Subject:
Re: AW: Configuration help please
From:
Mike Peasley ####@####.####
Date:
30 Jan 2006 09:19:05 +0000
Message-Id: <3aad70a348754207a9d07eed1ff9ec60@webserver001>
Thank you for the fast response!
I have changed the entry in /etc/newscache.conf as you suggested, but I am still unable to connect from the windows box. I have also disabled the Sygate firewall on the windows box, but as the log shows the connection as being denied I doubt this is the problem. There is no firewall installed on the linux box. Log files and access list are below.
The logs show me trying to connect from the win box, and again successfully connecting from the local box. Is there something I may be missing in another area of the .conf?
Thank you for your help, I am sure a resolution is close :o)
Best regards
MP
debug:
Jan 30 21:51:17 sardine NewsCache[10953]: receiving signal SIGCHLD: 17
Jan 30 21:51:58 sardine NewsCache[11230]: nnrpd: access_entry name matched:
localhost
Jan 30 21:51:58 sardine NewsCache[11230]: NServer::NServer() hostname set
to: sardine.mshome.net
Jan 30 21:51:58 sardine NewsCache[11230]: RServer::connect: Connecting to
news.winextra.com from interface sardine.mshome.net to servicename nntp
notice:
Jan 30 21:41:56 sardine NewsCache[9581]: localhost [127.0.0.1] connect
Jan 30 21:42:24 sardine NewsCache[9648]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:43:15 sardine NewsCache[9818]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:45:10 sardine NewsCache[10127]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:46:46 sardine NewsCache[10359]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:47:25 sardine NewsCache[10491]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:50:19 sardine NewsCache[10953]: NewsCache Server Start
Jan 30 21:50:22 sardine NewsCache[10961]: NewsCache Server Start
Jan 30 21:51:17 sardine NewsCache[11094]: 10.1.1.5 [10.1.1.5] denied
Jan 30 21:51:58 sardine NewsCache[11230]: localhost [127.0.0.1] connect
Jan 30 21:57:00 sardine NewsCache[11230]: localhost [127.0.0.1] group
winextra.help.linux 1
Jan 30 21:57:00 sardine NewsCache[11230]: localhost [127.0.0.1] exit
articles 1 groups 1
accesslist:
AccessList {
Client 10.1.1.0/255 {
List *
Read *
PostTo *
Authentication None
}
Client stdin {
allow read post debug
# list all newsgroups, allow users to read *, and to post to *
List *
Read *
PostTo *
# no further authentication necessary/possible
Authentication none
}
Client localhost {
allow read post
# list all newsgroups, allow users to read *, and to post to *
# No xdebug command for unauthenticated clients.
List *
Read *
PostTo *
Authentication unix::::debug
# all authenticated clients are able to use the xdebug command
}
Client .winextra.com {
allow read post
# list all, except for alt.* newsgroups, allow users to
# read at.* and to post to at.*
List *
Read *
PostTo *
# allow users to gain additional privileges by
# authenticating based on a password file
# the format of the file is username:password:read:postto
Authentication none
}
Client 192.168.0.0/255.255.0.0 {
allow read post
# deny access to all newsgroups
List *
Read *
PostTo *
# allow users to gain additional privileges by
# authenticating using standard passwd semantics
# allow to read * and to post to at.* after successful
# authentication
Authentication none
}
Client 192.169.0.0/255.255.0.0 {
allow read
# deny access to all newsgroups
List at.*
Read at.*
PostTo !*
Authentication none
# allow users to gain additional privileges by
# authenticating using standard passwd semantics
# allow to read * and to post to * and can use the xdebug
# command after successful authentication.
# Unauthenticated clients can only read from at.* groups.
}
Client .aol.com {
allow none
}
Default {
allow none
}
}
sardine:~# ping 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=128 time=4.08 ms
64 bytes from 10.1.1.5: icmp_seq=2 ttl=128 time=0.739 ms
64 bytes from 10.1.1.5: icmp_seq=3 ttl=128 time=2.26 ms
64 bytes from 10.1.1.5: icmp_seq=4 ttl=128 time=1.12 ms
64 bytes from 10.1.1.5: icmp_seq=5 ttl=128 time=2.14 ms
--- 10.1.1.5 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.739/2.072/4.081/1.162 ms
sardine:~#
From: Straub ####@####.####
Sent: Monday, January 30, 2006 8:35 AM -08:00
To: Mike Peasley ####@####.####
Subject: AW: Configuration help please
Hallo,
you have to setup the AccessSpec. Take your network ip address of yor windows machine(example 10.10.10.25) an specify this in the /etc/newscache.conf,
AccessList {
Client 10.10.10.0/255 {
List *
Read *
PostTo *
Authentication None
}
}
This example allows all adresses in the address range from 10.10.10.0-10.10.10.255 to access the NewsCache. If you have troubles, please attach the Logfile.
Best Regards
Herbert Straub
-----Ursprüngliche Nachricht-----
Von: Mike Peasley ####@####.####
Gesendet: Montag, 30. Januar 2006 09:23
An: ####@####.####
Betreff: Configuration help please
Hello,
I am pretty new to linux, but one of the reasons I am using it is that I want to use Newscache.
After some initial frustrations, first of all with getting the OS to play nicely (Xandros 3.0.2 OCE - debian based)
I have installed Newscache and have got it to work ok on the Linux machine. I am unable to connect to Newscache from the windows machines on the network (combinations of XP pro & Win2k) The network is a simple workgroup setup and all machines can see each other.
The nnewscache log is showing that the windows machine (I am sticking with just trying one machine at the moment (XP)) is attempting to connect, but is denied. This leads me to believe the problem is with the way I am trying to configure the newscache.conf.
I append the access list below. Where it says *.mshome.net, I have tried many other things, including the IP address of the windows box in question, the name of the windows box etc. The 192. IP addresses are not on my network, but I have left those entries in, as removing them didn't seem to help, and I didn't want to cause more harm. If I can safely remove them I will.
I have not changed any of the comment lines, so they will reflect the config as it came. I was going to change them when I got things working.....
I appreciate any help you may be able to offer.
Thanks in advance
MP
AccessList {
Client stdin {
allow read post debug
# list all newsgroups, allow users to read *, and to post to *
List *
Read *
PostTo *
# no further authentication necessary/possible
Authentication none
}
Client localhost {
allow read post
# list all newsgroups, allow users to read *, and to post to *
# No xdebug command for unauthenticated clients.
List *
Read *
PostTo *
Authentication unix::::debug
# all authenticated clients are able to use the xdebug command
}
Client .winextra.com {
allow read post
# list all, except for alt.* newsgroups, allow users to
# read at.* and to post to at.*
List *
Read *
PostTo *
# allow users to gain additional privileges by
# authenticating based on a password file
# the format of the file is username:password:read:postto
Authentication none
}
Client *.mshome.net {
allow read post
# list all, except for alt.* newsgroups, allow users to
# read at.* and to post to at.*
List *
Read *
PostTo *
# allow users to gain additional privileges by
# authenticating based on a password file
# the format of the file is username:password:read:postto
Authentication none
}
Client 192.168.0.0/255.255.0.0 {
allow read post
# deny access to all newsgroups
List *
Read *
PostTo *
# allow users to gain additional privileges by
# authenticating using standard passwd semantics
# allow to read * and to post to at.* after successful
# authentication
Authentication none
}
Client 192.169.0.0/255.255.0.0 {
allow read
# deny access to all newsgroups
List at.*
Read at.*
PostTo !*
Authentication none
# allow users to gain additional privileges by
# authenticating using standard passwd semantics
# allow to read * and to post to * and can use the xdebug
# command after successful authentication.
# Unauthenticated clients can only read from at.* groups.
}
Client .aol.com {
allow none
}
Default {
allow none
}
}
__________________________________________
Get your own goowy now @ http://www.goowy.com
---------------------------------------------------------------------
To unsubscribe, e-mail: ####@####.####
For additional commands, e-mail: ####@####.####
__________________________________________
Get your own goowy now @ http://www.goowy.com
