search for: infrasupportetc

Displaying 20 results from an estimated 23 matches for "infrasupportetc".

2005 Apr 05
0
Informal HOWTO - transparent authentication and optional outbound web filtering using Samba 3.0.13, Squid 2.5.STABLE7, SmartFilter 4.01, RedHat 9.0 in a Win2003 AD domain
Thanks to everyone for all the help getting this done. As promised, here are the detailed notes I put together. These step by step instructions should work starting with a raw RedHat Linux 9.0 system. - Greg Scott GregScott@InfraSupportEtc.com These are step by step instructions for how to install and configure the Squid proxy server with transparent authentication for users in a Microsoft AD domain, optionally using SmartFilter from Secure Computing to support outbound web filtering. This was tested in two Windows 2003 AD dom...
2006 Mar 08
3
What happened to the lartc mailing list?
I see it is posting to the archive website but not emailing them out. Is anyone else getting emails or is it just me? Thanks - Greg Scott _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
2005 Apr 03
4
Smbd 3.0.13 dies when smb.conf has winbind separator = \
...lt from source, on RedHat Linux 9.0. My A/D domain is Windows 2003. I started up smbd with -d 10 (debug level 10) with and without that line commented out, so I have these debug traces with and without. I would really appreciate any advice from the community. Thanks - Greg Scott GregScott@InfraSupportEtc.com Here are the last few lines of the log file with that separator line in place in smb.conf, just before smbd dies: [root@infra-fw samba]# cd /var/log/samba [root@infra-fw samba]# tail log.smbd [2005/04/02 21:21:13, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0...
2005 Apr 05
0
RE: [squid-users] IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01; ticket number 48293
...ntlm lines must be above the auth_param basic lines. The auth_param ntlm and auth_param basic lines also should be together with each other. I would really like to understand why we need both sections and in this order... But the good news is... IT WORKS NOW!!!!!!!!!!! - Greg Scott GregScott@InfraSupportEtc.com -----Original Message----- From: Greg Scott [mailto:GregScott@InfraSupport.com] Sent: Monday, April 04, 2005 2:25 AM To: squid-users@squid-cache.org; samba@lists.samba.org; support@securecomputing.com Cc: Fredy Hernandez; Scott Anderson Subject: [squid-users] IE improperly prompts for crede...
2005 Apr 04
1
IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01
...estion - why do I need an auth_param for both ntlm and basic authentication? What's the difference? Lots of documentation all over the place says I need both and in this order but I haven't found anything that says why. Could this be a key to my problem? Thanks - Greg Scott GregScott@InfraSupportEtc.com Here are the build notes - remember, this is a snapshot in time, useful right now for debugging. Below is a work in progress. For Squid authentication with an Active Directory domain, we need Samba, set up with Kerberos. Redhat Linux 9.0 ships with Kerberos version 5, revision 1.2.7-1...
2005 Apr 02
1
Using the RedHat 9.0 Samba 3.0.13 RPM with Kerberos 1.4 from MIT
...p getting this error when trying to join my Linux box to the Win2003 Active Directory domain: [root@infra-fw etc]# net ads join -S 10.10.10.100 -U administrator administrator's password: [2005/04/01 21:24:41, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password administrator@INFRASUPPORTETC.COM failed: KRB5 error code 52 [2005/04/01 21:24:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: KRB5 error code 52 Google pointed me to some advice here: http://lists.samba.org/archive/samba/2004-July/090137.html And this quote from John Terpstra: > Only MIT Kerberos 1.3.1 or later wil...
2001 Oct 25
1
Why won''t this box route ICMP echo reply packets???????
...thinks I''m a total idiot. Oh - yes, I did turn on IP routing: echo "1" > /proc/sys/net/ipv4/ip_forward Is there something else I should be turning on? Why won''t this box route ICMP Echo Reply packets?? thanks - Greg Scott cell phone 651-260-1051 Greg Scott@InfraSupportEtc.com
2006 Jan 26
8
nat table remenbering nat''s
Dear All Why NAT rules stays valid even if I flush nat anf table chains?? I have: iptables -P FORWARD DROP iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s SOME_IP -d SOME_BCP_5_IP --dport 1234 -j ACCEPT iptables -i nat -A PREROUTING -s SOME_IP -d MY_INTERNET_IP \\ --dport 1234 -j DNAT --to-destination SOME_BCP_5_IP The conection is
2007 May 30
4
Proxy ARP with a Coyote Point equalizer
...themselves by ARPing to see if anyone else answers at that address. Is there a way to limit proxy ARP to a list of IP Addresses? Or - should I forget proxy ARP and look at bridging instead? Can I do bridging and still access the bridged interfaces remotely? Thanks - Greg Scott GregScott@InfraSupportEtc.com
2006 Jan 06
4
routing decision based on sorce port
Hello Routing Gurus ;-) I''d like to know if it''s possible to make a routing decision for pakets originating from a specific port of the local machine without using ipfilter/iptables to mark the pakets. I read about the tc filter stuff but that seems only to be able to sort the pakets to a different queue on the same interface and not choose a different interface for example. Is
2002 Jan 06
28
Gre Tunneling Problem
Hello everyone, I have a problem regarding gre tunneling, I have two linux box both of them has a private network and the linux A is connected to the internet via wireless radio and the other linux B is connected to the internet via lease line. Here is the setup of my two linux box Linux A eth0 = 203.189.x.1 (internet) eth1 = 192.168.1.1 (going to hub private network) Linux B eth0 = 205.198.x.1
2006 Jan 16
0
RE: FS: Cyclades PC300/TE2 Dual T1 Interface PCI Card For LinuxPC!
I hope this isn''t too far off topic. I did a little bit of pricing homework a few months ago on new T1 cards. The idea was to build a Linux based router/firewall. After all, Ethernet NICs are easily available for less than $10 today. But all the T1 cards I found cost a fortune. And about a year ago, I learned the list price for a complete Adtran Netvanta 3200 router with T1 card is
2006 Mar 07
0
Router stops forwarding packets when MAC Address changes
Here''s one that makes me scratch my head. I have a layout like this: 172.16.0.0/16 1.2.3.48/28 172.16.n.n (fictional public IP range) internal hosts | <----+-----+----------+ +----------+------>to the Internet | | | | Internal | | | Host Firewall
2002 Mar 18
0
RE: Yay!
Now that your VPN is working, you really have two LANs separated by routers. So the issues with browse lists etc. are the same as in any other WAN situation and really not related to Linx Advanced Routing. (But who am I to make that call - I''m just a skinny bald guy from Minnesota!) NetBIOS broadcast name resolution does you no good, so you''ll either need a WINS server or local
2006 Feb 20
0
(no subject)
Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal LAN, but at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy ARP this
2002 Apr 19
0
RE: Routing based on source port - Solution ?
What about some sort of DNAT redirection with iptables? - Greg -----Original Message----- From: Tobias [mailto:medlor@web.de] Sent: Friday, April 19, 2002 8:18 AM To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Routing based on source port - Solution ? Hello bert I have the same problem and tried all possibities i know. "ip rule" in fact doesnt route based on port because IP
2006 Jun 29
1
FW: 2.6.17.1 compile error with a netfilter module
Does anyone know what this means and how to fix it? I know it looks like a file named lockhelp.h is missing. What can I do to fix it? I tried to put in some POM patches from patch-o-matic-ng-20060624. Could this have been my problem? . . . CC [M] net/ipv4/ipvs/ip_vs_nq.o CC [M] net/ipv4/ipvs/ip_vs_ftp.o scripts/Makefile.build:52: kbuild: net/ipv4/netfilter/Makefile - Usage of
2006 Apr 04
0
RE: Proxy ARP and UDP
I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11
2007 Jun 19
8
Linux bridging and cascaded switches
Hi - Still plugging away at my Linux bridge/firewall and thinking through the consequences. In a normal firewall situation, the Internet is on one side, the internal LAN on the other. Duh! But now, with a Linux bridge in the middle, the whole thing becomes one big messy LAN. So we have a scenario that looks like this: Internal---User---Core-----Firewall---Internet---Internet router Servers
2006 Feb 20
5
Proxy ARP and UDP
Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal