RE: [e-smith-devinfo] Freeswan for SME 6.0
I bet Mitel does :) -Original Message- From: Jeff Coleman [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 7:39 PM To: [EMAIL PROTECTED] Subject: [e-smith-devinfo] Freeswan for SME 6.0 Has anyone built a Freeswan contrib for 6.0 yet? I'm glad to help test if that is needed. Thanks, -jeff Jeff Coleman Resource Strategies, Inc. "The Intelligent Use of Technology" Tollfree: 877-718-7628 x401 Fax: 520-797-0394 mailto:[EMAIL PROTECTED] http://www.rstrat.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] [UPDATE] ari-mitel-acid-1.1-1.noarch.rpm now available
I wanted the alert description emailed to me when Guardian blocks an IP address, so... Below are changes I made to two of the perl scripts. /usr/local/bin/guardian.pl sub ipchain { my ($source, $dest, $type) = @_; &write_log ("$source\t$type\n"); if ($hash{$source} eq "") { &write_log ("Running '$blockpath $source $interface'\n"); system ("$blockpath $source $interface \"$type\""); $hash{$source} = time() + $TimeLimit; } else { # We have already blocked this one, but snort detected another attack. So # we should update the time blocked.. $hash{$source} = time() + $TimeLimit; } } --- /bin/guardian_unblock.sh source=$1 interface=$2 alert=$3 <---{added} /sbin/ipchains -I input -s $source -i $interface -j DENY echo "The Snort-Guardian service has updated your firewall rules by blocking th$ This IP address will be blocked for 24 hours unless the server is rebooted. $alert <---{added} For detailed information: /var/log/guardian.log /var/log/snort/alert " | mail -s "Firewall rules updated" admin -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] [UPDATE] ari-mitel-acid-1.1-1.noarch.rpm now available
-- Excellent how-toeverything installed fine. -- I had just installed the previous version(20mins ago), so I uninstalled ari-mitel-acid-1.1-0.noarch.rpm per your how-to. The MySQL drop command warns about dropping and asks for a y/N. It only drops if you type in a capital Y (lowercase doesn't work). You may want to mention this in the how-to. (example output below) Start Example Output -- [root@lxsme root]# mysqladmin drop snort_archive Dropping the database is potentially a very bad thing to do. Any data stored in the database will be destroyed. Do you really want to drop the 'snort_archive' database [y/N] y OK, aborting database drop! [root@lxsme root]# mysqladmin drop snort_archive Dropping the database is potentially a very bad thing to do. Any data stored in the database will be destroyed. Do you really want to drop the 'snort_archive' database [y/N] Y Database "snort_archive" dropped End Example Output -- -- I did a quick SYN Stealth scan with NMAPWin and Acid showed the scan, but Guardian didn't block my IP. I will do a bit more testing. This was with ari-mitel-acid-1.1-0 -- The "Time Profile of Alerts" graph only shows 1999 through 2002 for graphing. It looks like there is a newer version of Acid v0.9.6b23 to correct a 2003 bug...I guess this is it. Regards, Steve -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] multi-homed Internet redundancy project
> From: Darrell May [mailto:[EMAIL PROTECTED]] > Internet1/eth1 Internet2/eth2 --- SME --- eth0 --- Lan > Is anyone interested in this functionality for SME? I would use an option like this at my main site to give internal users access to the Internet via High Speed DSL (~6MB Download) and IPSEC VPN access via T1 for its upload capabilities. A second IP address would also make setup and modifications to IPSEC from site to site easier. Currently if the IPSEC connection is down because of key changes or parameter mods, there is no way to access the remote server's external IP address from a connected site to SSH or PPTP into the network. I currently dial into Compuserve to make the connection from a different IP address. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Quick question about Webmail in E-Smith 5.5
I took it as good information embedded in a joke!!! - Original Message - From: "Brad Hards" <[EMAIL PROTECTED]> To: "David J. Boccabella" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, July 05, 2002 9:08 PM Subject: Re: [e-smith-devinfo] Quick question about Webmail in E-Smith 5.5 > On Sat, 6 Jul 2002 10:45, David J. Boccabella wrote: > > Err.. Richard. > > > > Not everyone knows Perl or PHP. > > And one has to admin that the WebMail is a fairly large and complex system > > complete with the usual lack or documentation. > > > > So rather than becoming exasperate by people asking for information and > > making them feel like idiots - help them and perhaps maybe they will help > > you when you are working with a system that you are unfamiliar with. > > Remember that this was posted to a developer list. If you don't have any > programming ability (and Perl isn't too hard to read, even if you can't write > it), then you probably should be on the list. > > The language might have been a bit harsh, but it wasn't that out-of-line. > > Brad > > -- > http://conf.linux.org.au. 22-25Jan2003. Perth, Australia. Birds in Black. > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] samba 2.2.5-4 update
I installed on two SME 5.0 servers with only one required dependency. I copied and updated initscripts-5.83-1es3.i386.rpm from SME 5.12. So far everything is working. Thanks for the rpm update!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Sunday, June 30, 2002 1:59 PM Subject: [e-smith-devinfo] samba 2.2.5-4 update > > I've received direct reports offlist with thumbs up on these builds. (I've > asked people to repost to devinfo to share with everyone) In addition, one > issue was mentioned in that if you happen to have samba-swat installed, you > should remove it prior to upgrade. IYRC it was made available for testing > the 2.2.3a build changes but should be removed as this definitely is not > meant for SME usage. > > So check for samba-swat and remove if installed: > > rpm -q samba-swat > rpm -e samba-swat > > Then do this: > > rpm -Uvh lib* > rpm -Uvh samba* > /etc/rc.d/init.d/smb restart > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Re: mailfront conversion (was Re:
I would like to see Mitel sell something similar to what they did prior to servicelink. That way I could feel that I was contributing to the cause and Mitel wouldn't feel I was freeloading. -Original Message- From: Jeff Coleman [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 1:17 PM To: 'Charlie Brady'; [EMAIL PROTECTED] Subject: RE: [e-smith-devinfo] Re: mailfront conversion (was Re: > -Original Message- > From: Charlie Brady [mailto:[EMAIL PROTECTED]] > To: Darrell May > > Believe me, Darrell, we are busy enough doing what we are > already doing > without doing any more work that you ask us to do, but don't pay for. This seems to be a common thread on dev-info. Mitel is rationally focused on income production. Dev-info members support and enhance a product that we didn't carry the freight for building. Charlie's very legitimate mantra is "..you didn't pay, so why would we spend the time/money helping you." I suggest that offline a number of us on dev-info get together and purchase a support contract for a single server. We then funnel trouble-tickets, enhancement requests and legitimate upgrade concerns through our paid Mitel support services. Additionally, there are a number of resellers in the dev-info community that have existing relationships with Mitel and can also act as conduits. This will eliminate Charlie's main concern and allow him to continue to concentrate on "paid" client issues. But it's not the right way... There is another alternative that in my experience has worked well. Many software development organizations create informal relationships with members of the end-user community and resellers. These end-user groups typically act as conduits between the end-user community and the developers. Commonly, there is non-disclosure communication between the "council" and the developers about feature releases, upgrades, bug reports etc. Mitel would benefit by having a tighter relationship with the developer community and the developers, resellers and end-users would benefit from enhanced communications and the possibility of pre-production input. Dan York, what do you think? Want to chat about this? -jeff -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] SME5.5b4/freeswan Install Report
I am in the middle of installing a new site on SME and decided to try my luck with SME5.5b4. I like the fact that it has been refreshed with Samba 2.2.3a, IMP3.0, and freeswan 1.97. I was a bit disappointed to see wu-imap as still the standard. I had no problems with the base install, and file/print/email services all appeared to work well. I then tried to connect the box to my existing IPSEC VPN network by installing Darrell May's dmc-mitel-freeswan-0.4-12.noarch.rpm. The first think I noticed was the location for freeswan has changed to /usr/local/lib/ipsec from /usr/lib/ipsec. This caused a problem with the template: /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey I modified it to reflect the new ipsec location, and ran /sbin/e-smith/signal-event ipsec-install The _updown files supplied in the rpm were placed in the original directory, so I moved them to their proper place. I was then able to add ipsec parameters and attempt to connect to a freeswan-1.91 server. When I attempted to add local networks, I was greeted with an error telling me that the ip address wasn't visible to the internal network, so it couldn't be added. I finally added the local network using the internal ip address of the server as the default gateway (I don't believe this is a wokable workaround). When I couldn't get freeswan to connect, I did a cursory analysis of /var/log/secure to try to figure out the problem, and at first glance it appears that my inability to add an external ip address in the local address list is preventing freeswan from authenticating. I ran out of time and reformatted with SME5.12...problem solved... -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [ANNOUNCEMENT] for all Mitel/RAV users
fyi - This seems to have fixed the problem on my SME 5.12 eval box. Steve - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Tuesday, March 12, 2002 1:03 PM Subject: [e-smith-devinfo] [ANNOUNCEMENT] for all Mitel/RAV users > > [WARNING] Alpha release, completely unsupported by Mitel [WARNING] > > Please be advised RAV has released an updated obtuse-smtpd-qmail rpm > required for the correct functioning of RAV on all releases of > e-smith/Mitel. Full details are available here: > > http://myezserver.com/downloads/mitel/alpha > /obtuse-smtpd-qmail-2.0-34.i386.rpm > /obtuse-smtpd-qmail-howto.html > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Announcement: SMEServer Updates for PHP Vulnerability
I finally decided to give up on the blades server and try to manually install the rpm's. PHP gave me a dependency error until I uninstalled php-manual-4.0.4pl1-9. I was then able to install all the updates without using --force on them. Steve - Original Message - From: "Filippo Carletti" <[EMAIL PROTECTED]> To: "Rich Lafferty" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 3:57 PM Subject: Re: [e-smith-devinfo] Announcement: SMEServer Updates for PHP Vulnerability > > I just tried now, and it worked for me. Compare the list of required > > RPMs in /home/e-smith/blades to those installed. Perhaps you've missed > > one? The version of 'mm' in the update was wrong until earlier today. > > I didn't want to waste more of your time, downloaded again the whole update > directory, removed old mm-1.1.3.-1 and rpm -Uvh --force all. > Now Blades panel shows update4 as installed. > > Many thanks. > > Ciao, > Filippo > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] megaraid.o
I have used the native raid driver in SME 5.1.2 with a Dell PowerEdge 2550 and an addin raid controller for the PowerEdge 1400SC. Did you need the new version to work with newer raid cards or are there data corruption problems with the old version that I should worry about. Thanks, Steve - Original Message - From: "Filippo Carletti" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 3:15 PM Subject: [e-smith-devinfo] megaraid.o > I've built a driver disk for LSI Logic Express 500 aka AMI Megaraid, also > aka Dell PERC suitable for SME 5 and 5.1.2. > > ftp://ftp.e-smith.com/pub/e-smith/contrib/FilippoCarletti/megaraid.driver.di > sk/ > > Brief info on README.TXT at the same location. > > Ciao, > Filippo > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Updated IMP upgrade HOWTO available
I seem to recall that this happened when my PC's time was different from the server's. - Original Message - From: "Dan Brown" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "e-smith devinfo" <[EMAIL PROTECTED]> Sent: Monday, February 11, 2002 10:21 PM Subject: RE: [e-smith-devinfo] Updated IMP upgrade HOWTO available > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > From: Darrell May [mailto:[EMAIL PROTECTED]] > > > check box and hit 'Send Message' I return to the IMP login screen > > with the error 'your session has expired'. If in the Address Book > > I hit the mail icon to return to IMP, same result, same error. > > I haven't experienced this, but I've had another report of a similar > problem. I would take a guess that it's something to do with > cookies, but that's about the most I can suggest at this point. I'll > have to see if I can find some information on this... Have you > changed any of your cookie settings in IE? > > - -- > Dan Brown, KE6MKS, [EMAIL PROTECTED] > "Since all the world is but a story, it were well for thee to buy the > more enduring story rather than the story that is less enduring." > -- The Judgment of St. Colum Cille > > -BEGIN PGP SIGNATURE- > Version: PGP 7.0.4 > > iQA/AwUBPGiYMn6CI7gsQbX8EQIZfwCfZqjbOHI5OLhImKrT2ivtnpSxjcYAn21C > 1cjdgrm00ApZg40XcvqaVR/j > =YQv7 > -END PGP SIGNATURE- > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Form Overlays with PCL Printers
I have pretty much completed the forms overlay system how-to. This is currently running on three production servers. All of the appropriate files are housed in a single zip file. The only item left is to recompile the overlay source files on my RedHat 7.2 development machine when I return from out of town. This will eliminate one step in the how-to along with the need run a DOS box when creating the overlay file. Thanks goes to Darrell May for his contribution of a custom template for 05printer to modify the printcap file automatically. Here is the link to the newly revised how-to. As always, feedback is appreciated... http://www.ibizbox.com/overlay/ Steve Bush -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] List behaviour (was [e-smith-devinfo] [BETA] new RAV panel for SME available)
I see it the other way around... Darrell has done far more than his share of work on this product and treats the members of the community with respect, even when they may newbies -Original Message- From: Graeme Robinson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 07, 2002 12:50 AM To: Des Dougan Cc: Darrell May; Charlie Brady; e-smith-devinfo Subject: Re: [e-smith-devinfo] List behaviour (was [e-smith-devinfo] [BETA] new RAV panel for SME available) On Wed, 6 Feb 2002, Des Dougan wrote: > I also think it's about time both of you made a constructive effort to > be > polite to each other. The battle of wills (or egos, or whatever) on this > list is becoming disruptive. Few of us here (i.e. the ones who pay) have > any call on how Mitel sets its priorities, but I do agree with Greg that a > roadmap would at least assist in providing a context to development > discussions. The lack of politeness seems all one-way to me. Are you saying that a breach of public licencing conditions isn't worthy of comment Des? That it was somehow not polite to raise it? Darrell seems to revel in any opportunity to get under the skin of various Mitel engineers - Charlie in particular. They are more than capable of meeting these childish and pointless (not to mention enervating) back-biting snipes but I admit I tire of the signal to noise ratio that results. God knows they must be sick of it. If Darrell is determined to fork SME I wish he'd bloody get on with it and leave us alone to develop and work with the real thing. -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= Graeme Robinson - Graenet consulting www.graenet.com - internet solutions -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] SME & RedHat 7.2/ext3 [was RE: [e-smith-devinfo] e-smith-devinfo]
From: "Les Mikesell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Les Mikesell" <[EMAIL PROTECTED]> > it works very well as a single stand-alone office server what I > really want is something that works better in a multi-server > configuration where users/passwords are maintained centrally, > the DNS server can be a secondary to a larger system (i.e. the > DHCP clients can see the rest of the same domain), and everyone > ends up in the same LDAP address book. I'm having the same issues as you are. Here is a summary of the alternatives I have for my 4 site (but growing) WAN: SME 5.1.2: Pluses: Stability, simple administration, secure, open source, all-in-one option Minuses: circa Netware 3.x (1992) LAN features set, non-existant groupware, customization required for every added feature Novell Netware 6 + GroupWise: Pluses: feature rich, large user base, single directory, 3rd party support Minuses: Novell's stability, proprietary OS, complex administration MS Windows 2000 + Exchange: Pluses: feature rich, very large user base, single directory, 3rd party support, MS Office integration Minuses: proprietary OS, somewhat complex administration -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] new developer, advice on sandbox...
I have been using VNC for quite a while now. I can't say that it compares favorable to PC Anywhere or Timbuktu though. VNC is fairly slow, requires frequent screen refreshes, and doesn't have the option of prompting the user for permission before allowing a remote control session. I haven't tried Tridia's version though. I would say for a free piece of software, the original VNC is great. It can save you a drive into the office to reboot an NT server with a hung service. But if you need to do a lot of work remotely, or install on all your clients machines for helpdesk access, you'll probably want to use something else. - Original Message - From: "Steven Lewis" <[EMAIL PROTECTED]> To: "Rob Adams" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, January 26, 2002 11:23 AM Subject: RE: [e-smith-devinfo] new developer, advice on sandbox... > Sorry, I wasn't clear. > > I have a need to gain remote control of client PCs (Win boxes) behind a SME > server via TCP/IP. Instead of using PcAnywhere I thought I would start with > Tridia VNC being, open source, and no cost in early stages of use. If > Tridia VNC works well and this is the best way to get remote control of PCs > behind a SME we will buy or contribute to the company. > > I would think there are many different ways to can control of client PCs > behind SME servers, however I am just starting this process. This is not > true development of the SME server, but I want to prove this works on an > internal network that will mimic a remote network or networks. When I > figure this out then it will lead into customizing the SME box etc for the > customer. > > I would consider my Linux/Unix to skills to be good, however I have very > little experience programming. > > I am currently teaching my self Perl, PHP and the details of MySQL. I am a > Network Admin. that is transitioning from the NT world and have been using > Linux about 2yrs. and e-smith/ SME since the 4.0 version. > > What I have been doing recently is taking RPMs and PHP/MySQL web apps and > learning how to make them work on my SME. > > The next step is learning the template system and actually making > fundamental changes or improvements. > > > > At 11:20 PM 1/26/02 +0930, you wrote: > > > From: Steven Lewis [mailto:[EMAIL PROTECTED]] > > > Sent: Saturday, 26 January 2002 4:15 PM > > > Subject: [e-smith-devinfo] new developer, advice on sandbox... > > > > > > I am new to development of SME, however the evolution of my > > > skills compels > > > >How is you Linux/Unix experience? > > > > > me to begin. I would like to set up a test SME with a client or two on my > > > home LAN. What advice can be given for this test setup to best > > > represent a > > > 'real world' scenario. I will start using the FreeSwan vpn contrib and > > > experimenting with TridiaVNC remote control software tunneling via SSH. > > > >Why VNC, Mitels SME has no GUI interface on its console (why waste CPU > >cycles amking pretty pictures that no one will ever look at) There is a web > >based admin interface that you can learn about by RT*Ming. > > > >Rob. > > > > > >-- > >Please report bugs to [EMAIL PROTECTED] > >Please mail [EMAIL PROTECTED] (only) to discuss security issues > >Support for registered customers and partners to [EMAIL PROTECTED] > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > >Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [draft] smtpd_check_rules bug rpms avail
> > Darrell May <[EMAIL PROTECTED]> said: > > > [experimental] Totally untested. For feedback only!!! [experimental] > > http://myEZserver.com/downloads/mitel > > dmc-mitel-smtpdcheckrules-bugfix-0.0.1-2.noarch.rpm > dmc-mitel-smtpdcheckrules-bugfix-0.0.1-2.src.rpm > I spent a few minutes testing your RPM, Darrell. Thanks as always for your contributions!! I used my account at myrealbox.com along with my home SME box account in the test. I noticed the following behavior: Mail sent from myrealbox.com to [EMAIL PROTECTED] didn't show up in the SME admin users' mailbox. I also didn't get a rejection notice in myrealbox.com. Mail sent from myrealbox.com to [EMAIL PROTECTED] is handled the same as before the patch. It is allowed through procmail, then rejected by qmail with the following error sent to admin user mail account. <[EMAIL PROTECTED]>: Sorry. Although I'm listed as a best-preference MX or A for that host, it isn't in my control/locals file, so I don't treat it as local. (#5.4.6) That's all I have. If there are any other tests that you would like performed, I would be more than happy to help. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] smtpd_check_rules bug
Would Option 1 allow relaying to a different domain if the username was correct? - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Tuesday, January 08, 2002 2:35 PM Subject: Re: [e-smith-devinfo] smtpd_check_rules bug > > Taking a lunch break and thought what if we replaced this: > > # Allow any of our domains > allow:ALL:ALL:*.netsourced.com *@netsourced.com > allow:ALL:ALL:*.myezserver.com *@myezserver.com > > with this [option-1]: > > # Allow any of our valid e-mail accounts > allow:ALL:ALL:darrell.may@* > allow:ALL:ALL:darrell_may@* > allow:ALL:ALL:dmay@* > > > or [option-2]: > > # Allow any of our valid e-mail accounts per any of our domains > allow:ALL:ALL:[EMAIL PROTECTED] > allow:ALL:ALL:[EMAIL PROTECTED] > allow:ALL:ALL:[EMAIL PROTECTED] > allow:ALL:ALL:[EMAIL PROTECTED] > allow:ALL:ALL:[EMAIL PROTECTED] > allow:ALL:ALL:[EMAIL PROTECTED] > > > Both are possible. The logic would be based on what is already in > '30InternalOnly' & '60AllowLocalDomains' with only minor modifications. I > suppose [option-2] may be preferrable but I'm also wondering if [option-1] > would be enough on it's own. > > Any comments/concerns before I build and release for testing? > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Re: doublebounceto (was Re: [e-smith-devinfo] Re: [TT20020107010] [e-smith-devinfo] smtpd_check_rules bug)
I like the idea of refusing the message before it gets to qmail. Once we accept this junk mail, the senders' system probably assumes there's a valid user and my guess is, the invalid email address will be added to more junk lists. We could log the IP address along with the to and from address, in case we need to troubleshoot a problem. Now if there was a foolproof method to verify return addresses before accepting email so we could get rid of the spam coming in to valid users!!! Steve - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Gordon Rowell" <[EMAIL PROTECTED]>; "John Powell" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "Les Mikesell" <[EMAIL PROTECTED]>; "Charlie Brady" <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Tuesday, January 08, 2002 9:29 AM Subject: [e-smith-devinfo] Re: doublebounceto (was Re: [e-smith-devinfo] Re: [TT20020107010] [e-smith-devinfo] smtpd_check_rules bug) > > Gordon Rowell <[EMAIL PROTECTED]> said: > > > Double bounces may well be an important indication of problems, > > > Agreed. However if everyone returns to my original bug report and reviews > my suggested solution, this would stop any need for the invalid address, > double-bounce messages in the first place. Messages to invalid addresses > would be handled by smtpd_check_rules before Qmail. Done deal for a large > percentage of these double-bounce messages. > > So far from the Mitel team I have seen no alternative presented. With the > help of others, this problem is finally being recognized, understood and a > few real world examples are being reported. This will be a supported client > issue soon, if not already, that you will need to deal with. It would be > nice to have the Mitel team come onboard and present some ideas for us > (devinfo) to look into, test and offer feedback on. > > Let's not take the standard, this is not a supported issue track this time. > Let's recognize the issue exists and simply work to develop a solution. > > IMHO any solution that puts the requirement on a typical non-technically > experienced SME Server admin to filter these is not the appropriate answer. > We need to develop a server solution. This is why we are all here on > devinfo. We develop solutions. > > So far we have had one alternative hack presented. Thanks John! It was > pointed out that this alternative was not recommended but at least it was a > presented idea. We need to keep fielding ideas. There has got to be a way > to prevent or reduce these double bounce messages. > > I'm going to fall back to my original bug report and build the template > fragment I suggested. If anyone wants to offer feedback on my original > suggestion telling me it won't work or if you have a better idea, again > let's keep fielding the ideas until we find a winner. > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Form Overlays with PCL Printers
Darrell, Wow...that was quick... You must dream about Perl scripts!!! I've added the code to the end of my how-to, until I can test and implement. http://www.ibizbox.com/overlay/ Thanks, as usual, for all your help Steve - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; "Mitel Devinfo List" <[EMAIL PROTECTED]> Sent: Saturday, January 05, 2002 1:49 PM Subject: Re: [e-smith-devinfo] Form Overlays with PCL Printers > Steve, your HowTo states: > > > 12. Modify the /etc/printcap file and add a filter= line under the new > > ljcolorbol printer definition. > > !!! This change will be overwritten everytime you add or remove a > > printer !!! > > The way to fix this is to create: > > /etc/e-smith/templates-custom/etc/printcap/05printer > > With something like this (see #BEGIN) added in, noting the $OUT line is > meant to be all one line: > > foreach my $printer ( @printers ) > { > $OUT .= "\n"; > $OUT .= $printer; > $OUT .= "|" . db_get_prop(\%accounts, $printer, 'Description') . ":\\\n"; > $OUT .= "\t:server:\\\n"; > $OUT .= "\t:mx#0:\\\n"; > $OUT .= "\t:sh:\\\n"; > $OUT .= "\t:ff_separator=false:\\\n"; > $OUT .= "\t:sd=/var/spool/lpd/$printer:\\\n"; > > # BEGIN > if (db_get_prop(\%accounts, $printer, 'Filter')) > { > $OUT .= "\t:filter=" . db_get_prop(\%accounts, $printer, 'Filter') . > ":\\\n"; > } > # END > > Then do this: > > /sbin/e-smith/db /home/e-smith/accounts \ > setprop ljcolorbol Filter /usr/libexec/filters/overlay.filter > > /sbin/e-smith/expand-template /etc/printcap > > And you will get this in /etc/printcap: > > ljcolorbol|lj filter:\ > :server:\ > :mx#0:\ > :sh:\ > :ff_separator=false:\ > :sd=/var/spool/lpd/ljcolorbol:\ > :filter=/usr/libexec/filters/overlay.filter:\ > :lp=/dev/lp0: > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Form Overlays with PCL Printers
Because of the overwhelming response I received from my initial post : ) I decided to keep the momentum going by following up with an updated version of the how-to document. I modified the how-to to reflect changes I made to the filenames and directories. I now only need one filter script named /usr/libexec/filters/overlay.filter. I moved the overlay form to the individual print spool directory and named it overlay.form. Lastly, I hacked the ovl.c source to create a pcl code stripper application (pclstripper) and compiled it under RH7.2 (I actually compiled the original as well, to use in a later revision I call this from the overlay.filter script to strip out printer reset codes from the print stream that were overriding the overlay enable codes I was prepending to it. The revised how-to is in the same location as the previous version. http://www.ibizbox.com/overlay/ Items remaining: 1. Automatically add a filter= line to an individual printer in /etc/printcap 2. Create a script to simplify creating an overlay file and copying it to the correct spool directory. 3. Modify pclstripper to allow for STDIN and STDOUT, send the overlay file to the printer and prepend the print job with the correct PCL escape codes to print the overlay. This will allow me to get rid of the overlay.filter perl script. - Original Message - From: "Steve Bush" <[EMAIL PROTECTED]> To: "Mitel Devinfo List" <[EMAIL PROTECTED]> Sent: Wednesday, January 02, 2002 10:44 PM Subject: [e-smith-devinfo] Form Overlays with PCL Printers > I have been in need of a method to overlay a form onto printer output from > our ERP system. I have created a how-to document outlining the steps I took > creating the overlay file and attaching it to a print queue so that all text > jobs sent to it are overlayed onto the form. > > http://www.ibizbox.com/overlay/ > > More work is definitely needed, but I have accomplished a working system. > > Any feedback is appreciated!! > > Steve Bush > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Form Overlays with PCL Printers
I have been in need of a method to overlay a form onto printer output from our ERP system. I have created a how-to document outlining the steps I took creating the overlay file and attaching it to a print queue so that all text jobs sent to it are overlayed onto the form. http://www.ibizbox.com/overlay/ More work is definitely needed, but I have accomplished a working system. Any feedback is appreciated!! Steve Bush -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Virtual hosts
Here is feedback on the ProxyPass rpm that Charlie released for testing. This installed fine and is working without any known problems. I was able to ProxyPass to an internal IBM WebSphere 3.5 server running on Win2k. In order to make it work with my setup, I added three paths: /root /new /new/web I was forced to manually modify the httpd.conf file modifying the /root section replacing it with a /. In the example below, the WebSphere server has an IP address of 10.1.1.2, and listens on port 81. The Internet site that is allowed access is at 192.233.80.0/24. - httpd.conf ProxyPass section - # Manually Modified Section ProxyPass / http://10.1.1.2:81/ ProxyPassReverse/ http://10.1.1.2:81/ order deny,allow deny from all allow from 127.0.0.1 10.1.1.0/24 192.233.80.0/24 # End Manually Modified Section ProxyPass /newhttp://10.1.1.2:81/new/ ProxyPassReverse/newhttp://10.1.1.2:81/new/ order deny,allow deny from all allow from 127.0.0.1 10.1.1.0/24 192.233.80.0/24 ProxyPass /new/webhttp://10.1.1.2:81/new/web/ ProxyPassReverse/new/webhttp://10.1.1.2:81/new/web/ order deny,allow deny from all allow from 127.0.0.1 10.1.1.0/24 192.233.80.0/24 end httpd.conf ProxyPass section This required that I dedicate web services on the SME box to WebSphere. Being able to ProxyPass on a virtual host, ie websphere.bushinc.com, would be a more ideal setup in this situation. It would also be helpful to be able to ProxyPass the root without manually modifying the httpd.conf file. - Original Message - From: "Charlie Brady" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, December 21, 2001 4:46 PM Subject: Re: [e-smith-devinfo] Virtual hosts > > On Fri, 21 Dec 2001 [EMAIL PROTECTED] wrote: > > > I'd like to add some virtual hosts on an SMEserver > > where the content is entirely provided by > > ProxyPass / http://other-firewalled-server/ > > with the corresponding ProxyPassReverse. > ... > > ProxyPass at that point. Port forwarding won't > > work because I want to use https to the SMEserver > > with the backend speaking only http. > > You aren't the only one to have had that itch to scratch. If you go to: > > ftp://ftp.e-smith.org/pub/e-smith/dev/5.1beta/updates/ > > you'll soon (in about 20 minutes) find: > > e-smith-proxypass-1.0.0-01.noarch.rpm > > Name: e-smith-proxypassRelocations: (not relocateable) > Version : 1.0.0 Vendor: (none) > Release : 01Build Date: Fri 21 Dec 2001 03:09:52 PM EST > Install date: (not installed) Build Host: lamington.ottawa.e-smith.com > Group : Networking/DaemonsSource RPM: e-smith-proxypass-1.0.0-01.src.rpm > Size: 7540 License: e-smith, inc > Packager: e-smith developers <[EMAIL PROTECTED]> > Summary : e-smith server and gateway - proxypass module. > Description : e-smith server and gateway software - proxypass module. > > This module allows Apache to be configured to pass requests for > specified URLs through to other internal or external web sites. > Access to the passthrough locations is optionally restricted > to particular IP addresses or ranges. > > To create a passthrough URL, add an entry to the accounts db: > > /sbin/e-smith/db accounts set path1 ProxyPass Target http://some.where/blah \ > ValidFrom 127.0.0.1,203.25.102.15,203.25.100.0/24 > /sbin/e-smith/signal-event console-save > > To allow the URL to be passed through when accessed via HTTP as well as > when accessed via HTTPS, add a "Protocol http" property. > > This does most of what you want. Check it out. > > The development of this module was funded by Reynolds and Reynolds, Inc, > and has been released with the blessings of Scott Smith, of that > corporation. Thanks, Scott and thanks ReyRey! > > As long as it checks out OK, this module should appear in 5.1. > > -- > Charlie Brady [EMAIL PROTECTED] > Lead Product Developer > Network Server Solutions Grouphttp://www.e-smith.com/ > Mitel Networks Corporationhttp://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Microsoft CRITICAL security flaw found!
Thanks for the info Darrell. Just the type of info I like to see, since all of us (most of us) run Windoze desktops. The sooner we hear of security issues, the sooner we can take care of them!!! Thanks again for taking the time to post!!! Steve - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, December 20, 2001 3:26 PM Subject: [e-smith-devinfo] Microsoft CRITICAL security flaw found! > > This is the link for the article on Canoe Tech News: > > http://canoe.ca/CNEWSTechNews0112/20_windows-ap.html > > Microsoft Security Bulletin MS01-059 > > http://www.microsoft.com/technet/security/bulletin/MS01-059.asp > > Unchecked Buffer in Universal Plug and Play can Lead to System Compromise > Originally posted: December 20, 2001 > > Impact of vulnerability: Run code of attacker's choice. > > Maximum Severity Rating: Critical > > Recommendation: Microsoft strongly urges all Windows XP customers to > apply the patch immediately. Customers using Windows 98, 98SE or ME > should apply the patch if the Universal Plug and Play service is > installed and running. > > Affected Software: > > Microsoft Windows 98 > Microsoft Windows 98SE > Microsoft Windows ME > Microsoft Windows XP > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Obtuse SMTPD and multi-drop workaround
I don't understand. This appears to be a development issue to me. Why isn't it appropriate for this list? - Original Message - From: "Rasjid Wilcox" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 12, 2001 9:43 PM Subject: Re: [e-smith-devinfo] Obtuse SMTPD and multi-drop workaround > Dear All, > > My appologies to the list. > > Rasjid. > > - Original Message - > From: "Gordon Rowell" <[EMAIL PROTECTED]> > To: "Rasjid Wilcox" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>; "Richard Ford" <[EMAIL PROTECTED]> > Sent: Thursday, December 13, 2001 2:02 PM > Subject: Re: [e-smith-devinfo] Obtuse SMTPD and multi-drop workaround > > > > On Thu, Dec 13, 2001 at 11:31:54AM +1100, Rasjid Wilcox > <[EMAIL PROTECTED]> wrote: > > > [...] > > > I'm unclear about what the best way to resolve this issues is. > > > Is is possible to get part of the obtuse-smtpd package to rewrite > > > the Return-Path, instead of having to do it in the fetchmail process? > > > If so, how do I go about doing this? Or is there some other way to > > > deal with this problem? > > > [...] > > > > Hi Rasjid, > > > > This is not really a development issue, and so it is inappropriate for > > this list. > > > > Thanks, > > > > Gordon > > -- > > Gordon Rowell[EMAIL PROTECTED] > > VP Engineering > > Network Server Solutions Group http://www.e-smith.com > > Mitel Networks Corporation http://www.mitel.com > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Local Networks
Since we are still in the testing stages of our VPN how-to, I will consider this a development/QA question. Did you follow the how-to at: http://myezserver.com/docs/mitel/freeswan-howto.html If so, the _updown adds the appropriate route between the two locations. Please note the following from a previous devinfo post: When you add or delete a Local network from the server-manager, all the ipchains rules from _updown are removed. To bring them back, you just need to go into the IPSEC VPN panel, choose modify on one of the VPN's and then modify again to reload the ipsec modules. This drops your VPN to all locations, then brings them all back up. Of course, if you're modifying a remote server's Local networks via an IPSEC VPN you lose your connection... Let us know how this works for you. So far, we haven't gotten any feedback from the how-to, so I would be interested in knowing your comments. Steve - Original Message - From: "Lyle Chapman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 28, 2001 11:54 PM Subject: [e-smith-devinfo] Local Networks > Can someone help? > > I have set up two servers as a VPN link for two networks, I want to setup > Local Networks so that I can see the machines on the remote network > unfortunately when I go to configure it like so. > > Network Address: 192.168.100.0 > Subnet Mask: 255.255.255.0 > Router: 202.44.164.39 > > I get the error message like this. > > Error: router address 202.44.164.39, not accessible from local network. > Did not add network. > > If anyone can help I would very much appreciate it. > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a
Yea...I documented it with remarks too :-) Don't you have a plane to catch..or a boat...or something - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Friday, November 09, 2001 12:45 AM Subject: Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a > > Steve Bush <[EMAIL PROTECTED]> said: > > > I made one last change this afternoon to my IPSEC VPN configuration to > > turn on compression for all three links. > > Do you mean you did something like this: > > conn %default > # How persistent to be in (re)keying negotiations (0 means very). > keyingtries=0 > # How to authenticate gateways > authby=rsasig > # Enable compression > compress=yes > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a
I made one last change this afternoon to my IPSEC VPN configuration to turn on compression for all three links. They came back up without a hitch. I modified the "/etc/e-smith/templates/etc/ipsec.conf/20Default" file adding compress=yes to all three servers. I went into the IPSEC VPN panel, chose modify on one of the VPN's and then modify again to rebuild the /etc/ipsec.conf file. Steve Bush - Original Message ----- From: "Steve Bush" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, November 08, 2001 2:29 AM Subject: Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a > > I would also like to test compression as one of the links is a 128K ISDN > line. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Re: RestoreNow HowTo [was Re: [e-smith-devinfo] ext2 filesystem limitations?]
Perfect. I imagine my SME 5.1 upgrade will be alot smoother now that I don't have to move a bunch of files off the server!!! Thanks again for all your contributions!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 08, 2001 6:48 PM Subject: RestoreNow HowTo [was Re: [e-smith-devinfo] ext2 filesystem limitations?] > > Steve Bush <[EMAIL PROTECTED]> said: > > > The problem with tape is, I can't verify the backup...at least I can't > > figure out how. It would be nice to have the ability to restore a few > > files to verify the backup worked. There isn't an easy way to do that > > with SME5. > > Until you load the rpm in this HowTo ;-> > > http://myezserver.com/docs/mitel/restorenow-howto.html > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a
Or if there's a way to modify the scripts that add local networks to reload freeswan. Maybe we can incorporate some of the Samba 2.2.2 pieces together to give us a single Windows domain on the wide area network with PDC/BDC functionality.with our free time that is :-} - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, November 08, 2001 6:40 PM Subject: Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a > > Steve Bush <[EMAIL PROTECTED]> said: > > > I finished installing freeswan on a third SME5 server tonight. > > Cool! > > > btw - The installation is a snap with your rpm Darrell... > > Excellent. > > > When you add or delete a Local network from the server-manager, all the > > ipchains rules from _updown are removed. To bring them back, you just > > need to go into the IPSEC VPN panel, choose modify on one of the VPN's > > and then modify again to reload the ipsec modules. This drops your VPN > > to all locations, then brings them all back up. Of course, if you're > > modifying a remote server's Local networks via an IPSEC VPN you lose > > your connection... > > I guess this might be best done using a single PPTP/VPN connection then. > > > All three servers are setup fully meshed so that there's only one hop > > to any given network. This will obviously make for a fairly > > complicated network once it grows. > > Yes, but I think in later releases we can make this easier by > incorporating the necessary Local network panel 'actions' into the IPSEC > VPN panel. Maybe a good December project > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] ext2 filesystem limitations?
Yea...I documented it with remarks too :-) Don't you have a plane to catch..or a boat...or something - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Friday, November 09, 2001 12:45 AM Subject: Re: [e-smith-devinfo] freeswan howto + rpm for SME5/SME5.1a > > Steve Bush <[EMAIL PROTECTED]> said: > > > I made one last change this afternoon to my IPSEC VPN configuration to > > turn on compression for all three links. > > Do you mean you did something like this: > > conn %default > # How persistent to be in (re)keying negotiations (0 means very). > keyingtries=0 > # How to authenticate gateways > authby=rsasig > # Enable compression > compress=yes > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] FreeS/WAN 1.91 SMP broken (was Re: FW: [e-smith-devinfo] Samba add user fragment)
Perfect. I imagine my SME 5.1 upgrade will be alot smoother now that I don't have to move a bunch of files off the server!!! Thanks again for all your contributions!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 08, 2001 6:48 PM Subject: RestoreNow HowTo [was Re: [e-smith-devinfo] ext2 filesystem limitations?] > > Steve Bush <[EMAIL PROTECTED]> said: > > > The problem with tape is, I can't verify the backup...at least I can't > > figure out how. It would be nice to have the ability to restore a few > > files to verify the backup worked. There isn't an easy way to do that > > with SME5. > > Until you load the rpm in this HowTo ;-> > > http://myezserver.com/docs/mitel/restorenow-howto.html > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Windows Client Backup Utility via Samba
Think laptop computer, then reassess your opinion. This would be a compelling option to having the user manually backup their data to a shared directory on the server. I've had limited success with backing up client workstations in an enterprise, but if you could empower the user somehow to verify the backup it might work!!! - Original Message - From: "Charlie Brady" <[EMAIL PROTECTED]> To: "Greg Zartman" <[EMAIL PROTECTED]> Cc: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Friday, November 02, 2001 4:53 PM Subject: RE: [e-smith-devinfo] Windows Client Backup Utility via Samba > > On Fri, 2 Nov 2001, Greg Zartman wrote: > > > > Would this be any more useful than having the clients backup to an i-bay > > > on the server named backup? The only difference is that whoever is using > > > the client machines (or whatever scheduled software jobs run on the client > > > machines) would need to backup to \\server\\backup rather than > > > \\mymachine\backup. > > > > > > What am I missing? > > > > Yes, I think you misunderstood the utility (by the way, I'm calling it > > smbarchive). Smbarcive scans the Samba domain/workgroup for any online > > clients with a share named backup. In short, it then archives all data from > > the client backup share to an ibay on the server specified in the > > configuration file (smbarchive.conf). > > No, I understood that this is what you were proposing. But this process > will only be useful if there are actually files saved in a share named > backup on some of the online clients. Those files will only get there if > someone or something puts them there. Could not that someone or something > just save directly to \\server\backup instead of doing that locally? > > > My objective was to create a utility that would run on a routine basis to > > automatically archive mission critical data from my client machines to my > > SME server. Since my SME server is setup for nightly tape backup, the > > mission critical data gets backed up to the tape as well. > > I'd rather put mission critical data on the server, and have no mission > critical data on the client machines. But I understand that your needs > might be different. > > -- > > Charlie Brady [EMAIL PROTECTED] > Lead Product Developer > Network Server Solutions Grouphttp://www.e-smith.com/ > Mitel Networks Corporationhttp://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Re: FreeS/WAN 1.91 SMP broken
Hmmmmy second screw up of the night. I guess it's time to go to bed!!! fyi - I tried the i386 and i686 versions - the same thing happened - Original Message - From: "Gordon Rowell" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 02, 2001 12:34 AM Subject: FreeS/WAN 1.91 SMP broken (was Re: FW: [e-smith-devinfo] Samba add user fragment) > Please respect list threading ... I'm breaking the reply out of this thread > as it is not related to the Samba thread. > > On Fri, Nov 02, 2001 at 12:11:40AM -0600, Steve Bush <[EMAIL PROTECTED]> wrote: > > I decided that since I was testing freeswan that I might as well install the > > latest version, so I tried the i586 version. The upgrade worked on a single > > processor SME5, but on an SMP CPU I received this smp kernel error. > > > [...] > > ipsec_setup:/lib/modules/2.2.19-7.0.8smp/misc/ipsec.o was compiled for > > kernel version 2.2.19-7.0.8 > > ipsec_setup:while this kernel is version 2.2.19-7.0.8smp. > > [...] > > That's the magic error - the SMP build is missing some SMP magic > build parameters. Hmm, it _looks_ to be there... > > Thanks for the report. > > Gordon > -- > Gordon Rowell[EMAIL PROTECTED] > VP Engineering > Network Server Solutions Group http://www.e-smith.com > Mitel Networks Corporation http://www.mitel.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: FW: [e-smith-devinfo] Samba add user fragment
I tried the i386 and i686 versions and the same thing happened. - Original Message - From: "Steve Bush" <[EMAIL PROTECTED]> To: "Gordon Rowell" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 02, 2001 12:11 AM Subject: Re: FW: [e-smith-devinfo] Samba add user fragment > I decided that since I was testing freeswan that I might as well install the > latest version, so I tried the i586 version. The upgrade worked on a single > processor SME5, but on an SMP CPU I received this smp kernel error. > > [root@brad /root]# /etc/rc.d/init.d/ipsec restart > ipsec_setup: Stopping FreeS/WAN IPsec... > ipsec_setup: /usr/lib/ipsec/klipsdebug: Trouble openning PF_KEY family > socket wi > th error: Unknown file open error 97. Please report as much detail as > possible > to development team. > ipsec_setup: /usr/lib/ipsec/eroute: Trouble openning PF_KEY family socket > with e > rror: Unknown file open error 97. Please report as much detail as possible > to d > evelopment team. > ipsec_setup: /usr/lib/ipsec/spi: Trouble openning PF_KEY family socket with > erro > r: Unknown file open error 97. Please report as much detail as possible to > deve > lopment team. > ipsec_setup: Starting FreeS/WAN IPsec 1.91... > ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: kernel-module > version mi > smatch > ipsec_setup:/lib/modules/2.2.19-7.0.8smp/misc/ipsec.o was compiled for > kerne > l version 2.2.19-7.0.8 > ipsec_setup:while this kernel is version 2.2.19-7.0.8smp. > ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: insmod > /lib/modules/2.2. > 19-7.0.8smp/misc/ipsec.o failed > ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: insmod ipsec failed > ipsec_setup: kernel appears to lack KLIPS > [root@brad /root]# > > - Original Message - > From: "Gordon Rowell" <[EMAIL PROTECTED]> > To: "Greg Zartman" <[EMAIL PROTECTED]> > Cc: "Darrell May" <[EMAIL PROTECTED]>; "e-smith-devinfo" > <[EMAIL PROTECTED]> > Sent: Thursday, November 01, 2001 9:38 PM > Subject: Re: FW: [e-smith-devinfo] Samba add user fragment > > > > On Thu, Nov 01, 2001 at 06:07:35PM -0800, Greg Zartman <[EMAIL PROTECTED]> > wrote: > > > [...] > > > I believe this fragment should simply read: > > > domain admin group = domain_admins (or something like that) > > > > > > This mirrors the current Microsoft Networks service. > > > > So if gregz and gordonr are nominated as local admins, we would need to > > - create a group "domain_admins" > > - add gordonr and gregz to that group > > - specify the group on the RHS of "domain admin group" > > > > We have a chicken&egg problem there... > > > > We have toyed with the idea of a "sysadmin" group which could be used > > for this sort of thing. We use it for the sudoers file, for example. > > > > > [...] > > > After doing this, things are working better (at least the > > > software guys aren't complaining), but now I'm not "standard" with the > rest > > > of the e-smith folks > > > > Please send me (directly) your updated script - it was stripped when > > you posted it to the list. > > > > > 3) I haven't had a chance to study all of yours and Darrel's discussion > > > today, but I do what to say that in my opinion the smb.conf file should > be > > > as simply as possible. > > > > Absolutely. I want to remove all comments, and default values. > > > > > [...] > > > Here is how I think the smb.conf file should look: > > > > > > [11workgroup] > > > workgroup = workgroup > > > [...] > > > > We are close to that now - there are still some commented out parameters, > > but I will be hiding those in a moment. I have not added the [11workgroup] > > comments as there is a one-to-one match between parameters and fragment > > names. > > > > > [...] > > > Incidentally, I feel that I could quite easily write a perl script that > > > could verify if a given fragment duplicates a default value in samba. I > > > think it would be quite easily to structure this as a function that > could be > > > called when the fragments are being expanded. > > > [...] > > > > If you write such a script, please provide it and we can add it to the RPM > > for verification purposes. In the meantime, please expand smb.conf from > > the new RPM and let me know if you see any default parameters which
[e-smith-devinfo] Re: updated freeswan HowTo
It looks great as usual. - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]> Cc: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Friday, November 02, 2001 12:44 AM Subject: updated freeswan HowTo > > Hi Steve. I've added your comments and updated my Howto. > > http://myezserver.com/docs/mitel/freeswan-howto.html > > Let me know if I missed anything. > > Regards, > > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: FW: [e-smith-devinfo] Samba add user fragment
I decided that since I was testing freeswan that I might as well install the latest version, so I tried the i586 version. The upgrade worked on a single processor SME5, but on an SMP CPU I received this smp kernel error. [root@brad /root]# /etc/rc.d/init.d/ipsec restart ipsec_setup: Stopping FreeS/WAN IPsec... ipsec_setup: /usr/lib/ipsec/klipsdebug: Trouble openning PF_KEY family socket wi th error: Unknown file open error 97. Please report as much detail as possible to development team. ipsec_setup: /usr/lib/ipsec/eroute: Trouble openning PF_KEY family socket with e rror: Unknown file open error 97. Please report as much detail as possible to d evelopment team. ipsec_setup: /usr/lib/ipsec/spi: Trouble openning PF_KEY family socket with erro r: Unknown file open error 97. Please report as much detail as possible to deve lopment team. ipsec_setup: Starting FreeS/WAN IPsec 1.91... ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: kernel-module version mi smatch ipsec_setup:/lib/modules/2.2.19-7.0.8smp/misc/ipsec.o was compiled for kerne l version 2.2.19-7.0.8 ipsec_setup:while this kernel is version 2.2.19-7.0.8smp. ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: insmod /lib/modules/2.2. 19-7.0.8smp/misc/ipsec.o failed ipsec_setup: /lib/modules/2.2.19-7.0.8smp/misc/ipsec.o: insmod ipsec failed ipsec_setup: kernel appears to lack KLIPS [root@brad /root]# - Original Message - From: "Gordon Rowell" <[EMAIL PROTECTED]> To: "Greg Zartman" <[EMAIL PROTECTED]> Cc: "Darrell May" <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, November 01, 2001 9:38 PM Subject: Re: FW: [e-smith-devinfo] Samba add user fragment > On Thu, Nov 01, 2001 at 06:07:35PM -0800, Greg Zartman <[EMAIL PROTECTED]> wrote: > > [...] > > I believe this fragment should simply read: > > domain admin group = domain_admins (or something like that) > > > > This mirrors the current Microsoft Networks service. > > So if gregz and gordonr are nominated as local admins, we would need to > - create a group "domain_admins" > - add gordonr and gregz to that group > - specify the group on the RHS of "domain admin group" > > We have a chicken&egg problem there... > > We have toyed with the idea of a "sysadmin" group which could be used > for this sort of thing. We use it for the sudoers file, for example. > > > [...] > > After doing this, things are working better (at least the > > software guys aren't complaining), but now I'm not "standard" with the rest > > of the e-smith folks > > Please send me (directly) your updated script - it was stripped when > you posted it to the list. > > > 3) I haven't had a chance to study all of yours and Darrel's discussion > > today, but I do what to say that in my opinion the smb.conf file should be > > as simply as possible. > > Absolutely. I want to remove all comments, and default values. > > > [...] > > Here is how I think the smb.conf file should look: > > > > [11workgroup] > > workgroup = workgroup > > [...] > > We are close to that now - there are still some commented out parameters, > but I will be hiding those in a moment. I have not added the [11workgroup] > comments as there is a one-to-one match between parameters and fragment > names. > > > [...] > > Incidentally, I feel that I could quite easily write a perl script that > > could verify if a given fragment duplicates a default value in samba. I > > think it would be quite easily to structure this as a function that could be > > called when the fragments are being expanded. > > [...] > > If you write such a script, please provide it and we can add it to the RPM > for verification purposes. In the meantime, please expand smb.conf from > the new RPM and let me know if you see any default parameters which can > be dropped. > > Gordon > -- > Gordon Rowell[EMAIL PROTECTED] > VP Engineering > Network Server Solutions Group http://www.e-smith.com > Mitel Networks Corporation http://www.mitel.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo]ipchains/Local Network (was FreeS/WAN _updown)
Oops, I accidently sent the last message before it was finished. My apologies to the list!!! I actually did quite a bit more than I needed to. I'm glad though because I now understand ipchains. Here are the only changes that need to be made from Darrell's How-To. The link is copied at the bottom of this email. 1. Before adding the Virtual private network in the SME Administrator, modify the file /usr/lib/ipsec/_updown to look like the one here: http://www.ibizbox.com/ipsec/ Only two sections were replaced: up-client: ipfwadm down-client:ipfwadm 2. In the SME Admin Panel "Local Networks" add the remote servers Local LAN subnet information (Remote network in the VPN page) and the remote servers outside interface address (Remote router external IP address). Single IP addresses have a subnet of 255.255.255.255. This needs to be completed on both sides of the VPN. To make this easy, setup your Windows PC (assuming you use Windows) with PPTP. Nothing that I did interfered with it. Everything else I did was because I didn't know what I was doing :( I will be adding a third SME server to the mix if my testing goes well, I'll let everyone know the results. I would also like to modify the ipsec.config and _updown file per the Freeswan developers so that the active _updown isn't overwritten during an upgrade. Good luck and if you have any questions feel free to ask. - Darrell's How-To - !WARNING! For devinfo testing on a non-production server only !WARNING! Completely _untested_ by me at this time. I've simply taken the existing contrib rpm, edited the source for SME, rebuilt the rpm and updated the HowTo. Here it is, available for testing: http://myezserver.com/docs/mitel/freeswan-howto.html Many thanks to Christopher 'Andy' Worthington for an excellent contrib to work with. Again, no guarantees at all that this works. I have not had time to set up a test environment yet. I have installed and confirmed the RSA keys are now generated correctly and the configuration database and masq is appropriately updated. If someone out there has the time and the equipment to test this and report back I'd be most interested in the results ;-> Regards, -- Darrell May DMC Netsourced.com http://netsourced.com > - Original Message - > From: "Hugh Fox" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, November 01, 2001 4:40 PM > Subject: Re: [e-smith-devinfo]ipchains/Local Network (was FreeS/WAN _updown) > > > > Steve, > > > > I would like to test this as well, > > > > but am nowhere near as technical as you. .. ;o( > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo]ipchains/Local Network (was FreeS/WAN _updown)
I actually did quite a bit more than I needed to. I'm glad though because I now understand ipchains. Here are the only changes that need to be made from Darrell's How-To: 1. Before adding the Virtual private network in the SME Administrator, modify the file /usr/lib/ipsec/_updown to look like the one here: http://www.ibizbox.com/ipsec/ Only two sections were replaced: up-client: ipfwadm down-client:ipfwadm - Darrell's How-To - !WARNING! For devinfo testing on a non-production server only !WARNING! Completely _untested_ by me at this time. I've simply taken the existing contrib rpm, edited the source for SME, rebuilt the rpm and updated the HowTo. Here it is, available for testing: http://myezserver.com/docs/mitel/freeswan-howto.html Many thanks to Christopher 'Andy' Worthington for an excellent contrib to work with. Again, no guarantees at all that this works. I have not had time to set up a test environment yet. I have installed and confirmed the RSA keys are now generated correctly and the configuration database and masq is appropriately updated. If someone out there has the time and the equipment to test this and report back I'd be most interested in the results ;-> Regards, -- Darrell May DMC Netsourced.com http://netsourced.com - Original Message - From: "Hugh Fox" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 01, 2001 4:40 PM Subject: Re: [e-smith-devinfo]ipchains/Local Network (was FreeS/WAN _updown) > Steve, > > I would like to test this as well, > > but am nowhere near as technical as you. .. ;o( > > Could you advise exactly where you are making the change. In what file, etc. > > Ta, > > Hugh > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo]FreeS/WAN rpm Multiple Sites
Has anyone used Andy's original rpm to connect more than one site to site VPN's from the same server? We currently have 3 locations and will be adding many more, so I would like them all connected via IPSEC. If you have done this, how many? Thanks Steve - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Saturday, October 20, 2001 6:48 PM Subject: [e-smith-devinfo] [DRAFT] FreeS/WAN rpm + Howto available > > !WARNING! For devinfo testing on a non-production server only !WARNING! > > Completely _untested_ by me at this time. I've simply taken the existing > contrib rpm, edited the source for SME, rebuilt the rpm and updated the > HowTo. Here it is, available for testing: > > http://myezserver.com/docs/mitel/freeswan-howto.html > > Many thanks to Christopher 'Andy' Worthington for an excellent contrib to > work with. > > Again, no guarantees at all that this works. I have not had time to set > up a test environment yet. I have installed and confirmed the RSA keys > are now generated correctly and the configuration database and masq is > appropriately updated. If someone out there has the time and the > equipment to test this and report back I'd be most interested in the > results ;-> > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo]ipchains/Local Network (was FreeS/WAN _updown)
Okay...The _updown script that I have works correctly. My problem is a feature of SME 4.1.2 and 5.0. This may need to be modified for corporate WAN users. When you add a local network whose default route is on the local ethernet, the connection is being masq'd for 0.0.0.0/0 only and needs to have an ipchains rule that forwards the primary net to the local net. I added an ipchains rule ie: ipchains -I forward -j ACCEPT -b -s -d and it seemed to solve my problem. - Original Message - From: "Steve Bush" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 01, 2001 11:16 AM Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > Hmmm...I guess my level of enthusiasm was a BIT LOW on that one. > It was tempered by the fact that my source address was showing up being > masq'd. > > I will attempt to rewrite the _updown script to correctly forward. > Here is a link that I found that gives troubleshooting information on the > subject. > http://master-www.linuxrouter.org:8080/listarch/linux-router/2000-12-01/msg0 > 0516.html > > Thanks to all for the help in getting this thing working > > HOLY COW IT WORKED YEEEH > What a GREAT JOB THIS IS AWESOME > > > - Original Message - > From: "Darrell May" <[EMAIL PROTECTED]> > To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, October 31, 2001 4:02 PM > Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > > > > > > Steve Bush <[EMAIL PROTECTED]> said: > > > > > Well that worked. > > > > What no... _WOW_THAT_WORKED_ ;-> > > > > > Freeswan is tunnelling the packets because both of the networks use > > > 10.x.x.x addresses. > > > > Try setting one network as 192.168.1.x. > > > > Steve, thanks for all your work on this. If you could, at some point > > gather all your notes, and either you/I/both need to complete a HowTo > > detailing all the steps required. I know the _updown script in the rpm > > needs replacing. Let me know if you found anything else that needs > > changing or if that on script was it. > > > > Regards, > > > > -- > > Darrell May > > DMC Netsourced.com > > http://netsourced.com > > http://myEZserver.com > > > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN _updown
Hmmm...I guess my level of enthusiasm was a BIT LOW on that one. It was tempered by the fact that my source address was showing up being masq'd. I will attempt to rewrite the _updown script to correctly forward. Here is a link that I found that gives troubleshooting information on the subject. http://master-www.linuxrouter.org:8080/listarch/linux-router/2000-12-01/msg0 0516.html Thanks to all for the help in getting this thing working HOLY COW IT WORKED YEEEH What a GREAT JOB THIS IS AWESOME - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 31, 2001 4:02 PM Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > > Steve Bush <[EMAIL PROTECTED]> said: > > > Well that worked. > > What no... _WOW_THAT_WORKED_ ;-> > > > Freeswan is tunnelling the packets because both of the networks use > > 10.x.x.x addresses. > > Try setting one network as 192.168.1.x. > > Steve, thanks for all your work on this. If you could, at some point > gather all your notes, and either you/I/both need to complete a HowTo > detailing all the steps required. I know the _updown script in the rpm > needs replacing. Let me know if you found anything else that needs > changing or if that on script was it. > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN _updown
Well that worked. I added the internal subnet range, and the external SME IP address of the remote network to the local networks panel in the server-manager. Freeswan is tunnelling the packets because both of the networks use 10.x.x.x addresses. I am now fumbling through the log files to find out which IP address the remote LAN sees my PC as having. I noticed that /var/log/httpd/admin_access_log from the remote SME has me connecting as 127.0.0.1, of course even when I connect with a PC on the same subnet it shows that, which doesn't help me. So from the Network Diagram: 1-Local Client IP - connection from 6 shows IP from 2 | 2-Local SME Server Internal IP 3-Local SME Server External IP | Local Gateway | INTERNET INTERNET | Remote Gateway | 4-Remote SME Server External IP 5-Remote SME Server Internal IP - connection from 1 shows IP from 3 | 6-Remote Client IP Using the above diagram, I looked at the /var/log/httpd/access_log file on the "Remote SME Server" after using http to browse the "Remote SME Server Internal IP" from a "Local Client IP". The log file records the IP address as the "Local SME Server External IP". I then used a PC on the "Remote Client IP" subnet and used http to browse a seperate e-smith on the "Local Client IP subnet". The /var/log/httpd/access_log file showed that I connected with the "Local SME Server Internal IP". I'll dig in deeper and report back anything else I find!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 31, 2001 12:54 PM Subject: Re: [e-smith-devinfo] FreeS/WAN _updown > > Steve Bush <[EMAIL PROTECTED]> said: > > > Has anyone had any more luck than I have at getting the firewall rules > > working or any other idea paths I can follow? > > Hi Steve, I have had too many client projects to get moving on this > myself. Also I'll be off on vacation so it will be late November, early > December before I can possibly even take a concentrated look. > > However it sounds to me that you are close. > > Have you tried setting the remote networks up as a local network in the > SME5 server-manager of each server? > > Everything is 'blocked' in SME5 until you tell it that the remote network > is allowed. Then the templates update with the new IP info. I would try > adding the remote external interface IP and the remote internal interface > IP range. > > For instance take a look at this samba template: > > # [11hostsAllow] > # This option is important for security. It allows you to restrict > # connections to machines which are on your local network. The > # following example restricts access to two C class networks and > # the "loopback" interface. For more examples of the syntax see > # the smb.conf man page >hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 > > Hope this helps :) > > Regards, > > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN _updown
I have tried multiple combinations for the firewall rules in _updown and I haven't been successful at gettig this to work. The connection is established and I am able to ping from location to location, but no other applications work, ie telnet and www. Has anyone had any more luck than I have at getting the firewall rules working or any other idea paths I can follow? - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:28 PM Subject: [e-smith-devinfo] FreeS/WAN _updown > > I installed the old freeswan-1.8-3.i386.rpm, pulled the files out you > need (actually took the entire directory incase something else is found) > and have them ready for download here: > > http://myEZserver.com/downloads/mitel/ipsec.tar.gz > > Hope this helps the testing efforts along. > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
I tried bypassing wins/dns by browsing to the IP address of my servers, it didn't work. I also tried to take control of my WINS servers using VNC and was unable to connect. PPTP into the network works fine. I suspect that the changes I made to _updown aren't sufficient, somehow only allowing ping and traceroute. Is there any way you can send me the _updown file from your rpm. If not, I will build a 4.1.2 server and expand it on there. Samba and DNS aggregation from multiple VPN connection would be an added bonus. Password sync'ing would be even nicer!!! Thanks for your help - Original Message - From: "Andy Worthington" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; "Hugh Fox" <[EMAIL PROTECTED]>; Sent: Thursday, October 25, 2001 2:44 PM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > This is probably because the config files for things like samba, etc don't > recognize your remote network as one allowed to browse etc. That was the > next thing on my list to be done once ping was working. The other thing > with samba is you might need to point all machines to use the same WINS > server so you will be able to browse all networks. > > Andy Worthington > > - Original Message - > From: "Steve Bush" <[EMAIL PROTECTED]> > To: "Steve Bush" <[EMAIL PROTECTED]>; "Andy Worthington" > <[EMAIL PROTECTED]>; "Hugh Fox" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Thursday, October 25, 2001 12:48 PM > Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > I spoke too soon... > > As long as all you need is to ping site to site, this is your solution!!! > > I can't telnet, browse windows servers using their IP address, etc. > > > > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
FYI - I'm using SME5 sp2 with Darrell's RPM at: http://myezserver.com/docs/mitel/freeswan-howto.html The changes I noted were done to the Freeswan installed by Mitel on SME5 I believe the problem with this configuration is the _updown included with SME5 is the standard one included with Freeswan. It only supports ipfwadm and not ipchains. The Freeswan developers actually recommend leaving the original _updown and creating a seperate file that supports ipchains. I am currently trying to pull Andy Worthington's copy of _updown that is in his Freeswan RPM located at: http://students.ou.edu/W/Christopher.A.Worthington-1/e-smith/ipsec/ I'm hoping that this will allow me to do more than ping from site to site. Steve Bush -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
I spoke too soon... As long as all you need is to ping site to site, this is your solution!!! I can't telnet, browse windows servers using their IP address, etc. - Original Message - From: "Steve Bush" <[EMAIL PROTECTED]> To: "Andy Worthington" <[EMAIL PROTECTED]>; "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 12:37 PM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > Okay I have it working correctly now. > I can ping from internal net to internal net. > fyi - for the following changes to take effect, I simply went into the > existing tunnel and resaved the configs. > > I backed out the following changes that I had previously made: > > In 30Connections > > put a hash in front of every line similar to this > > $result .= "\trightfirewall=$remoteNAT\n"; > > > > in 40LocalAttributes > > put a hash in front of every line similar to this > > $result .= "\tleftfirewall=yes\n\n"; > > Then I modified the /usr/lib/ipsec/_updown with the following changes: > ---Notice the two remarked lines in each paragraph with ipfwadm are replaced > by the two lines following: > > up-client:ipfwadm) > # connection to client subnet, with (left/right)firewall=yes, coming > up > # This is used only by the default updown script, not by your custom > # ones, so do not mess with it; see CAUTION comment up at top. > # ipfwadm -F -i accept -b -S > $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ipchains -I forward 1 -j ACCEPT -b -p all -s > $PLUTO_MY_CLIENT_NET/$PLUT$ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ;; > > down-client:ipfwadm) > # connection to client subnet, with (left/right)firewall=yes, going > down > # This is used only by the default updown script, not by your custom > # ones, so do not mess with it; see CAUTION comment up at top. > # ipfwadm -F -d accept -b -S > $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > /sbin/ipchains -D forward -j ACCEPT -b -p all -s > $PLUTO_MY_CLIENT_NET/$$ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ;; > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
Okay I have it working correctly now. I can ping from internal net to internal net. fyi - for the following changes to take effect, I simply went into the existing tunnel and resaved the configs. I backed out the following changes that I had previously made: > In 30Connections > put a hash in front of every line similar to this > $result .= "\trightfirewall=$remoteNAT\n"; > > in 40LocalAttributes > put a hash in front of every line similar to this > $result .= "\tleftfirewall=yes\n\n"; Then I modified the /usr/lib/ipsec/_updown with the following changes: ---Notice the two remarked lines in each paragraph with ipfwadm are replaced by the two lines following: up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. # ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ipchains -I forward 1 -j ACCEPT -b -p all -s $PLUTO_MY_CLIENT_NET/$PLUT$ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. # ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ # -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK /sbin/ipchains -D forward -j ACCEPT -b -p all -s $PLUTO_MY_CLIENT_NET/$$ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
I'm slowing scratching the surface of understanding freeswan.so The file /usr/lib/ipsec/_updown on my SME box calls ipfwadm not ipchains, so I suspect that this is being used. My next trial was going to be to replace _updown with the ipsec version. Where can I get your version with the syntax errors fixed? Thanks for your help - Original Message - From: "Andy Worthington" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:12 AM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > The ipchains example _updown script in the 1.8 documentation used to have > syntax errors in it. I do not thing they ever updated the documentation to > fix it. My 4.x rpms have the ipchains _updown with all the syntax errors > fixed if it isn't already installed by default on SME > > Andy Worthington > - Original Message - > From: "Steve Bush" <[EMAIL PROTECTED]> > To: "Andy Worthington" <[EMAIL PROTECTED]>; "Hugh Fox" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, October 25, 2001 11:33 AM > Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > I applied the changes and the errors went away. > > It looks like the default _updown firewall script included with freeswan > use > > ipfwadm. > > There is a sample ipchains script that can be called instead. > > > > > > - Original Message - > > From: "Andy Worthington" <[EMAIL PROTECTED]> > > To: "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Thursday, October 25, 2001 11:04 AM > > Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > > > > Did that fix the errors you were getting in your log file? > > > > > > Andy Worthington > > > - Original Message - > > > From: "Hugh Fox" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, October 25, 2001 8:30 AM > > > Subject: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > > > > > > > Based on the feedback earlier today regarding problems with ipchains, > > etc, > > > I > > > > made some amendments to some ipsec.conf templates: > > > > > > > > In /etc/e-smith/templates/etc/ipsec.conf > > > > > > > > In 30Connections > > > > put a hash in front of every line similar to this > > > > $result .= "\trightfirewall=$remoteNAT\n"; > > > > > > > > in 40LocalAttributes > > > > put a hash in front of every line similar to this > > > > $result .= "\tleftfirewall=yes\n\n"; > > > > > > > > Now: > > > > [root@sme2 ipsec.conf]# ipsec eroute > > > > 192.168.1.0/24 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > > > 192.168.1.0/24 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > > > 203.132.2.2/32 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > > > 203.132.2.2/32 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > > > [root@sme2 ipsec.conf]# > > > > > > > > I can ping from one LAN all the way to the internal IP of the SME at > the > > > > other end of the tunnel, but I cannot yet ping from a machine in one > lan > > > to > > > > a machine in the other. > > > > > > > > Hope this helps (at least a little bit) > > > > > > > > Hugh > > > > > > > > > > > > -- > > > > Please report bugs to [EMAIL PROTECTED] > > > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > > > Support for registered customers and partners to [EMAIL PROTECTED] > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > Archives by mail and > > > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > > > > > > > -- > > > Please report bugs to [EMAIL PROTECTED] > > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > > Support for registered customers and partners to [EMAIL PROTECTED] > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > Archives by mail and > > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > > > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success
I applied the changes and the errors went away. It looks like the default _updown firewall script included with freeswan use ipfwadm. There is a sample ipchains script that can be called instead. - Original Message - From: "Andy Worthington" <[EMAIL PROTECTED]> To: "Hugh Fox" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:04 AM Subject: Re: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > Did that fix the errors you were getting in your log file? > > Andy Worthington > - Original Message - > From: "Hugh Fox" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 25, 2001 8:30 AM > Subject: [e-smith-devinfo] FreeS/WAN Testing Update - Limited Success > > > > Based on the feedback earlier today regarding problems with ipchains, etc, > I > > made some amendments to some ipsec.conf templates: > > > > In /etc/e-smith/templates/etc/ipsec.conf > > > > In 30Connections > > put a hash in front of every line similar to this > > $result .= "\trightfirewall=$remoteNAT\n"; > > > > in 40LocalAttributes > > put a hash in front of every line similar to this > > $result .= "\tleftfirewall=yes\n\n"; > > > > Now: > > [root@sme2 ipsec.conf]# ipsec eroute > > 192.168.1.0/24 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > 192.168.1.0/24 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > 203.132.2.2/32 -> 192.168.0.0/24 => [EMAIL PROTECTED] > > 203.132.2.2/32 -> 203.132.1.2/32 => [EMAIL PROTECTED] > > [root@sme2 ipsec.conf]# > > > > I can ping from one LAN all the way to the internal IP of the SME at the > > other end of the tunnel, but I cannot yet ping from a machine in one lan > to > > a machine in the other. > > > > Hope this helps (at least a little bit) > > > > Hugh > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [DRAFT] FreeS/WAN rpm + Howto available
/var/log/secure is filling with the following error: You cannot mix the 'ipfwadm' wrapper with ipchains. You must delete all user chains and flush all built-in chains if you want to use the ipfwadm wrapper. Of course when you delete the IPSEC link in server-manager, the error stops. I'm sure you'll have the solution quicker than it took me to figure out where IPSEC put its log files :) My two servers are standing by ready to test!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Wednesday, October 24, 2001 12:59 PM Subject: Re: [e-smith-devinfo] [DRAFT] FreeS/WAN rpm + Howto available > > Steve Bush <[EMAIL PROTECTED]> said: > > > Well, right out of the chute, the sme freeswan rpm doesn't work. > > It sure looks good in the manager though!!! > > > > I'm diving into the logs and configs to see if I can find the problem. > > H. Ok, well I did mention this was completely_untested_by_my. > > Hugh/Steve. Thanks for taking the time an effort to take a look and give > it a try. Thanks for continuning the effort, diving in and trying to > find the problem. > > Time to roll up the sleeves, build up some computers and dive into this > myself. > > Good luck everyone. > > > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [DRAFT] FreeS/WAN rpm + Howto available
Well, right out of the chute, the sme freeswan rpm doesn't work. It sure looks good in the manager though!!! I'm diving into the logs and configs to see if I can find the problem. - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Saturday, October 20, 2001 7:48 PM Subject: [e-smith-devinfo] [DRAFT] FreeS/WAN rpm + Howto available > > !WARNING! For devinfo testing on a non-production server only !WARNING! > > Completely _untested_ by me at this time. I've simply taken the existing > contrib rpm, edited the source for SME, rebuilt the rpm and updated the > HowTo. Here it is, available for testing: > > http://myezserver.com/docs/mitel/freeswan-howto.html > > Many thanks to Christopher 'Andy' Worthington for an excellent contrib to > work with. > > Again, no guarantees at all that this works. I have not had time to set > up a test environment yet. I have installed and confirmed the RSA keys > are now generated correctly and the configuration database and masq is > appropriately updated. If someone out there has the time and the > equipment to test this and report back I'd be most interested in the > results ;-> > > Regards, > > -- > Darrell May > DMC Netsourced.com > http://netsourced.com > http://myEZserver.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Comments in generated config files (was Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6)
I know this isn't up for a vote, but I agree with Darrell on this one... I guess I don't see a problem with larger files due to comments. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] PPTP problem
Also make sure you have the Dial Up Networking component installed from the control panel Add/Remove Programs>Windows Components before installing the patches. Install the DUN 1.4 patch for Windows 98SE (One is available for 95/98/98SE/NT4). If Dial Up Networking isn't installed first, you will need to uninstall DUN and then go through the whole process again. Good luck!!! - Original Message - From: "Glenn E. Kennedy" <[EMAIL PROTECTED]> To: "devinfo esmith" <[EMAIL PROTECTED]> Cc: "Luuk Jansen" <[EMAIL PROTECTED]> Sent: Thursday, October 04, 2001 10:02 PM Subject: Re: [e-smith-devinfo] PPTP problem > I don't think you're downloading the correct component from Microsoft's > byzantine website. 128 bit DUN encryption does not ship with Windows 98SE. > > Try running the "Windows Update" utility, and select the 128bit DUN upgrade, > which can be found about half way down the list of security band-aids. In > exchange for your copies of your personal data, registry entries, and > installed software inventories, Microsoft will update your DUN encryption to > 128 bit. > > Glenn Kennedy > > > > > - Original Message - > From: "Luuk Jansen" <[EMAIL PROTECTED]> > To: "Noah Berlove" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, October 04, 2001 10:21 AM > Subject: RE: [e-smith-devinfo] PPTP problem > > > > I tried a few downloads, but by every download I get the message that it's > > for my windows version. I'm using Windows 98 SE. > > > > The same with the 128-bit encryption upgrade. According to windowsupdate > > it's distibuted with 98 SE. > > > > Anyone who works with Windows 98 SE and PPTP works on V5.0? > > > > Luuk > > > > -Oorspronkelijk bericht- > > Van: Noah Berlove [mailto:[EMAIL PROTECTED]] > > Verzonden: woensdag 3 oktober 2001 23:43 > > Aan: Luuk Jansen > > Onderwerp: Re: [e-smith-devinfo] PPTP problem > > > > > > Luuk, > > > > Go to Microsoft's website and upgrade the Dial Up Networking software. I > > think you need DUN 1.4. > > > > Noah > > > > At 05:39 PM 03-10-01, you wrote: > > >Hello, > > > > > >I've got a problem with the PPTP. > > >When I connect to the server with a laptop running a fresh Windows 98 SE > > the > > >connection is closed just after it is established. > > > > > >I get a message that the connection is established, and right after it > that > > >it > > >is lost and a question if I want to reconnect. > > >If I reconnect I get the same again. > > > > > >Anyone how can help me? > > > > > >I've an upgraded V5.0 server and everything (appears to )works fine. > > > > > >Regards, > > > > > >Luuk > > > > > > > > >-- > > >Please report bugs to [EMAIL PROTECTED] > > >Please mail [EMAIL PROTECTED] (only) to discuss security issues > > >Support for registered customers and partners to [EMAIL PROTECTED] > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > >For additional commands, e-mail: [EMAIL PROTECTED] > > >Archives by mail and > > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] RE: New SME 5.0 Blade
I had a browser error, IE6 (I think it was a timeout...sorry, I didn't write it down) when I applied Update2. I immediately checked to see if the RPM had installed and it did. - Original Message - From: "Greg J. Zartman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Monday, October 01, 2001 7:21 PM Subject: RE: [e-smith-devinfo] RE: New SME 5.0 Blade > A quick follow up to the qmail problems I was having after installing the > "new" blade: > > As posted in previous messages, after installing the "new" blade yesterday > morning, I discovered that my qmail service was not functioning properly. > The server log file messages indicated that qmail had started without error, > but email send to or from the server did not reach it's destination. > Examination of the maillog file showed that qmail had not processed any > message since the upgrade. > > Thinking that maybe something had happened during the blade install, I ran > the command rpm -qa|grep SMEServer-5.0_Update2 to see if the blade packages > had been installed. They had not. I then manually installed all rpms > located in my /var/cache/e-smith/blades/packages that were dated Sept 30. > After a reboot, qmail was back to normal. > > Regards, > > Greg J. Zartman > > > > > > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] /etc/statusreport errors
- Original Message - From: "Dan Brown" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 24, 2001 6:30 PM Subject: [e-smith-devinfo] /etc/statusreport errors > Since upgrading to SME 5, I periodically get this in my email > from cron: > > Use of uninitialized value in concatenation (.) at /etc/statusreport > line 47. > Use of uninitialized value in concatenation (.) at /etc/statusreport > line 47. I get the same error message along with the following from cron with the subject "run-parts /etc/cron.daily" /etc/cron.daily/tmpwatch: error: lstat() of directory /var/cache/man/X11R6/cat? failed: No such file or directory -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] myEZserver.com
Maybe this goes without saying...but... I'm sure Darrell would like the link pointing to his primary page so that he can see some type of return on investment for all of his hard work on the how- to documents. Brossin Pierrick <[EMAIL PROTECTED]> said: > I'm using Opera 5 and I dont have any trouble > seeing the page... > > the urls are > --- > > HowTos : http://myezserver.com/howtoguides.html > Downloads : http://myezserver.com/downloads.html > > cya > > - > A PC without Windows is like a chocolate cake without mustard > - Original Message - > From: "Charlie Brady" <[EMAIL PROTECTED]> > To: "Lars Johansson" <[EMAIL PROTECTED]> > Cc: "Darrell May" <[EMAIL PROTECTED]>; "e-smith-devinfo" > <[EMAIL PROTECTED]> > Sent: Thursday, September 13, 2001 4:32 PM > Subject: Re: [e-smith-devinfo] myEZserver.com > > > > > > On Thu, 13 Sep 2001, Charlie Brady wrote: > > > > > > Just click on "Support" and then choose "Howto's" or "Downloads". > > > > > > > > Not too difficult, was it? > > > > > > I'm using Opera. I can't see any "Support" to click on. > > > > > > Using lynx doesn't help me either. I can see that there are three > frames, > > > only one of which contains a link - which is to the contacts.html page. > > > > I don't see it with Netscape either. > > > > Can you provide a URL please? > > > > Charlie Brady [EMAIL PROTECTED] > > Lead Product Developer > > Network Server Solutions Grouphttp://www.e-smith.com/ > > Mitel Networks Corporationhttp://www.mitel.com/ > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] php CodeRed counter
I didn't run into the bugI installed the new version and it still works...thanks again!!! - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "Steve Bush" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, August 16, 2001 9:55 PM Subject: Re: [e-smith-devinfo] php CodeRed counter > > Steve Bush <[EMAIL PROTECTED]> said: > > > Very cool app...thanks > > Your welcome. I did notice I made one minor mistake, however it's easy > to fix. For anyone who has downloaded already, simply edit line 3 and > place quotes around $file as shown below: > > $fh = fopen ("$file","r") or die ("Cannot find access_log!"); > > Sorry for any inconvenience. The download has been updated already so no > worries, the download is ready to go. > > http://netsourced.com/servers/downloads/codered.zip > > Regards, > > -- > Darrell May > DMC NETSOURCED.COM > http://netsourced.com > > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] php CodeRed counter
Very cool app...thanks - Original Message - From: "Darrell May" <[EMAIL PROTECTED]> To: "e-smith-devinfo" <[EMAIL PROTECTED]> Sent: Thursday, August 16, 2001 8:20 PM Subject: [e-smith-devinfo] php CodeRed counter > > Here is another CodeRed counter. In the zip file you will find a single > file named 'codered.php'. Simply copy to any web accessible, php enabled > area and open in your browser to view. This small page shows Code Red > Hits, Code Red II Hits, Totals and updates every 60 seconds. > > http://netsourced.com/servers/downloads/codered.zip > > -- > Darrell May > DMC NETSOURCED.COM > http://netsourced.com > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Code Red worm attack counts
grep default.ida /var/log/httpd/access_log* | wc -l I added a wildcard for the access_log and got 26. - Original Message - From: "Womack, Eric" <[EMAIL PROTECTED]> To: "Development Info for E-smith (E-mail)" <[EMAIL PROTECTED]> Sent: Friday, July 20, 2001 12:38 PM Subject: [e-smith-devinfo] Code Red worm attack counts > Want to see how many servers have attempted to infect you with the Code Red > worm (and failed, I might add)? > > Log into your gateway as root and type: > > grep default.ida /var/log/httpd/access_log | wc -l > > The result is a count of the hits in your most current log. > > Whose got the most? I've go 27 so far, but its early yet. > > Eric > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] LDAP test
Mine works...Here's a stupid question... did you set the "Server Root" in Outlook Express? To find out the server root, go to www/e-smith-manager choose Directory. There should be a server root that consists of dc=<..>,dc=<..> I'm sure you knew that, but...just in case!!! - Original Message - From: "Trevor Ouellette" <[EMAIL PROTECTED]> To: "E-smith developers list" <[EMAIL PROTECTED]> Sent: Monday, July 16, 2001 6:48 PM Subject: [e-smith-devinfo] LDAP test > Could anyone who has 1 minute, check to see if their LDAP is working with > Outlook or Outlook express and report back here. I can't get my damn LDAP > to work. I'm running 4.1.2 > > > -Original Message- > From: Trevor Ouellette [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 16, 2001 5:29 PM > To: David J. Boccabella; E-smith developers list > Subject: RE: [e-smith-devinfo] Printer Driver Downloading in Samba > 2.2.1a > > > Well just hang on David, I'm working with the Samba guys right now... > > -Original Message- > From: David J. Boccabella [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 16, 2001 5:26 PM > To: E-smith developers list > Subject: Re: [e-smith-devinfo] Printer Driver Downloading in Samba > 2.2.1a > > > I'd love to find out HOW to copy the printer drivers down to Sama.. > > Here's what happened to me. > > 1) Followed instructions and installed Samba on existing system. System had > 2 printers configured and shared OK. Worked under Samba 2.0.7 > > 2) Reinstalled Win2k on old server machine (to downgrade from PDC and AD) > > 3) Tried to reconnect to printers. Printer message box told me that this > was an "Unknown printer" and W2K tried to install a driver from "*.inf" > > 4) After several hours of bashing head on TRYING to work out how to write > the printer drivers onto the E-Smith box I gave up and put Samba 2.0.7 back > on. Printers connected perfectly and W2K installed the local drivers for > it. > > > Help!! > I'd very much like to use the updated Samba - but the printer drivers issue > seemed to be too difficult to solve. Samba doc (How I HATE Unix style > documentation) gave little mention to it. > > Any Advice? > Dave > > > > > > > > > - Original Message - > From: "Dan Brown" <[EMAIL PROTECTED]> > To: "Trevor Ouellette" <[EMAIL PROTECTED]>; "E-smith developers list" > <[EMAIL PROTECTED]> > Sent: Tuesday, July 17, 2001 9:12 AM > Subject: Re: [e-smith-devinfo] Printer Driver Downloading in Samba 2.2.1a > > > > Dan Brown wrote: > > > > > Nope, doesn't look that hard. In fact, I think I have it > working now, > > > but I don't have a good way of testing it. You need to make two custom > > > > Well, I thought I had it working. My system will go through the > > motions of copying the drivers, but it doesn't actually do so. Very > > interesting. Time to check out more docs, I guess... > > > > -- > > Dan Brown, KE6MKS, [EMAIL PROTECTED] > > "Meddle not in the affairs of dragons, for you are crunchy > > and taste good with ketchup." > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] proftpd.conf/60AnonymousIBay
I've modified an e-Smith server to allow external write access to password protected IBays. I would now like to setup Umask of 007 on the new files created, but I don't know where to put Umask in the 60AnonymousIBay template for proftpd.conf. The only potential clue I have is putting something like: Umask007 If this is correct, should it be placed before Any clues would be appreciated so that I don't have to fumble my way through it!!! Steve Bush -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] VPN in w95
Make sure Dial Up Networking is installed from Windows setup before applying the DUN 1.4 patch. I know...what idiot would apply an update to DUN without it being installed first Darrell May <[EMAIL PROTECTED]> said: > Richard Ford <[EMAIL PROTECTED]> said: > > > Does Windows 95 support PPTP? > > > > Yes, all you need is the DUN 1.4 Upgrade. Microsoft Article ID: Q285189 > > Download DUN 1.4 for Windows 95 (Dun14-95.exe) from: > > http://download.microsoft.com/download/win95/Update/17648/W95/EN-US/dun14- > 95.exe > > Regards, -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] TWIG mail timestamps
> On the e-smith box the TWIG mail module displays wrong time > stamps. It appears that it uses the unix time stamps rather > than the header information. If you move or copy a message > from the INBOX to another folder, the message is listed with > the current date. The date in the header is correct. > How does TWIG mail behave on your box? I have e-Smith 4.0/Twig 2.62 - same problem happens for me. When I move a message, it shows the current date and time, not the original one. Funny I never noticed this before!!!
Re: [e-smith-devinfo] Client VPN users and their routing.
There is a TID on M$ site. Search for pptp default gateway. The short version is to go to the properties of your PPTP connection>Properties Tab> TCP/IP Properties>Advanced> Uncheck "Use default gateway on remote network It worked for me Richard Ford <[EMAIL PROTECTED]> said: > Ok, when you have a net connection to the net (Under win2000 Pro) the little > > What my question has to do is with routing. > > No matter what site I wish to load up or connection to be made - the VPN > always lights up - and going by the whole speed of things it seems that ALL > traffic is going through the VPN? As everything is slow.
Re: [e-smith-devinfo] Darrell May, DMC Netsourced.com
I took a look at all the informational/how-to email messages I've saved regarding e-smith. I've concluded that I've taken a hell of alot more than I could ever give. Strangely I found a good 1/4 of the ones I saved came from you. Thanks for all the hints and tips!!! I hate to see a resource like you go. Good luck!!! Darrell May <[EMAIL PROTECTED]> said: > Regretfully I wish to inform everyone that e-smith has terminated my > partnership agreement. > > I want everyone to know I have thoroughly enjoyed the opportunity > of 'meeting' all of you and sharing in the development and support of the > e-smith product. I have also enjoyed the open and honest sharing of > knowledge, opinions and comments. I have found this sharing very > beneficial. I thank all those who have assisted me in gaining knowledge > from my newbie start to my humble beginnings of "I think I know what I'm > doing". > > For now I will take some time to reflect on this course of events. Who > knows what the future holds. > > Regards, > > -- > Darrell May > DMC NETSOURCED.COM > 9912 Lougheed Highway, Burnaby, BC, Canada V3J 1N3 > Phone: 1 604 420-1362 * Tollfree: 1 800 520-1362 * Fax: 1 604 552-8833 > E-mail: [EMAIL PROTECTED] > Website: http://netsourced.com > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] HP e50 netserver
> It looks like I will be installing e-smith on a used HP e50 netserver. > has anyone had experience with > these? If you have, were there any hardware/driver problems that I need > to be aware of? I installed it on a HP e60 and had a problem booting. I don't know if the e50 will exhibit the same problem, but her you go just in case: After e-Smith was installed and rebooted, it would hang after enabling swap space. I finally found a bug report on Redhat's site: http://www.redhat.com/support/docs/gotchas/7.0/gotchas-7-7.html (7.6 After installation, system hangs at "Enabling swap space") http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=18793 It detailed how to boot up without running the rc.sysinit script. I then edited that file, which is /etc/rc.d/rc.sysinit and commented out the lines relating to agpgart and all booted fine. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] E-smith and Outlook
I had a problem with Outlook 2k sp1 setup using IMAP on eSmith. Outlook Express and Eudora worked great, but Outlook crashed everytime. I don't have an Outlook client in front of me setup for Internet email only, so I'll have to go off memory and the pop mail options available. I solved my problem by going into tools>options>mail services In mail options uncheck "Check for new mail on:" for your imap account. Richard Ford <[EMAIL PROTECTED]> said: > Hi All, > Again, fresh installs, working machines > And Outlook 2000 ALWAYS crashes on IMAP operations with our e-smith server?? > Anyone else experience this? > > Netscape and Eudora all work fine. But isn't IMAP a standard? And no I > can't switch as I actually like all the scheduling / organising features of > outlook! > > Cheers, > Richard.
Re: [e-smith-devinfo] e-smith/samba logon.bat file
Here's a link to an interesting series of Perl scripts. I found it on freshmeat.net I haven't had a chance to try it. http://www.phonax.com/fileservers/advanced_samba.shtml Quoting Ted Serreyn <[EMAIL PROTECTED]>: > Is there a way to map drives for certain users in the login.bat file. > > Logically > if user is in webgroup > map W: to main web ibay > > Ted Serreyn
Re: [e-smith-devinfo] 4.0.1 not seeing LAN?
> > A hardware failure in your NIC is a distinct possibility. > > This was suggested via private e-mail, so I reconfigured the machine to > swap the interfaces. Same behavior--it won't talk to the LAN and the > LAN won't talk to it, but it'll see the Internet just fine. I think > (without being 100% certain) that this would exclude the possibility of > a hardware failure. After swapping the cable and switch port, I guess you could rule out hardware. > What strikes me as particularly odd is that my 4.1b3 box reports "host > unreachable" when I try to ping the 4.0.1 machine. I can understand why > the 4.0.1 box would do this, say if the routing table were hosed in some > way, but I'd expect things like "request timed out" or just no response > from the other machines. How about changing the IP on the internal NIC temporarily? Maybe a config file got hosed and needs to be recreated. I was focusing on it being a hardware problem...so I deleted your other messages. Did you check the output from the ifconfig command?