newscache: Thread: NewsCache Authentication

 
I have 99.22p1-1 (rpm) installed on redhat Fedora 1. Everything works fine when I allow full access.

When I try to use unix authentication I am refused access. Here is the configuration block:

  Client 0.0.0.0/0.0.0.0 {
    allow read post
    List !*
    Read !*
    PostTo !*
    Authentication unix:read:postto
  }

Here is the relevant section from the messages log file:

Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] connect
Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] MODE READER
Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] authinfo
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] authinfo
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] failed AUTHINFO PASS always
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] exit articles 0 groups 0

I have changed to process to be run by root. I was thinking that perhaps user 'news' couldn't get access to /etc/passwd. Running as root didn't help.

I'm suspecting that the cause may be the ServerType variable. I'm running in standalone mode instead of inetd mode. Authentication may require inetd mode, but I can't run inetd mode because the version of redhat I'm using uses xinetd instead.

Thanks in advance for your advice!


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004

I have 99.22p1-1 (rpm) installed on redhat Fedora 1. Everything works fine when I allow full access.

When I try to use unix authentication I am refused access. Here is the configuration block:

  Client 0.0.0.0/0.0.0.0 {
    allow read post
    List !*
    Read !*
    PostTo !*
    Authentication unix:read:postto
  }

Here is the relevant section from the messages log file:

Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] connect
Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] MODE READER
Aug 21 19:18:01 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] authinfo
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] authinfo
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] failed AUTHINFO PASS always
Aug 21 19:18:02 mail NewsCache[4896]: 67-136-15-1.bras01.eko.nv.frontiernet.net [67.136.15.1] exit articles 0 groups 0

I have changed to process to be run by root. I was thinking that perhaps user 'news' couldn't get access to /etc/passwd. Running as root didn't help.

I'm suspecting that the cause may be the ServerType variable. I'm running in standalone mode instead of inetd mode. Authentication may require inetd mode, but I can't run inetd mode because the version of redhat I'm using uses xinetd instead.

Thanks in advance for your advice!


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004

I think, that the version 0.99.* does'nt work correctly with
username/password authentication. I used it only with ip-address
specifications. The implementation of 0.99* does'nt allow to user g++ >=
3.0! I have created new versions of socket++ and NewsCache and also release
RPM'S for easy installation. But at the moment i'm very busy, so i can only
upload the new Release Candidates. If you have installed all necessary
autotools, the installation should be not complicated. Little Installation
Guide:

$ wget
http://members.aon.at/hstraub/linux/socket++/socket++-1.12.12rc2.tar.gz
$ wget http://members.aon.at/hstraub/linux/newscache/NewsCache-1.2rc5.tar.gz
$ tar xzf socket++-1.12.12rc2.tar.gz
$ cd socket++-1.12.12rc2
$ ./autogen
$ ./configure --prefix=/usr
$ make
$ su
$ make install

Now NewsCache
$ tar xzf NewsCache-1.12.12rc5.tar.gz
$ cd NewsCache-1.12.12rc5
$ ./autogen
$ ./configure --prefix=/usr --sysconfdir=/etc --with-pam
$ make
$ su
$ make install

Follow the instructions in doc/newscache-pam.txt and the manual page
newscache.conf.

Removing the installed parts with:
$ make uninstall
$ make uninstall

Please send your experencies to this list.

Regards Herbert Straub

-----Ursprüngliche Nachricht-----
Von: RFI Admin ####@####.#### 
Gesendet: Sonntag, 22. August 2004 15:30
An: ####@####.####
Betreff: NewsCache authentication


I have 99.22p1-1 (rpm) installed on redhat Fedora 1. Everything works fine
when I allow full access.

When I try to use unix authentication I am refused access. Here is the
configuration block:

  Client 0.0.0.0/0.0.0.0 {
    allow read post
    List !*
    Read !*
    PostTo !*
    Authentication unix:read:postto
  }

The tarballs for 1.12.12rc2 (socket++ and newscache) compiled & installed just fine. I have configured /etc/newscache.conf, and /usr/sbin/newscache starts just fine.

The problem is that I get dropped from a nntp session without ant apparent reason, even if I require no authentication. Nothing in the log. Here is what a session looks like:

[root@mail root]# telnet localhost 119
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
[root@mail root]#

When I try to connect as a remote client using Outlook Express I get a general TCP/IP error.

The process doesn't die because I can do it again. Any ideas?




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004

RFI Admin wrote:

>The tarballs for 1.12.12rc2 (socket++ and newscache) compiled & installed just fine. I have configured /etc/newscache.conf, and /usr/sbin/newscache starts just fine.
>
>The problem is that I get dropped from a nntp session without ant apparent reason, even if I require no authentication. Nothing in the log. 
>
Normally it should look like:
telnet localhost 119
Trying 127.0.0.1...
Connected to myhost.
Escape character is '^]'.
200 NewsCache 1.2rc5, accepting NNRP commands
quit
205 Good bye
Connection closed by foreign host.

Logfiles: you can get more messages, if you a) add in syslog.conf: 
news.debug /var/log/news.debug and send a HUP with killall -HUP syslogd 
and b) if you configure Socket++ and NewsCache with --enable-debug. With 
--enable-debug Newscache produce a lot of messages.

Configuration: send your configuration, but don't forget removing 
sensetive private data. You can produce a output of the currently used 
configurationfile with: newscache -p

You can also check:
netstat -tlp

Do you use specific iptables rules? (iptables -L)

>
>When I try to connect as a remote client using Outlook Express I get a general TCP/IP error.
>  
>
I know, that Outlook works very well with NewsCache. With Outlook 
Express i does'nt know it definitiv, but i think it should be work also.

Herbert,

Logging has shed some light on the problem:

Aug 24 08:51:06 mail NewsCache[10564]: NewsCache Server Start
Aug 24 08:51:11 mail NewsCache[14658]: nnrpd: access_entry name matched:
0.0.0.0/0.0.0.0
Aug 24 08:51:11 mail NewsCache[14658]: mail.thriftinternet.com [127.0.0.1]
connect
Aug 24 08:51:11 mail NewsCache[14658]: NServer::NServer() hostname set to:
mail.thriftinternet.com
Aug 24 08:51:11 mail NewsCache[14658]: nnrpd caught Error Exception! File:
NVcontainer.cc Function: virtual void NVcontainer::make_current() Line: 135
Desc: NVConatiner(19603): info-record shrunk
Aug 24 08:51:11 mail NewsCache[10564]: receiving signal SIGCHLD: 17

How can I deal with the NVContainer problem?



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004

I think, there is a corrupt file on die SpoolDirectory. Example:

ls -lha /var/spool/newscache/
total 1.2M
drwxrwx---   20 news     news         4.0k Aug 24 14:14 .
drwxr-xr-x   10 root     root         4.0k Jul  9 14:53 ..
-rw-r--r--    1 news     news         1.1M Jul 19 13:14 .active
drwx------    2 news     news         4.0k Jul  9 14:59 .artSpool
drwx------    2 news     news         4.0k Jul  9 14:59 .badArticles
-rw-------    1 news     news            0 Jul  9 14:59
.resourceSpooler.lock
drwxr-xr-x    4 news     news         4.0k Aug 24 14:10 alt
drwxr-xr-x    4 news     news         4.0k Jul 19 13:43 vmsnet
....

How to clean up the directory:
1) stop newscache
2) remove all files an the spooldirectory (don't forget the .* files)
3) start newscache

Now it should work.

If you would spend some time to debug the error - or you can upload a tar
file from the spooldirectory (with the corrupt files), so i can do this - i
had the chance to fix this error. In the Debian Bug Database, there is an
bug with a corrupt database (dated 1998?), but i had never such a situation.



-----Ursprüngliche Nachricht-----
Von: RFI Admin ####@####.#### 
Gesendet: Dienstag, 24. August 2004 19:27
An: ####@####.####
Betreff: Re: AW: NewsCache authentication


Herbert,

Logging has shed some light on the problem:

Aug 24 08:51:06 mail NewsCache[10564]: NewsCache Server Start Aug 24
08:51:11 mail NewsCache[14658]: nnrpd: access_entry name matched:
0.0.0.0/0.0.0.0 Aug 24 08:51:11 mail NewsCache[14658]:
mail.thriftinternet.com [127.0.0.1] connect Aug 24 08:51:11 mail
NewsCache[14658]: NServer::NServer() hostname set to:
mail.thriftinternet.com Aug 24 08:51:11 mail NewsCache[14658]: nnrpd caught
Error Exception! File: NVcontainer.cc Function: virtual void
NVcontainer::make_current() Line: 135
Desc: NVConatiner(19603): info-record shrunk
Aug 24 08:51:11 mail NewsCache[10564]: receiving signal SIGCHLD: 17

How can I deal with the NVContainer problem?

Herbert,

I stopped newscache, removed all files from the /var/spool/newscache
directory and then restarted newscache. I still get the same error in the
telnet session with exactly the same error in the news.debug log.




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004

By the way, does this installation also work with radius authentication?
Would I need to recompile with an additional option to use it with radius?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 8/24/2004

Unclear what happens, but i reworked the Error and throw messages in the
NVcontainer class. The NVcontainer class is originaly from Thomas Gschwind
and has not been changed by me. I hope we can now see clear errormessages in
the logfile.

I upload the file to 
http://members.aon.at/hstraub/linux/newscache/NewsCache-1.2rc5-patch1.gz

md5sum NewsCache-1.2rc5-patch1.gz
5bb4948992bdcf2b3f662b0dcf3b8267  NewsCache-1.2rc5-patch1.gz

Patch instruction:
wget
http://members.aon.at/hstraub/linux/newscache/NewsCache-1.2rc5-patch1.gz
md5sum NewsCache-1.2rc5-patch1.gz
cd NewsCache-1.2rc5
zcat ~/NewsCache-1.2rc5-patch1.gz | patch -p1

ad configuration options for pam:

you can follow the instructions in doc/newscache-pam.txt. Normally you
specify only  --with-pam and NewsCache will use the Pam Servicename
newscache (located in /etc/pam.d/newscache on Debian). Optionally you can
use a own pam servicename for each client in the AccessList with the
Parameter PAMServicename in the newscache.conf file.

I have tested all configuration descriped in this document on Debian (sid)

-----Ursprüngliche Nachricht-----
Von: RFI Admin ####@####.#### 
Gesendet: Mittwoch, 25. August 2004 16:34
An: ####@####.####
Betreff: Fw: AW: NewsCache authentication


Herbert,

I stopped newscache, removed all files from the /var/spool/newscache
directory and then restarted newscache. I still get the same error in the
telnet session with exactly the same error in the news.debug log.