search for: infrasupportetc

Thanks to everyone for all the help getting this done. As promised, here are the detailed notes I put together. These step by step instructions should work starting with a raw RedHat Linux 9.0 system. - Greg Scott GregScott@InfraSupportEtc.com These are step by step instructions for how to install and configure the Squid proxy server with transparent authentication for users in a Microsoft AD domain, optionally using SmartFilter from Secure Computing to support outbound web filtering. This was tested in two Windows 2003 AD dom...

I see it is posting to the archive website but not emailing them out. Is anyone else getting emails or is it just me? Thanks - Greg Scott _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

...lt from source, on RedHat Linux 9.0. My A/D domain is Windows 2003. I started up smbd with -d 10 (debug level 10) with and without that line commented out, so I have these debug traces with and without. I would really appreciate any advice from the community. Thanks - Greg Scott GregScott@InfraSupportEtc.com Here are the last few lines of the log file with that separator line in place in smb.conf, just before smbd dies: [root@infra-fw samba]# cd /var/log/samba [root@infra-fw samba]# tail log.smbd [2005/04/02 21:21:13, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0...

...ntlm lines must be above the auth_param basic lines. The auth_param ntlm and auth_param basic lines also should be together with each other. I would really like to understand why we need both sections and in this order... But the good news is... IT WORKS NOW!!!!!!!!!!! - Greg Scott GregScott@InfraSupportEtc.com -----Original Message----- From: Greg Scott [mailto:GregScott@InfraSupport.com] Sent: Monday, April 04, 2005 2:25 AM To: squid-users@squid-cache.org; samba@lists.samba.org; support@securecomputing.com Cc: Fredy Hernandez; Scott Anderson Subject: [squid-users] IE improperly prompts for crede...

...estion - why do I need an auth_param for both ntlm and basic authentication? What's the difference? Lots of documentation all over the place says I need both and in this order but I haven't found anything that says why. Could this be a key to my problem? Thanks - Greg Scott GregScott@InfraSupportEtc.com Here are the build notes - remember, this is a snapshot in time, useful right now for debugging. Below is a work in progress. For Squid authentication with an Active Directory domain, we need Samba, set up with Kerberos. Redhat Linux 9.0 ships with Kerberos version 5, revision 1.2.7-1...

...p getting this error when trying to join my Linux box to the Win2003 Active Directory domain: [root@infra-fw etc]# net ads join -S 10.10.10.100 -U administrator administrator's password: [2005/04/01 21:24:41, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password administrator@INFRASUPPORTETC.COM failed: KRB5 error code 52 [2005/04/01 21:24:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: KRB5 error code 52 Google pointed me to some advice here: http://lists.samba.org/archive/samba/2004-July/090137.html And this quote from John Terpstra: > Only MIT Kerberos 1.3.1 or later wil...

...thinks I''m a total idiot. Oh - yes, I did turn on IP routing: echo "1" > /proc/sys/net/ipv4/ip_forward Is there something else I should be turning on? Why won''t this box route ICMP Echo Reply packets?? thanks - Greg Scott cell phone 651-260-1051 Greg Scott@InfraSupportEtc.com

Dear All Why NAT rules stays valid even if I flush nat anf table chains?? I have: iptables -P FORWARD DROP iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s SOME_IP -d SOME_BCP_5_IP --dport 1234 -j ACCEPT iptables -i nat -A PREROUTING -s SOME_IP -d MY_INTERNET_IP \\ --dport 1234 -j DNAT --to-destination SOME_BCP_5_IP The conection is

...themselves by ARPing to see if anyone else answers at that address. Is there a way to limit proxy ARP to a list of IP Addresses? Or - should I forget proxy ARP and look at bridging instead? Can I do bridging and still access the bridged interfaces remotely? Thanks - Greg Scott GregScott@InfraSupportEtc.com

Hello Routing Gurus ;-) I''d like to know if it''s possible to make a routing decision for pakets originating from a specific port of the local machine without using ipfilter/iptables to mark the pakets. I read about the tc filter stuff but that seems only to be able to sort the pakets to a different queue on the same interface and not choose a different interface for example. Is

Hello everyone, I have a problem regarding gre tunneling, I have two linux box both of them has a private network and the linux A is connected to the internet via wireless radio and the other linux B is connected to the internet via lease line. Here is the setup of my two linux box Linux A eth0 = 203.189.x.1 (internet) eth1 = 192.168.1.1 (going to hub private network) Linux B eth0 = 205.198.x.1

I hope this isn''t too far off topic. I did a little bit of pricing homework a few months ago on new T1 cards. The idea was to build a Linux based router/firewall. After all, Ethernet NICs are easily available for less than $10 today. But all the T1 cards I found cost a fortune. And about a year ago, I learned the list price for a complete Adtran Netvanta 3200 router with T1 card is

Here''s one that makes me scratch my head. I have a layout like this: 172.16.0.0/16 1.2.3.48/28 172.16.n.n (fictional public IP range) internal hosts | <----+-----+----------+ +----------+------>to the Internet | | | | Internal | | | Host Firewall

Now that your VPN is working, you really have two LANs separated by routers. So the issues with browse lists etc. are the same as in any other WAN situation and really not related to Linx Advanced Routing. (But who am I to make that call - I''m just a skinny bald guy from Minnesota!) NetBIOS broadcast name resolution does you no good, so you''ll either need a WINS server or local

Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal LAN, but at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy ARP this

What about some sort of DNAT redirection with iptables? - Greg -----Original Message----- From: Tobias [mailto:medlor@web.de] Sent: Friday, April 19, 2002 8:18 AM To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Routing based on source port - Solution ? Hello bert I have the same problem and tried all possibities i know. "ip rule" in fact doesnt route based on port because IP

Does anyone know what this means and how to fix it? I know it looks like a file named lockhelp.h is missing. What can I do to fix it? I tried to put in some POM patches from patch-o-matic-ng-20060624. Could this have been my problem? . . . CC [M] net/ipv4/ipvs/ip_vs_nq.o CC [M] net/ipv4/ipvs/ip_vs_ftp.o scripts/Makefile.build:52: kbuild: net/ipv4/netfilter/Makefile - Usage of

I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11

Hi - Still plugging away at my Linux bridge/firewall and thinking through the consequences. In a normal firewall situation, the Internet is on one side, the internal LAN on the other. Duh! But now, with a Linux bridge in the middle, the whole thing becomes one big messy LAN. So we have a scenario that looks like this: Internal---User---Core-----Firewall---Internet---Internet router Servers

Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal