From shijialist@yahoo.ca Wed May 11 13:31:48 2005 Received: from web42107.mail.yahoo.com (web42107.mail.yahoo.com [66.218.93.200]) by underdog.stansell.org (8.13.4/8.13.4) with SMTP id j4BKVg86014216 for ; Wed, 11 May 2005 13:31:47 -0700 (PDT) Received: (qmail 6956 invoked by uid 60001); 11 May 2005 20:31:41 -0000 Message-ID: <20050511203141.6954.qmail@web42107.mail.yahoo.com> Received: from [130.63.237.207] by web42107.mail.yahoo.com via HTTP; Wed, 11 May 2005 16:31:41 EDT Date: Wed, 11 May 2005 16:31:41 -0400 (EDT) From: "James.Q.L" To: users@conserver.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Subject: new to console server / client X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 20:31:49 -0000 hi, I don't have much knowledge of console server. and i have a very basic question to ask. my understanding of setting up console server is: install conserver on all machines i want to connect to use the console setup the access control. start the daemon. now this is a console server. i can add other console server hostnames to the cnf file on one of console server so that this will behave as console master and be able to direct connection from client to the right console server. then on any machine, install conserver package and use the console client to connect to console master. am i getting it right? It would be nice to have a setup example for this in the document. thanks, James. ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From Zonker.Harris@bigbandnet.com Wed May 11 13:54:44 2005 Received: from inc-svc-01.inc.bigbandnet.com ([12.162.23.196]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4BKsbKH014393 for ; Wed, 11 May 2005 13:54:42 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Wed, 11 May 2005 13:56:04 -0700 Message-ID: <2C84084C165E7B409F9294D2B2DECC8701D83CA1@inc-svc-01.inc.bigbandnet.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: new to console server / client Thread-Index: AcVWaXamM8rK/8w+S9SVMo8Fz7S1ZQAAYG3w From: "Zonker Harris" To: "James.Q.L" , X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id j4BKsbKH014393 Cc: Subject: RE: new to console server / client X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 20:54:45 -0000 Umm...I think you missed the target... You normally install Conserver on one host, tell it about all of the serial ports that you'd like to talk to (via the network to terminal/console server ports, or using in-machine multiport serial interfaces, etc.) You still need to set up a GETTY, configure the boot-loader, and maybe even configure the BIOS to redirect output to the serial port (on each machine)...and then connect those console ports to the terminal/console servers mentioned above. Then, when you invoke the Conserver, it will create the connections to monitor and log all of the machines (keeping those logs on the Conserver host). You can then use the client to allow users/admins to connect with these logging sessions, so that the admins can interact with the machines. If you go to my Training and Info web page, you can find a tutorial from a couple versions back, but this should still give you a good idea of how these concepts all play together. :-) http://www.conserver.com/consoles/Training/published.html Regards, -Z- -----Original Message----- From: users-bounces@conserver.com [mailto:users-bounces@conserver.com]On Behalf Of James.Q.L Sent: Wednesday, May 11, 2005 1:32 PM To: users@conserver.com Subject: new to console server / client hi, I don't have much knowledge of console server. and i have a very basic question to ask. my understanding of setting up console server is: install conserver on all machines i want to connect to use the console setup the access control. start the daemon. now this is a console server. i can add other console server hostnames to the cnf file on one of console server so that this will behave as console master and be able to direct connection from client to the right console server. then on any machine, install conserver package and use the console client to connect to console master. am i getting it right? It would be nice to have a setup example for this in the document. thanks, James. __________________________ From Zonker.Harris@bigbandnet.com Wed May 25 08:55:32 2005 Received: from inc-svc-01.inc.bigbandnet.com ([12.162.23.196]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4PFtNPG010551; Wed, 25 May 2005 08:55:29 -0700 (PDT) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Wed, 25 May 2005 08:56:59 -0700 Message-ID: <2C84084C165E7B409F9294D2B2DECC8701D83CF7@inc-svc-01.inc.bigbandnet.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: thread-topic: new to console server / client thread-index: AcVhOipn8ezRTw+RQEyfb3sH6vLb8gAA4weA From: "Zonker Harris" To: "James.Q.L" X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id j4PFtNPG010551 Cc: users@conserver.com, consoles@conserver.com Subject: RE: new to console server / client (ASM, Yech!) X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2005 15:55:33 -0000 First off; An ASM!! Oh My GOD! :-P (I declared the End Of Life on that during my days at Cisco, in the early 90's! Lots of warts on that unit! Save your pennies, and look for something better, ASAP! :-| OK, now, let me clarify; 1) Which part of Canada are you from? ;-) 2) PolyCentre is making the reverse-TCP connections to the ASM, and the ASM is making the physical serial connection with the RJ-11 jacks to your hosts, yes? 3) You (or your users) then connect to the Poly Centre in order to communicate with the consoles (through the ASM), have I got that right so far? If so, then Conserver would essentially replace the Poly Centre function, the reverse-TCP sessions would be up all the time (and logging anything coming into the serial ports on the ASM). The ASM should be replaced in this function, since the unit has a SEVERE problem passing LOTS of data at once. While capable (even in the mid-90's) of being a 112-port terminal server, it's top port speed was 38.4 Kbps, but the bigger issues were in Hardware Flow Control, and 'busy' ports... With the 6-wire interface used in the RJ-11, the Cisco needed one lead for ground, and so the decision was made to eliminate the ability for the ASM to tell the attached device to hold it's data. (They determined that they could process data coming into the ASM as fast as a user could type, so they didn't need to be able to say "Whoa!"...) They *did*, however, keep the hardware handshake lead, so they could tell when an attached modem was on-line. As for port speed, if you have 8 ports, configured for 9.6 Kbps, all getting data in at 'full-rate', your ASM is maxed out...if a 9th port starts getting some characters, everything slows down, buffers start to fill, memory leaks, data is lost, and (eventually) the unit will crash and reboot. If the ports are configured for 19.2 Kbps, you only get 4 active sessions at once, and if you run at 38.8, you only get two at a time. Trust me. :-) I don't recall if the unit sent Serial BREAK. It was early in Sun's life, and I wasn't paying attention to that when I did the other testing. My guess is, that it DOES send break, too. Bet to replace the ASM with something Sun Safe. (See my BREAK testing pages for more info. http://www.conserver.com/consoles/BREAK-off/breakoff.html You can use ACLs on Cisco gear (and there are similar access controls on most Console Servers these days), so that the Conserver host, and perhaps a few other trusted hosts, would be the only addresses allowed to connect to the Console Server(s). The "portbase" argument is which TCP port Conserver will start using when it's counting the serial 'ports' on each type of console server... In the Cisco world, the serial ports are usually found at TCP port 2000 + n, where 'n' is the number of the async line. (i.e., line #7 is at TCP 2007) In the Cyclades world, the calculation is 7000 + n... So, for Cisco units, the 'portbase' is typically going to be 2000, and for Cyclades, 'portbase' would typically be 7000. (In many cases, you *CAN* change that base port number on the Console Server as well, in case you want to hide your ports some non-standard number...if you change it on the console servers, you would also need to change the portbase number in the Conserver config as well.) From my main page (www.conserver.com/consoles/), look in the Useful URLs section, and check out the Linux Documentation Project links...Sections 4-6 are very useful for configuring the BIOS, Boot Loader, and GETTY configs for various machines, and may be of help with your Debian PC. :-) Regards, -Z- From phil@metallica.usc.edu Thu May 26 13:56:14 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QKu6ZY017030 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 26 May 2005 13:56:12 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4QKu6Kt012957 for ; Thu, 26 May 2005 13:56:06 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4QKu6Me012956 for users@conserver.com; Thu, 26 May 2005 13:56:06 -0700 Date: Thu, 26 May 2005 13:56:06 -0700 From: Phil Dibowitz To: users@conserver.com Message-ID: <20050526205606.GN28855@usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fuupRe8VtZcxByP+" Content-Disposition: inline User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Subject: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 20:56:14 -0000 --fuupRe8VtZcxByP+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bryan, and everyone else, Back on 8.1.6, you wrote me a patch to get conserver to look at _all_ groups of a user, not just primary groups. I'm now on 8.1.10 and that doesn't seem to work anymore.... any idea why? --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --fuupRe8VtZcxByP+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCljfm7lkZ1Iyv898RAt20AKCFL77IiwFVg4sZ5+47An/T/pPsrACeOReo 83r/Hy2hoXebtZ1sKPKxs+k= =IDSS -----END PGP SIGNATURE----- --fuupRe8VtZcxByP+-- From bryan@stansell.org Thu May 26 14:54:44 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QLsiB7017936 for ; Thu, 26 May 2005 14:54:44 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.4/8.13.4/Submit) id j4QLsiq3017935 for users@conserver.com; Thu, 26 May 2005 14:54:44 -0700 (PDT) Date: Thu, 26 May 2005 14:54:44 -0700 From: Bryan Stansell To: users@conserver.com Message-ID: <20050526215444.GC4552@underdog.stansell.org> References: <20050526205606.GN28855@usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050526205606.GN28855@usc.edu> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 21:54:45 -0000 hmm...well, i just tried various setups where the group name had to add folks based on their primary group (/etc/passwd) and/or the secondary groups (/etc/group). this was with 8.1.10 as well as 8.1.11. a couple things. first, did you build the new version using the same flags as the old? (in case there's *something* that might have changed) is there any other type of change the might have occurred? if that doesn't shed any light, we'll have to get a lot of details on how it's failing. there isn't really any debug statements in that chunk of code, unfortunately. tracing the code (strace/truss/whatever) might be necessary, to make sure it's calling getgrnam(), etc. bottom line...this *should* be working. i suppose the other possibility is that the config file is begin parsed differently. a 'conserver -S -D' (and any other appropriate args) would be useful for that (to see how the access lists were built). Bryan On Thu, May 26, 2005 at 01:56:06PM -0700, Phil Dibowitz wrote: > Back on 8.1.6, you wrote me a patch to get conserver to look at _all_ groups > of a user, not just primary groups. > > I'm now on 8.1.10 and that doesn't seem to work anymore.... > > any idea why? From michael_doyle@blueyonder.co.uk Thu May 26 15:05:27 2005 Received: from smtp-out4.blueyonder.co.uk (smtp-out4.blueyonder.co.uk [195.188.213.7]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QM5I8W018024 for ; Thu, 26 May 2005 15:05:26 -0700 (PDT) Received: from HOME2 ([82.45.254.55]) by smtp-out4.blueyonder.co.uk with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 May 2005 23:05:55 +0100 From: "Michael Doyle" To: Date: Thu, 26 May 2005 23:00:35 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_01C56246.BA250BF0" X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcViPlgngOIH0kwbS+qT3v9E9T/lMg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Message-ID: X-OriginalArrivalTime: 26 May 2005 22:05:55.0704 (UTC) FILETIME=[16ED4F80:01C5623F] X-Spam-Score: 0.489 () BAYES_20,HTML_60_70,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.39 Subject: (no subject) X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 22:05:28 -0000 This is a multi-part message in MIME format... ------=_NextPart_000_0000_01C56246.BA250BF0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Folks, Can anyone give me an example of using conserver with generated ssl cert's (i.e. -c file) for both the server and client. I've compiled conserver with openssl support and a tcpdump confirms that traffic is encrypted between server and client but when I start the daemon with a ' -c' pointing to a self signed certificate file I created, the client happily connects to consoles even though I've not specified the equivalent on the client side. My understanding is that if I use a cert then the server and client need to be using the same. Any pointers appreciated. Regards, Michael PS. As ever, congrats to all who contribute to Conserver, excellent product. ------=_NextPart_000_0000_01C56246.BA250BF0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Folks,

 

Can anyone give me an example of using conserver = with generated ssl cert’s (i.e. –c file) for both the server and client. I’ve compiled conserver with openssl support and a tcpdump confirms that traffic is encrypted between server and client but when I start the daemon with a ‘ –c’ pointing = to a self signed certificate  file I created, the  client happily conn= ects to consoles even though I’ve not specified the equivalent on the clie= nt side. My understanding is that if I use a cert then the server and client n= eed to be using the same. Any pointers appreciated.<= /font>

 

Regards,

 

Michael

 

PS. As ever, congrats to all who contribute to Conserver, excellent product.

 

 ------=_NextPart_000_0000_01C56246.BA250BF0-- From phil@metallica.usc.edu Thu May 26 15:09:27 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QM9HlI018061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2005 15:09:25 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4QM9H95013189; Thu, 26 May 2005 15:09:17 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4QM9H6F013188; Thu, 26 May 2005 15:09:17 -0700 Date: Thu, 26 May 2005 15:09:17 -0700 From: Phil Dibowitz To: Bryan Stansell Message-ID: <20050526220917.GS28855@usc.edu> References: <20050526205606.GN28855@usc.edu> <20050526215444.GC4552@underdog.stansell.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="heoTJc82k4ywA6Ae" Content-Disposition: inline In-Reply-To: <20050526215444.GC4552@underdog.stansell.org> User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 22:09:28 -0000 --heoTJc82k4ywA6Ae Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 26, 2005 at 02:54:44PM -0700, Bryan Stansell wrote: > hmm...well, i just tried various setups where the group name had to add > folks based on their primary group (/etc/passwd) and/or the secondary > groups (/etc/group). this was with 8.1.10 as well as 8.1.11. Unfortunately, the old version isn't working either, and I *know* it used to work... So I'm looking at system stuff now. "id -a user" shows the right group.... not sure what's going on. I'm continuing to look... --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --heoTJc82k4ywA6Ae Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFClkkN7lkZ1Iyv898RAk8VAKDQUP9QOBJW7ixpUUdbYVX5eZaeOQCePVav vU8E82At7wClhTGb36jyQ3o= =UXNf -----END PGP SIGNATURE----- --heoTJc82k4ywA6Ae-- From phil@metallica.usc.edu Thu May 26 15:21:35 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QMLSX7018158 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2005 15:21:33 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4QMLSwo013239; Thu, 26 May 2005 15:21:28 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4QMLOTY013238; Thu, 26 May 2005 15:21:24 -0700 Date: Thu, 26 May 2005 15:21:24 -0700 From: Phil Dibowitz To: Bryan Stansell Message-ID: <20050526222124.GU28855@usc.edu> References: <20050526205606.GN28855@usc.edu> <20050526215444.GC4552@underdog.stansell.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QBhX6y1zG8m1xQgK" Content-Disposition: inline In-Reply-To: <20050526215444.GC4552@underdog.stansell.org> User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 22:21:37 -0000 --QBhX6y1zG8m1xQgK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 26, 2005 at 02:54:44PM -0700, Bryan Stansell wrote: > hmm...well, i just tried various setups where the group name had to add > folks based on their primary group (/etc/passwd) and/or the secondary > groups (/etc/group). this was with 8.1.10 as well as 8.1.11. >=20 > a couple things. first, did you build the new version using the same > flags as the old? (in case there's *something* that might have changed) > is there any other type of change the might have occurred? >=20 > if that doesn't shed any light, we'll have to get a lot of details on > how it's failing. there isn't really any debug statements in that chunk > of code, unfortunately. tracing the code (strace/truss/whatever) might > be necessary, to make sure it's calling getgrnam(), etc. FYI, I truss'd it: [root@scc2 conserver]# grep getgrnam /tmp/concserver.out=20 [root@scc2 conserver]#=20 Bryan - should I send you the truss output? --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --QBhX6y1zG8m1xQgK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFClkvk7lkZ1Iyv898RAoASAKCVLQBY9Cdr87itQ9Ev+Irqdn/X7ACfUWgP TrxUj92HYB1a3CpKz6EtfS0= =i2lA -----END PGP SIGNATURE----- --QBhX6y1zG8m1xQgK-- From william.charles@db.com Thu May 26 15:36:05 2005 Received: from loninmrp6.uk.db.com (smtp3.uk.deuba.com [160.83.52.98]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QMZo6p018336 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL); Thu, 26 May 2005 15:36:01 -0700 (PDT) Received: from sdbo1011.db.com by loninmrp6.uk.db.com id j4QMZfpV028625; Thu, 26 May 2005 23:35:43 +0100 In-Reply-To: <20050526222124.GU28855@usc.edu> To: "phil" X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 Message-ID: From: "William Charles" Date: Fri, 27 May 2005 08:35:39 +1000 X-MIMETrack: Serialize by Router on sdbo1011/DBAustralia/DeuBaInt/DeuBa(5013aHF19 | July 26, 2004) at 27/05/2005 08:35:43 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com, bryan@conserver.com Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 22:36:05 -0000 Phil, you're on Solaris right? Here's a shot in the dark -- have you bounced the 'nscd' daemon? It's the first place that I start when any name-service looks to be playing up... Also, isn't 'getgrnam' a C library call? It won't show in a truss output... Will. William Charles ______________________________________________________________ Global UNIX Engineering, Asia/Pacific [/] Deutsche Bank Sydney +61 2 9258 1916 phil@usc.edu Sent by: users-bounces@conserver.com To bryan@conserver.com 27/05/2005 08:21 AM cc users@conserver.com Subject Re: Group problems ... again? On Thu, May 26, 2005 at 02:54:44PM -0700, Bryan Stansell wrote: > hmm...well, i just tried various setups where the group name had to add > folks based on their primary group (/etc/passwd) and/or the secondary > groups (/etc/group). this was with 8.1.10 as well as 8.1.11. > > a couple things. first, did you build the new version using the same > flags as the old? (in case there's *something* that might have changed) > is there any other type of change the might have occurred? > > if that doesn't shed any light, we'll have to get a lot of details on > how it's failing. there isn't really any debug statements in that chunk > of code, unfortunately. tracing the code (strace/truss/whatever) might > be necessary, to make sure it's calling getgrnam(), etc. FYI, I truss'd it: [root@scc2 conserver]# grep getgrnam /tmp/concserver.out [root@scc2 conserver]# Bryan - should I send you the truss output? -- Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 [attachment "att4tuvn.dat" deleted by William Charles/Sydney/DBAustralia/DeuBa] _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. From phil@metallica.usc.edu Thu May 26 15:50:33 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QMoQV9018568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2005 15:50:32 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4QMoQkf013369; Thu, 26 May 2005 15:50:26 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4QMoLGv013368; Thu, 26 May 2005 15:50:21 -0700 Date: Thu, 26 May 2005 15:50:21 -0700 From: Phil Dibowitz To: William Charles Message-ID: <20050526225021.GW28855@usc.edu> References: <20050526222124.GU28855@usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ATkLWOlunnpNa2Ol" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com, bryan@conserver.com Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 22:50:34 -0000 --ATkLWOlunnpNa2Ol Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 27, 2005 at 08:35:39AM +1000, William Charles wrote: >=20 > Phil, you're on Solaris right? Here's a shot in the dark -- have you boun= ced the 'nscd' daemon? It's the first place that I start when any name-serv= ice looks to be playing up... Also, isn't 'getgrnam' a C library call? It w= on't show in a truss output... I am, and I stopped nscd as soon as I started having issues.... and yes, getgrnam is in fact a C call... doh! --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --ATkLWOlunnpNa2Ol Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCllKt7lkZ1Iyv898RAoxxAJsFAKe+fketOCbLjMWJoIiOe2UangCfYesp ZUwXoN2jbLr7mzHEsuf+Rrs= =SdpB -----END PGP SIGNATURE----- --ATkLWOlunnpNa2Ol-- From phil@metallica.usc.edu Thu May 26 16:40:45 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4QNecm5018973 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2005 16:40:43 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4QNeb3L013564; Thu, 26 May 2005 16:40:37 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4QNeXA7013563; Thu, 26 May 2005 16:40:33 -0700 Date: Thu, 26 May 2005 16:40:33 -0700 From: Phil Dibowitz To: Bryan Stansell Message-ID: <20050526234033.GD28855@usc.edu> References: <20050526205606.GN28855@usc.edu> <20050526215444.GC4552@underdog.stansell.org> <20050526222124.GU28855@usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jvph41kB0kTBQUgq" Content-Disposition: inline In-Reply-To: <20050526222124.GU28855@usc.edu> User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com Subject: Re: Group problems ... again? X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 23:40:47 -0000 --jvph41kB0kTBQUgq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Gah! I think I got it. Someone added a local entry for that group in /etc/group overriding the NIS group!!! Once I saw that the old .6 worked, I figured it couldn't be a conserver iss= ue. --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --jvph41kB0kTBQUgq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCll5x7lkZ1Iyv898RAnZDAKCOL5mJJt+G6FS57zuYaLpZvtF5pACgmA/4 fEzpQax4emuZ/3lanrH00bs= =Lk3k -----END PGP SIGNATURE----- --jvph41kB0kTBQUgq-- From bryan@stansell.org Thu May 26 18:14:22 2005 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4R1EMvo019386 for ; Thu, 26 May 2005 18:14:22 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.13.4/8.13.4/Submit) id j4R1EMHR019385 for users@conserver.com; Thu, 26 May 2005 18:14:22 -0700 (PDT) Date: Thu, 26 May 2005 18:14:22 -0700 From: Bryan Stansell To: users@conserver.com Message-ID: <20050527011422.GD4552@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.39 Subject: SSL and conserver X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2005 01:14:23 -0000 On Thu, May 26, 2005 at 11:00:35PM +0100, Michael Doyle wrote: > Can anyone give me an example of using conserver with generated ssl cert's > (i.e. -c file) for both the server and client. I've compiled conserver with well, i was going to try and give a good, useful answer. but, it all fell apart once i started trying things out. it looks like the cert bits are broken. i'm not sure *why* it's broken, however. i dunno if certs just aren't being properly presented or if the validation bits aren't set up right or what. *something* has changed. either in conserver (which surprises me...i didn't think i touched any openssl code in, well, a long time) or something wasn't coded appropriately to the api (and it just happened to work) or they changed something (which would also surprise me). so, it's kinda back to the basics for me and the ssl code. :-( (unless someone can tell where it's all going wrong) Bryan From phil@metallica.usc.edu Thu May 26 19:08:48 2005 Received: from metallica.usc.edu (metallica.usc.edu [128.125.10.57]) by underdog.stansell.org (8.13.4/8.13.4) with ESMTP id j4R28eh4019623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 May 2005 19:08:45 -0700 (PDT) Received: from metallica.usc.edu (localhost.localdomain [127.0.0.1]) by metallica.usc.edu (8.12.11/8.12.11) with ESMTP id j4R28d5j013851; Thu, 26 May 2005 19:08:39 -0700 Received: (from phil@localhost) by metallica.usc.edu (8.12.11/8.12.11/Submit) id j4R28ZwM013850; Thu, 26 May 2005 19:08:35 -0700 Date: Thu, 26 May 2005 19:08:35 -0700 From: Phil Dibowitz To: Bryan Stansell Message-ID: <20050527020835.GI28855@usc.edu> References: <20050527011422.GD4552@underdog.stansell.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Ykbx1i+Ci7F6Y+O+" Content-Disposition: inline In-Reply-To: <20050527011422.GD4552@underdog.stansell.org> User-Agent: Mutt/1.5.4i X-Spam-Score: -4.901 () BAYES_00 X-Scanned-By: MIMEDefang 2.39 Cc: users@conserver.com Subject: Re: SSL and conserver X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2005 02:08:49 -0000 --Ykbx1i+Ci7F6Y+O+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 26, 2005 at 06:14:22PM -0700, Bryan Stansell wrote: > On Thu, May 26, 2005 at 11:00:35PM +0100, Michael Doyle wrote: > > Can anyone give me an example of using conserver with generated ssl cer= t's > > (i.e. -c file) for both the server and client. I've compiled conserver = with >=20 > well, i was going to try and give a good, useful answer. but, it all > fell apart once i started trying things out. >=20 > it looks like the cert bits are broken. i'm not sure *why* it's broken, > however. i dunno if certs just aren't being properly presented or if > the validation bits aren't set up right or what. *something* has > changed. either in conserver (which surprises me...i didn't think i > touched any openssl code in, well, a long time) or something wasn't > coded appropriately to the api (and it just happened to work) or they > changed something (which would also surprise me). >=20 > so, it's kinda back to the basics for me and the ssl code. :-( >=20 > (unless someone can tell where it's all going wrong) Um. I didn't generate certs - I wasn't looking for authentication (I'm gett= ing that from username/passwd), just encryption... and I enable and in fact for= ce SSL and it works great. --=20 Phil Dibowitz Systems Architect and Administrator Enterprise Infrastructure / ISD / USC UCC 174 - 213-821-5427 --Ykbx1i+Ci7F6Y+O+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCloEj7lkZ1Iyv898RAm8uAJ9DCspJShXEaYmBeL7C2hEebPs67ACZAQDb tAyGTPSox8+DAKDy1fJgLhI= =Dhnn -----END PGP SIGNATURE----- --Ykbx1i+Ci7F6Y+O+--