Re: radisu help
> Does anyone know how can I limit the access in radius to a group of users? > my users file is like this First of all, I use Cistron Radius, so some of this may be native to Cistron. I added groups to my Debian system... email, isdn1, isdn2, dedicate. Email-Only accounts can't get logged in. They don't pay for dial-up access, only POP accounts. They won't actually see the Reply-Message if the use Windows (MS doesn't follow the PPP specs on that one...). ISDN1 is allowed 56/64K only. ISDN2 is allowed 2 ISDN channels. Dedicate never gets kicked off (they pay for 24x7). Just add the user accounts to the proper groups on Debian. # Users in the UNIX /etc/group 'email' group can't login DEFAULT Group = "email", Auth-Type = Reject Reply-Message = "Your account is for email only" DEFAULT Group = "isdn1", Auth-Type = System, Simultaneous-Use = 1 Port-Limit = 1, Fall-Through = Yes DEFAULT Group = "isdn2", Auth-Type = System, Simultaneous-Use = 2 Port-Limit = 2, Fall-Through = Yes DEFAULT Group = "dedicate", Auth-Type = System, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500, Fall-Through = No # All other accounts are to be checked against the UNIX /etc/passwd. # Accounts are limited to 1 concurrent login, 6 hour session limit, and # a 20 minute idle timer. Also, Analog calls Only! No ISDN! DEFAULT Auth-Type = System, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500, Session-Timeout = 21600, Idle-Timeout = 1200, Port-Limit = 0, Fall-Through = No Good Luck, Mark == Mark A. Bialik (414) 290-6749 Network/Security Manager http://www.linux.org Infinity HealthCare, Inc. [EMAIL PROTECTED] Mequon, WI USA Debian/GNU Linux Documentation Project ==
Re: mkswap error
Blow away the partition and recreate it. If that doesn't work, try to format it as ext2 to see if there is a disk defect. You'll then be able to run fsck. Badblocks might also give you some useful info. At 05:01 PM 8/1/00 -0700, Kevin wrote: > swap_free: swap-space map bad (entry 011d1000) > VM: Removing swap cache page with zero inode hash on page c38a8000 +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100
radisu help
Hi all. Does anyone know how can I limit the access in radius to a group of users? my users file is like this DEFAULT Simultaneous-Use = 1,Auth-Type = System Fall-Through = 1 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-IP-Netmask = 255.255.255.255 now I check the password file, but pop users can log too. I was thinking that I could put the log accounts into a group called "loggroup" and just accept the passwords of accounts that belongs to this group. But I have no idea of how to it or if this is the correct way of doing it. I apreciate any help. Thank you guys.
Re: radisu help
> Does anyone know how can I limit the access in radius to a group of users? > my users file is like this First of all, I use Cistron Radius, so some of this may be native to Cistron. I added groups to my Debian system... email, isdn1, isdn2, dedicate. Email-Only accounts can't get logged in. They don't pay for dial-up access, only POP accounts. They won't actually see the Reply-Message if the use Windows (MS doesn't follow the PPP specs on that one...). ISDN1 is allowed 56/64K only. ISDN2 is allowed 2 ISDN channels. Dedicate never gets kicked off (they pay for 24x7). Just add the user accounts to the proper groups on Debian. # Users in the UNIX /etc/group 'email' group can't login DEFAULT Group = "email", Auth-Type = Reject Reply-Message = "Your account is for email only" DEFAULT Group = "isdn1", Auth-Type = System, Simultaneous-Use = 1 Port-Limit = 1, Fall-Through = Yes DEFAULT Group = "isdn2", Auth-Type = System, Simultaneous-Use = 2 Port-Limit = 2, Fall-Through = Yes DEFAULT Group = "dedicate", Auth-Type = System, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500, Fall-Through = No # All other accounts are to be checked against the UNIX /etc/passwd. # Accounts are limited to 1 concurrent login, 6 hour session limit, and # a 20 minute idle timer. Also, Analog calls Only! No ISDN! DEFAULT Auth-Type = System, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500, Session-Timeout = 21600, Idle-Timeout = 1200, Port-Limit = 0, Fall-Through = No Good Luck, Mark == Mark A. Bialik (414) 290-6749 Network/Security Manager http://www.linux.org Infinity HealthCare, Inc. [EMAIL PROTECTED] Mequon, WI USA Debian/GNU Linux Documentation Project == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mkswap error
Blow away the partition and recreate it. If that doesn't work, try to format it as ext2 to see if there is a disk defect. You'll then be able to run fsck. Badblocks might also give you some useful info. At 05:01 PM 8/1/00 -0700, Kevin wrote: > swap_free: swap-space map bad (entry 011d1000) > VM: Removing swap cache page with zero inode hash on page c38a8000 +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
radisu help
Hi all. Does anyone know how can I limit the access in radius to a group of users? my users file is like this DEFAULT Simultaneous-Use = 1,Auth-Type = System Fall-Through = 1 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-IP-Netmask = 255.255.255.255 now I check the password file, but pop users can log too. I was thinking that I could put the log accounts into a group called "loggroup" and just accept the passwords of accounts that belongs to this group. But I have no idea of how to it or if this is the correct way of doing it. I apreciate any help. Thank you guys. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
mkswap error
Somewhat offtopic but I love you guys, and I'm sure you love me. I'm doing a mkswap -c /dev/sda2. I'm getting this error. swap_free: swap-space map bad (entry 011d1000) VM: Removing swap cache page with zero inode hash on page c38a8000 -- Kevin - [EMAIL PROTECTED]
mkswap error
Somewhat offtopic but I love you guys, and I'm sure you love me. I'm doing a mkswap -c /dev/sda2. I'm getting this error. swap_free: swap-space map bad (entry 011d1000) VM: Removing swap cache page with zero inode hash on page c38a8000 -- Kevin - [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian and LDAP
> > my users faster, and it's more straight-forward ( without using > Are you sure that you used indices on your entries? hmmm, what are indices and how can I use them? > > in their outlook or netscape or whatever addressbooks? > The main fear I have is exactly that our custumers *will* see each other in > their userbase because of a little typo in these very ugly openldap > security rules :-( duh? could you elaborate on that? I don't quite follow and understand what could be the problem? regards, Eyck
Re: Debian and LDAP
> > my users faster, and it's more straight-forward ( without using > Are you sure that you used indices on your entries? hmmm, what are indices and how can I use them? > > in their outlook or netscape or whatever addressbooks? > The main fear I have is exactly that our custumers *will* see each other in > their userbase because of a little typo in these very ugly openldap > security rules :-( duh? could you elaborate on that? I don't quite follow and understand what could be the problem? regards, Eyck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: masquerade question
On Sat, 29 Jul 2000, MikeF wrote: > I trying this: > ipchains -A output -s 192.168.2.0/24 0:65535 -d 205.244.199.3/32 21 -p > tcp -l -j DENY do you realize that if you're masquerading, the _OUTPUT_ chain will see no internal ip addresses ? reading ipchains-howto is strongly recommended. especially the parts marked ``for ascii-art fans''. -- [-] ``SSH... Don't Tell Anyone It's Free...'' ... and just what the hell was i doing before i got so rudely interrupted ?
Re: 2500 Linux workstation !
On Thu, 27 Jul 2000, Catalin Ciocoiu wrote: >In a slashdot articol somebody lace a interesing question >What is the best solution for a network width 2500 Linux WorkStation ? >I proposed a diskless workstation sollution becose is very robust >sollution. >Is it a good sollution >What filesystem can be used for file sharing ?? Is NFS ok ??? >What kind of authentification can be used in this network ? > >I waiting your answares !! One problem with diskless workstations is the issue of what happend when they all reboot simultaneously (EG power failure). I suggest that you setup a diskless workstation that is fully configured (X, xdm, etc), reboot it and track the amount of data transfer that is required. I guess that it might be about 30M of data access on disk. Multiply that by 2500 and that's 75G of data transfer, it would be 2 hours of network transfer on 100baseT if you didn't have timeouts and retransmits. Of course with that load you would have heaps of timeouts and it would take much longer... The good thing about diskless booting is that all machines will access mostly the same files if you have it configured correctly. The boot space of a diskless machine should fit into cache on the server (so disk bandwidth shouldn't be an issue). If you have a server with 10 * 100baseT network interfaces or 1 * 1G interface (the most that the bus bandwidth of typical PC servers can handle) then it could possibly handle 800 PCs for booting in a reasonable amount of time (5-10 minutes). So if you had 4 such machines for running the boot process (IE the root file system) and another set of machines for /home (which is much harder because the data is more important) then it could be workable. One thing I have been thinking of doing (an item on my almost infinitely long todo list) is to hack a kernel to log the details of file access (file name and the operation (read/write/etc) and the amount of data to klog and then have a modified klogd write this data to a file which is outside this logging (can't have it logging it's own accesses ;). Then I could boot the machine (NB would need a extra-large klogd buffer to capture file access before klogd had been loaded) and find out how much disk access really happens at boot. -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: masquerade question
On Sat, 29 Jul 2000, MikeF wrote: > I trying this: > ipchains -A output -s 192.168.2.0/24 0:65535 -d 205.244.199.3/32 21 -p > tcp -l -j DENY do you realize that if you're masquerading, the _OUTPUT_ chain will see no internal ip addresses ? reading ipchains-howto is strongly recommended. especially the parts marked ``for ascii-art fans''. -- [-] ``SSH... Don't Tell Anyone It's Free...'' ... and just what the hell was i doing before i got so rudely interrupted ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 2500 Linux workstation !
On Thu, 27 Jul 2000, Catalin Ciocoiu wrote: >In a slashdot articol somebody lace a interesing question >What is the best solution for a network width 2500 Linux WorkStation ? >I proposed a diskless workstation sollution becose is very robust >sollution. >Is it a good sollution >What filesystem can be used for file sharing ?? Is NFS ok ??? >What kind of authentification can be used in this network ? > >I waiting your answares !! One problem with diskless workstations is the issue of what happend when they all reboot simultaneously (EG power failure). I suggest that you setup a diskless workstation that is fully configured (X, xdm, etc), reboot it and track the amount of data transfer that is required. I guess that it might be about 30M of data access on disk. Multiply that by 2500 and that's 75G of data transfer, it would be 2 hours of network transfer on 100baseT if you didn't have timeouts and retransmits. Of course with that load you would have heaps of timeouts and it would take much longer... The good thing about diskless booting is that all machines will access mostly the same files if you have it configured correctly. The boot space of a diskless machine should fit into cache on the server (so disk bandwidth shouldn't be an issue). If you have a server with 10 * 100baseT network interfaces or 1 * 1G interface (the most that the bus bandwidth of typical PC servers can handle) then it could possibly handle 800 PCs for booting in a reasonable amount of time (5-10 minutes). So if you had 4 such machines for running the boot process (IE the root file system) and another set of machines for /home (which is much harder because the data is more important) then it could be workable. One thing I have been thinking of doing (an item on my almost infinitely long todo list) is to hack a kernel to log the details of file access (file name and the operation (read/write/etc) and the amount of data to klog and then have a modified klogd write this data to a file which is outside this logging (can't have it logging it's own accesses ;). Then I could boot the machine (NB would need a extra-large klogd buffer to capture file access before klogd had been loaded) and find out how much disk access really happens at boot. -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]