Re: [SLUG] Hiding LDAP binddn/passwd
Del wrote: There are a lot of different ldapsearch'es out there, so the answer will vary with each one. For the time being I'll assume you are using OpenLDAP. Yep, using OpenLDAP. The obvious, but complex, answer is to use SASL Kerberos. Then you just get the tgt once and from then on you're bound to the server. OK, got this. Had done Kerberos before. That's a whole minefield of things that need setting up so I suggest you google about for it a bit, there is plenty of documentation. I did and found a few that's meaningful and stuck to it. I just search for 'OpenLDAP tutorial'. Got my setup to work, like this: got tgt once as you said and use OpenLDAP commands over-and-over, as I want it. $ kinit beav $ ldapsearch -Y gssapi The next obvious answer is to use -y passwdfile, where passwdfile contains the password you want to use. That file should be somewhere where nobody else can find it, and where only you can read it, and even then I wouldn't trust it. I wouldn't trust this, too. I got to hide my binddn and bindpw. Thanks very much. Beav -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Webdav and windows xp clients
Hi All About a week ago i posted a request for help about windows xp and webdav using apache. Unfortunately no-one had experience with making it work. But a fix has come to my attention The trouble is that somewhere along the line M$ decided to disable basic authentication. Unfortunately (as i understand it) Windows doesn't understand Digest authentication either. which basically screwed Windows ability to login. Also this meant that it (Windows) could only authenitcate using the server\username format which apache didn't understand. The trick is to add a registry setting to re-enable basic authentication. I'm sure many others have already figured this out but hopefully this can help someone else. So if the following lines Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters] UserBasicAuth=1 ... are put into a file called UserBasicAuth.reg the user can just double click on to fix the problem without using regedit. AFAIK the remote folder cannot be mapped to a drive letter but it can be saved as a web folder under network places It works for me but I would appreciate some feedback on it before i started giving it to others for use Regards Phill -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Webdav and windows xp clients
This ia a tremendously useful piece of information and solves a problem that I have come across. How typical of M$ to screw things up in this way, but I bet it will work to IIS without this kludge, thus creating yet more vendor lockin... On Sun, April 23, 2006 01:47, Phill O'Flynn wrote: Hi All About a week ago i posted a request for help about windows xp and webdav using apache. Unfortunately no-one had experience with making it work. But a fix has come to my attention The trouble is that somewhere along the line M$ decided to disable basic authentication. Unfortunately (as i understand it) Windows doesn't understand Digest authentication either. which basically screwed Windows ability to login. Also this meant that it (Windows) could only authenitcate using the server\username format which apache didn't understand. The trick is to add a registry setting to re-enable basic authentication. I'm sure many others have already figured this out but hopefully this can help someone else. So if the following lines Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters] UserBasicAuth=1 ... are put into a file called UserBasicAuth.reg the user can just double click on to fix the problem without using regedit. AFAIK the remote folder cannot be mapped to a drive letter but it can be saved as a web folder under network places It works for me but I would appreciate some feedback on it before i started giving it to others for use Regards Phill -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Howard LANNet Computing Associates http://lannet.com.au When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] News from DLsoft 100% instant rebate invitation only
Title: dfkeincsqccijwgapnupckct (Mailing list information, including unsubscription instructions, is located at the end of this message.) Dear members and friends of DLsoft Team, * We continue to update our software list and add more new products. This week we have added: CorelDraw Graphics Suite X3, Adobe Premiere Professional 2.0, Borland Developer Studio 2006 and many more programs ... Take a look and surf here for More details. or Click here for more specials ... Your cooperation will be met with a great gratitude and appreciation, and well be glad to create more special offers for you in the future. Sincerely yours, DLsoft Team. (C) 2006, DLsoft PTE. All rights reserved. All logos, trademarks, etc. are property of their respectful owners. The following information is a reminder of your current mailing list subscription: You are subscribed to the following list: DLsoft customers Weekly specials using the following email: support @ softbydl com You may automatically unsubscribe from this list at any time by visiting the following URL: http://soft now4less.net/cgi-bin/sub/app/index.cgi If the above URL is inoperable, make sure that you have copied the entire address. Some mail readers will wrap a long URL and thus break this automatic unsubscribe mechanism. You may also change your subscription by visiting this lists main screen: http://softnow4less.net/cgi-bin/members/change.cgi/?hcyhadnkuox wfdni If youre still having trouble, please contact the list owner at: support @ softbydl . com The following physical address is associated with this mailing list: DLsoft, P.O. Box 5009 Pirae Tahiti FP -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Got SASL with OpenLDAP Working - Was: Hiding binddn
Hi Beav, I got SASL w/OpenLDAP working too. I googled OpenLDAP Tutorial and pick this one: http://www.acay.com.au/~oscarp/tutor This tutorial is using Fedora Core 4 and so installed it. Beav wrote: ..CUTCUT.. The obvious, but complex, answer is to use SASL Kerberos. Then you just get the tgt once and from then on you're bound to the server. OK, got this. Had done Kerberos before. That's a whole minefield of things that need setting up so I suggest you google about for it a bit, there is plenty of documentation. I did and found a few that's meaningful and stuck to it. I just search for 'OpenLDAP tutorial'. Got my setup to work, like this: got tgt once as you said and use OpenLDAP commands over-and-over, as I want it. $ kinit beav $ ldapsearch -Y gssapi In addition, I also got other SASL auths with OpenSSL to work. PG -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: Got SASL with OpenLDAP Working - Was: Hiding binddn
On 4/23/06, Philip Greggs [EMAIL PROTECTED] wrote: Hi Beav, I got SASL w/OpenLDAP working too. I googled OpenLDAP Tutorial and pick this one: http://www.acay.com.au/~oscarp/tutor Yep, that's the one I used. I also used http://www.bayour.com/LDAPv3-HOWTO.html This tutorial is using Fedora Core 4 and so installed it. I'm using Fedora Core 5 and no problem. Beav -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] A Sys Admin's worst nightmare
On Fri, 2006-04-21 at 18:01 +1000, Matthew Hannigan wrote: When are you going to set the root password? Are you sure no-one is going to put a key-logger on the keyboard cable? A camera over your shoulder? Trojan /bin/login to mail/store the cleartext? Initially it was setup prior to anyone having access to the machines. Now it's all being done remotely over SSH. I think that's the best that you can do really. -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: A Sys Admin's worst nightmare
On Sat, 2006-04-22 at 08:14 +0800, [EMAIL PROTECTED] wrote: It's probably too late now, but the proponants are enthusiastic and there is much contributed stuff that various internet cafe's have given. http://www.ltsp.org I had looked into LTSP briefly but nothing jumped out about semi-thin clients. Maybe I didn't look hard enough. A point worth considering: how do you handle RJ45 customers. That seems to be a major business need. We will have a wireless access point captive portal and that is really infintely easier to handle than providing terminals. I think that it's the same for RJ45. Sure people can use their own software/mahcines to attack but that's soo much easier to protect against than users you have ALLOWED onto your PC. -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: A Sys Admin's worst nightmare
On Fri, 2006-04-21 at 18:37 +1000, David Kempe wrote: vlans are fine. but seriously in an internet cafe, just rebuild the machines every day. imaging or scripted builds are possible. netbooting the whole os makes rebuilding pretty easy. just depends on how you set it up etc, but just don't consider the client oses worth keeping would be my strategy. scales better too. Thanks for your comments Dave. I initially wanted to work things this way but had a lot of trouble with scripted builds, particularly with scripting the custom configurations. There's not a lot of in depth documentation about preseeding that I could find. I was trying to get base-config/early_command, base-config/late_command and preseed/late_command to download and run a customisation script but didn't manage to tame it. Seemed to be a problem with the sub-shell being killed off? If you have any sources on this I'd love to see them. Thanks for your thoughts. -- Simon Wong [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: WAS: RE: [SLUG] Invalid credentials error code 49
On Sat Apr 22, 2006 at 09:09:30 +1000, Philip Greggs wrote: On 4/21/06, Benno [EMAIL PROTECTED] wrote: On Fri Apr 21, 2006 at 20:24:10 +1000, Philip Greggs wrote: In Fedora 1, 2, 3, 4, and 5 it is in /etc/openldap/ldap.conf. My ldap.conf #cat /etc/openldap/ldap.conf HOST ldap.example.com.ex BASE dc=example,dc=com,dc=ex You may also test a similar setup using Public LDAP Servers in your 'ldap.conf'. For example, you may try this in your ldap.conf HOST ldap.baylor.edu BASE o=Baylor University,c=US and then do, $ldapsearch -x Or HOST directory.monash.edu.au BASE o=Monash University,c=AU and then do, $ldapsearch -x Makes sense. One more question. How can individual users without superuser access change the LDAP HOST server and/or BASE filter ? Tried this but no joy: $export HOST=ldap.myserver.com $ldapsearch -x One moment a user wants to access Baylor U and another time Monash U but SysAdmin is out to lunch. Is this possible ? From the man page: -H ldapuri Specify URI(s) referring to the ldap server(s). -h ldaphost Specify an alternate host on which the ldap server is running. Deprecated in favor of -H. -p ldapport Specify an alternate TCP port where the ldap server is listen- ing. Deprecated in favor of -H. Thanks Benno. 1. This one works: $ldapsearch -x -H ldap://ldap.example.com.clug -b example.com.clug 2. Not this one: $ldapsearch -x -H ldap://ldap.example.com -b example.com Jimmy: 1. Created .ldaprc in my $HOME with HOST ldap.example.com.clug BASE example.com.clug and $ldapsearch -x works. 2. Not when I changed .ldaprc to HOST ldap.example.com BASE example.com NOTE: I changed my DNS and ldap domain to match each case. So, DNS settings as indicated by O Plameras are important in LDAP. Just to clarify since there are some confusions. Ok, to actually clarify the confusion... (hopefully). DNS is used in ldap at the network layer to determine how to contact the server. DNS is not used by the server, and the base DN is not related to DNS, and you are free to set that to whatever. (Which is what brought this up in the first place.) HTH, Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] File deletion problem.
I want to move all files from an ntfs formatted hard drive which was previously used for download storage under XP to a 200gb hard drive formatted ext3 under kanotix. Some files won't allow deletion even though I tried with both Krusader and MidnightCommander as root. Ownership and user show as root. When I try to delete files using MC I get a message read-only file system (error 30) I'm assuming that this has to do with XP. If I try chmod I get the same message. How can I delete such files without either using XP or re-formatting the drive? Eventually I will reformat the drive but I'd like to know for future reference if there is a fix for this problem Thanks Bill -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] File deletion problem.
afaik, NTFS mounts as read only. You can only format the things.. (I would love to be proven wrong on this :( as I have a couple ntfs drives that need some work) On Sun, 2006-04-23 at 12:51 +1000, bill wrote: I want to move all files from an ntfs formatted hard drive which was previously used for download storage under XP to a 200gb hard drive formatted ext3 under kanotix. Some files won't allow deletion even though I tried with both Krusader and MidnightCommander as root. Ownership and user show as root. When I try to delete files using MC I get a message read-only file system (error 30) I'm assuming that this has to do with XP. If I try chmod I get the same message. How can I delete such files without either using XP or re-formatting the drive? Eventually I will reformat the drive but I'd like to know for future reference if there is a fix for this problem Thanks Bill -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] File deletion problem.
Charles Myers [EMAIL PROTECTED] writes: afaik, NTFS mounts as read only. You can only format the things.. (I would love to be proven wrong on this :( as I have a couple ntfs drives that need some work) That's basically right. I don't keep track of them, but last I heard there was at least one native linux driver that had partial write support. Although it comes with warnings not to use it in write mode, hence it's not enable by default. It may have improved since then. There was also something called captive, from memory, that used the windows ntfs driver for read write support. Both aren't really an option for distros to support out of the box, but can be enabled with a bit of google research and some effort. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: WAS: RE: [SLUG] Invalid credentials error code 49
On 4/23/06, Benno [EMAIL PROTECTED] wrote: On Sat Apr 22, 2006 at 09:09:30 +1000, Philip Greggs wrote: On 4/21/06, Benno [EMAIL PROTECTED] wrote: On Fri Apr 21, 2006 at 20:24:10 +1000, Philip Greggs wrote: In Fedora 1, 2, 3, 4, and 5 it is in /etc/openldap/ldap.conf. My ldap.conf #cat /etc/openldap/ldap.conf HOST ldap.example.com.ex BASE dc=example,dc=com,dc=ex You may also test a similar setup using Public LDAP Servers in your 'ldap.conf'. For example, you may try this in your ldap.conf HOST ldap.baylor.edu BASE o=Baylor University,c=US and then do, $ldapsearch -x Or HOST directory.monash.edu.au BASE o=Monash University,c=AU and then do, $ldapsearch -x Makes sense. One more question. How can individual users without superuser access change the LDAP HOST server and/or BASE filter ? Tried this but no joy: $export HOST=ldap.myserver.com $ldapsearch -x One moment a user wants to access Baylor U and another time Monash U but SysAdmin is out to lunch. Is this possible ? From the man page: -H ldapuri Specify URI(s) referring to the ldap server(s). -h ldaphost Specify an alternate host on which the ldap server is running. Deprecated in favor of -H. -p ldapport Specify an alternate TCP port where the ldap server is listen- ing. Deprecated in favor of -H. Thanks Benno. 1. This one works: $ldapsearch -x -H ldap://ldap.example.com.clug -b example.com.clug 2. Not this one: $ldapsearch -x -H ldap://ldap.example.com -b example.com Jimmy: 1. Created .ldaprc in my $HOME with HOST ldap.example.com.clug BASE example.com.clug and $ldapsearch -x works. 2. Not when I changed .ldaprc to HOST ldap.example.com BASE example.com NOTE: I changed my DNS and ldap domain to match each case. So, DNS settings as indicated by O Plameras are important in LDAP. Just to clarify since there are some confusions. Ok, to actually clarify the confusion... (hopefully). DNS is used in ldap at the network layer to determine how to contact the server. In simple words ldap needs DNS for it to be contacted by ldap clients like 'ldapadd', 'dapsearch', etc. DNS is not used by the server, and the base DN is not related to DNS, and you are free to set that to whatever. (Which is what brought this up in the first place.) You'll have to check IETF RFC 3663 before you bring more confusions, which says in part and I quote: '1.3. Abbreviations Used The following abbreviations are used to describe the nature of this experiment: TLD: Top-Level Domain. Refers to the domain names just beneath the root in the Domain Name System. This experiment used the TLD's .com, .net, .org, and .edu. SLD: Second-Level Domain. Refers to the domain names just beneath a TLD in the Domain Name System. An example of such a domain name would be example.com. DIT: Directory Information Tree. One of many hierarchies of data entries in an LDAP server. DN: Distinguished Name. The unique name of an entry in a DIT. cn: common name. See RFC 2256 [7]. dc: domain component. See RFC 2247 [4]. uid: user id. See RFC 2798 [9].' HTH. PG -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] File deletion problem.
On Sun, Apr 23, 2006 at 01:19:15PM +1000, Charles Myers wrote: afaik, NTFS mounts as read only. You can only format the things.. (I would love to be proven wrong on this :( as I have a couple ntfs drives that need some work) Yeah. You can use the captive ntfs driver (i.e. windows ntfs drivr under linux), but then you would need to have a windows license .. so why not just use windows in the first place to delete it. otoh, the OP wanted to use the whole drive if I'm not mistaken, so he could just copy them off and format it. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] File deletion problem.
On Sunday 23 April 2006 15:01, Matthew Hannigan [EMAIL PROTECTED] wrote: On Sun, Apr 23, 2006 at 01:19:15PM +1000, Charles Myers wrote: afaik, NTFS mounts as read only. You can only format the things.. (I would love to be proven wrong on this :( as I have a couple ntfs drives that need some work) Yeah. You can use the captive ntfs driver (i.e. windows ntfs drivr under linux), but then you would need to have a windows license .. so why not just use windows in the first place to delete it. Captive is *slow* to write. On my system, it filled up my /var with error logs. From my understanding, the Linux NTFS driver can only write to files safely if their size does not change. Otherwise, you risk file corruption. If you frequently share files between Linux and Windows, you're better off using a VFAT partition. Other options include having a separate server running Samba or accessing ext2 filesystems from Windows using a tool like explore2fs. -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] {GnuPG/OpenPGP: http://dhanapalan.webhop.net/yama.asc 0x049D38B4 : A7A9 8A02 78CB AB1B FCE4 EEC6 2DD9 249B 049D 38B4} You never sent me a response on the question of what things an app would do that would make it run with MSDOS and not run DR-DOS. Is there any version check or api they fail to have? Is there [a] feature they have that might get in our way? I am not looking for something they cant get around. I am looking for something their current binary fails on. - Bill Gates, 1988-09-22 pgpXDuE5BnrRy.pgp Description: PGP signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html