From MAILER-DAEMON Thu May 04 12:09:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FbgOY-0005wf-KV for mharc-nufw-users@gnu.org; Thu, 04 May 2006 12:09:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FbgOW-0005v8-FR for nufw-users@nongnu.org; Thu, 04 May 2006 12:09:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FbgOS-0005tV-SA for nufw-users@nongnu.org; Thu, 04 May 2006 12:09:35 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FbgOS-0005tK-K1 for nufw-users@nongnu.org; Thu, 04 May 2006 12:09:32 -0400 Received: from [193.52.232.3] (helo=iut-dijon.u-bourgogne.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FbgP6-0001Dt-2c for nufw-users@nongnu.org; Thu, 04 May 2006 12:10:12 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id 2A0A7AD0083 for ; Thu, 4 May 2006 18:09:22 +0200 (CEST) Received: from iut-dijon.u-bourgogne.fr ([127.0.0.1]) by localhost (iut-dijon [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30181-04 for ; Thu, 4 May 2006 18:09:19 +0200 (CEST) Received: from [193.52.243.77] (auxgtr08.u-bourgogne.fr [193.52.243.77]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id A4880AD008E for ; Thu, 4 May 2006 18:09:19 +0200 (CEST) Message-ID: <445A2787.7060702@iut-dijon.u-bourgogne.fr> Date: Thu, 04 May 2006 18:10:47 +0200 From: Jean-Philippe Zimmer User-Agent: Mozilla Thunderbird 1.0.7-1.4.1.centos4 (X11/20051007) X-Accept-Language: en-us, en MIME-Version: 1.0 To: nufw-users@nongnu.org Content-Type: multipart/mixed; boundary="------------020303060700010307050603" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at iut-dijon.u-bourgogne.fr Subject: [Nufw-users] Pb with nuauth X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 16:09:37 -0000 This is a multi-part message in MIME format. --------------020303060700010307050603 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Good morning, I am trying to use NuFw with an AD authentification. testsaslauthd works well. but not nuauth : when i am trying nutcpc -H myip -U myuti after entering the password I have : Can not initiate connection to NuFW gateway Problem: bad credential In the /var/log/message I have a message that i don't understant : nuauth: unable to open Berkeley db e= : No such file or directory. So what can I do ? (system authentification and sasl work well) Bye Jean-Philippe Zimmer --------------020303060700010307050603 Content-Type: text/x-vcard; charset=utf-8; name="jean-philippe.zimmer.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="jean-philippe.zimmer.vcf" begin:vcard fn:ZIMMER Jean-Philippe n:Jean-Philippe;ZIMMER org;quoted-printable:;D=C3=A9partement R&T adr;dom:;;route des plaines de l'Yonne;Auxerre;;89000 email;internet:jean-philippe.zimmer@iut-dijon.u-bourgogne.fr title:Site Universitaire d'Auxerre tel;work:0386492810 x-mozilla-html:FALSE version:2.1 end:vcard --------------020303060700010307050603-- From MAILER-DAEMON Thu May 04 13:08:23 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FbhJP-00017h-7H for mharc-nufw-users@gnu.org; Thu, 04 May 2006 13:08:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FbhJM-000159-Om for nufw-users@nongnu.org; Thu, 04 May 2006 13:08:20 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FbhJK-00014o-TN for nufw-users@nongnu.org; Thu, 04 May 2006 13:08:20 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FbhJK-00014l-PB for nufw-users@nongnu.org; Thu, 04 May 2006 13:08:18 -0400 Received: from [195.101.59.116] (helo=fydelkass.inl.fr) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FbhJy-0007kI-Pm for nufw-users@nongnu.org; Thu, 04 May 2006 13:08:59 -0400 Received: from [192.168.33.154] (helo=[192.168.33.154]) by fydelkass.inl.fr with esmtpsa (TLS-1.0:RSA_ARCFOUR_MD5:16) (Exim 4.50) id 1FbhJH-0004h2-Rs; Thu, 04 May 2006 19:08:15 +0200 Subject: Re: [Nufw-users] Pb with nuauth From: Eric Leblond To: Jean-Philippe Zimmer In-Reply-To: <445A2787.7060702@iut-dijon.u-bourgogne.fr> References: <445A2787.7060702@iut-dijon.u-bourgogne.fr> Content-Type: text/plain; charset=ISO-8859-15 Date: Thu, 04 May 2006 19:03:52 +0200 Message-Id: <1146762232.27888.3.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: quoted-printable Cc: nufw-users@nongnu.org X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 17:08:21 -0000 Le jeudi 04 mai 2006 =E0 18:10 +0200, Jean-Philippe Zimmer a =E9crit : > Good morning, > I am trying to use NuFw with an AD authentification. > testsaslauthd works well. > but not nuauth : > when i am trying nutcpc -H myip -U myuti > after entering the password I have : > Can not initiate connection to NuFW gateway > Problem: bad credential > In the /var/log/message I have a message that i don't understant : > nuauth: unable to open Berkeley db e=3D > : No=20 > such file or directory. In fact sasl try the fallback method sasldb and this fail because the file does not exists. > So what can I do ? (system authentification and sasl work well) nauth do not use sasl method to get username and password. That's why it fails. You have to setup PAM to use AD authentication for nuauth. And the, use the system module in nuauth to authenticate. Don't forget to setup nss to get the group for a user. BR, --=20 Eric Leblond From MAILER-DAEMON Thu May 04 17:36:20 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FblUi-00023q-QP for mharc-nufw-users@gnu.org; Thu, 04 May 2006 17:36:20 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FblUg-000201-3l for nufw-users@nongnu.org; Thu, 04 May 2006 17:36:18 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FblUd-0001xm-Td for nufw-users@nongnu.org; Thu, 04 May 2006 17:36:16 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FblUY-0001lk-5v; Thu, 04 May 2006 17:36:10 -0400 Received: from [81.57.69.189] (helo=porky) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FblUY-0002ke-Uf; Thu, 04 May 2006 17:36:11 -0400 Received: from localhost ([127.0.0.1]) by porky with esmtp (Exim 4.61) (envelope-from ) id 1FblVG-0006ad-Gp; Thu, 04 May 2006 23:36:54 +0200 From: Eric Leblond To: nufw-announces Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-kHyweRXmt9zUiJFLshBu" Organization: INL Date: Thu, 04 May 2006 23:36:54 +0200 Message-Id: <1146778614.5225.11.camel@porky> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 Cc: nufw-users@nongnu.org, NuFW devel Subject: [Nufw-users] NuFW 2.0-rc1 is available X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 21:36:19 -0000 --=-kHyweRXmt9zUiJFLshBu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, After almost a year of developpement, the NuFW Core team is proud to announce the first candidate release of NuFW 2.0 branch. The major change of this release against beta2 is the fix of the hello authentication mode. Full changelog is as follow :=20 - nufw : fix possible problem with connection fixed timeout and NAT=20 - nufw : add -M option to use mark to select conntrack event to be sent to nuauth=20 - NuFW : fix hello mode authentication=20 - doxygen documentation improvement=20 - nuauth : add antispoofing test to hello mode authentication Happy users filtering to all, --=20 Eric Leblond NuFW, Now User Filtering Works : http://www.nufw.org --=-kHyweRXmt9zUiJFLshBu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQBEWnP1nxA7CdMWjzIRAsbfAKCCsWFb2Rq2qWH+2p4qq9RDTfv6LQCeJUXH z89UG+b7CbOA+tUiqD9btgc= =7ZEO -----END PGP SIGNATURE----- --=-kHyweRXmt9zUiJFLshBu-- From MAILER-DAEMON Fri May 05 05:49:17 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fbww1-0001bt-2U for mharc-nufw-users@gnu.org; Fri, 05 May 2006 05:49:17 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fbwvz-0001bJ-6b for nufw-users@nongnu.org; Fri, 05 May 2006 05:49:15 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fbwvw-0001ag-PA for nufw-users@nongnu.org; Fri, 05 May 2006 05:49:13 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fbwvw-0001aY-Ha for nufw-users@nongnu.org; Fri, 05 May 2006 05:49:12 -0400 Received: from [193.52.232.3] (helo=iut-dijon.u-bourgogne.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fbww4-0003v1-FD for nufw-users@nongnu.org; Fri, 05 May 2006 05:49:20 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id B4ABFAD009E for ; Fri, 5 May 2006 11:49:05 +0200 (CEST) Received: from iut-dijon.u-bourgogne.fr ([127.0.0.1]) by localhost (iut-dijon [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23146-07 for ; Fri, 5 May 2006 11:49:03 +0200 (CEST) Received: from [193.52.243.77] (auxgtr08.u-bourgogne.fr [193.52.243.77]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id 41B67AD0099 for ; Fri, 5 May 2006 11:49:03 +0200 (CEST) Message-ID: <445B1FE5.3000005@iut-dijon.u-bourgogne.fr> Date: Fri, 05 May 2006 11:50:29 +0200 From: Jean-Philippe Zimmer User-Agent: Mozilla Thunderbird 1.0.7-1.4.1.centos4 (X11/20051007) X-Accept-Language: en-us, en MIME-Version: 1.0 To: nufw-users@nongnu.org Subject: Re: [Nufw-users] Pb with nuauth Content-Type: multipart/mixed; boundary="------------030001090800070209040909" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at iut-dijon.u-bourgogne.fr X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 09:49:15 -0000 This is a multi-part message in MIME format. --------------030001090800070209040909 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Good Morning, So I'm trying without saslauthd and I stop the daemon. getent passwd and getent group give me users and groups defined in the AD directory. The results of nutpc and the messages in /var/log/messages are the same. JPZ --------------030001090800070209040909 Content-Type: text/x-vcard; charset=utf-8; name="jean-philippe.zimmer.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="jean-philippe.zimmer.vcf" begin:vcard fn:ZIMMER Jean-Philippe n:Jean-Philippe;ZIMMER org;quoted-printable:;D=C3=A9partement R&T adr;dom:;;route des plaines de l'Yonne;Auxerre;;89000 email;internet:jean-philippe.zimmer@iut-dijon.u-bourgogne.fr title:Site Universitaire d'Auxerre tel;work:0386492810 x-mozilla-html:FALSE version:2.1 end:vcard --------------030001090800070209040909-- From MAILER-DAEMON Fri May 05 07:43:52 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fbyiu-0001Xf-IV for mharc-nufw-users@gnu.org; Fri, 05 May 2006 07:43:52 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fbyis-0001Xa-Nu for nufw-users@nongnu.org; Fri, 05 May 2006 07:43:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fbyio-0001Vm-Ty for nufw-users@nongnu.org; Fri, 05 May 2006 07:43:50 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fbyio-0001Vj-Nk for nufw-users@nongnu.org; Fri, 05 May 2006 07:43:46 -0400 Received: from [195.101.59.116] (helo=fydelkass.inl.fr) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1Fbyix-0004MQ-QQ for nufw-users@nongnu.org; Fri, 05 May 2006 07:43:55 -0400 Received: from [192.168.33.192] (helo=[192.168.33.192]) by fydelkass.inl.fr with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1FbyiV-0001zx-SY for nufw-users@nongnu.org; Fri, 05 May 2006 13:43:43 +0200 Message-ID: <445B3A5C.4090909@gryzor.com> Date: Fri, 05 May 2006 13:43:24 +0200 From: Vincent Deffontaines User-Agent: Thunderbird 1.5.0.2 (X11/20060501) MIME-Version: 1.0 To: nufw-users@nongnu.org Subject: Re: [Nufw-users] Pb with nuauth References: <445B1FE5.3000005@iut-dijon.u-bourgogne.fr> In-Reply-To: <445B1FE5.3000005@iut-dijon.u-bourgogne.fr> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.4 (-) X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 11:43:51 -0000 Jean-Philippe Zimmer wrote: > Good Morning, > So I'm trying without saslauthd and I stop the daemon. > getent passwd and getent group give me users and groups defined > in the AD directory. > The results of nutpc and the messages in /var/log/messages are the same. > JPZ Greetings, I see nothing obvious here. I guess it would help if you could provide your nuauth.conf (minus password informations) and pam/pam_ldap config. Vincent Deffontaines From MAILER-DAEMON Sun May 07 17:22:16 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fcqhk-0000fE-Qf for mharc-nufw-users@gnu.org; Sun, 07 May 2006 17:22:16 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fcqhk-0000f6-4a for nufw-users@nongnu.org; Sun, 07 May 2006 17:22:16 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fcqhg-0000eg-8m for nufw-users@nongnu.org; Sun, 07 May 2006 17:22:14 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fcqhg-0000ed-3I for nufw-users@nongnu.org; Sun, 07 May 2006 17:22:12 -0400 Received: from [193.252.22.28] (helo=smtp3.wanadoo.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FcqiM-0002mj-QY for nufw-users@nongnu.org; Sun, 07 May 2006 17:22:55 -0400 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0312.wanadoo.fr (SMTP Server) with ESMTP id D944D1C00119 for ; Sun, 7 May 2006 23:22:09 +0200 (CEST) Received: from [192.168.1.155] (ABordeaux-253-1-30-140.w82-125.abo.wanadoo.fr [82.125.125.140]) by mwinf0312.wanadoo.fr (SMTP Server) with ESMTP id 910611C00116 for ; Sun, 7 May 2006 23:22:09 +0200 (CEST) X-ME-UUID: 20060507212209594.910611C00116@mwinf0312.wanadoo.fr Message-ID: <445E650C.9090200@wanadoo.fr> Date: Sun, 07 May 2006 23:22:20 +0200 From: Vincent Schultz User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051017) X-Accept-Language: fr, en MIME-Version: 1.0 To: nufw-users@nongnu.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Nufw-users] Got error message from libipq X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 May 2006 21:22:16 -0000 Hello all, I tried to set nufw and nuau on Debian boxes. I used the Debian packages available at nufw.org. The box running nufw has a 2.6.13 kernel ip_queue_vwmark patched. For my tests, I use plaintext files for both authentication and ACLs. Here are my logs when I try to do a telnet on port 80 (which hangs) to the outside : sarge2:~# nuauth -vvvvvvvvv ** Message: debug_level is 9 ** Message: Starting nuauth ** Message: Auth (user) module: plaintext ** Message: User logs module: syslog ** Message: creating acl cache thread ** Message: Creating search_and_fill thread ** Message: Creating 3 acl checkers ** Message: Creating 3 user checkers ** Message: Creating 2 user loggers ** Message: Creating 2 decision workers ** Message: Creating tls authentication server thread ** Message: Creating tls nufw server thread ** Message: Threads system started ** Message: [plaintext] read_user_list: reading [/etc/nufw/users.nufw] ** Message: [plaintext] read_acl_list: reading [/etc/nufw/acls.nufw] ** Message: [plaintext] matching with decision 1 ** Message: [plaintext] matching with decision 1 ** Message: [plaintext] Checking for OS sysname=[Linux] ** Message: [plaintext] OS match (Linux) ** Message: [plaintext] Checking for App=[/usr/bin/telnet.netkit] sarge1:~# /usr/sbin/nufw -vvvvvvvv -l 4128 -L 127.0.0.1 -d 172.16.193.128 -p 4129 -t 15 -T 1000 -k /etc/nufw/nufw-key.pem -c /etc/nufw/nufw-cert.pem -a /etc/nufw/cacert.pem Listening on UDP port 4128 Listening on address 127.0.0.1 Sending Auth request to 172.16.193.128 Auth requests sent to port 4129 [3898] rx : 0, tx : 0, track_size : 0, start_list : (nil) [3898] rx : 0, tx : 0, track_size : 0, start_list : (nil) [3898] Not connected, trying TLS connection [3898] Connection to nuauth restored [3898] rx : 1, tx : 0, track_size : 1, start_list : 0x804f8f8 [3898] Got error message from libipq : 22 [3898] Got error message from libipq : 22 The iptables rules on the box running nufw : iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth1 -s 172.16.193.0/24 -m state --state NEW -p tcp -j QUEUE iptables -t nat -A PREROUTING -i eth1 -s 172.16.193.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT On the client : sarge4:~# nutcpc -d -H 172.16.193.128 -U suadmin Server Certificat OK Enter password : nutcpc 0.7 started (debug) I don't understand the 22 error. A problem with my homemade kernel ? With my iptables rules ? Thank you for your help, Vincent From MAILER-DAEMON Mon May 08 17:02:18 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdCry-0006Tl-IL for mharc-nufw-users@gnu.org; Mon, 08 May 2006 17:02:18 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdCrx-0006SJ-AN for nufw-users@nongnu.org; Mon, 08 May 2006 17:02:17 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdCru-0006P0-Fw for nufw-users@nongnu.org; Mon, 08 May 2006 17:02:16 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdCru-0006Ou-2q for nufw-users@nongnu.org; Mon, 08 May 2006 17:02:14 -0400 Received: from [195.101.59.116] (helo=home.regit.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FdCso-00010n-F2 for nufw-users@nongnu.org; Mon, 08 May 2006 17:03:10 -0400 Received: from bayen.regit.org ([81.57.69.189] helo=[192.168.1.128]) by home.regit.org with esmtpsa (TLS-1.0:RSA_ARCFOUR_MD5:16) (Exim 4.50) id 1FdCr2-0007Yx-Eu; Mon, 08 May 2006 23:01:39 +0200 Subject: Re: [Nufw-users] Got error message from libipq From: Eric Leblond To: Vincent Schultz In-Reply-To: <445E650C.9090200@wanadoo.fr> References: <445E650C.9090200@wanadoo.fr> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Nnta6gE9bLydNSXV/+Ra" Date: Mon, 08 May 2006 23:01:20 +0200 Message-Id: <1147122080.4975.3.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 X-Spam-Score: 0.0 (/) Cc: nufw-users@nongnu.org X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 21:02:17 -0000 --=-Nnta6gE9bLydNSXV/+Ra Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Le dimanche 07 mai 2006 =E0 23:22 +0200, Vincent Schultz a =E9crit : > Hello all, >=20 > I tried to set nufw and nuau on Debian boxes. I used the Debian packages > available at nufw.org. The box running nufw has a 2.6.13 kernel > ip_queue_vwmark patched.=20 You can't do that because there is a binary incompatibility between the patched kernel and the debian package. In fact, ip_queue_vwmark patch also patches libipq and nufw has to be compiled with this version to work with the patched kernel. BR, --=20 Eric Leblond --=-Nnta6gE9bLydNSXV/+Ra Content-Type: application/pgp-signature; name=signature.asc Content-Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQBEX7GgnxA7CdMWjzIRApxkAJ9bSDo+WKHkiYkB7QiRC0NmyRR8CQCfbLkQ 4aG/D8ovGTPuLVIzNf7ZwVI= =ssuI -----END PGP SIGNATURE----- --=-Nnta6gE9bLydNSXV/+Ra-- From MAILER-DAEMON Tue May 09 04:31:45 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdNdB-0007d2-Bb for mharc-nufw-users@gnu.org; Tue, 09 May 2006 04:31:45 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdNd9-0007c4-1c for nufw-users@nongnu.org; Tue, 09 May 2006 04:31:43 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdNd6-0007bR-0f for nufw-users@nongnu.org; Tue, 09 May 2006 04:31:42 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdNd5-0007bO-RZ for nufw-users@nongnu.org; Tue, 09 May 2006 04:31:39 -0400 Received: from [193.52.232.3] (helo=iut-dijon.u-bourgogne.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FdNe6-0003mu-UK for nufw-users@nongnu.org; Tue, 09 May 2006 04:32:43 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id E61BBAD009D for ; Tue, 9 May 2006 10:31:32 +0200 (CEST) Received: from iut-dijon.u-bourgogne.fr ([127.0.0.1]) by localhost (iut-dijon [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25838-08 for ; Tue, 9 May 2006 10:31:30 +0200 (CEST) Received: from [193.52.243.77] (auxgtr08.u-bourgogne.fr [193.52.243.77]) by iut-dijon.u-bourgogne.fr (Postfix) with ESMTP id 1C18CAD0099 for ; Tue, 9 May 2006 10:31:30 +0200 (CEST) Message-ID: <446053A2.1030900@iut-dijon.u-bourgogne.fr> Date: Tue, 09 May 2006 10:32:34 +0200 From: Jean-Philippe Zimmer User-Agent: Mozilla Thunderbird 1.0.7-1.4.1.centos4 (X11/20051007) X-Accept-Language: en-us, en MIME-Version: 1.0 To: nufw-users@nongnu.org Subject: Re: [Nufw-users] Pb with nuauth Content-Type: multipart/mixed; boundary="------------030807010007090001070300" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at iut-dijon.u-bourgogne.fr X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 08:31:43 -0000 This is a multi-part message in MIME format. --------------030807010007090001070300 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Good Morning, I send the principal configuration files. I am working with the Centos distribution ( RedHat Entreprise). nuauth works well with plaintext but not with libsystem. Sincerely. JPZ --------------030807010007090001070300 Content-Type: text/plain; name="ldap.conf" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ldap.conf" host 192.168.5.10 base dc=..... binddn cn=reqauth,cn=Users,dc=..... bindpw mypass rootbinddn cn=myrequser,cn=Users,dc=.... scope sub timelimit 1000 bind_timelimit 1000 nss_base_passwd ou=Comptes,dc=.....?sub nss_base_shadow ou=Comptes,dc=.....?sub nss_base_group ou=Groupes,dc=.....?sub nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute gidNumber description nss_map_attribute uidNumber uid nss_map_attribute loginShell houseIdentifier nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute primaryGroupID cn pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password md5 ssl no tls_cacertdir /etc/openldap/cacerts --------------030807010007090001070300 Content-Type: text/plain; name="nuauth.conf" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="nuauth.conf" nuauth_client_listen_addr="0.0.0.0" nuauth_nufw_listen_addr="127.0.0.1" nuauth_gw_packet_port=4129 nuauth_user_packet_port=4130 nufw_gw_addr="192.168.5.1 192.168.5.250" nufw_gw_port=4128 nuauth_prio_to_nok=1 nuauth_push_to_client=1 nuauth_do_ip_authentication=0 nuauth_packet_timeout=15 nuauth_datas_persistance=300 nuauth_auth_nego_timeout=30 nuauth_number_usercheckers=3 nuauth_number_aclcheckers=3 nuauth_number_loggers=2 nuauth_number_authcheckers=5 nuauth_number_ipauthcheckers=2 nuauth_user_check_module="libsystem" nuauth_acl_check_module="libplaintext" nuauth_acl_cache=1 nuauth_ip_authentication_module="libipauthident" nuauth_tls_key="/etc/nufw/nuauth-key.pem" nuauth_tls_cert="/etc/nufw/nuauth-cert.pem" nuauth_tls_cacert="/etc/nufw/NuFW-cacert.pem" nuauth_tls_request_cert=0 nuauth_log_users=8 nuauth_log_users_sync=1 nuauth_log_users_strict=1 nuauth_log_users_without_realm=1 nuauth_user_logs_module="syslog" plaintext_userfile="/etc/nufw/users.nufw" plaintext_aclfile="/etc/nufw/acls.nufw" system_convert_username_to_uppercase=0 system_convert_username_to_lowercase=0 system_pam_module_not_threadsafe=1 ldap_server_addr="192.168.5.10" ldap_server_port=389 ldap_bind_dn="cn=myrequser,cn=Users,dc=...." ldap_bind_password=mypass ldap_filter_type=0 ldap_request_timeout=4 ldap_basedn="dc=....." ldap_acls_base_dn="ou=acls,dc=....." ldap_users_base_dn="ou=Comptes,dc=....." mysql_server_addr="127.0.0.1" mysql_server_port=3306 mysql_user="myuser" mysql_passwd="secret" mysql_db_name="nufw" mysql_table_name="ulog" mysql_request_timeout=5 mysql_use_ssl=0 mysql_ssl_keyfile="/etc/nufw/ssl/mysql.key" mysql_ssl_certfile="/etc/nufw/ssl/mysql.cert" mysql_ssl_ca="/etc/nufw/ssl/mysql.ca" mysql_ssl_capath="/etc/nufw/ssl/mysql.cas/" mysql_ssl_cipher="ALL:!ADH:+RC4:@STRENGTH" pgsql_server_addr="127.0.0.1" pgsql_server_port=5432 pgsql_user="myuser" pgsql_passwd="secret" pgsql_ssl="prefer" pgsql_db_name="nufw" pgsql_table_name="ulog" pgsql_request_timeout=5 --------------030807010007090001070300 Content-Type: text/x-vcard; charset=utf-8; name="Jean-Philippe.Zimmer.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Jean-Philippe.Zimmer.vcf" begin:vcard fn:Jean-Philippe Zimmer n:;Jean-Philippe Zimmer org:Site Universitaire d'Auxerre adr;dom:route des plaines de l'Yonne;;Batiment R&T;Auxerre;;89000 email;internet:Jean-Philippe.Zimmer@iut-dijon.u-bourgogne.fr title:Service Informatique tel;work:0386492810 version:2.1 end:vcard --------------030807010007090001070300-- From MAILER-DAEMON Tue May 09 08:32:08 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdRNn-0005dE-Tj for mharc-nufw-users@gnu.org; Tue, 09 May 2006 08:32:08 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdRNl-0005bd-MP for nufw-users@nongnu.org; Tue, 09 May 2006 08:32:05 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdRNh-0005XG-BP for nufw-users@nongnu.org; Tue, 09 May 2006 08:32:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdRNh-0005Wx-2D for nufw-users@nongnu.org; Tue, 09 May 2006 08:32:01 -0400 Received: from [212.85.152.43] (helo=ombos.raceme.org) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FdROk-0000g1-Gv for nufw-users@nongnu.org; Tue, 09 May 2006 08:33:06 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by ombos.raceme.org (Postfix) with ESMTP id C13EF32960 for ; Tue, 9 May 2006 14:32:13 +0200 (CEST) Received: from ombos.raceme.org ([127.0.0.1]) by localhost (ombos [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 05126-09 for ; Tue, 9 May 2006 14:32:13 +0200 (CEST) Received: from webmail.raceme.org (localhost.localdomain [127.0.0.1]) by ombos.raceme.org (Postfix) with ESMTP id 41B963295E for ; Tue, 9 May 2006 14:32:13 +0200 (CEST) Received: from 195.101.59.116 (SquirrelMail authenticated user gryzor) by webmail.raceme.org with HTTP; Tue, 9 May 2006 14:32:13 +0200 (CEST) Message-ID: <54760.195.101.59.116.1147177933.squirrel@webmail.raceme.org> In-Reply-To: <446053A2.1030900@iut-dijon.u-bourgogne.fr> References: <446053A2.1030900@iut-dijon.u-bourgogne.fr> Date: Tue, 9 May 2006 14:32:13 +0200 (CEST) Subject: Re: [Nufw-users] Pb with nuauth From: "Vincent Deffontaines" To: nufw-users@nongnu.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="----=_20060509143213_53370" X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new-20030616-p10 at raceme.org X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 12:32:05 -0000 ------=_20060509143213_53370 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Jean-Philippe Zimmer a =E9crit : > Good Morning, > I send the principal configuration files. I am working > with the Centos distribution ( RedHat Entreprise). > nuauth works well with plaintext but not with libsystem. > Sincerely. > JPZ > Ok, here are a few tips. I would suggest you check these files : /etc/nsswitch.conf you should have "ldap" at least on the "group" and "passwd" lines. (probably this is OK since getent is OK for you). /etc/pam.d/system-auth (or the master file that generates that one) this file should probably contain LDAP-related informations too. As you may have guesses, we are no CentOS/RedHat experts, and therefore i= t is a bit hard to tell you where exactly to check. Since getent works for you, probably the only missing link is about pam/nuauth. On Debian, this link is performed from file /etc/pam.d/nuauth (of which I am attaching an example). But is most probably different from CentOS. Hope this helps, Vincent PS : We are very interested that you provide feedback of installation on CentOS, which can be included in the online howto ;) --=20 On sait qu'une cit=E9 va devenir grande quand on y voit les anciens plant= er des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur ombre. Proverbe Grec ------=_20060509143213_53370 Content-Type: application/octet-stream; name="nuauth" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="nuauth" YXV0aCAgICByZXF1aXJlZCAgICAgIC9saWIvc2VjdXJpdHkvcGFtX2Vudi5zbwphdXRoICAgIHN1 ZmZpY2llbnQgICAgL2xpYi9zZWN1cml0eS9wYW1fbGRhcC5zbwphdXRoICAgIHJlcXVpcmVkICAg ICAgL2xpYi9zZWN1cml0eS9wYW1fZGVueS5zbwoKYWNjb3VudCByZXF1aXJlZCAgICAgIC9saWIv c2VjdXJpdHkvcGFtX2xkYXAuc28KCnNlc3Npb24gcmVxdWlyZWQgICAgICAvbGliL3NlY3VyaXR5 L3BhbV9saW1pdHMuc28Kc2Vzc2lvbiBvcHRpb25hbCAgICAgIC9saWIvc2VjdXJpdHkvcGFtX2xk YXAuc28K ------=_20060509143213_53370-- From MAILER-DAEMON Tue May 23 08:05:03 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiVdG-000664-0o for mharc-nufw-users@gnu.org; Tue, 23 May 2006 08:05:02 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiEJj-0003jb-TY for nufw-users@nongnu.org; Mon, 22 May 2006 13:35:43 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiEJh-0003jO-W3 for nufw-users@nongnu.org; Mon, 22 May 2006 13:35:42 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiEJh-0003jL-Rn for nufw-users@nongnu.org; Mon, 22 May 2006 13:35:41 -0400 Received: from [193.252.22.30] (helo=smtp1.wanadoo.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FiENj-0006qm-Qv for nufw-users@nongnu.org; Mon, 22 May 2006 13:39:52 -0400 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0104.wanadoo.fr (SMTP Server) with ESMTP id 554871FFFFD0 for ; Mon, 22 May 2006 19:35:39 +0200 (CEST) Received: from [83.204.3.213] (ALille-257-1-20-213.w83-204.abo.wanadoo.fr [83.204.3.213]) by mwinf0104.wanadoo.fr (SMTP Server) with ESMTP id BF2E61FFFFCF; Mon, 22 May 2006 19:35:38 +0200 (CEST) X-ME-UUID: 20060522173538783.BF2E61FFFFCF@mwinf0104.wanadoo.fr Message-ID: <4471F66A.5030307@wanadoo.fr> Date: Mon, 22 May 2006 19:35:38 +0200 From: daqua User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: nufw-users@nongnu.org, sales@inl.fr X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/alternative; boundary="------------070704080701070401040902" X-Mailman-Approved-At: Tue, 23 May 2006 08:04:59 -0400 Cc: Subject: [Nufw-users] installation nuface-1.0.4 stable/script manquant X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 17:35:44 -0000 This is a multi-part message in MIME format. --------------070704080701070401040902 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi On debian sarge and with the nuface-1.0.4 the Makefile doesn't install /etc/init.d/init-firewall, can somebody tell me why or how to create one ? /debian:/home/daqua/Desktop/mytmp/nuface-1.0.4# make Building python package cd scripts; python setup_nupyf.py build running build running build_py debian:/home/daqua/Desktop/mytmp/nuface-1.0.4# make install install -d "-o 0 -g 0 -m 0644" /etc/network/firewall/desc/ install -d -o www-data /var/local/nuface install -d -o www-data /var/local/nufw/dyn/standard install -d -o www-data /var/local/nufw/dyn/nufw ln -sf /var/local/nufw/dyn /etc/network/firewall/dyn install "-o 0 -g 0 -m 0644" doc/desc.xml /etc/network/firewall/desc/desc.xml.ex install "-o 0 -g 0 -m 0644" doc/acls.xml /var/local/nuface/empty.xml install "-o 0 -g 0 -m 0644" scripts/nupyf.conf /etc/network/firewall/desc/desc.x ml.ex install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface' install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/templates install -d -o www-data /'usr/share/nuface'/templates_c install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/js/toolman install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/images install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/include install "-o 0 -g 0 -m 0644" *.php /'usr/share/nuface' install "-o 0 -g 0 -m 0644" include/*.php /'usr/share/nuface'/include install "-o 0 -g 0 -m 0644" *.css /'usr/share/nuface' install "-o 0 -g 0 -m 0644" *.gif *.png /'usr/share/nuface' install "-o 0 -g 0 -m 0644" images/*.png /'usr/share/nuface'/images install "-o 0 -g 0 -m 0644" js/*.js /'usr/share/nuface'/js install "-o 0 -g 0 -m 0644" js/toolman/*.js /'usr/share/nuface'/js/toolman Installing python package cd scripts; python setup_nupyf.py install --prefix /usr running install running build running build_py running install_lib install "-o 0 -g 0 -m 0644" scripts/nupyf/run_nupyf /usr/sbin/nupyf debian:/home/daqua/Desktop/mytmp/nuface-1.0.4#/ thanks --------------070704080701070401040902 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi
On debian sarge and with the nuface-1.0.4
the Makefile doesn't install  /etc/init.d/init-firewall, can somebody tell me why or  how to create one ?

debian:/home/daqua/Desktop/mytmp/nuface-1.0.4# make
Building python package
cd scripts; python setup_nupyf.py build
running build
running build_py
debian:/home/daqua/Desktop/mytmp/nuface-1.0.4# make install
install -d "-o 0 -g 0 -m 0644" /etc/network/firewall/desc/
install -d -o www-data  /var/local/nuface
install -d -o www-data  /var/local/nufw/dyn/standard
install -d -o www-data  /var/local/nufw/dyn/nufw
ln -sf /var/local/nufw/dyn /etc/network/firewall/dyn
install "-o 0 -g 0 -m 0644" doc/desc.xml /etc/network/firewall/desc/desc.xml.ex
install "-o 0 -g 0 -m 0644" doc/acls.xml   /var/local/nuface/empty.xml
install "-o 0 -g 0 -m 0644" scripts/nupyf.conf /etc/network/firewall/desc/desc.x ml.ex
install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'
install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/templates
install -d -o www-data /'usr/share/nuface'/templates_c
install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/js/toolman
install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/images
install -d "-o 0 -g 0 -m 0644" /'usr/share/nuface'/include
install "-o 0 -g 0 -m 0644" *.php /'usr/share/nuface'
install "-o 0 -g 0 -m 0644" include/*.php /'usr/share/nuface'/include
install "-o 0 -g 0 -m 0644" *.css /'usr/share/nuface'
install "-o 0 -g 0 -m 0644" *.gif *.png /'usr/share/nuface'
install "-o 0 -g 0 -m 0644" images/*.png /'usr/share/nuface'/images
install "-o 0 -g 0 -m 0644" js/*.js /'usr/share/nuface'/js
install "-o 0 -g 0 -m 0644" js/toolman/*.js /'usr/share/nuface'/js/toolman
Installing python package
cd scripts; python setup_nupyf.py install --prefix /usr
running install
running build
running build_py
running install_lib
install "-o 0 -g 0 -m 0644" scripts/nupyf/run_nupyf /usr/sbin/nupyf
debian:/home/daqua/Desktop/mytmp/nuface-1.0.4#

thanks

--------------070704080701070401040902-- From MAILER-DAEMON Tue May 23 09:41:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiX8k-0001Gk-0B for mharc-nufw-users@gnu.org; Tue, 23 May 2006 09:41:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiX8i-0001GH-Qi for nufw-users@nongnu.org; Tue, 23 May 2006 09:41:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiX8g-0001FY-VO for nufw-users@nongnu.org; Tue, 23 May 2006 09:41:36 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiX8g-0001FT-Qa for nufw-users@nongnu.org; Tue, 23 May 2006 09:41:34 -0400 Received: from [199.232.41.67] (helo=mx20.gnu.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FiXCu-0008VY-Q7 for nufw-users@nongnu.org; Tue, 23 May 2006 09:45:56 -0400 Received: from [195.101.59.116] (helo=fydelkass.inl.fr) by mx20.gnu.org with esmtp (Exim 4.52) id 1FiWXK-0007sS-4e for nufw-users@nongnu.org; Tue, 23 May 2006 09:02:58 -0400 Received: from [192.168.33.193] (helo=[192.168.33.193]) by fydelkass.inl.fr with esmtp (Exim 4.50) id 1FiWWu-0002JP-Ux for nufw-users@nongnu.org; Tue, 23 May 2006 15:02:48 +0200 Message-ID: <447307D4.5020703@inl.fr> Date: Tue, 23 May 2006 15:02:12 +0200 From: Jean Gillaux User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: nufw-users@nongnu.org Subject: Re: [Nufw-users] installation nuface-1.0.4 stable/script manquant References: <4471F66A.5030307@wanadoo.fr> In-Reply-To: <4471F66A.5030307@wanadoo.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.2 (-) X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 13:41:37 -0000 Hello, daqua a écrit : > Hi > On debian sarge and with the nuface-1.0.4 > the Makefile doesn't install /etc/init.d/init-firewall, can somebody > tell me why or how to create one ? init-firewall script is in the archive, in scripts/ directory. So you can copy it in /etc/init.d/, then use update-rc.d to create the corrects links in /etc/rc.d BR, -- Jean Gillaux From MAILER-DAEMON Tue May 23 10:46:05 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiY97-0004uf-D7 for mharc-nufw-users@gnu.org; Tue, 23 May 2006 10:46:05 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiY95-0004s1-3h for nufw-users@nongnu.org; Tue, 23 May 2006 10:46:03 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiY91-0004q3-3W for nufw-users@nongnu.org; Tue, 23 May 2006 10:46:02 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiY8x-0004oi-UG; Tue, 23 May 2006 10:45:55 -0400 Received: from [195.101.59.116] (helo=fydelkass.inl.fr) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FiYDC-00059b-9K; Tue, 23 May 2006 10:50:18 -0400 Received: from [192.168.33.154] (helo=[192.168.33.154]) by fydelkass.inl.fr with esmtpsa (TLS-1.0:RSA_ARCFOUR_MD5:16) (Exim 4.50) id 1FiY8u-0003oH-TW; Tue, 23 May 2006 16:45:52 +0200 From: Eric Leblond To: nufw-announces Content-Type: text/plain Date: Tue, 23 May 2006 16:40:53 +0200 Message-Id: <1148395253.27971.4.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: 7bit Cc: nufw-users@nongnu.org, NuFW devel Subject: [Nufw-users] NuFW 2.0 "extatic porcupine" is out ! X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 14:46:03 -0000 Hi, The first release of the 2.0 branch is now available ! This new branch contains a lot of new things and is now considered as stable. You can read : http://www.nufw.org/What-s-new-A-comparison-between.html to have more details. The main difference from release candidate to official stable is the inclusion of pam_nufw, a PAM module that transparently authenticates users. The full changelog of NuFW 2.0 against release candidate 2 is : - nuauth: fix period handling - libnuclient: fix crash when specified hostname is invalid - nutcpc: do not try to reconnect if password has changed, this will avoid to block user account after multiple retries - pam_nufw: initial release Happy user filtering to all, -- Eric Leblond From MAILER-DAEMON Wed May 24 10:21:29 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiuEq-0002cX-Ty for mharc-nufw-users@gnu.org; Wed, 24 May 2006 10:21:28 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiuEp-0002cE-O1 for nufw-users@nongnu.org; Wed, 24 May 2006 10:21:27 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiuEo-0002c2-6Z for nufw-users@nongnu.org; Wed, 24 May 2006 10:21:26 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiuEo-0002bz-0h for nufw-users@nongnu.org; Wed, 24 May 2006 10:21:26 -0400 Received: from [213.164.67.137] (helo=mail.collax.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FiuJG-0004xK-2o for nufw-users@nongnu.org; Wed, 24 May 2006 10:26:02 -0400 Received: from mail (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 16ECB298002 for ; Wed, 24 May 2006 16:21:16 +0200 (CEST) Received: from mail.collax.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.3-24) id 17962-66C48117; Wed, 24 May 2006 16:21:15 +0200 Received: from tilmanb.coreworks.de (unknown [172.16.1.21]) by mail.collax.com (Postfix) with ESMTP id 9E0DC298002 for ; Wed, 24 May 2006 16:21:10 +0200 (CEST) From: Tilman Baumann Organization: Collax To: nufw-users@nongnu.org Date: Wed, 24 May 2006 16:21:12 +0200 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605241621.12537.tilman.baumann@collax.com> X-Filtered: By ProxSMTP X-AntiVirus: checked by AntiVir MailGate (version: 2.0.3-24; AVE: 6.34.1.32; VDF: 6.34.1.138; host: mail) X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.9/OEM, bases: 24052006 #184180, status: clean Subject: [Nufw-users] compile problem version 2.0 (using -lnuclient in pam_nufw) X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 14:21:27 -0000 Hello all, nice project. ;) After a long compile session with libnetfilter_* from svn i have just one problem to solve. And i may have solved it already. :) I get the error below. The fix was to remove -lnuclient frm pam_nufw_la_LDFLAGS in src/clients/pam_nufw/Makefile. I don't know how sane that is. But it makes sense to me that you can not use a lib you are going to build at the moment. This error might not happen on development machines becaue libnuclient is already installed. ;) If this dependency really exists someone might have a look how to set up the local searchpath properly... Id did not show any errors without it in my case. Regards Tilman Baumann ---- The Error ---- Making all in pam_nufw make[3]: Entering directory `/data/home/admin/AppKit/common/net/nufw/nufw-2.0/src/clients/pam_nufw' if /bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../../../src/include -I ../lib -I../../../include -g -O2 -ansi -Wall -Wextra -Wno-unused-parameter -O2 -MT pam_nufw_la-pam_nufw.lo -MD -MP -MF ".deps/pam_nufw_la-pam_nufw.Tpo" -c -o pam_nufw_la-pam_nufw.lo `test -f 'pam_nufw.c' || echo './'`pam_nufw.c; \ then mv -f ".deps/pam_nufw_la-pam_nufw.Tpo" ".deps/pam_nufw_la-pam_nufw.Plo"; else rm -f ".deps/pam_nufw_la-pam_nufw.Tpo"; exit 1; fi mkdir .libs gcc -DHAVE_CONFIG_H -I. -I. -I../../../src/include -I ../lib -I../../../include -g -O2 -ansi -Wall -Wextra -Wno-unused-parameter -O2 -MT pam_nufw_la-pam_nufw.lo -MD -MP -MF .deps/pam_nufw_la-pam_nufw.Tpo -c pam_nufw.c -fPIC -DPIC -o .libs/pam_nufw_la-pam_nufw.o gcc -DHAVE_CONFIG_H -I. -I. -I../../../src/include -I ../lib -I../../../include -g -O2 -ansi -Wall -Wextra -Wno-unused-parameter -O2 -MT pam_nufw_la-pam_nufw.lo -MD -MP -MF .deps/pam_nufw_la-pam_nufw.Tpo -c pam_nufw.c -o pam_nufw_la-pam_nufw.o >/dev/null 2>&1 /bin/sh ../../../libtool --tag=CC --mode=link gcc -g -O2 -ansi -Wall -Wextra -Wno-unused-parameter -O2 -o pam_nufw.la -rpath /lib/security -avoid-version -module -lpam -lnuclient pam_nufw_la-pam_nufw.lo gcc -shared .libs/pam_nufw_la-pam_nufw.o -lpam -lnuclient -Wl,-soname -Wl,pam_nufw.so -o .libs/pam_nufw.so /usr/bin/ld: cannot find -lnuclient collect2: ld returned 1 exit status make[3]: *** [pam_nufw.la] Error 1 make[3]: Leaving directory `/data/home/admin/AppKit/common/net/nufw/nufw-2.0/src/clients/pam_nufw' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/data/home/admin/AppKit/common/net/nufw/nufw-2.0/src/clients' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/data/home/admin/AppKit/common/net/nufw/nufw-2.0/src' make: *** [all-recursive] Error 1 -- Tilman Baumann Software Developer Collax GmbH . Boetzinger Strasse 60 . 79111 Freiburg . Germany p: +49 (0) 89-990157-0 f: +49 (0) 89-990157-11 From MAILER-DAEMON Wed May 24 11:36:52 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FivPn-0003fz-WE for mharc-nufw-users@gnu.org; Wed, 24 May 2006 11:36:52 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FivPn-0003ft-F0 for nufw-users@nongnu.org; Wed, 24 May 2006 11:36:51 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FivPj-0003fP-Pn for nufw-users@nongnu.org; Wed, 24 May 2006 11:36:51 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FivPj-0003fM-Lf for nufw-users@nongnu.org; Wed, 24 May 2006 11:36:47 -0400 Received: from [195.101.59.116] (helo=fydelkass.inl.fr) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FivUC-0004WN-Gx for nufw-users@nongnu.org; Wed, 24 May 2006 11:41:24 -0400 Received: from [192.168.33.193] (helo=[192.168.33.193]) by fydelkass.inl.fr with esmtp (Exim 4.50) id 1FivPO-000698-A0 for nufw-users@nongnu.org; Wed, 24 May 2006 17:36:41 +0200 Message-ID: <44747D63.20901@inl.fr> Date: Wed, 24 May 2006 17:36:03 +0200 From: Jean Gillaux User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: nufw-users@nongnu.org Subject: Re: [Nufw-users] compile problem version 2.0 (using -lnuclient in pam_nufw) References: <200605241621.12537.tilman.baumann@collax.com> In-Reply-To: <200605241621.12537.tilman.baumann@collax.com> Content-Type: multipart/mixed; boundary="------------040303010609060303090203" X-Spam-Score: -1.3 (-) X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 15:36:51 -0000 This is a multi-part message in MIME format. --------------040303010609060303090203 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Hello, Tilman Baumann a écrit : > Hello all, > > nice project. ;) > > After a long compile session with libnetfilter_* from svn i have just one > problem to solve. > And i may have solved it already. :) > > I get the error below. > The fix was to remove -lnuclient frm pam_nufw_la_LDFLAGS in > src/clients/pam_nufw/Makefile. > I don't know how sane that is. But it makes sense to me that you can not use a > lib you are going to build at the moment. > This error might not happen on development machines becaue libnuclient is > already installed. ;) > If this dependency really exists someone might have a look how to set up the > local searchpath properly... This dependency really exists, so here is a patch that fixes the build. The fix is in the subversion repository, and will be in the next release (scheduled on next week) BR, -- Jean Gillaux INL http://inl.fr --------------040303010609060303090203 Content-Type: text/x-patch; name="pam_nufw-use-local-libnuclient.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="pam_nufw-use-local-libnuclient.patch" Index: src/clients/pam_nufw/Makefile.am =================================================================== --- src/clients/pam_nufw/Makefile.am (revision 2021) +++ src/clients/pam_nufw/Makefile.am (working copy) @@ -12,6 +12,8 @@ modules_LTLIBRARIES = pam_nufw.la +AM_LDFLAGS = "-L../lib/" + pam_nufw_la_SOURCES = pam_nufw.c pam_nufw_la_LDFLAGS = -avoid-version -module -lpam -lnuclient pam_nufw_la_LIBADD = --------------040303010609060303090203-- From MAILER-DAEMON Wed May 24 11:55:49 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fivi9-00021O-DE for mharc-nufw-users@gnu.org; Wed, 24 May 2006 11:55:49 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fivi7-00020x-4z for nufw-users@nongnu.org; Wed, 24 May 2006 11:55:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fivi5-00020l-LJ for nufw-users@nongnu.org; Wed, 24 May 2006 11:55:46 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fivi5-00020i-GF for nufw-users@nongnu.org; Wed, 24 May 2006 11:55:45 -0400 Received: from [213.164.67.137] (helo=mail.collax.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FivmY-0006gT-Gj for nufw-users@nongnu.org; Wed, 24 May 2006 12:00:22 -0400 Received: from mail (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 8A464298002 for ; Wed, 24 May 2006 17:55:35 +0200 (CEST) Received: from mail.collax.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.3-24) id 32387-2B57F203; Wed, 24 May 2006 17:55:34 +0200 Received: from tilmanb.coreworks.de (unknown [172.16.1.21]) by mail.collax.com (Postfix) with ESMTP id 678C8298002 for ; Wed, 24 May 2006 17:55:29 +0200 (CEST) From: Tilman Baumann Organization: Collax To: nufw-users@nongnu.org Subject: Re: [Nufw-users] compile problem version 2.0 (using -lnuclient in pam_nufw) Date: Wed, 24 May 2006 17:55:31 +0200 User-Agent: KMail/1.9.1 References: <200605241621.12537.tilman.baumann@collax.com> <44747D63.20901@inl.fr> In-Reply-To: <44747D63.20901@inl.fr> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605241755.31908.tilman.baumann@collax.com> X-Filtered: By ProxSMTP X-AntiVirus: checked by AntiVir MailGate (version: 2.0.3-24; AVE: 6.34.1.32; VDF: 6.34.1.138; host: mail) X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.9/OEM, bases: 24052006 #184180, status: clean X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 15:55:47 -0000 Am Mittwoch, 24. Mai 2006 17:36 schrieb Jean Gillaux: > > I get the error below. > > The fix was to remove -lnuclient frm pam_nufw_la_LDFLAGS in > > src/clients/pam_nufw/Makefile. > > I don't know how sane that is. But it makes sense to me that you can not > > use a lib you are going to build at the moment. > > This error might not happen on development machines becaue libnuclient is > > already installed. ;) > > If this dependency really exists someone might have a look how to set up > > the local searchpath properly... > > This dependency really exists, so here is a patch that fixes the build. Works fine. Thanks. -- Tilman Baumann Software Developer Collax GmbH . Boetzinger Strasse 60 . 79111 Freiburg . Germany p: +49 (0) 89-990157-0 f: +49 (0) 89-990157-11 From MAILER-DAEMON Wed May 31 06:18:01 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FlNm5-0003He-E1 for mharc-nufw-users@gnu.org; Wed, 31 May 2006 06:18:01 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FlNm1-0003HC-Cm for nufw-users@nongnu.org; Wed, 31 May 2006 06:17:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FlNlz-0003H0-UB for nufw-users@nongnu.org; Wed, 31 May 2006 06:17:57 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FlNlz-0003Gx-N5 for nufw-users@nongnu.org; Wed, 31 May 2006 06:17:55 -0400 Received: from [193.252.23.84] (helo=smtp15.wanadoo.fr) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FlNrz-00074P-FT for nufw-users@nongnu.org; Wed, 31 May 2006 06:24:07 -0400 Received: from wwinf1501 (wwinf1501 [172.22.146.28]) by mwinf1501.wanadoo.fr (SMTP Server) with ESMTP id 8BBB87000097 for ; Wed, 31 May 2006 12:17:53 +0200 (CEST) X-ME-UUID: 20060531101753572.8BBB87000097@mwinf1501.wanadoo.fr Message-ID: <2275732.1149070673540.JavaMail.www@wwinf1501> From: Vincent SCHULTZ To: nufw-users@nongnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [83.206.36.129] X-Wum-Nature: EMAIL-NATURE X-WUM-FROM: |~| X-WUM-TO: |~| X-WUM-REPLYTO: |~| Date: Wed, 31 May 2006 12:17:53 +0200 (CEST) Subject: [Nufw-users] Problem installing nuauth2 X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vincent.schultz@wanadoo.fr List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 10:17:58 -0000 Hello all, I built Debian packets (version 2.0.1) without any problem on Sarge. But wh= en I try to install nuauth, I got an error : # dpkg -i nuauth20_2.0.1-2_i386.deb S=C3=A9lection du paquet nuauth20 pr=C3=A9c=C3=A9demment d=C3=A9s=C3=A9lect= ionn=C3=A9. (Lecture de la base de donn=C3=A9es... 29763 fichiers et r=C3=A9pertoires d= =C3=A9j=C3=A0 install=C3=A9s.) D=C3=A9paquetage de nuauth20 (=C3=A0 partir de nuauth20_2.0.1-2_i386.deb) .= .. Param=C3=A9trage de nuauth20 (2.0.1-2) ... dpkg : erreur de traitement de nuauth20 (--install) : le sous-processus post-installation script a retourn=C3=A9 une erreur de s= ortie d'=C3=A9tat 10 Des erreurs ont =C3=A9t=C3=A9 rencontr=C3=A9es pendant l'ex=C3=A9cution : nuauth20 What's the problem ? What can I do ? Also, I had a problem with nufw package with "update-rc.d" command. Running= it without configuring boot time, solved the problem. Thank you, Vincent From MAILER-DAEMON Wed May 31 07:30:34 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FlOuI-0006dV-D7 for mharc-nufw-users@gnu.org; Wed, 31 May 2006 07:30:34 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FlOuG-0006dQ-Ve for nufw-users@nongnu.org; Wed, 31 May 2006 07:30:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FlOuE-0006dD-Cn for nufw-users@nongnu.org; Wed, 31 May 2006 07:30:31 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FlOuE-0006dA-8E for nufw-users@nongnu.org; Wed, 31 May 2006 07:30:30 -0400 Received: from [213.164.67.137] (helo=mail.collax.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FlP0E-0004d1-By for nufw-users@nongnu.org; Wed, 31 May 2006 07:36:42 -0400 Received: from mail (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 7F5B7298008 for ; Wed, 31 May 2006 13:30:47 +0200 (CEST) Received: from mail.collax.com (localhost [127.0.0.1]) by localhost (AvMailGate-2.0.3-24) id 05673-5C66AA54; Wed, 31 May 2006 13:30:46 +0200 Received: from tilmanb.coreworks.de (unknown [172.16.1.21]) by mail.collax.com (Postfix) with ESMTP id 15226298008 for ; Wed, 31 May 2006 13:30:40 +0200 (CEST) From: Tilman Baumann Organization: Collax To: nufw-users@nongnu.org Date: Wed, 31 May 2006 13:30:01 +0200 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605311330.02014.tilman.baumann@collax.com> X-Filtered: By ProxSMTP X-AntiVirus: checked by AntiVir MailGate (version: 2.0.3-24; AVE: 6.34.1.32; VDF: 6.34.1.171; host: mail) X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.9/OEM, bases: 31052006 #185540, status: clean Subject: [Nufw-users] nuauth fetches right acl but takes wrong decision X-BeenThere: nufw-users@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User discussions about NuFW List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 11:30:33 -0000 Hello, i can not get nuauth running correctly. I use PAM system) for authentification and LDAP for acl. I test with a user (tilli) who is in a gruop with gid 500. This user can login but his packets get droped. I'm not sure because the concerned section has less debug. But it looks like it fetches the right acl but don't get a handle on it. Maybe it makes something wrong with the comparision of the gid. But most likely i got something wrong. :) The acl looks this way: # all, acls, example.com dn: cn=all,ou=acls,dc=example,dc=com objectClass: top objectClass: NuAccessControlList Proto: 6 SrcIPEnd: 2886795263 Decision: 1 cn: all SrcPortEnd: 65535 DstIPEnd: 4294967295 Group: 500 SrcPortStart: 0 DstPortStart: 0 DstIPStart: 0 DstPortEnd: 65535 SrcIPStart: 2886729728 nuauth logs this: ** Message: Creating new packet ** Message: search&push: need to warn client ** Message: user activity on socket 7 ** Message: Pushing packet to user_checker ** Message: entering user_check ** Message: Authreq start ** Message: got IPv4 field ** Message: got APP field ** Message: Authreq end ** Message: Starting search and fill ** Message: Complete authreq: Filling user data for tilli ** Message: entering acl_check ** Message: LDAP filter : (&(objectClass=NuAccessControlList)(SrcIPStart<=2886730005) (SrcIPEnd>=2886730005)(DstIPStart<=1045136959)(DstIPEnd>=1045136959)(Proto=6) (DstPortStart<=22)(DstPortEnd>=22)(|(&(OsName=*)(OsName=Linux))(!(OsName=*))) (|(&(AppName=*)(AppName=/usr/bin/ssh))(!(AppName=*)))(|(&(OsRelease=*) (OsRelease=2.6.16.17))(!(OsRelease=*)))(|(&(OsVersion=*)(OsVersion=#1 Mon May 22 15:01:29 CEST 2006))(!(OsVersion=*)))(!(AppSig=*))) ** Message: Acl found with decision 1 ** Message: Starting search and fill ** Message: Trying to take decision on 0x89b0e70 ** Message: leaving acl_check ** Message: Sending auth answer 0 for packet 15 on socket 0x89b1680 ** Message: [nuauth] Drop [tilli] 1149000375 : SRC=172.16.1.21 DST=62.75.134.63 PROTO=6 SPT=38027 DPT=22 PS: The documentation mentions the ldap tree dc=acls,dc=example,dc=com. Which conflicts with the schema. It has to be ou=... BTW. i would appreciate some more LDAP examples. ;) LDAP ist great with nufw but not so well documentet. -- Tilman Baumann Software Developer Collax GmbH . Boetzinger Strasse 60 . 79111 Freiburg . Germany p: +49 (0) 89-990157-0 f: +49 (0) 89-990157-11