode: when disfconnecting ( after the huptimeout or after
>isdnctrl hangup ), ipppd ( at least I think it's him ) deletes the
>default route pointing to ippp0. Therefore, when I later try to connect
>to something outside my ISP's net ( i.e. outside 134.91. ), it fails
>with "network unreacheable". I've tried "defaultroute" ( which would
Hi,
check if you have a shellscript /etc/ppp/ip-down, on my box it looks
like this:
===== snip =====
#!/bin/sh
/sbin/route add default ippp0
===== snip =====
This adds a defaultroute to ippp0 every time ipppd hangs up.
Good luck,
Alexander Dietrich
--
| Alexander Dietrich | The turtle moves ! |
| e-mail: [EMAIL PROTECTED] |
| Please delete the underscores. |
------------------------------
Reply-To: "Paulus" <[EMAIL PROTECTED]>
From: "Paulus" <[EMAIL PROTECTED]>
Subject: unable to lock password file
Date: Wed, 8 Sep 1999 17:31:38 +0700
1. I create interface to add newuser using cgi dan can run through browser.
But I have a problem, while executing adduser throught broswer.
The message is :
useradd : Unable to lock password file.
how to solve this. Where the problem? in apache setting?
2. how to make my linux box act as internet server.
My linux coonect to internet and client (win95) can browse too.
3. I run squid 2 patch 25, I get the following message in squid.out:
StoreDiropen SwapLogs: Failed to open swap log
hellp me please
Paul
------------------------------
From: Elmar <[EMAIL PROTECTED]>
Subject: Slow Network problem
Date: Wed, 8 Sep 1999 12:01:32 +0200
I have a network with a couple of linux servers (2.2.7) with samba and ne=
ws.
The problem starts with a windows98 client that is very slow on network t=
rafic
(most of the time around 10kbits/s on a 10 Mb UTP network). This client l=
ogs on
correctly on the samba-server and the network drives ar mounted ok.
All NIC seems to work properly. Network trafic between linux -servers wor=
ks on
almost full speed, also with large files.
Does anyone has an idee to solve this problem?
Elmar
[EMAIL PROTECTED]
------------------------------
From: "Ibrahim Hamouda" <[EMAIL PROTECTED]>
Subject: VPN
Date: Wed, 08 Sep 1999 03:49:51 GMT
Hi all
I'm totally new to this staff.
I have a windows NT PDC with 20 workstations behind it.
I built a linux box to act as a firewall and port forwarder for the web and
mail servers.
in three days I got the IPMasq and firewall and port forwarding working
fine.
Now my BOSS needs to be able to connect via VPN to the network with his
laptop.
it's taking me a week now trying to get this working.
I installed SSH2, and trying to install StrongCrypto from
http://www.strongcrypto.com/
but no way.
there isn't enough documentation even for building and installing the
packages.
could somebody help please, you know it's not easy to find a job or to
change the BOSS these days.
I'm running Slakware 4.0 with 2.2.6 kernel.
please start with me from scratch if you wanna help, as I said I'm new to
the stuff
Ibrahim Hamouda
------------------------------
Crossposted-To: comp.os.linux.questions,comp.os.linux.misc,comp.os.linux.help
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: HELP FTP won't UnShut!
Date: Wed, 8 Sep 1999 07:03:07 GMT
"Christopher R. Thompson" <[EMAIL PROTECTED]> writes:
>Help! I ftpshut my sever and now I can't get it started again. What do I
>do?
[...]
RTFM. "man ftpshut" will tell you.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: Tony Green <[EMAIL PROTECTED]>
Subject: Re: unable to lock password file
Date: Wed, 08 Sep 1999 12:02:47 +0100
I'll give it my best shot.....
> 1. I create interface to add newuser using cgi dan can run through browser.
> But I have a problem, while executing adduser throught broswer.
> The message is :
> useradd : Unable to lock password file.
> how to solve this. Where the problem? in apache setting?
The problem is that you need to be root to add new users. By default the httpd
deamon runs as "nobody" - therefore has no permissions to do this. It's VERY
bad practice to try things like this especially if your machine will be
connected to the net.
>
>
> 2. how to make my linux box act as internet server.
> My linux coonect to internet and client (win95) can browse too.
>
You need to set up PPP and IPCHAINS. I would suggest a quick visit to
http://www.linuxberg.com They have a large how-to section which covers both of
these topics in some detail
>
> 3. I run squid 2 patch 25, I get the following message in squid.out:
> StoreDiropen SwapLogs: Failed to open swap log
>
Don't know about this one - never used squid
>
> hellp me please
>
I hope I have :-)
> Paul
Tony
------------------------------
From: "Al @Work" <[EMAIL PROTECTED]>
Subject: Re: #@$% Token Ring
Date: Wed, 08 Sep 1999 06:59:01 -0400
the MC wrote:
>
> Hi Dudes.
> I've just built my first Linux Box. All is looking good, but there is a
> problem with initialising the Token Interface at boot.
>
> Onve the server is up, i manually initialtialize the card using MODPROBE
> IBMTR then assign ip adresses and setup routing etc...
>
> what files do i need to edit to make the system do this for me.
> When the system boots, the card tries to initialise but fails. Being a
> newbie (To linux, not generally) i'm lost.
>
> Much appreciated
> MC
Start with the Token Ring Mini-HOWTO:
http://www.ssc.com/mirrors/LDP/HOWTO/mini/Token-Ring.html
Only certain cards are supported...
Al
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
