From ppacheco@genesyslab.com Mon Jan 14 14:22:09 2008 Received: from g2.genesyslab.com (g2.genesyslab.com [198.49.180.210]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0EMLQNl028931 for ; Mon, 14 Jan 2008 14:21:32 -0800 (PST) Received: from SARUMAN.us.int.genesyslab.com ([192.168.20.90]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jan 2008 14:21:17 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C856FB.C82F9ACB" Subject: only root can use console command? Date: Mon, 14 Jan 2008 14:21:16 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: only root can use console command? Thread-Index: AchW+8fRQ99N9VPtSai0HL/ixkTzUA== From: "Phillip Pacheco" To: X-OriginalArrivalTime: 14 Jan 2008 22:21:17.0439 (UTC) FILETIME=[C82028F0:01C856FB] X-Spam-Score: -2.311 () BAYES_00,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 22:22:10 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C856FB.C82F9ACB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Conserver, =20 I am missing something simple here, I think. I have setup 3 console servers, and they each work fine, if the user is root. If I attempt to access the console of a system as a user I get the following: =20 > console boromir console: connect(): 782@console: Connection refused =20 I have this in my conserver.cf file: =20 default * { logfile /logs/console/&; timestamp 30ma; rw *; } =20 I thought that setting the 'rw *' in the default config line would allow any user to connect. What am I doing wrong? Why can't normal user accounts access the console command? =20 Console -V output below. =20 Thanks, =20 Phil =20 =20 console: conserver.com version 8.1.11 console: default initial master server `console' console: default port referenced as `782' console: default escape sequence `^Ec' console: default site-wide configuration in `/opt/csw/etc/console.cf' console: default per-user configuration in `$HOME/.consolerc' console: options: libwrap, openssl, pam console: openssl version: OpenSSL 0.9.7d 17 Mar 2004 console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --with-pam --with-openssl= --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver' =20 =20 =09 -------------------------------------------------------------------------= ------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain co= nfidential and proprietary information of Alcatel-Lucent and/or its affil= iated entities. Access by the intended recipient only is authorized. Any = liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not= the intended recipient, please notify the sender immediately, destroy th= e original transmission and its attachments and do not disclose the conte= nts to any other person, use it for any purpose, or store or copy the inf= ormation in any medium. Copyright in this e-mail and any attachments belo= ngs to Alcatel-Lucent and/or its affiliated entities. =09 ------_=_NextPart_001_01C856FB.C82F9ACB Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Conserver,

 

I am missing something simple here, I think.  I h= ave setup 3 console servers, and they each work fine, if the user is root.&nb= sp; If I attempt to access the console of a system as a user I get the following= :

 

> console boromir

console: connect(): 782@console: Conn= ection refused

 

I have this in my conserver.cf file:=

 

default *       { logfile /logs/console/&; time= stamp 30ma; rw *; }

 

I thought that setting the ‘rw *’ in the d= efault config line would allow any user to connect.  What am I doing wrong?=   Why can’t normal user accounts access the console command?

 

Console –V output below.

 

Thanks,

 

Phil

 

 

console: conserver.com version 8.1.11=

console: default initial master serve= r `console'

console: default port referenced as `= 782'

console: default escape sequence `^Ec= '

console: default site-wide configurat= ion in `/opt/csw/etc/console.cf'

console: default per-user configurati= on in `$HOME/.consolerc'

console: options: libwrap, openssl, p= am

console: openssl version: OpenSSL 0.9= =2E7d 17 Mar 2004

console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --wit= h-pam --with-openssl --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver= '

 

 



CONFIDENTIALITY NOTICE: This e-mail and any files a= ttached may contain confidential and proprietary information of Alcatel-L= ucent and/or its affiliated entities. Access by the intended recipient on= ly is authorized. Any liability arising from any party acting, or refrain= ing from acting, on any information contained in this e-mail is hereby ex= cluded. If you are not the intended recipient, please notify the sender i= mmediately, destroy the original transmission and its attachments and do = not disclose the contents to any other person, use it for any purpose, or= store or copy the information in any medium. Copyright in this e-mail an= d any attachments belongs to Alcatel-Lucent and/or its affiliated entitie= s. ------_=_NextPart_001_01C856FB.C82F9ACB-- From david.k.harris@siemens.com Mon Jan 14 14:30:52 2008 Received: from usnwk224srv.usa.siemens.com (usnwksmtp04e.usa.siemens.com [12.46.135.35]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0EMTtg5029032 for ; Mon, 14 Jan 2008 14:30:01 -0800 (PST) Received: from usnwk203a.ww017.siemens.net ([155.45.111.48]) by usnwk224srv.usa.siemens.com with InterScan Messaging Security Suite; Mon, 14 Jan 2008 14:29:53 -0800 Received: from USNWK102MSX.ww017.siemens.net ([155.45.111.56]) by usnwk203a.ww017.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Mon, 14 Jan 2008 14:29:54 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C856FC.FBF69F36" Subject: RE: only root can use console command? Date: Mon, 14 Jan 2008 14:29:53 -0800 Message-ID: <2461A50AD2345646B1C4B3D7BA40B8E2039F2D19@USNWK102MSX.ww017.siemens.net> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: only root can use console command? Thread-Index: AchW+8fRQ99N9VPtSai0HL/ixkTzUAAAQrVQ From: "Harris, David (IT Solutions US)" To: "Phillip Pacheco" , X-OriginalArrivalTime: 14 Jan 2008 22:29:54.0402 (UTC) FILETIME=[FC427420:01C856FC] X-Spam-Score: -2.311 () BAYES_00,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 22:30:53 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C856FC.FBF69F36 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable What do you have in the conserver.passwd file? You *DO* have one, don't you? :-) =20 Most of my users are set to authenticate with their /etc/passwd file entry... =20 -Z- =20 David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Fax: 510 624-5508 mailto: david.k.harris@siemens.com =20 www.usa.siemens.com/it-solutions =20 =20 ________________________________ From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Phillip Pacheco Sent: Monday, January 14, 2008 2:21 PM To: users@conserver.com Subject: only root can use console command? =20 Conserver, =20 I am missing something simple here, I think. I have setup 3 console servers, and they each work fine, if the user is root. If I attempt to access the console of a system as a user I get the following: =20 > console boromir console: connect(): 782@console: Connection refused =20 I have this in my conserver.cf file: =20 default * { logfile /logs/console/&; timestamp 30ma; rw *; } =20 I thought that setting the 'rw *' in the default config line would allow any user to connect. What am I doing wrong? Why can't normal user accounts access the console command? =20 Console -V output below. =20 Thanks, =20 Phil =20 =20 console: conserver.com version 8.1.11 console: default initial master server `console' console: default port referenced as `782' console: default escape sequence `^Ec' console: default site-wide configuration in `/opt/csw/etc/console.cf' console: default per-user configuration in `$HOME/.consolerc' console: options: libwrap, openssl, pam console: openssl version: OpenSSL 0.9.7d 17 Mar 2004 console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --with-pam = --with-openssl --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver' =20 =20 =20 CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent and/or its affiliated entities. ------_=_NextPart_001_01C856FC.FBF69F36 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

   What do you have in = the conserver.passwd file?  You *DO* have one, don’t you?  J

 

  Most of my users are set to = authenticate with their /etc/passwd file entry…

 

      =    -Z-

 

David = 'Zonker' Harris
Silicon = Valley Service Delivery Center, Network Operations

Siemens IT Solutions and Services, Inc. 
Infrastructure Management Services
39600 Eureka = Drive
Newark, = CA  94560
Tel:    510 624-5524
Fax:    510 624-5508
mailto:
david.k.harris@siemens.com<= /font>
www.usa.siemens.com/it-solutions

 


From: = users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Phillip Pacheco
Sent: Monday, January 14, = 2008 2:21 PM
To: = users@conserver.com
Subject: only root can = use console command?

 

Conserver,

 

I am missing something simple here, I think.  I = have setup 3 console servers, and they each work fine, if the user is = root.  If I attempt to access the console of a system as a user I get the = following:

 

> console = boromir

console: connect(): 782@console: = Connection refused

 

I have this in my conserver.cf = file:

 

default *       { logfile /logs/console/&; = timestamp 30ma; rw *; }

 

I thought that setting the ‘rw *’ in the = default config line would allow any user to connect.  What am I doing = wrong?  Why can’t normal user accounts access the console = command?

 

Console –V output = below.

 

Thanks,

 

Phil

 

 

console: conserver.com version = 8.1.11

console: default initial master = server `console'

console: default port referenced as = `782'

console: default escape sequence = `^Ec'

console: default site-wide = configuration in `/opt/csw/etc/console.cf'

console: default per-user = configuration in `$HOME/.consolerc'

console: options: libwrap, openssl, = pam

console: openssl version: OpenSSL = 0.9.7d 17 Mar 2004

console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 = --with-pam --with-openssl --with-libwrap = --with-logfile=3D/opt/csw/var/log/conserver'=

 

 

 


CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is = authorized. Any liability arising from any party acting, or refraining from acting, on = any information contained in this e-mail is hereby excluded. If you are not = the intended recipient, please notify the sender immediately, destroy the = original transmission and its attachments and do not disclose the contents to any = other person, use it for any purpose, or store or copy the information in any = medium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent = and/or its affiliated entities.

------_=_NextPart_001_01C856FC.FBF69F36-- From ppacheco@genesyslab.com Tue Jan 15 14:03:55 2008 Received: from g2.genesyslab.com (g2.genesyslab.com [198.49.180.210]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0FM2ddf017079 for ; Tue, 15 Jan 2008 14:02:45 -0800 (PST) Received: from SARUMAN.us.int.genesyslab.com ([192.168.20.90]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 Jan 2008 14:02:39 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C857C2.57EBBD4F" Subject: RE: only root can use console command? Date: Tue, 15 Jan 2008 14:02:38 -0800 Message-ID: In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E2039F2D19@USNWK102MSX.ww017.siemens.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: only root can use console command? Thread-Index: AchW+8fRQ99N9VPtSai0HL/ixkTzUAAAQrVQADFJtvA= References: <2461A50AD2345646B1C4B3D7BA40B8E2039F2D19@USNWK102MSX.ww017.siemens.net> From: "Phillip Pacheco" To: "Harris, David (IT Solutions US)" , X-OriginalArrivalTime: 15 Jan 2008 22:02:39.0047 (UTC) FILETIME=[57ECD570:01C857C2] X-Spam-Score: -2.311 () BAYES_00,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 22:03:56 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C857C2.57EBBD4F Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 I don't have a conserver.passwd file. I don't want to force authenticati= on for users who already have access to the machine. This install is a r= eplacement for conserver version 7.x. It did not require authentication.= Currently the user 'root' does not require authentication. =20 Where do I define authentication anyway? =20 Phil =20 ________________________________ From: Harris, David (IT Solutions US) [mailto:david.k.harris@siemens.com]= =20 Sent: Monday, January 14, 2008 2:30 PM To: Phillip Pacheco; users@conserver.com Subject: RE: only root can use console command? =20 What do you have in the conserver.passwd file? You *DO* have one, don= 't you? :-) =20 Most of my users are set to authenticate with their /etc/passwd file en= try... =20 -Z- =20 David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Fax: 510 624-5508 mailto: david.k.harris@siemens.com =20= www.usa.siemens.com/it-solutions =20 =20 ________________________________ From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On= Behalf Of Phillip Pacheco Sent: Monday, January 14, 2008 2:21 PM To: users@conserver.com Subject: only root can use console command? =20 Conserver, =20 I am missing something simple here, I think. I have setup 3 console serv= ers, and they each work fine, if the user is root. If I attempt to acces= s the console of a system as a user I get the following: =20 > console boromir console: connect(): 782@console: Connection refused =20 I have this in my conserver.cf file: =20 default * { logfile /logs/console/&; timestamp 30ma; rw *; } =20 I thought that setting the 'rw *' in the default config line would allow = any user to connect. What am I doing wrong? Why can't normal user accou= nts access the console command? =20 Console -V output below. =20 Thanks, =20 Phil =20 =20 console: conserver.com version 8.1.11 console: default initial master server `console' console: default port referenced as `782' console: default escape sequence `^Ec' console: default site-wide configuration in `/opt/csw/etc/console.cf' console: default per-user configuration in `$HOME/.consolerc' console: options: libwrap, openssl, pam console: openssl version: OpenSSL 0.9.7d 17 Mar 2004 console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/= share/man --with-port=3D782 --with-pam --with-openssl --with-libwrap --wi= th-logfile=3D/opt/csw/var/log/conserver' =20 =20 =20 CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain co= nfidential and proprietary information of Alcatel-Lucent and/or its affil= iated entities. Access by the intended recipient only is authorized. Any = liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not= the intended recipient, please notify the sender immediately, destroy th= e original transmission and its attachments and do not disclose the conte= nts to any other person, use it for any purpose, or store or copy the inf= ormation in any medium. Copyright in this e-mail and any attachments belo= ngs to Alcatel-Lucent and/or its affiliated entities. =09 -------------------------------------------------------------------------= ------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain co= nfidential and proprietary information of Alcatel-Lucent and/or its affil= iated entities. Access by the intended recipient only is authorized. Any = liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not= the intended recipient, please notify the sender immediately, destroy th= e original transmission and its attachments and do not disclose the conte= nts to any other person, use it for any purpose, or store or copy the inf= ormation in any medium. Copyright in this e-mail and any attachments belo= ngs to Alcatel-Lucent and/or its affiliated entities. =09 ------_=_NextPart_001_01C857C2.57EBBD4F Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

 

I don’t have a conserver.passw= d file.=A0 I don’t want to force authentication for users who already= have access to the machine.=A0 This install is a replacement for conserver ver= sion 7.x.=A0 It did not require authentication.=A0 Currently the user ‘r= oot’ does not require authentication.

 

Where do I define authentication any= way?

 

Phil

 


From: Harris= , David (IT Solutions US) [mailto:david.k.harris@siemens.com]
Sent: Monday, January 14, = 2008 2:30 PM
To: Phillip Pacheco; users@conserver.com
Subject: RE: only root can= use console command?

 

   What do you have in the= conserver.passwd file?  You *DO<= /span>* have one, don’t you?  J

 

  Most of my users are set to authenticate with their /etc/passwd file entry…

 

      =    -Z-

 

David 'Z= onker' Harris
Silicon Valley Service Delivery<= /st1:PlaceName> Center, Network O= perations

Siemens IT Solutions and Services, Inc. 
Infrastructure Management Services
39600 Eureka Drive
Newark, CA  94560
Tel:    510 624-5524
Fax:    510 624-5508
mailto:
davi= d.k.harris@siemens.com
www.usa.si= emens.com/it-solutions

 


From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Phillip Pacheco
Sent: Monday, January 14, = 2008 2:21 PM
To: users@conserver.com Subject: only root can use= console command?

 

Conserver,

 

I am missing something simple here, I think.  I h= ave setup 3 console servers, and they each work fine, if the user is root.&nb= sp; If I attempt to access the console of a system as a user I get the following= :

 

> console boromir

console: connect(): 782@console: Conn= ection refused

 

I have this in my conserver.cf file:=

 

default *       { logfile /logs/console/&; time= stamp 30ma; rw *; }

 

I thought that setting the ‘rw *’ in the d= efault config line would allow any user to connect.  What am I doing wrong?=   Why can’t normal user accounts access the console command?

 

Console –V output below.

 

Thanks,

 

Phil

 

 

console: conserver.com version 8.1.11=

console: default initial master serve= r `console'

console: default port referenced as `= 782'

console: default escape sequence `^Ec= '

console: default site-wide configurat= ion in `/opt/csw/etc/console.cf'

console: default per-user configurati= on in `$HOME/.consolerc'

console: options: libwrap, openssl, p= am

console: openssl version: OpenSSL 0.9= =2E7d 17 Mar 2004

console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --wit= h-pam --with-openssl --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver= '

 

 

 


CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is authorized.= Any liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not t= he intended recipient, please notify the sender immediately, destroy the ori= ginal transmission and its attachments and do not disclose the contents to any = other person, use it for any purpose, or store or copy the information in any m= edium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent an= d/or its affiliated entities.



CONFIDENTIALITY NOTICE: This e-mail and any files a= ttached may contain confidential and proprietary information of Alcatel-L= ucent and/or its affiliated entities. Access by the intended recipient on= ly is authorized. Any liability arising from any party acting, or refrain= ing from acting, on any information contained in this e-mail is hereby ex= cluded. If you are not the intended recipient, please notify the sender i= mmediately, destroy the original transmission and its attachments and do = not disclose the contents to any other person, use it for any purpose, or= store or copy the information in any medium. Copyright in this e-mail an= d any attachments belongs to Alcatel-Lucent and/or its affiliated entitie= s. ------_=_NextPart_001_01C857C2.57EBBD4F-- From ppacheco@genesyslab.com Tue Jan 15 14:46:15 2008 Received: from g2.genesyslab.com (g2.genesyslab.com [198.49.180.210]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0FMipZa017547 for ; Tue, 15 Jan 2008 14:44:57 -0800 (PST) Received: from SARUMAN.us.int.genesyslab.com ([192.168.20.90]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 Jan 2008 14:44:51 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C857C8.3D36812D" Subject: RE: only root can use console command? (solved it) Date: Tue, 15 Jan 2008 14:44:51 -0800 Message-ID: In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E2039F2D19@USNWK102MSX.ww017.siemens.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: only root can use console command? (solved it) Thread-Index: AchW+8fRQ99N9VPtSai0HL/ixkTzUAAAQrVQADJMrpA= References: <2461A50AD2345646B1C4B3D7BA40B8E2039F2D19@USNWK102MSX.ww017.siemens.net> From: "Phillip Pacheco" To: "Harris, David (IT Solutions US)" , X-OriginalArrivalTime: 15 Jan 2008 22:44:51.0046 (UTC) FILETIME=[3D1D3860:01C857C8] X-Spam-Score: -2.311 () BAYES_00,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 22:46:16 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C857C8.3D36812D Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I just solved my own problem, and I thought to share it: =20 The problem was incorrect permissions on the config file console.cf. I have defined a master other then the default of 'console' in this config file. =20 =20 When user's attempted to use the console command, conserver was unable to read the config file 'console.cf', and instead tried to route the request to the default host called 'console'. We still have a host called console because it is part of the legacy version 7.x network. As you may know, version 8.x clients cannot communicate with version 7.x masters. I figured it out by manually defining the master using the 'console -M' command, which works. =20 =20 Thanks for your help and kudos to a great product! =20 Phillip Pacheco WIS-UNIX Genesys =20 =20 =20 ________________________________ From: Harris, David (IT Solutions US) [mailto:david.k.harris@siemens.com]=20 Sent: Monday, January 14, 2008 2:30 PM To: Phillip Pacheco; users@conserver.com Subject: RE: only root can use console command? =20 What do you have in the conserver.passwd file? You *DO* have one, don't you? :-) =20 Most of my users are set to authenticate with their /etc/passwd file entry... =20 -Z- =20 David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Fax: 510 624-5508 mailto: david.k.harris@siemens.com =20= www.usa.siemens.com/it-solutions =20 =20 ________________________________ From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Phillip Pacheco Sent: Monday, January 14, 2008 2:21 PM To: users@conserver.com Subject: only root can use console command? =20 Conserver, =20 I am missing something simple here, I think. I have setup 3 console servers, and they each work fine, if the user is root. If I attempt to access the console of a system as a user I get the following: =20 > console boromir console: connect(): 782@console: Connection refused =20 I have this in my conserver.cf file: =20 default * { logfile /logs/console/&; timestamp 30ma; rw *; } =20 I thought that setting the 'rw *' in the default config line would allow any user to connect. What am I doing wrong? Why can't normal user accounts access the console command? =20 Console -V output below. =20 Thanks, =20 Phil =20 =20 console: conserver.com version 8.1.11 console: default initial master server `console' console: default port referenced as `782' console: default escape sequence `^Ec' console: default site-wide configuration in `/opt/csw/etc/console.cf' console: default per-user configuration in `$HOME/.consolerc' console: options: libwrap, openssl, pam console: openssl version: OpenSSL 0.9.7d 17 Mar 2004 console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --with-pam --with-openssl= --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver' =20 =20 =20 CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent and/or its affiliated entities. =09 -------------------------------------------------------------------------= ------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain co= nfidential and proprietary information of Alcatel-Lucent and/or its affil= iated entities. Access by the intended recipient only is authorized. Any = liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not= the intended recipient, please notify the sender immediately, destroy th= e original transmission and its attachments and do not disclose the conte= nts to any other person, use it for any purpose, or store or copy the inf= ormation in any medium. Copyright in this e-mail and any attachments belo= ngs to Alcatel-Lucent and/or its affiliated entities. =09 ------_=_NextPart_001_01C857C8.3D36812D Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I just solved my own problem, and I thought to share it:

 

The problem was incorrect permission= s on the config file console.cf.  I have defined a master other then the default of ‘console’ in this config file. 

 

When user’s attempted to use t= he console command, conserver was unable to read the config file ‘cons= ole.cf’, and instead tried to route the request to the default host called ‘= console’.  We still have a host called console because it is part of the legacy vers= ion 7.x network.  As you may know, version 8.x clients cannot communicat= e with version 7.x masters.  I figured it out by manually defining the mast= er using the ‘console –M’ command, which works. 

 

Thanks for your help and kudos to a = great product!

 

Phillip Pacheco

WIS-UNIX

Genesys

=

 

 

 


From: Harris= , David (IT Solutions US) [mailto:david.k.harris@siemens.com]
Sent: Monday, January 14, = 2008 2:30 PM
To: Phillip Pacheco; users@conserver.com
Subject: RE: only root can= use console command?

 

   What do you have in the= conserver.passwd file?  You *DO<= /span>* have one, don’t you?  J

 

  Most of my users are set to authenticate with their /etc/passwd file entry…

 

      =    -Z-

 

David 'Z= onker' Harris
Silicon Valley Service Delivery<= /st1:PlaceName> Center, Network O= perations

Siemens IT Solutions and Services, Inc. 
Infrastructure Management Services
39600 Eureka Drive
Newark, CA  94560
Tel:    510 624-5524
Fax:    510 624-5508
mailto:
davi= d.k.harris@siemens.com
www.usa.si= emens.com/it-solutions

 


From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Phillip Pacheco
Sent: Monday, January 14, = 2008 2:21 PM
To: users@conserver.com Subject: only root can use= console command?

 

Conserver,

 

I am missing something simple here, I think.  I h= ave setup 3 console servers, and they each work fine, if the user is root.&nb= sp; If I attempt to access the console of a system as a user I get the following= :

 

> console boromir

console: connect(): 782@console: Conn= ection refused

 

I have this in my conserver.cf file:=

 

default *       { logfile /logs/console/&; time= stamp 30ma; rw *; }

 

I thought that setting the ‘rw *’ in the d= efault config line would allow any user to connect.  What am I doing wrong?=   Why can’t normal user accounts access the console command?

 

Console –V output below.

 

Thanks,

 

Phil

 

 

console: conserver.com version 8.1.11=

console: default initial master serve= r `console'

console: default port referenced as `= 782'

console: default escape sequence `^Ec= '

console: default site-wide configurat= ion in `/opt/csw/etc/console.cf'

console: default per-user configurati= on in `$HOME/.consolerc'

console: options: libwrap, openssl, p= am

console: openssl version: OpenSSL 0.9= =2E7d 17 Mar 2004

console: built with `./configure --prefix=3D/opt/csw --mandir=3D/opt/csw/share/man --with-port=3D782 --wit= h-pam --with-openssl --with-libwrap --with-logfile=3D/opt/csw/var/log/conserver= '

 

 

 


CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is authorized.= Any liability arising from any party acting, or refraining from acting, on an= y information contained in this e-mail is hereby excluded. If you are not t= he intended recipient, please notify the sender immediately, destroy the ori= ginal transmission and its attachments and do not disclose the contents to any = other person, use it for any purpose, or store or copy the information in any m= edium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent an= d/or its affiliated entities.



CONFIDENTIALITY NOTICE: This e-mail and any files a= ttached may contain confidential and proprietary information of Alcatel-L= ucent and/or its affiliated entities. Access by the intended recipient on= ly is authorized. Any liability arising from any party acting, or refrain= ing from acting, on any information contained in this e-mail is hereby ex= cluded. If you are not the intended recipient, please notify the sender i= mmediately, destroy the original transmission and its attachments and do = not disclose the contents to any other person, use it for any purpose, or= store or copy the information in any medium. Copyright in this e-mail an= d any attachments belongs to Alcatel-Lucent and/or its affiliated entitie= s. ------_=_NextPart_001_01C857C8.3D36812D-- From Chris.McKee@Sun.COM Wed Jan 16 14:14:17 2008 Received: from sca-es-mail-2.sun.com (sca-es-mail-2.Sun.COM [192.18.43.133]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0GMEBA3006409 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Wed, 16 Jan 2008 14:14:16 -0800 (PST) Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id m0GME9Ul028109 for ; Wed, 16 Jan 2008 14:14:09 -0800 (PST) Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0JUR00301CCR8J00@fe-sfbay-10.sun.com> (original mail from Chris.McKee@Sun.COM) for users@conserver.com; Wed, 16 Jan 2008 14:14:04 -0800 (PST) Received: from sr1-usan-06 ([129.153.85.36]) by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0JUR00C9ECF9GP00@fe-sfbay-10.sun.com> for users@conserver.com; Wed, 16 Jan 2008 14:13:57 -0800 (PST) Date: Wed, 16 Jan 2008 14:14:02 -0800 (PST) From: Christopher McKee Subject: Is conserver multi-threaded? Sender: Chris.McKee@Sun.COM X-X-Sender: cmckee@sr1-usan-06 To: users@conserver.com Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; format=flowed; charset=US-ASCII Content-transfer-encoding: 7BIT X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2008 22:14:19 -0000 Greeting conserver users, As the subject line states I'd like to know whether or not conserver is multi-threaded. From what I've seen I think it is single-threaded but would like a definitive statement to that effect. I have a few different types of machines that I could use to deploy it on and knowing the answer to my question would help me to choose wisely. Thanks in advance for any insights. -- Ciao Chris From nstraz@redhat.com Wed Jan 16 14:42:23 2008 Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0GMgGc8006695 for ; Wed, 16 Jan 2008 14:42:22 -0800 (PST) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m0GMgFce031027 for ; Wed, 16 Jan 2008 17:42:15 -0500 Received: from tin.rawstew (vpn-248-19.boston.redhat.com [10.13.248.19]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m0GMgECp004636 for ; Wed, 16 Jan 2008 17:42:15 -0500 Received: by tin.rawstew (Postfix, from userid 10119) id AB6211CBEB1; Wed, 16 Jan 2008 17:42:27 -0500 (EST) Date: Wed, 16 Jan 2008 17:42:27 -0500 To: users@conserver.com Subject: Re: Is conserver multi-threaded? Message-ID: <20080116224226.GA17965@redhat.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-13) From: nstraz@redhat.com (Nathan Straz) X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254 X-Spam-Score: -2.312 () BAYES_00 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2008 22:42:24 -0000 On Jan 16 14:14, Christopher McKee wrote: > As the subject line states I'd like to know whether > or not conserver is multi-threaded. From what I've > seen I think it is single-threaded but would like > a definitive statement to that effect. I have > a few different types of machines that I could > use to deploy it on and knowing the answer to my > question would help me to choose wisely. While conserver is single threaded, there is an option (compile time I think) which sets how many consoles are handled by each conserver process. So multiple CPUs are used by the fact that there are probably multiple processes handling all of the consoles. Still, I don't think handling console output is all that CPU intensive. Nate Straz From kschu@fnal.gov Thu Jan 17 14:53:14 2008 Received: from mailgw2.fnal.gov (mailgw2.fnal.gov [131.225.111.12]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0HMr6KV028031 for ; Thu, 17 Jan 2008 14:53:12 -0800 (PST) Received: from mailav2.fnal.gov (mailav2.fnal.gov [131.225.111.20]) by mailgw2.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with SMTP id <0JUT00NV28CM55@mailgw2.fnal.gov> for users@conserver.com; Thu, 17 Jan 2008 16:41:33 -0600 (CST) Received: from mailgw1.fnal.gov ([131.225.111.11]) by mailav2.fnal.gov (SAVSMTP 3.1.7.47) with SMTP id M2008011716413321184 for ; Thu, 17 Jan 2008 16:41:33 -0600 Received: from conversion-daemon.mailgw1.fnal.gov by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) id <0JUT00C018B3O3@mailgw1.fnal.gov> (original mail from kschu@fnal.gov) for users@conserver.com; Thu, 17 Jan 2008 16:41:33 -0600 (CST) Received: from [131.225.82.180] (CD-97653.dhcp.fnal.gov [131.225.82.180]) by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with ESMTPSA id <0JUT00IMK8D98E@mailgw1.fnal.gov> for users@conserver.com; Thu, 17 Jan 2008 16:41:33 -0600 (CST) Date: Thu, 17 Jan 2008 16:41:33 -0600 From: Ken Schumacher Subject: initial console connection requires authentication To: users@conserver.com Message-id: <478FD99D.7070203@fnal.gov> MIME-version: 1.0 Content-type: multipart/signed; boundary=------------ms090806080303070406050500; micalg=sha1; protocol="application/x-pkcs7-signature" User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2008 22:53:15 -0000 This is a cryptographically signed message in MIME format. --------------ms090806080303070406050500 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I have been struggling for several days trying to get a new instance of conserver to talk to a relatively new Opengear CM4148 terminal server. I have an older CM4148 (OpenGear/CM41xx Firmware Version 2.1.0u1) which is working just fine with this conserver host. But the newer unit (FW version 2.3.1u3) requires a login, presumably to authenticate to the Opengear device, before I can open the port to log console output and before I can login at the prompt on the serial console port. I have read through the Opengear manual and do not see a way to set it up to allow access without some form of authentication. I did find a thread in this conserver users mailing list archive. It was dated 25 Sep 2007 under the title "console connection prompts for root password" That question was submitted by Lisa Doherty with an answer from David Harris. I believe that thread was talking about authenticating to the conserver software and not to the Opengear device. Like Lisa was at that time, I am new to this list. I have been using older versions of conserver for over 10 years. This is the first instance of conserver version 8 that I am setting up. And I set up that older Opengear device over 18 months ago. I have spent way too long trying to get over this problem on my own. I have an e-mail into support@opengear.com. I would appreciate any help that list members could offer. Ken Schumacher -- =========================================================================== Ken Schumacher (o) 630.840.4579 (f) 630.840.6345 Fermilab/Computing Div/SSA Group Loc: FCC-238 (pgr) 630.905.1149 --------------ms090806080303070406050500 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMDDCC A/gwggLgoAMCAQICASkwDQYJKoZIhvcNAQEFBQAwdTETMBEGCgmSJomT8ixkARkWA25ldDES MBAGCgmSJomT8ixkARkWAkVTMQ4wDAYDVQQKEwVFU25ldDEgMB4GA1UECxMXQ2VydGlmaWNh dGUgQXV0aG9yaXRpZXMxGDAWBgNVBAMTD0VTbmV0IFJvb3QgQ0EgMTAeFw0wMjEyMDUwODAw MDBaFw0xMzAxMjUwODAwMDBaMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcxGDAWBgoJkiaJk/Is ZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9yaXRpZXMxFjAUBgNV BAMTDURPRUdyaWRzIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09dYj YaPbCD5mtbiQb7Ka3y1qAm0ZcqKCFciWcfe8Kwcuy9tjHuIsLf9ZItdkDW4xy8sua9nJlx3K lwjtumTMtOtg35KZCknUd8KM4VGTSFdLVG9AbNayef76caVCGM1+jyF0Lq03kauGOPTcNfZe 1TZa3e1c9rc8ljV5OSWa/mfsCACyS5zFIWu0yIDNyJdf+n0hwaPN53wllpJ30taD+JBjQ7h2 k4xRWzeaznLOb9OztZVRA/1sVze+iczFh2xwa4VdGy0eIIPw1pfvYwxO36rm0S109qvbsNla roPRbxerPKakQLpKe034Xcx7gBPqUk/FxoRRWin5EWN3rz9LAgMBAAGjgZ4wgZswDgYDVR0P AQH/BAQDAgGGMBEGCWCGSAGG+EIBAQQEAwIAhzAdBgNVHQ4EFgQUyhkdEo5upDhdQtQxDgjb 2Y0XDV0wHwYDVR0jBBgwFoAUvF1NSC/4NZRZq1yJSz7RsjoUAeowDwYDVR0TAQH/BAUwAwEB /zAlBgNVHREEHjAcgRpET0VHcmlkcy1DQS0xQGRvZWdyaWRzLm9yZzANBgkqhkiG9w0BAQUF AAOCAQEAZNVrIDLqe39CEOiJt7Q7EpBPhAihMvDTSf/42u0SMbUmChww4mLmph5DBghZUVF8 Yn59kRZMn1QLOtO1HzLqvAvPITacZVPlJgG2IXzlR636YghZFAycbIUEOJDBHR4vtQO1KDxg ZwvAbtmKIoxvhUCq2xsfFt9kCBBn+JYtQ6O5LsBJq3PmuubeMcc7mbQAfJZ7h/3QghgkFIhm E1+LBXPJbkuP8vgfg6h2BKoAf5TFfZECgGZKimfN110tBvfedGZwYYd3/GsJc83B0JN1gny0 gqNVPm392UchXGeBRrHnm2gkhIkr48Oq6EmNGV9/a6XfbplQW/JWbtPVPWkaizCCBAQwggLs oAMCAQICAkPcMA0GCSqGSIb3DQEBBQUAMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcxGDAWBgoJ kiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9yaXRpZXMx FjAUBgNVBAMTDURPRUdyaWRzIENBIDEwHhcNMDcwNzMwMTQwMjQ1WhcNMDgwNzI5MTQwMjQ1 WjBmMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIZG9lZ3JpZHMxDzAN BgNVBAsTBlBlb3BsZTEkMCIGA1UEAxMbS2VubmV0aCBBIFNjaHVtYWNoZXIgMjE5MDAwMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3cLC748dpsJ/mmSf4jvWz4BLIQ3ozyd xBQQ9D6Y2jVT9rawsXBnayab4W87A0NFzfZsruW9caaME3JgHXq7zY0KPidfse+Yj7ddhNrv +fS2/9DaORZ9s3o6b6ZajxJDgtlkPR23JqgXX/bAvynYBvFKkmkjEdMGxekM/a+TtnogJZtn SY0IYJFKYy/Yatd9WxNMsoqAKAKl8QLUe4cQGEnMnWkLzr9Z85z0AumNqqFQ1jq8jfh19yd8 xtEdL5WWie/1oYdPy/T1wcE0YfXlHPfaOxFs1T+Q96B3xP5JYTzx9SFcw8Mr7ujGRJBTxQh9 u23Xvpi++kzUNnnAYmWYCwIDAQABo4G4MIG1MBEGCWCGSAGG+EIBAQQEAwIF4DAOBgNVHQ8B Af8EBAMCBPAwGAYDVR0gBBEwDzANBgsqhkiG90wDBwECBzA6BgNVHR8EMzAxMC+gLaArhilo dHRwOi8vcGtpMS5kb2Vncmlkcy5vcmcvQ1JMLzFjM2YyY2E4LmNybDAZBgNVHREEEjAQgQ5r c2NodUBmbmFsLmdvdjAfBgNVHSMEGDAWgBTKGR0Sjm6kOF1C1DEOCNvZjRcNXTANBgkqhkiG 9w0BAQUFAAOCAQEAGNzXDsctuEQAnv2VPzbRmorhDa67E+kY9PycBIXx0sGUBd2f/MsH6mMD /jSh9vubPBDkeYd4jhbJZPJy/yEXijCZm/akG6KFyZvXDZBzIaScmAmEpZGp8koSEk3VRuoq csgn024g4LFs0cCg69dAfwhGgqI7tTeoEwV14EALduaehnqVKF9BpRJM2wLx+gqcBjujduc5 ZLZPvEqo4aa1qEfF50BBFYRi8RVyWEhf71+uQ+spG4+yQiv2KaxFPtyXa7MTs5Gv/uL6ubnM SIgDkJkTYBINu6w296QM9eNRedt88VkSEm24nIp7BFJaRetCRJj/7MtVqiabU5j/4kds5DCC BAQwggLsoAMCAQICAkPcMA0GCSqGSIb3DQEBBQUAMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcx GDAWBgoJkiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9y aXRpZXMxFjAUBgNVBAMTDURPRUdyaWRzIENBIDEwHhcNMDcwNzMwMTQwMjQ1WhcNMDgwNzI5 MTQwMjQ1WjBmMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIZG9lZ3Jp ZHMxDzANBgNVBAsTBlBlb3BsZTEkMCIGA1UEAxMbS2VubmV0aCBBIFNjaHVtYWNoZXIgMjE5 MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3cLC748dpsJ/mmSf4jvWz4B LIQ3ozydxBQQ9D6Y2jVT9rawsXBnayab4W87A0NFzfZsruW9caaME3JgHXq7zY0KPidfse+Y j7ddhNrv+fS2/9DaORZ9s3o6b6ZajxJDgtlkPR23JqgXX/bAvynYBvFKkmkjEdMGxekM/a+T tnogJZtnSY0IYJFKYy/Yatd9WxNMsoqAKAKl8QLUe4cQGEnMnWkLzr9Z85z0AumNqqFQ1jq8 jfh19yd8xtEdL5WWie/1oYdPy/T1wcE0YfXlHPfaOxFs1T+Q96B3xP5JYTzx9SFcw8Mr7ujG RJBTxQh9u23Xvpi++kzUNnnAYmWYCwIDAQABo4G4MIG1MBEGCWCGSAGG+EIBAQQEAwIF4DAO BgNVHQ8BAf8EBAMCBPAwGAYDVR0gBBEwDzANBgsqhkiG90wDBwECBzA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vcGtpMS5kb2Vncmlkcy5vcmcvQ1JMLzFjM2YyY2E4LmNybDAZBgNVHREE EjAQgQ5rc2NodUBmbmFsLmdvdjAfBgNVHSMEGDAWgBTKGR0Sjm6kOF1C1DEOCNvZjRcNXTAN BgkqhkiG9w0BAQUFAAOCAQEAGNzXDsctuEQAnv2VPzbRmorhDa67E+kY9PycBIXx0sGUBd2f /MsH6mMD/jSh9vubPBDkeYd4jhbJZPJy/yEXijCZm/akG6KFyZvXDZBzIaScmAmEpZGp8koS Ek3VRuoqcsgn024g4LFs0cCg69dAfwhGgqI7tTeoEwV14EALduaehnqVKF9BpRJM2wLx+gqc Bjujduc5ZLZPvEqo4aa1qEfF50BBFYRi8RVyWEhf71+uQ+spG4+yQiv2KaxFPtyXa7MTs5Gv /uL6ubnMSIgDkJkTYBINu6w296QM9eNRedt88VkSEm24nIp7BFJaRetCRJj/7MtVqiabU5j/ 4kds5DGCA04wggNKAgEBMG8waTETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixk ARkWCERPRUdyaWRzMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEWMBQGA1UE AxMNRE9FR3JpZHMgQ0EgMQICQ9wwCQYFKw4DAhoFAKCCAbQwGAYJKoZIhvcNAQkDMQsGCSqG SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwMTE3MjI0MTMzWjAjBgkqhkiG9w0BCQQxFgQU xyxJIwwVbDpe4YX8n/YcBAo6UugwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggq hkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwfgYJ KwYBBAGCNxAEMXEwbzBpMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYI RE9FR3JpZHMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1E T0VHcmlkcyBDQSAxAgJD3DCBgAYLKoZIhvcNAQkQAgsxcaBvMGkxEzARBgoJkiaJk/IsZAEZ FgNvcmcxGDAWBgoJkiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUg QXV0aG9yaXRpZXMxFjAUBgNVBAMTDURPRUdyaWRzIENBIDECAkPcMA0GCSqGSIb3DQEBAQUA BIIBAC8LpJMqNP9BCGiZ51iKqI7Wzs7uUCv8B8G+jxTPxqDtDjdHuEnNoiOxu00PTQS3NzDv 1Jln1crEenJOIu/8tXp6n0l3pEvw5YZ533dhYr0Sk9LXKqC8HLHnvSDA1ksQg5P6XFzalTkX kdEq9s4JuZsLNw9qut+UQVySh0eblELi3z/mY2TfA4F9PAAfum8SC6lAfSuhZp7HugQ/9bsc CqZzrVQCKnyWBasqJZfVBLidsT+45ldVdHuS8Bsdgzir6lQEX1And6KOp+/YXQ73N8utBzAg rXs34DvVjTp6eqkuyvozbSvxQY+0g2vKQUFBZ/O+pFIkjxdtr9Wqo+1EHqIAAAAAAAA= --------------ms090806080303070406050500-- From Lisa.Doherty@nau.edu Fri Jan 18 06:22:06 2008 Received: from mailgate6.nau.edu (mailgate6.nau.edu [134.114.96.39]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IELxoF012216 for ; Fri, 18 Jan 2008 06:22:04 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate6.nau.edu (Postfix) with ESMTP id B2D7D13C702; Fri, 18 Jan 2008 07:21:56 -0700 (MST) X-Virus-Scanned: amavisd-new at nau.edu Received: from mailgate6.nau.edu ([127.0.0.1]) by localhost (mailgate6.nau.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwpoSVF3kwe3; Fri, 18 Jan 2008 07:21:56 -0700 (MST) Received: from [134.114.32.130] (ucc286.ucc.nau.edu [134.114.32.130]) by mailgate6.nau.edu (Postfix) with ESMTP id BBBF613C701; Fri, 18 Jan 2008 07:21:55 -0700 (MST) Message-ID: <4790B5DF.7060905@nau.edu> Date: Fri, 18 Jan 2008 07:21:19 -0700 From: Lisa Doherty Organization: Northern Arizona University User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Ken Schumacher Subject: Re: initial console connection requires authentication References: <478FD99D.7070203@fnal.gov> In-Reply-To: <478FD99D.7070203@fnal.gov> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Lisa.Doherty@nau.edu List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 14:22:07 -0000 Ken, I solved my problem by adding the ssh public key of the user running the conserver process on my conserver host to the Opengear terminal server. As an example, if I have a host named foo, and foo has conserver running as user bar, then I add bar's id_dsa.pub to the Opengear terminal server /etc/config/users/conserver/.ssh/authorized_keys file. I believe I had to restart the conserver process on my conserver host (in this example, foo). Once I did that the prompt disappeared. Hopefully this helps you. Lisa Doherty Ken Schumacher wrote: > I have been struggling for several days trying to get a new instance > of conserver to talk to a relatively new Opengear CM4148 terminal > server. I have an older CM4148 (OpenGear/CM41xx Firmware Version > 2.1.0u1) which is working just fine with this conserver host. But the > newer unit (FW version 2.3.1u3) requires a login, presumably to > authenticate to the Opengear device, before I can open the port to log > console output and before I can login at the prompt on the serial > console port. > > I have read through the Opengear manual and do not see a way to set it > up to allow access without some form of authentication. I did find a > thread in this conserver users mailing list archive. It was dated 25 > Sep 2007 under the title "console connection prompts for root > password" That question was submitted by Lisa Doherty with an answer > from David Harris. I believe that thread was talking about > authenticating to the conserver software and not to the Opengear device. > > Like Lisa was at that time, I am new to this list. I have been using > older versions of conserver for over 10 years. This is the first > instance of conserver version 8 that I am setting up. And I set up > that older Opengear device over 18 months ago. I have spent way too > long trying to get over this problem on my own. I have an e-mail into > support@opengear.com. I would appreciate any help that list members > could offer. > > Ken Schumacher > > ------------------------------------------------------------------------ > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > From peter.hunt@opengear.com Fri Jan 18 09:23:49 2008 Received: from mx-out.daemonmail.net (mx-out.daemonmail.net [216.104.160.38]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IHNflK013986 for ; Fri, 18 Jan 2008 09:23:46 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mx-out.daemonmail.net (Postfix) with ESMTP id AABB027C5FB; Fri, 18 Jan 2008 09:23:39 -0800 (PST) Received: from mx-out.daemonmail.net ([127.0.0.1]) by localhost (mx-out.daemonmail.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j9dZsaHv5KgB; Fri, 18 Jan 2008 09:23:39 -0800 (PST) Received: from localhost.daemonmail.net (localhost [127.0.0.1]) by mx-out.daemonmail.net (Postfix) with SMTP id 6D6CA27CA15; Fri, 18 Jan 2008 09:23:38 -0800 (PST) Received: from [66.29.168.58] (via account 20234) by mx-out.daemonmail.net with ESMTP id xG10PHE0 authenticated by POP; Fri, 18 Jan 2008 09:23:37 -0800 (PST) Message-ID: <4790E097.5070809@opengear.com> Date: Fri, 18 Jan 2008 10:23:35 -0700 From: Peter Hunt User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Lisa.Doherty@nau.edu Subject: Re: initial console connection requires authentication References: <478FD99D.7070203@fnal.gov> <4790B5DF.7060905@nau.edu> In-Reply-To: <4790B5DF.7060905@nau.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 17:23:50 -0000 Hi Lisa and Ken, Sorry for sleeping at the wheel, holidays are taking there toll. Lisa's solution is the recommended way of avoiding interactive logins and there are detailed instructions in the User Manual: ftp://ftp.opengear.com/manual/IMG-IM-CM4000%20User%20Manual3.1.pdf Section 15.6, essentially its identical to Public Key setup on vanilla Linux however some of the directories and files live in different places on our embedded FS. The dirty work-around is to not use Telnet but RFC-2217 which is a super-set of the Telnet protocol usually meant for controlling serial port settings over a network. This will mean your TCP port will change (by default) from 2000 + the serial port to 5000 + the serial port but you will not need to authenticate. (It is highly recommended if you go down this path to restrict access to those TCP ports with the iptables (You can use the Trusted Network configuration to achieve this). The draw back of RFC2217 usage is that your sessions will be restricted to 1 user per port concurrently. Hope that helps and apologies for the delay, Zonker alerted me. Regards, Peter Lisa Doherty wrote: > Ken, > > I solved my problem by adding the ssh public key of the user running the > conserver process on my conserver host to the Opengear terminal server. > As an example, if I have a host named foo, and foo has conserver running > as user bar, then I add bar's id_dsa.pub to the Opengear terminal server > /etc/config/users/conserver/.ssh/authorized_keys file. > > I believe I had to restart the conserver process on my conserver host > (in this example, foo). Once I did that the prompt disappeared. > Hopefully this helps you. > > Lisa Doherty > > Ken Schumacher wrote: > >> I have been struggling for several days trying to get a new instance >> of conserver to talk to a relatively new Opengear CM4148 terminal >> server. I have an older CM4148 (OpenGear/CM41xx Firmware Version >> 2.1.0u1) which is working just fine with this conserver host. But the >> newer unit (FW version 2.3.1u3) requires a login, presumably to >> authenticate to the Opengear device, before I can open the port to log >> console output and before I can login at the prompt on the serial >> console port. >> >> I have read through the Opengear manual and do not see a way to set it >> up to allow access without some form of authentication. I did find a >> thread in this conserver users mailing list archive. It was dated 25 >> Sep 2007 under the title "console connection prompts for root >> password" That question was submitted by Lisa Doherty with an answer >> from David Harris. I believe that thread was talking about >> authenticating to the conserver software and not to the Opengear device. >> >> Like Lisa was at that time, I am new to this list. I have been using >> older versions of conserver for over 10 years. This is the first >> instance of conserver version 8 that I am setting up. And I set up >> that older Opengear device over 18 months ago. I have spent way too >> long trying to get over this problem on my own. I have an e-mail into >> support@opengear.com. I would appreciate any help that list members >> could offer. >> >> Ken Schumacher >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> users mailing list >> users@conserver.com >> https://www.conserver.com/mailman/listinfo/users >> >> > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > > > -- Peter Hunt Opengear Inc - Secure Server Management - www.opengear.com Phone: 801 282 1387 ext 2229 From kschu@fnal.gov Fri Jan 18 11:52:54 2008 Received: from mailgw1.fnal.gov (mailgw1.fnal.gov [131.225.111.11]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IJqjS9016820 for ; Fri, 18 Jan 2008 11:52:50 -0800 (PST) Received: from mailav2.fnal.gov (mailav2.fnal.gov [131.225.111.20]) by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with SMTP id <0JUU007MXV4UGX@mailgw1.fnal.gov> for users@conserver.com; Fri, 18 Jan 2008 13:51:55 -0600 (CST) Received: from mailgw1.fnal.gov ([131.225.111.11]) by mailav2.fnal.gov (SAVSMTP 3.1.7.47) with SMTP id M2008011813515428211 for ; Fri, 18 Jan 2008 13:51:54 -0600 Received: from conversion-daemon.mailgw1.fnal.gov by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) id <0JUU00I01V3ROL@mailgw1.fnal.gov> (original mail from kschu@fnal.gov) for users@conserver.com; Fri, 18 Jan 2008 13:51:55 -0600 (CST) Received: from [131.225.82.180] (CD-97653.dhcp.fnal.gov [131.225.82.180]) by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with ESMTPSA id <0JUU007A3V6ILB@mailgw1.fnal.gov>; Fri, 18 Jan 2008 13:51:55 -0600 (CST) Date: Fri, 18 Jan 2008 13:51:50 -0600 From: Ken Schumacher Subject: Re: initial console connection requires authentication In-reply-to: <4790E097.5070809@opengear.com> To: Peter Hunt Message-id: <47910356.7080107@fnal.gov> MIME-version: 1.0 Content-type: multipart/signed; boundary=------------ms050905050809050201070905; micalg=sha1; protocol="application/x-pkcs7-signature" User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) References: <478FD99D.7070203@fnal.gov> <4790B5DF.7060905@nau.edu> <4790E097.5070809@opengear.com> X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 19:52:55 -0000 This is a cryptographically signed message in MIME format. --------------ms050905050809050201070905 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Peter, I will go back to the manual and look at this again. But I will tell you up front that I have been trying to configure conserver to use the RFC-2217 protocol and I am getting the login prompts. I have assumed this request to authenticate was coming from the Opengear. I have a private LAN segment which is used for all the console management and power management functions. Fermilab has quite strict requirements as to the types of security that must be in place on any network login. Basically any network connection which would allow someone to get to a shell or command-line prompt must be kerberized. So the Opengear is kept on the private segment. And I fully trust that anyone who can log into the node running a conserver daemon is properly authenticated. So any host that can communicate with the Opengear is a trusted host. I got e-mail replies from Zonker and Lisa (Thank you both!). I had hoped that I could configure the Opengear without having to define a list of trusted users or adding individual SSH keys. I will go back and look at section 15.6 again and see what I can do with that. I'll post a summary/update when I get this all worked out. Thanks for the help. Ken Schumacher Peter Hunt wrote: > Hi Lisa and Ken, > > Sorry for sleeping at the wheel, holidays are taking there toll. > > Lisa's solution is the recommended way of avoiding interactive logins > and there are detailed instructions in the User Manual: > ftp://ftp.opengear.com/manual/IMG-IM-CM4000%20User%20Manual3.1.pdf > > Section 15.6, essentially its identical to Public Key setup on vanilla > Linux however some of the directories and files live in different places > on our embedded FS. > > The dirty work-around is to not use Telnet but RFC-2217 which is a > super-set of the Telnet protocol usually meant for controlling serial > port settings over a network. This will mean your TCP port will change > (by default) from 2000 + the serial port to 5000 + the serial port but > you will not need to authenticate. (It is highly recommended if you go > down this path to restrict access to those TCP ports with the iptables > (You can use the Trusted Network configuration to achieve this). The > draw back of RFC2217 usage is that your sessions will be restricted to 1 > user per port concurrently. > > Hope that helps and apologies for the delay, Zonker alerted me. > > Regards, > Peter > > Lisa Doherty wrote: >> Ken, >> >> I solved my problem by adding the ssh public key of the user running >> the conserver process on my conserver host to the Opengear terminal >> server. As an example, if I have a host named foo, and foo has >> conserver running as user bar, then I add bar's id_dsa.pub to the >> Opengear terminal server >> /etc/config/users/conserver/.ssh/authorized_keys file. >> >> I believe I had to restart the conserver process on my conserver host >> (in this example, foo). Once I did that the prompt disappeared. >> Hopefully this helps you. >> >> Lisa Doherty >> >> Ken Schumacher wrote: >> >>> I have been struggling for several days trying to get a new instance >>> of conserver to talk to a relatively new Opengear CM4148 terminal >>> server. I have an older CM4148 (OpenGear/CM41xx Firmware Version >>> 2.1.0u1) which is working just fine with this conserver host. But >>> the newer unit (FW version 2.3.1u3) requires a login, presumably to >>> authenticate to the Opengear device, before I can open the port to >>> log console output and before I can login at the prompt on the serial >>> console port. >>> >>> I have read through the Opengear manual and do not see a way to set >>> it up to allow access without some form of authentication. I did >>> find a thread in this conserver users mailing list archive. It was >>> dated 25 Sep 2007 under the title "console connection prompts for >>> root password" That question was submitted by Lisa Doherty with an >>> answer from David Harris. I believe that thread was talking about >>> authenticating to the conserver software and not to the Opengear device. >>> >>> Like Lisa was at that time, I am new to this list. I have been using >>> older versions of conserver for over 10 years. This is the first >>> instance of conserver version 8 that I am setting up. And I set up >>> that older Opengear device over 18 months ago. I have spent way too >>> long trying to get over this problem on my own. I have an e-mail >>> into support@opengear.com. I would appreciate any help that list >>> members could offer. >>> >>> Ken Schumacher >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> users mailing list >>> users@conserver.com >>> https://www.conserver.com/mailman/listinfo/users >>> >> _______________________________________________ >> users mailing list >> users@conserver.com >> https://www.conserver.com/mailman/listinfo/users >> >> >> > > --------------ms050905050809050201070905 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMDDCC A/gwggLgoAMCAQICASkwDQYJKoZIhvcNAQEFBQAwdTETMBEGCgmSJomT8ixkARkWA25ldDES MBAGCgmSJomT8ixkARkWAkVTMQ4wDAYDVQQKEwVFU25ldDEgMB4GA1UECxMXQ2VydGlmaWNh dGUgQXV0aG9yaXRpZXMxGDAWBgNVBAMTD0VTbmV0IFJvb3QgQ0EgMTAeFw0wMjEyMDUwODAw MDBaFw0xMzAxMjUwODAwMDBaMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcxGDAWBgoJkiaJk/Is ZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9yaXRpZXMxFjAUBgNV BAMTDURPRUdyaWRzIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09dYj YaPbCD5mtbiQb7Ka3y1qAm0ZcqKCFciWcfe8Kwcuy9tjHuIsLf9ZItdkDW4xy8sua9nJlx3K lwjtumTMtOtg35KZCknUd8KM4VGTSFdLVG9AbNayef76caVCGM1+jyF0Lq03kauGOPTcNfZe 1TZa3e1c9rc8ljV5OSWa/mfsCACyS5zFIWu0yIDNyJdf+n0hwaPN53wllpJ30taD+JBjQ7h2 k4xRWzeaznLOb9OztZVRA/1sVze+iczFh2xwa4VdGy0eIIPw1pfvYwxO36rm0S109qvbsNla roPRbxerPKakQLpKe034Xcx7gBPqUk/FxoRRWin5EWN3rz9LAgMBAAGjgZ4wgZswDgYDVR0P AQH/BAQDAgGGMBEGCWCGSAGG+EIBAQQEAwIAhzAdBgNVHQ4EFgQUyhkdEo5upDhdQtQxDgjb 2Y0XDV0wHwYDVR0jBBgwFoAUvF1NSC/4NZRZq1yJSz7RsjoUAeowDwYDVR0TAQH/BAUwAwEB /zAlBgNVHREEHjAcgRpET0VHcmlkcy1DQS0xQGRvZWdyaWRzLm9yZzANBgkqhkiG9w0BAQUF AAOCAQEAZNVrIDLqe39CEOiJt7Q7EpBPhAihMvDTSf/42u0SMbUmChww4mLmph5DBghZUVF8 Yn59kRZMn1QLOtO1HzLqvAvPITacZVPlJgG2IXzlR636YghZFAycbIUEOJDBHR4vtQO1KDxg ZwvAbtmKIoxvhUCq2xsfFt9kCBBn+JYtQ6O5LsBJq3PmuubeMcc7mbQAfJZ7h/3QghgkFIhm E1+LBXPJbkuP8vgfg6h2BKoAf5TFfZECgGZKimfN110tBvfedGZwYYd3/GsJc83B0JN1gny0 gqNVPm392UchXGeBRrHnm2gkhIkr48Oq6EmNGV9/a6XfbplQW/JWbtPVPWkaizCCBAQwggLs oAMCAQICAkPcMA0GCSqGSIb3DQEBBQUAMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcxGDAWBgoJ kiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9yaXRpZXMx FjAUBgNVBAMTDURPRUdyaWRzIENBIDEwHhcNMDcwNzMwMTQwMjQ1WhcNMDgwNzI5MTQwMjQ1 WjBmMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIZG9lZ3JpZHMxDzAN BgNVBAsTBlBlb3BsZTEkMCIGA1UEAxMbS2VubmV0aCBBIFNjaHVtYWNoZXIgMjE5MDAwMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3cLC748dpsJ/mmSf4jvWz4BLIQ3ozyd xBQQ9D6Y2jVT9rawsXBnayab4W87A0NFzfZsruW9caaME3JgHXq7zY0KPidfse+Yj7ddhNrv +fS2/9DaORZ9s3o6b6ZajxJDgtlkPR23JqgXX/bAvynYBvFKkmkjEdMGxekM/a+TtnogJZtn SY0IYJFKYy/Yatd9WxNMsoqAKAKl8QLUe4cQGEnMnWkLzr9Z85z0AumNqqFQ1jq8jfh19yd8 xtEdL5WWie/1oYdPy/T1wcE0YfXlHPfaOxFs1T+Q96B3xP5JYTzx9SFcw8Mr7ujGRJBTxQh9 u23Xvpi++kzUNnnAYmWYCwIDAQABo4G4MIG1MBEGCWCGSAGG+EIBAQQEAwIF4DAOBgNVHQ8B Af8EBAMCBPAwGAYDVR0gBBEwDzANBgsqhkiG90wDBwECBzA6BgNVHR8EMzAxMC+gLaArhilo dHRwOi8vcGtpMS5kb2Vncmlkcy5vcmcvQ1JMLzFjM2YyY2E4LmNybDAZBgNVHREEEjAQgQ5r c2NodUBmbmFsLmdvdjAfBgNVHSMEGDAWgBTKGR0Sjm6kOF1C1DEOCNvZjRcNXTANBgkqhkiG 9w0BAQUFAAOCAQEAGNzXDsctuEQAnv2VPzbRmorhDa67E+kY9PycBIXx0sGUBd2f/MsH6mMD /jSh9vubPBDkeYd4jhbJZPJy/yEXijCZm/akG6KFyZvXDZBzIaScmAmEpZGp8koSEk3VRuoq csgn024g4LFs0cCg69dAfwhGgqI7tTeoEwV14EALduaehnqVKF9BpRJM2wLx+gqcBjujduc5 ZLZPvEqo4aa1qEfF50BBFYRi8RVyWEhf71+uQ+spG4+yQiv2KaxFPtyXa7MTs5Gv/uL6ubnM SIgDkJkTYBINu6w296QM9eNRedt88VkSEm24nIp7BFJaRetCRJj/7MtVqiabU5j/4kds5DCC BAQwggLsoAMCAQICAkPcMA0GCSqGSIb3DQEBBQUAMGkxEzARBgoJkiaJk/IsZAEZFgNvcmcx GDAWBgoJkiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUgQXV0aG9y aXRpZXMxFjAUBgNVBAMTDURPRUdyaWRzIENBIDEwHhcNMDcwNzMwMTQwMjQ1WhcNMDgwNzI5 MTQwMjQ1WjBmMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYIZG9lZ3Jp ZHMxDzANBgNVBAsTBlBlb3BsZTEkMCIGA1UEAxMbS2VubmV0aCBBIFNjaHVtYWNoZXIgMjE5 MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3cLC748dpsJ/mmSf4jvWz4B LIQ3ozydxBQQ9D6Y2jVT9rawsXBnayab4W87A0NFzfZsruW9caaME3JgHXq7zY0KPidfse+Y j7ddhNrv+fS2/9DaORZ9s3o6b6ZajxJDgtlkPR23JqgXX/bAvynYBvFKkmkjEdMGxekM/a+T tnogJZtnSY0IYJFKYy/Yatd9WxNMsoqAKAKl8QLUe4cQGEnMnWkLzr9Z85z0AumNqqFQ1jq8 jfh19yd8xtEdL5WWie/1oYdPy/T1wcE0YfXlHPfaOxFs1T+Q96B3xP5JYTzx9SFcw8Mr7ujG RJBTxQh9u23Xvpi++kzUNnnAYmWYCwIDAQABo4G4MIG1MBEGCWCGSAGG+EIBAQQEAwIF4DAO BgNVHQ8BAf8EBAMCBPAwGAYDVR0gBBEwDzANBgsqhkiG90wDBwECBzA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vcGtpMS5kb2Vncmlkcy5vcmcvQ1JMLzFjM2YyY2E4LmNybDAZBgNVHREE EjAQgQ5rc2NodUBmbmFsLmdvdjAfBgNVHSMEGDAWgBTKGR0Sjm6kOF1C1DEOCNvZjRcNXTAN BgkqhkiG9w0BAQUFAAOCAQEAGNzXDsctuEQAnv2VPzbRmorhDa67E+kY9PycBIXx0sGUBd2f /MsH6mMD/jSh9vubPBDkeYd4jhbJZPJy/yEXijCZm/akG6KFyZvXDZBzIaScmAmEpZGp8koS Ek3VRuoqcsgn024g4LFs0cCg69dAfwhGgqI7tTeoEwV14EALduaehnqVKF9BpRJM2wLx+gqc Bjujduc5ZLZPvEqo4aa1qEfF50BBFYRi8RVyWEhf71+uQ+spG4+yQiv2KaxFPtyXa7MTs5Gv /uL6ubnMSIgDkJkTYBINu6w296QM9eNRedt88VkSEm24nIp7BFJaRetCRJj/7MtVqiabU5j/ 4kds5DGCA04wggNKAgEBMG8waTETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixk ARkWCERPRUdyaWRzMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEWMBQGA1UE AxMNRE9FR3JpZHMgQ0EgMQICQ9wwCQYFKw4DAhoFAKCCAbQwGAYJKoZIhvcNAQkDMQsGCSqG SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwMTE4MTk1MTUwWjAjBgkqhkiG9w0BCQQxFgQU 9HmZjq5gF3czMhA4BB5pxjngQqEwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggq hkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwfgYJ KwYBBAGCNxAEMXEwbzBpMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQBGRYI RE9FR3JpZHMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1E T0VHcmlkcyBDQSAxAgJD3DCBgAYLKoZIhvcNAQkQAgsxcaBvMGkxEzARBgoJkiaJk/IsZAEZ FgNvcmcxGDAWBgoJkiaJk/IsZAEZFghET0VHcmlkczEgMB4GA1UECxMXQ2VydGlmaWNhdGUg QXV0aG9yaXRpZXMxFjAUBgNVBAMTDURPRUdyaWRzIENBIDECAkPcMA0GCSqGSIb3DQEBAQUA BIIBADlNipunfj/I/EJJpT06/fFuvyRm04fSj6//0Of/QEk4BIdnGIHvQY5Yrdsibop+3tLY 6YvBAWmfWPWPgszHlZCHBVlu/v0z5/dINiv6qbBcZ+dGAsDxSHnA0ZVlAVLF5OF5BZdMyDEt QcBpKJTd9FSzbPOC8jY/12wzD0zT8RkO6lp7lg1Bb/dJo1ojASNTOLzdDyD96GeOGt5HOpiN +eKrtvWq9vc/hgNYUNmSybrwc8+Br+Pmp18MmcvzEF0gUI0trhDp70nGWzzccnhpL/8M6W9p IcX1rWucgoqc0xlXBBcNKtuT6eOijz1/FH8yVSSwh0aGwEt2CuegEMA3xdIAAAAAAAA= --------------ms050905050809050201070905-- From bryan@stansell.org Fri Jan 18 12:09:14 2008 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IK9EOm016998 for ; Fri, 18 Jan 2008 12:09:14 -0800 (PST) Received: (from bryan@localhost) by underdog.stansell.org (8.14.2/8.14.2/Submit) id m0IK9E5m016997 for users@conserver.com; Fri, 18 Jan 2008 12:09:14 -0800 (PST) Date: Fri, 18 Jan 2008 12:09:14 -0800 From: Bryan Stansell To: users@conserver.com Subject: Re: initial console connection requires authentication Message-ID: <20080118200914.GF14121@underdog.stansell.org> References: <478FD99D.7070203@fnal.gov> <4790B5DF.7060905@nau.edu> <4790E097.5070809@opengear.com> <47910356.7080107@fnal.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47910356.7080107@fnal.gov> User-Agent: Mutt/1.4.2.2i X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 20:09:15 -0000 On Fri, Jan 18, 2008 at 01:51:50PM -0600, Ken Schumacher wrote: > I will go back to the manual and look at this again. But I will tell > you up front that I have been trying to configure conserver to use the > RFC-2217 protocol and I am getting the login prompts. I have assumed > this request to authenticate was coming from the Opengear. i just took a quick look at pages 45 through 49 of that CM4000 user manual. i'd suggest setting the access type to "Raw TCP" and having conserver connect on ports 4000+n. the rfc 2217 stuff doesn't seem right for conserver purposes (conserver certainly doesn't talk it so there might be some weirdness there). the implication (based on the manual) is that there won't be a login prompt using raw tcp. there's my 2 cents. ;-) Bryan From skoinm@bcm.edu Fri Jan 18 12:25:59 2008 Received: from silver.hgsc.bcm.tmc.edu (silver.hgsc.bcm.tmc.edu [128.249.42.192]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IKPqYW017241 for ; Fri, 18 Jan 2008 12:25:58 -0800 (PST) Received: from newton.hgsc.bcm.tmc.edu (IDENT:U2FsdGVkX19nDTAkVsEn1c4pZALm3xjs2GhdqZ6111Q@woodstock31.hgsc.bcm.tmc.edu [128.249.42.51]) by silver.hgsc.bcm.tmc.edu (8.12.9/8.12.9) with ESMTP id m0IKPqJf005564 for ; Fri, 18 Jan 2008 14:25:52 -0600 (CST) Received: from [128.249.154.234] (unknown [128.249.154.234]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by newton.hgsc.bcm.tmc.edu (Postfix) with ESMTP id DE22D15AAF0 for ; Fri, 18 Jan 2008 14:25:49 -0600 (CST) Message-Id: From: Steve Koinm To: users@conserver.com Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Subject: Password not passing through Date: Fri, 18 Jan 2008 14:25:49 -0600 X-Mailer: Apple Mail (2.915) X-HGSC-Scanned: Scanned by the HGSC X-HGSC-VirusScan: Found to be clean X-HGSC-SpamStatus: not spam, SpamAssassin (score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44) X-HGSC-From: skoinm@bcm.edu X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 20:26:00 -0000 Hey folks, I have a new conserver installation that I'm doing and I'm having a weird issue. What appears to be happening is that the correct password isn't being passed on through. Here's the conserver.cf stripped down to show what I'm doing. ### set up global access default full { rw *; } ### set the defaults for all the consoles # these get applied before anything else default * { # The '&' character is substituted with the console name logfile /var/conserver/consoles/&; # timestamps every hour with activity and break logging timestamp 1hab; # include the 'full' default include full; # master server is localhost master localhost; } default conssh { type exec; exec /usr/local/bin/conssh P H; execsubst P=pd,H=hs; } console swift { port 44; include conssh; host cons-2; } ######### The /usr/local/bin/conssh script looks like: #!/bin/sh PORT=${1} TERMSRV=${2} ssh -2 -q -x -t root:ttyS${PORT}@${TERMSRV} If I run the conssh script with the parameters (/usr/local/bin/conssh 44 cons-2) and put in the password it drops me right in. If I do a 'console swift' it should be doing the same thing. But it asks for the password and rejects it. I've even tried changing passwords so that it is using one that doesn't have special characters in it but that doesn't seem to be it. Ideas? Steve From bryan@stansell.org Fri Jan 18 12:46:10 2008 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IKkA8S017448 for ; Fri, 18 Jan 2008 12:46:10 -0800 (PST) Received: (from bryan@localhost) by underdog.stansell.org (8.14.2/8.14.2/Submit) id m0IKkAgI017447 for users@conserver.com; Fri, 18 Jan 2008 12:46:10 -0800 (PST) Date: Fri, 18 Jan 2008 12:46:10 -0800 From: Bryan Stansell To: users@conserver.com Subject: Re: Password not passing through Message-ID: <20080118204610.GG14121@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 20:46:11 -0000 On Fri, Jan 18, 2008 at 02:25:49PM -0600, Steve Koinm wrote: > If I run the conssh script with the parameters (/usr/local/bin/conssh > 44 cons-2) and put in the password it drops me right in. If I do a > 'console swift' it should be doing the same thing. But it asks for > the password and rejects it. I've even tried changing passwords so > that it is using one that doesn't have special characters in it but > that doesn't seem to be it. things certaily appear ok on the surface. my gut reaction is that there might be some issue with the pseudo-tty that gets created and mapping of cr/lf characters. i'd probably add an 'stty -a' to the script so you can see how things are set in your normal shell (when you run it) as well as within the pseudo-tty of conserver. if you see anything "interesting" as far as differences, you could then add those adjustments to the script. since you tried simple characters, the only other thing that pops into my mind is the cr/lf mapping features of ttys. if anything else hits me, i'll email more... Bryan From skoinm@bcm.edu Fri Jan 18 14:44:11 2008 Received: from silver.hgsc.bcm.tmc.edu (silver.hgsc.bcm.tmc.edu [128.249.42.192]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0IMi3AD018394; Fri, 18 Jan 2008 14:44:08 -0800 (PST) Received: from newton.hgsc.bcm.tmc.edu (IDENT:U2FsdGVkX19TVSCT9kf9ZdTqVXJrDe7PX0hW2kZOlaY@woodstock31.hgsc.bcm.tmc.edu [128.249.42.51]) by silver.hgsc.bcm.tmc.edu (8.12.9/8.12.9) with ESMTP id m0IMi2Jf007002; Fri, 18 Jan 2008 16:44:02 -0600 (CST) Received: from [128.249.154.234] (unknown [128.249.154.234]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by newton.hgsc.bcm.tmc.edu (Postfix) with ESMTP id 43AE915AB12; Fri, 18 Jan 2008 16:44:00 -0600 (CST) Message-Id: <8577383F-E64E-4D87-A58E-5BF6AD1C8D90@bcm.edu> From: Steve Koinm To: Bryan Stansell In-Reply-To: <20080118204610.GG14121@underdog.stansell.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Subject: Re: Password not passing through Date: Fri, 18 Jan 2008 16:43:59 -0600 References: <20080118204610.GG14121@underdog.stansell.org> X-Mailer: Apple Mail (2.915) X-HGSC-Scanned: Scanned by the HGSC X-HGSC-VirusScan: Found to be clean X-HGSC-SpamStatus: not spam, SpamAssassin (score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44) X-HGSC-From: skoinm@bcm.edu X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 22:44:12 -0000 I'm not seeing anything that I would consider "interesting" between these two. I did go in and do a stty echok which is the closest thing to interesting I could find in between the two. Here is the stty -a from my interactive shell: Speed 38400 baud; rows 73; columns 129; line = 0; intr = ^C; quit = ^ \; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2 = ; swtch = ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0; -parenb -parodd cs8 - hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk - inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany -imaxbel - iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh - xcase -tostop -echoprt echoctl echoke And here is the stty -a from the conssh script: Speed 38400 baud; rows 0; columns 0; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = @; eof = ^D; eol = ; eol2 = ; swtch = ; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0; -parenb -parodd cs8 -hupcl - cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck - istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany -imaxbel -iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe -echok -echonl -noflsh - xcase -tostop -echoprt echoctl echoke Other ideas? Steve On Jan 18, 2008, at 2:46 PM, Bryan Stansell wrote: > On Fri, Jan 18, 2008 at 02:25:49PM -0600, Steve Koinm wrote: >> If I run the conssh script with the parameters (/usr/local/bin/conssh >> 44 cons-2) and put in the password it drops me right in. If I do a >> 'console swift' it should be doing the same thing. But it asks for >> the password and rejects it. I've even tried changing passwords so >> that it is using one that doesn't have special characters in it but >> that doesn't seem to be it. > > things certaily appear ok on the surface. my gut reaction is that > there > might be some issue with the pseudo-tty that gets created and > mapping of > cr/lf characters. i'd probably add an 'stty -a' to the script so you > can see how things are set in your normal shell (when you run it) as > well as within the pseudo-tty of conserver. if you see anything > "interesting" as far as differences, you could then add those > adjustments to the script. since you tried simple characters, the > only > other thing that pops into my mind is the cr/lf mapping features of > ttys. > > if anything else hits me, i'll email more... > > Bryan > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > From peter.hunt@opengear.com Tue Jan 22 15:12:17 2008 Received: from mx-out.daemonmail.net (mx-out.daemonmail.net [216.104.160.38]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0MNCASM016404; Tue, 22 Jan 2008 15:12:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mx-out.daemonmail.net (Postfix) with ESMTP id 388DD27C6BD; Tue, 22 Jan 2008 15:12:12 -0800 (PST) Received: from mx-out.daemonmail.net ([127.0.0.1]) by localhost (mx-out.daemonmail.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXaQskb9Unr7; Tue, 22 Jan 2008 15:12:10 -0800 (PST) Received: from localhost.daemonmail.net (localhost [127.0.0.1]) by mx-out.daemonmail.net (Postfix) with SMTP id 16E4227C6EC; Tue, 22 Jan 2008 15:12:10 -0800 (PST) Received: from [66.29.168.58] (via account 20234) by mx-out.daemonmail.net with ESMTP id uM50QRB2 authenticated by POP; Tue, 22 Jan 2008 15:12:09 -0800 (PST) Message-ID: <47967844.9080507@opengear.com> Date: Tue, 22 Jan 2008 16:12:04 -0700 From: Peter Hunt User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Bryan Stansell Subject: Re: initial console connection requires authentication References: <478FD99D.7070203@fnal.gov> <4790B5DF.7060905@nau.edu> <4790E097.5070809@opengear.com> <47910356.7080107@fnal.gov> <20080118200914.GF14121@underdog.stansell.org> In-Reply-To: <20080118200914.GF14121@underdog.stansell.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2008 23:12:19 -0000 Bryan Stansell wrote: > On Fri, Jan 18, 2008 at 01:51:50PM -0600, Ken Schumacher wrote: > >> I will go back to the manual and look at this again. But I will tell >> you up front that I have been trying to configure conserver to use the >> RFC-2217 protocol and I am getting the login prompts. I have assumed >> this request to authenticate was coming from the Opengear. >> > > i just took a quick look at pages 45 through 49 of that CM4000 user > manual. i'd suggest setting the access type to "Raw TCP" and having > conserver connect on ports 4000+n. the rfc 2217 stuff doesn't seem > right for conserver purposes (conserver certainly doesn't talk it so > there might be some weirdness there). the implication (based on the > manual) is that there won't be a login prompt using raw tcp. > > there's my 2 cents. > The RFC-2217 protocol does not authenticate and it will be Telnet compatible where as you may experience TTY corruption using raw TCP. Sredird which we use to serve RFC-2217 should handle all the Telnet escape sequences more appropriately. I just verified that the latest firmware 2.3.1u3 is behaving correctly when using RFC-2217 on port 1 with my Linux telnet client: # telnet 192.168.0.1 5001 Trying 192.168.135.50... Connected to 192.168.135.50. Escape character is '^]'. [ OK ] * Starting kernel event manager... [ OK ] * Loading hardware drivers... ! [ OK ] * Loading kernel modules... [ OK ] * Activating swap... connected to an Ubuntu Gutsy console. If you could send through your Support Report or at least the configuration section to support@opengear.com (perhaps take this offline while we sort out the problem) I can try and work out if there is a configuration issue. Regards, Peter -- Peter Hunt Opengear Inc - Secure Server Management - www.opengear.com Phone: 801 282 1387 ext 2229 From bryan@stansell.org Tue Jan 22 15:52:46 2008 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0MNqjMb016831 for ; Tue, 22 Jan 2008 15:52:45 -0800 (PST) Received: (from bryan@localhost) by underdog.stansell.org (8.14.2/8.14.2/Submit) id m0MNqjeE016830 for users@conserver.com; Tue, 22 Jan 2008 15:52:45 -0800 (PST) Date: Tue, 22 Jan 2008 15:52:45 -0800 From: Bryan Stansell To: users@conserver.com Subject: Re: initial console connection requires authentication Message-ID: <20080122235245.GK14121@underdog.stansell.org> References: <478FD99D.7070203@fnal.gov> <4790B5DF.7060905@nau.edu> <4790E097.5070809@opengear.com> <47910356.7080107@fnal.gov> <20080118200914.GF14121@underdog.stansell.org> <47967844.9080507@opengear.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47967844.9080507@opengear.com> User-Agent: Mutt/1.4.2.2i X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2008 23:52:47 -0000 On Tue, Jan 22, 2008 at 04:12:04PM -0700, Peter Hunt wrote: > The RFC-2217 protocol does not authenticate and it will be Telnet > compatible where as you may experience TTY corruption using raw TCP. that's good to know. i took a peek at the rfc and conserver should interact with it just fine (it should deny any knowledge of those extentions). and since you still get core telnet functionality, things should be happier than the raw tcp stuff. anyway, just wanted to agree with peter's message. :-) Bryan From wernli@in2p3.fr Thu Jan 24 00:03:53 2008 Received: from ccsrelay02.in2p3.fr (ccsrelay02.in2p3.fr [134.158.66.52]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0O83iv3009903 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Jan 2008 00:03:51 -0800 (PST) Received: from ccswiss.in2p3.fr (ccswiss.in2p3.fr [134.158.71.219]) (authenticated bits=0) by ccsrelay02.in2p3.fr (8.13.8/8.13.8/IN2P3) with ESMTP id m0O83TCw029904 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Jan 2008 09:03:34 +0100 Received: by ccswiss.in2p3.fr (Postfix, from userid 1000) id 57326C065; Thu, 24 Jan 2008 09:03:29 +0100 (CET) Date: Thu, 24 Jan 2008 09:03:29 +0100 From: Fabien Wernli To: "Conserver Users's Mailing List" Subject: down a bunch of consoles Message-ID: <20080124080329.GD25332@ccswiss.in2p3.fr> Mail-Followup-To: Conserver Users's Mailing List MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: CC-IN2P3 (CNRS) User-Agent: Mutt/1.5.17 (2007-11-01) X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: wernli@in2p3.fr List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 08:03:54 -0000 Hi, I browsed the documentation once again - unsuccessfully is there a way to down a particular set of consoles? I only found the syntax to down *all* consoles cheers From david.k.harris@siemens.com Thu Jan 24 09:13:13 2008 Received: from usnwk220srv.usa.siemens.com (usnwksmtp02e.usa.siemens.com [12.46.135.31]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0OHD5oY021839 for ; Thu, 24 Jan 2008 09:13:11 -0800 (PST) Received: from usnwk203a.ww017.siemens.net ([155.45.111.48]) by usnwk220srv.usa.siemens.com with InterScan Messaging Security Suite; Thu, 24 Jan 2008 09:12:58 -0800 Received: from USNWK102MSX.ww017.siemens.net ([155.45.111.56]) by usnwk203a.ww017.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Thu, 24 Jan 2008 09:12:59 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: down a bunch of consoles Date: Thu, 24 Jan 2008 09:12:58 -0800 Message-ID: <2461A50AD2345646B1C4B3D7BA40B8E203AF27C5@USNWK102MSX.ww017.siemens.net> In-Reply-To: <20080124080329.GD25332@ccswiss.in2p3.fr> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: down a bunch of consoles Thread-Index: AcheYFMA4lWHkkHIQRiV7XajhQmOTAAS2NJQ From: "Harris, David (IT Solutions US)" To: X-OriginalArrivalTime: 24 Jan 2008 17:12:59.0013 (UTC) FILETIME=[5E55DB50:01C85EAC] X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 17:13:14 -0000 =20 From the client (communicating with any individual host), you can use [ctrl]+[e], [c], [d] to "down" that port.=20 Or, if you know you need to stop a bunch of consoles for a while (so that someone can use reverse-TCP to get to those ports, maybe for using a Sun Jumpstart-type tool), you can edit the conserver.cf file, and simply comment out the lines associated with those ports, and then -HUP the main Conserver process. (And you can re-enable them later by editing the file and deleting that lead-# comment marker, and then re-HUP-ing the main process again). Are there other considerations you need which make either of these two methods unworkable? -Z- David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Fax: 510 624-5508 mailto: david.k.harris@siemens.com=20 www.usa.siemens.com/it-solutions =20 -----Original Message----- From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Fabien Wernli Sent: Thursday, January 24, 2008 12:03 AM To: Conserver Users's Mailing List Subject: down a bunch of consoles Hi, I browsed the documentation once again - unsuccessfully is there a way to down a particular set of consoles? I only found the syntax to down *all* consoles cheers _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users From fabien@mail.faxm0dem.org Thu Jan 24 10:46:46 2008 Received: from ccsrelay02.in2p3.fr (ccsrelay02.in2p3.fr [134.158.66.52]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0OIkbND022711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Jan 2008 10:46:44 -0800 (PST) Received: from nubox.faxm0dem.org (faxm0dem.org [82.224.162.122]) (authenticated bits=0) by ccsrelay02.in2p3.fr (8.13.8/8.13.8/IN2P3) with ESMTP id m0OIkGJk023460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 24 Jan 2008 19:46:21 +0100 Received: by nubox.faxm0dem.org (Postfix, from userid 1000) id D3ECCD00DE; Thu, 24 Jan 2008 19:46:16 +0100 (CET) Date: Thu, 24 Jan 2008 19:46:16 +0100 From: Fabien Wernli To: "Harris, David (IT Solutions US)" Subject: Re: RE: down a bunch of consoles Message-ID: <20080124184616.GC3550@mail.faxm0dem.org> Mail-Followup-To: "Harris, David (IT Solutions US)" , users@conserver.com References: <20080124080329.GD25332@ccswiss.in2p3.fr> <2461A50AD2345646B1C4B3D7BA40B8E203AF27C5@USNWK102MSX.ww017.siemens.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E203AF27C5@USNWK102MSX.ww017.siemens.net> Organization: CC-IN2P3 (CNRS) User-Agent: Mutt/1.5.17 (2007-11-01) X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: wernli@in2p3.fr List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 18:46:47 -0000 On Thu, Jan 24, 2008 at 09:12:58AM -0800, Harris, David (IT Solutions US) wrote: > From the client (communicating with any individual host), you can use > [ctrl]+[e], [c], [d] to "down" that port. yeah I used that in an expect script to down many at once. Not very reliable :o) > simply comment out the lines associated with those ports, and then -HUP > the main Conserver process. (And you can re-enable them later by editing > the file and deleting that lead-# comment marker, and then re-HUP-ing > the main process again). yeah sure but I dont like it because: 1) I like to keep my conserver.cf files in sync between my 6 conservers which means I have a cron to do that. 2) I believe it's a maintenance task, which should be handled by 'console' it'd be kind of cool to be able to 'console -u' to check nobody's connected to some consoles, then 'console --down '. I mean there's a mechanism for downing a console. Why not one for many? thanks for your time From david.k.harris@siemens.com Thu Jan 24 10:53:17 2008 Received: from usnwk220srv.usa.siemens.com (usnwksmtp02e.usa.siemens.com [12.46.135.31]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0OIqpKX022791 for ; Thu, 24 Jan 2008 10:52:56 -0800 (PST) Received: from usnwk206a.ww017.siemens.net ([155.45.111.74]) by usnwk220srv.usa.siemens.com with InterScan Messaging Security Suite; Thu, 24 Jan 2008 10:52:09 -0800 Received: from USNWK102MSX.ww017.siemens.net ([155.45.111.56]) by usnwk206a.ww017.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Thu, 24 Jan 2008 10:52:11 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: RE: down a bunch of consoles Date: Thu, 24 Jan 2008 10:52:09 -0800 Message-ID: <2461A50AD2345646B1C4B3D7BA40B8E203AF2879@USNWK102MSX.ww017.siemens.net> In-Reply-To: <20080124184616.GC3550@mail.faxm0dem.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RE: down a bunch of consoles Thread-Index: AcheuZsqCFxLsV/BT7mW/84qHg3N2gAACqaQ From: "Harris, David (IT Solutions US)" To: X-OriginalArrivalTime: 24 Jan 2008 18:52:11.0198 (UTC) FILETIME=[3A1D35E0:01C85EBA] X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 18:53:18 -0000 I'm not sure why I might use that type of feature. (I prefer to log all of the time, versus defaulting a bunch to "down"...I only have one device that spews ~120-160 MB/Day, which I normally 'down' unless I suspect I'm having trouble with the device. It is the debug port on a Cisco Firewall Service module, one of a redundant pair...I keep the 'other' FWSM debug port UP, since it's idle, unless something goes wrong and the two blades failover. If the other logfile is starting to grow, I know I need to go find out what forced the failover.) -Z-=20 David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Fax: 510 624-5508 mailto: david.k.harris@siemens.com=20 www.usa.siemens.com/it-solutions =20 -----Original Message----- From: Fabien Wernli [mailto:wernli@in2p3.fr]=20 Sent: Thursday, January 24, 2008 10:46 AM To: Harris, David (IT Solutions US) Cc: users@conserver.com Subject: Re: RE: down a bunch of consoles On Thu, Jan 24, 2008 at 09:12:58AM -0800, Harris, David (IT Solutions US) wrote: > From the client (communicating with any individual host), you can=20 > use [ctrl]+[e], [c], [d] to "down" that port. yeah I used that in an expect script to down many at once. Not very reliable :o) > simply comment out the lines associated with those ports, and then=20 > -HUP the main Conserver process. (And you can re-enable them later by=20 > editing the file and deleting that lead-# comment marker, and then=20 > re-HUP-ing the main process again). yeah sure but I dont like it because: 1) I like to keep my conserver.cf files in sync between my 6 conservers which means I have a cron to do that. 2) I believe it's a maintenance task, which should be handled by 'console' it'd be kind of cool to be able to 'console -u' to check nobody's connected to some consoles, then 'console --down '. I mean there's a mechanism for downing a console. Why not one for many? thanks for your time From wernli@in2p3.fr Thu Jan 24 12:13:45 2008 Received: from ccsrelay02.in2p3.fr (ccsrelay02.in2p3.fr [134.158.66.52]) by underdog.stansell.org (8.14.2/8.14.2) with ESMTP id m0OKDbRf023513 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Jan 2008 12:13:43 -0800 (PST) Received: from [192.168.1.240] (faxm0dem.org [82.224.162.122]) (authenticated bits=0) by ccsrelay02.in2p3.fr (8.13.8/8.13.8/IN2P3) with ESMTP id m0OKDQt7029932 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 24 Jan 2008 21:13:31 +0100 References: <2461A50AD2345646B1C4B3D7BA40B8E203AF2879@USNWK102MSX.ww017.siemens.net> Message-Id: <0CB9EB06-B876-4CB2-9E00-E64B86E56BF9@in2p3.fr> From: Fabien Wernli To: "Harris, David (IT Solutions US)" In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E203AF2879@USNWK102MSX.ww017.siemens.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes X-Mailer: iPhone Mail (3A110a) Mime-Version: 1.0 (iPhone Mail 3A110a) Subject: Re: down a bunch of consoles Content-Transfer-Encoding: 7bit Date: Thu, 24 Jan 2008 21:12:29 +0100 X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: "" X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 20:13:46 -0000 The reason I needed to do this (for the record) is due to an ILOM bug on Sun X4500 boxes, where the SOL feature could compromize the host OS . Thus I changed the conserver config to ondemand. However this did not down the consoles so I had to do it manually cheers