netpass-users Mailing List for NetPass (Page 3)
Brought to you by:
jeffmurphy
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(4) |
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(27) |
Jul
(15) |
Aug
(14) |
Sep
(22) |
Oct
|
Nov
(5) |
Dec
(1) |
2006 |
Jan
|
Feb
|
Mar
(18) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
From: Jeff M. <jcm...@os...> - 2005-09-06 20:29:25
|
added to cvs On Tue, 2005-09-06 at 10:58 -0500, Julian Y. Koh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Would it be possible to sort lists of networks, switches, etc by IP address > instead of by pure number sorting? > > For example, switch 1.2.3.46 appears before 1.2.3.5. Network 1.2.99.0/24 > appears after 1.2.104.0/24. > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html> > > iQA/AwUBQx28uQ5UB5zJHgFjEQIuMgCfZh3nF6bmWb51nc14MkLcD46tDtUAnRIr > +Jej6chiUGwaKUSGA07ltL2v > =jUS7 > -----END PGP SIGNATURE----- |
From: Julian Y. K. <ko...@no...> - 2005-09-06 15:59:02
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Would it be possible to sort lists of networks, switches, etc by IP address instead of by pure number sorting? For example, switch 1.2.3.46 appears before 1.2.3.5. Network 1.2.99.0/24 appears after 1.2.104.0/24. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html> iQA/AwUBQx28uQ5UB5zJHgFjEQIuMgCfZh3nF6bmWb51nc14MkLcD46tDtUAnRIr +Jej6chiUGwaKUSGA07ltL2v =jUS7 -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:ko...@no...> Network Engineer <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> |
From: Jeff M. <jcm...@os...> - 2005-08-31 20:08:04
|
On Wed, 2005-08-31 at 15:56 -0400, Don Rugh wrote: > ...is this something that would be of interest to the larger group?? > how do others handle this type of situation??? > > (I'm guessing best way would be to insert code into macscan that if > macIsRegistered returns true would call macStatus and reset port to > proper vlan if it's not there already...??) yes. if it's registered, grab the status and if it's not P/UNQUAR, move the port back to quarantine by calling "requestPortmove()" requestMovePort(-switch => switch, -port => port, -vlan => <quarantine | unquarantine>) you wouldnt need to figure out what the correct vlan number is. that'll happen automatically for you with portmover does the actual work. jeff > > don > > > On Aug 31, 2005, at 3:07 PM, Jeff Murphy wrote: > > > On Wed, 2005-08-31 at 10:42 -0400, Don Rugh wrote: > > > >> Consider the following scenario: > >> > >> > >> - User transgresses policy and needs to be quarantined > >> - Admin q's user > >> - DB is updated, but port reset fails b/c user's MAC is not found on > >> the switch. We also believe that computer is plugged into a > >> switch/router, such that computer wake/sleep does not generate > >> linkup/down events to the switch -- link always up, MAC may or may > >> not > >> be present > >> - QUESTION: when user's computer wakes up, no event generated, they > >> are on the network since there appears to be no mechanism to verify > >> that all ports are in their correct states > >> > >> > >> This could also occur if the SNMP UDP packet doesn't make it to the > >> switch....are we missing something here?? or have you extended the > >> MAC > >> aging time on your switches?? > >> > > > > > > > > it's possible that macscan can be modified to not simply check that > > the > > port only has registered clients - but also that each client's > > status is > > P/UNQUAR. if the port contains unregistered or quarantined clients > > then > > it would be switched to the quarantine. > > > > another, less likely, possibility would be to determine if the switch > > can trap when it detects a new mac. even if that worked, it would > > require more effort than modifying macscan. > > > > jeff > > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is Sponsored by the Better Software Conference & EXPO > > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > > Practices > > Agile & Plan-Driven Development * Managing Projects & Teams * > > Testing & QA > > Security * Process Improvement & Measurement * http://www.sqe.com/ > > bsce5sf > > _______________________________________________ > > Netpass-users mailing list > > Net...@li... > > https://lists.sourceforge.net/lists/listinfo/netpass-users > > > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > -- Jeff Murphy <jcm...@os...> |
From: Don R. <don...@em...> - 2005-08-31 19:56:14
|
...is this something that would be of interest to the larger group?? how do others handle this type of situation??? (I'm guessing best way would be to insert code into macscan that if macIsRegistered returns true would call macStatus and reset port to proper vlan if it's not there already...??) don On Aug 31, 2005, at 3:07 PM, Jeff Murphy wrote: > On Wed, 2005-08-31 at 10:42 -0400, Don Rugh wrote: > >> Consider the following scenario: >> >> >> - User transgresses policy and needs to be quarantined >> - Admin q's user >> - DB is updated, but port reset fails b/c user's MAC is not found on >> the switch. We also believe that computer is plugged into a >> switch/router, such that computer wake/sleep does not generate >> linkup/down events to the switch -- link always up, MAC may or may >> not >> be present >> - QUESTION: when user's computer wakes up, no event generated, they >> are on the network since there appears to be no mechanism to verify >> that all ports are in their correct states >> >> >> This could also occur if the SNMP UDP packet doesn't make it to the >> switch....are we missing something here?? or have you extended the >> MAC >> aging time on your switches?? >> > > > > it's possible that macscan can be modified to not simply check that > the > port only has registered clients - but also that each client's > status is > P/UNQUAR. if the port contains unregistered or quarantined clients > then > it would be switched to the quarantine. > > another, less likely, possibility would be to determine if the switch > can trap when it detects a new mac. even if that worked, it would > require more effort than modifying macscan. > > jeff > > > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > Practices > Agile & Plan-Driven Development * Managing Projects & Teams * > Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/ > bsce5sf > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > |
From: Jeff M. <jcm...@os...> - 2005-08-31 19:41:36
|
a quick note about message naming. i'm recommending that you name messages as msg:xxxxx nessus:xxxxx snort:xxxxx instead of calling them all 'msg:xxxxx'. in other words, prefix them with either snort or nessus as appropriate and tie the scans to those messages in scan config. eventually, to make things more manageable, i'll use a hierarchical menu in scanconfig, etc, based on the prefix... as the current scan config drop down can get quiet long. jeff |
From: Jeff M. <jcm...@os...> - 2005-08-31 19:08:00
|
On Wed, 2005-08-31 at 10:42 -0400, Don Rugh wrote: > Consider the following scenario: > > > - User transgresses policy and needs to be quarantined > - Admin q's user > - DB is updated, but port reset fails b/c user's MAC is not found on > the switch. We also believe that computer is plugged into a > switch/router, such that computer wake/sleep does not generate > linkup/down events to the switch -- link always up, MAC may or may not > be present > - QUESTION: when user's computer wakes up, no event generated, they > are on the network since there appears to be no mechanism to verify > that all ports are in their correct states > > > This could also occur if the SNMP UDP packet doesn't make it to the > switch....are we missing something here?? or have you extended the MAC > aging time on your switches?? it's possible that macscan can be modified to not simply check that the port only has registered clients - but also that each client's status is P/UNQUAR. if the port contains unregistered or quarantined clients then it would be switched to the quarantine. another, less likely, possibility would be to determine if the switch can trap when it detects a new mac. even if that worked, it would require more effort than modifying macscan. jeff |
From: Jeff M. <jcm...@os...> - 2005-08-31 18:54:41
|
I'm going to make some CVS commits today but before you use them, you'll need to make a few manual adjustments. - Audit report changes The audit report will now attempt to connect to your other NP servers (if any) and fetch audit history from those servers and then coalesce it into the final report. This was done because the audit table is not replicated amongst the NP servers. That, in turn, was done because MySQL cluster is limited by the amount of RAM in the machine, and the audit table can grow quite large over time. So there was a need to fetch the audit results from the various servers and present them in a single report. To make this happen, you need to grant access so that each server can connect to the other. IPTables should already be configured to allow this. Assuming you have two NP servers called "npw1" and "npw2", MySQL must be configured as follows: npw1% mysql -u root mysql mysql> insert into user values ('npw2.cit.buffalo.edu', 'root', '', 'y','n','n','n','n','n','n','n','n','n','n','n','n','n','n', 'n','n','n','n','n','n','','','','',0,0,0); npw1% mysqladmin -u root reload npw2% mysql -u root mysql mysql> insert into user values ('npw1.cit.buffalo.edu', 'root', '', 'y','n','n','n','n','n','n','n','n','n','n','n','n','n','n', 'n','n','n','n','n','n','','','','',0,0,0); npw2% mysqladmin -u root reload - Removal of reliance on cookies During semester startup, we discovered an issue with cookies and IE toolbars causing sessions to be corrupted. This caused the clients to return to the login page repeatedly without ever fully completing the registration process. The root of the problem seems to be that the toolbars, not surprisingly, share the same cookie store as IE itself. When you go to, e.g., www.cnn.com, NetPass captures the session, displays its welcome page and issues a cookie. Next, the client authenticates by entering credentials and clicking 'I Accept...'. The transaction is posted to the NP server and the session is then updated to reflect that they are authenticated. Immediately following that, the toolbar (e.g. google toolbar) sends the same URL to Google. NetPass captures that transaction and sends it to Apache. Apache assigns the transaction to a random httpd process. That process has a copy of the session, but lacks the bit of information indicating that it's an authenticated session. The welcome page is sent back to the toolbar (which ignores it) and the session is stored, over-writing the state information indicating that the other session is authenticated. When the user finishes the scan, they get the welcome page instead of the final or remediation pages. We looked at a few different solutions to this, and the one that required the least amount of changes, and therefor the least amount of potential for introduction of bugs, was to stop using cookies and instead move the session ID into the CGI POSTed information that is sent by the client back to the web server. To activate this, you must edit /opt/netpass/lib/NetPass/WWW/Session.pm and in the "new HTML::Mason::ApacheHandler" section, change "session_use_cookie" to zero like this: session_use_cookie => 0, and also add this line: session_args_param => 'npsess', note the trailing comma (just check your edits for syntax). Save your changes and do the "sudo make install" and everything should continue to work. The session ID is embedded in the client forms as a hidden field. For the Admin interface, it appears as part of the URL. Log into the Admin site and be sure to set COOKIE_DETECT to "no". That final piece isn't critical, but the cookie detection is pointless now, so you might as well disable it. The installation procedure has these changes in it, although I haven't yet trimmed out the portions of the code that deal with cookie configuration. |
From: Don R. <don...@em...> - 2005-08-31 14:42:39
|
Consider the following scenario: - User transgresses policy and needs to be quarantined - Admin q's user - DB is updated, but port reset fails b/c user's MAC is not found on the switch. We also believe that computer is plugged into a switch/ router, such that computer wake/sleep does not generate linkup/down events to the switch -- link always up, MAC may or may not be present - QUESTION: when user's computer wakes up, no event generated, they are on the network since there appears to be no mechanism to verify that all ports are in their correct states This could also occur if the SNMP UDP packet doesn't make it to the switch....are we missing something here?? or have you extended the MAC aging time on your switches?? Thanks, Don Donald G. Rugh Director of Network Services Information Services Saint Vincent College 300 Fraser Purchase Road Latrobe, PA 15650 724-805-2559 don...@em... |
From: Jeff M. <jcm...@os...> - 2005-08-26 13:57:12
|
i forgot the attachment make sure you edit it and change the email address |
From: Jeff M. <jcm...@os...> - 2005-08-26 13:26:55
|
On Fri, 2005-08-26 at 08:49 -0400, Don Rugh wrote: > > These repeat over and over -- is there a config problem? coding > problem? looks like it's stuck on the processing queue.... > this is normal. we see them too and i've verified that the ports really dont have macs on them. im working on a feature in resetport that will let those age out so after a while it wont bother checking any more and anything connected to the port will just use the default unquar mechanism - which is to hit the web server. > > Also, even though the "-D" is not set for resetport, the debug > messages are printed to the logfile -- looking at the code, it would > appear this is by design. Am I missing something, or can you not turn > these off?? right now, no they cant be turned off. i'll change that probably with a -v flag or something. the debug messages are useful so i leave them going to the log regardless. the -D flag really just means "dont detach" so the process runs in the foreground and sends all output to stdout as an aside, resetport uses perl threads. perl threads, while they've come a long way, still dont work 100% of the time. so occasionally resetport will die. you should configure npsvc.pl by creating /opt/netpass/etc/npsvc.conf and placing npsvc in /etc/inittab. npsvc is a basic process watching script. if it finds a process has died it will restart it. it was recently introduced, so it probably wasnt installed by your version of the ./install script. 1. cvs update 2. make install 3. vi /opt/netpass/etc/npsvc.conf (see attachment for example, change the email address in the conf file!) 4. vi /etc/inittab # Run npsvc in runlevel 3 npsv:3:respawn:/opt/netpass/bin/npsvc.pl -m smtp.your.edu 5. init q then, if resetport dies, npsvc will restart it and send you mail. things like resetport and portmover are more or less stateless. so restarting them doesn't impact functionality. looking into the perl segv is on my list of things to examine, but this weekend is move-in at UB, so it'll have to wait. 3400 already registered... another 5000 to go! jeff > > > Thanks, > Don > > Donald G. Rugh > > Director of Network Services > > Information Services > > Saint Vincent College > > 300 Fraser Purchase Road > > Latrobe, PA 15650 > > 724-805-2559 > > don...@em... > > > > -- Jeff Murphy <jcm...@os...> |
From: Don R. <don...@em...> - 2005-08-26 12:49:33
|
Gang, We're seeing a bunch of errors in the netpass log that look like this: Aug 26 08:43:47 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 10.0.1.135 37 possibly removing from 'q' Aug 26 08:43:47 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 sw=10.0.1.135 po=37 nw=10.42.0.0/16 Aug 26 08:43:48 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 link up 10.0.1.135 37 and unq_lu=1 rppt=5 Aug 26 08:43:48 netpass1 resetport[12081]: [ERROR] main::procUQ [506]: 2 we want to unquar on linkup, but 10.0.1.135 doesnt have mac information available for port 37 yet! Aug 26 08:43:48 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 10.0.1.135 37 possibly removing from 'q' Aug 26 08:43:49 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 sw=10.0.1.135 po=37 nw=10.42.0.0/16 Aug 26 08:43:49 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 link up 10.0.1.135 37 and unq_lu=1 rppt=5 Aug 26 08:43:49 netpass1 resetport[12081]: [ERROR] main::procUQ [506]: 2 we want to unquar on linkup, but 10.0.1.135 doesnt have mac information available for port 37 yet! Aug 26 08:43:49 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 10.0.1.135 37 possibly removing from 'q' Aug 26 08:43:50 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 sw=10.0.1.135 po=37 nw=10.42.0.0/16 Aug 26 08:43:50 netpass1 resetport[12081]: [DEBUG] main::procUQ [506]: 2 link up 10.0.1.135 37 and unq_lu=1 rppt=5 Aug 26 08:43:50 netpass1 resetport[12081]: [ERROR] main::procUQ [506]: 2 we want to unquar on linkup, but 10.0.1.135 doesnt have mac information available for port 37 yet! These repeat over and over -- is there a config problem? coding problem? looks like it's stuck on the processing queue.... Also, even though the "-D" is not set for resetport, the debug messages are printed to the logfile -- looking at the code, it would appear this is by design. Am I missing something, or can you not turn these off?? Thanks, Don Donald G. Rugh Director of Network Services Information Services Saint Vincent College 300 Fraser Purchase Road Latrobe, PA 15650 724-805-2559 don...@em... |
From: White, S. P. <wh...@um...> - 2005-08-13 15:53:20
|
On our core router/switch you can create a VLAN with no IP address, so = here is how I will handle this when/if we implement netpass. (assuming = my understanding of its mechanisms is complete.) Create the actual vlan with a router interface, IP address, and default = gateway of X. the quarrantine VLAN you would create with no router interface and put = the default gateway IP on the quarrantine card of the netpass box. We do = this all the time when we want a firewall or smaller router to be the = default gateway of a particular network. take care, Steve -----Original Message----- From: net...@li... on behalf of Don Rugh Sent: Fri 8/12/2005 7:51 AM To: net...@li... Subject: Re: [Netpass-users] Network Arch Opinions/Questions =20 ..quick questions about the nic described below, with all the VLANs =20 on it: does each vlan have it own subnet to it?? and does each subnet =20 have an IP address on the NP server nic?? The reason I'm asking -- looks like there may be an issue on our core =20 that we cannot assign a 2 vlans to the same subnet (won't let us put =20 the same subnet router on 2 vlans), which is causing us some problems =20 at the moment -- but assigning an address for each subnet to the NP =20 server nic would solve this problem....thought, opinions? Thanks, Don On Jun 21, 2005, at 1:46 PM, Jeff Murphy wrote: > > >> I think we're leaning towards central servers, so the two VLANs from >> each building would be directed back to the core, and the core ports >> for the NP servers would be tagged with _all_ the VLANs, 10 in this >> case. Things get a little fuzzy here -- those 10 VLANs would then >> also have to be defined on each server, so that they could be members >> of each VLAN, correct? >> > > if you use 2 servers you'll either need to manually split the =20 > config in > half or use a load balancer (e.g. www.linuxvirtualservers.org) > > in either case, you can use interfacecfg.pl to spit out the =20 > appropriate > ifconfig commands to bring up all of the interfaces. > > then your server(s) will have 5-10 interfaces (depending on what =20 > sort of > LB design you go with). > > we might need to examine interfacecfg.pl if you are doing a non-LVS > deployment, as we've written it with the expectation that you are =20 > doing > an LVS deployment. > > you eventually wind up with something like: > > % ip link > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > 4: sit0: <NOARP> mtu 1480 qdisc noop > 5: eth1.813: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 6: eth1.13: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 7: eth1.812: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 8: eth1.12: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > > > > our production NP servers have ~53 interfaces (2 physical) configured. > > jeff > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. = http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dclick > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle = Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & = QA Security * Process Improvement & Measurement * = http://www.sqe.com/bsce5sf _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users |
From: Don R. <don...@em...> - 2005-08-12 12:51:21
|
..quick questions about the nic described below, with all the VLANs on it: does each vlan have it own subnet to it?? and does each subnet have an IP address on the NP server nic?? The reason I'm asking -- looks like there may be an issue on our core that we cannot assign a 2 vlans to the same subnet (won't let us put the same subnet router on 2 vlans), which is causing us some problems at the moment -- but assigning an address for each subnet to the NP server nic would solve this problem....thought, opinions? Thanks, Don On Jun 21, 2005, at 1:46 PM, Jeff Murphy wrote: > > >> I think we're leaning towards central servers, so the two VLANs from >> each building would be directed back to the core, and the core ports >> for the NP servers would be tagged with _all_ the VLANs, 10 in this >> case. Things get a little fuzzy here -- those 10 VLANs would then >> also have to be defined on each server, so that they could be members >> of each VLAN, correct? >> > > if you use 2 servers you'll either need to manually split the > config in > half or use a load balancer (e.g. www.linuxvirtualservers.org) > > in either case, you can use interfacecfg.pl to spit out the > appropriate > ifconfig commands to bring up all of the interfaces. > > then your server(s) will have 5-10 interfaces (depending on what > sort of > LB design you go with). > > we might need to examine interfacecfg.pl if you are doing a non-LVS > deployment, as we've written it with the expectation that you are > doing > an LVS deployment. > > you eventually wind up with something like: > > % ip link > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > 4: sit0: <NOARP> mtu 1480 qdisc noop > 5: eth1.813: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 6: eth1.13: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 7: eth1.812: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > 8: eth1.12: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > > > > our production NP servers have ~53 interfaces (2 physical) configured. > > jeff > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > |
From: Jeff M. <jcm...@os...> - 2005-08-10 20:42:52
|
i've uploaded a draft version of the doc to SF https://sourceforge.net/project/showfiles.php?group_id=116014&package_id=125946 |
From: Jeff M. <jcm...@os...> - 2005-08-03 00:40:33
|
>>line 282 read: >> my $cfg = new NetPass::Config('/opt/netpass/etc/netpass.conf'); >>I changed it to: >> my $cfg = new NetPass::Config(-db=>NetPass::DB); >> >>Does that sound right? >> no. i forgot that this code was in there. i changed it so it doesnt refer to netpass.conf which is no longer used. i checked an updated version into CVS. i'm assuming that NU has already made the change since they haven't said anything to me about this... >>After doing this I get another error. I'm not sure if I this is related >>to the change or if there are other issues. Here's the error from the >>client's browser: >> >>Can't locate object method "log" via package "SNMP::Device::Cisco" at >>/opt/netpass/lib/SNMP/Device.pm line 73. >>I'll attach the full error report. >>By the way, is there something I need to do with Cisco.pm or the >>configuration file to make it work with the 2950 model? this is most likely caused by the "=> NetPass::DB" line above, which would've caused the module to not load due to incorrect syntax. as for the 2950, i dont know. if it supports vlan'ing, trunking and looks (from the SNMP point of view) like the 35xx series, then the existing Cisco.pm should work. i only have access to 35xx series equipment. jeff |
From: Harding, T. <td...@sa...> - 2005-08-02 22:04:44
|
When I access the netpass server via a browser on the server itself I get the login screen. I seem to be able to log in fine. However, when I access the netpass server via a remote browser I get the following error message: error: Can't locate object method "log" via package "SNMP::Device::Cisco" at /opt/netpass/lib/SNMP/Device.pm line 73. context: ... 69: 70: if($self->plugin) { 71: $class = $self->plugin; 72: bless $self, ref($class) || $class; 73: $self->log("SNMP::Device has changed to a " . ref($self) . " object..."); 74: } 75: 76: # call optional init function in the plugin 77: $self->init(); ... code stack: /opt/netpass/lib/SNMP/Device.pm:73 /opt/netpass/lib/NetPass.pm:534 /opt/netpass/lib/NetPass.pm:613 /opt/netpass/lib/NetPass.pm:503 /opt/netpass/lib/NetPass.pm:904 /opt/netpass/www/components/Client/Validate:30 /opt/netpass/www/htdocs/index.mhtml:28 /opt/netpass/www/htdocs/autohandler:33 Any ideas? Misconfigured switch? misconfigured server? Can anyone help me figure out where I screwed up this time? :-( Thanks, Troy > -----Original Message----- > From: Harding, Troy > Sent: Friday, July 29, 2005 5:27 PM > To: 'net...@li...' > Subject: Cisco.pm errors? > > I'm back at it with NetPass. I'm setting up a test environment using a > single Cisco 2950 switch and a single netpass server. I think I'm making > some progress, but have some questions. > > When accessing the netpass server via a browser on a remote machine I got > the following error: > error: no DB object specified at > /opt/netpass/lib/SNMP/Device/Cisco.pm line 282 > > line 282 read: > my $cfg = new NetPass::Config('/opt/netpass/etc/netpass.conf'); > I changed it to: > my $cfg = new NetPass::Config(-db=>NetPass::DB); > > Does that sound right? > > After doing this I get another error. I'm not sure if I this is related > to the change or if there are other issues. Here's the error from the > client's browser: > > Can't locate object method "log" via package "SNMP::Device::Cisco" at > /opt/netpass/lib/SNMP/Device.pm line 73. > I'll attach the full error report. > By the way, is there something I need to do with Cisco.pm or the > configuration file to make it work with the 2950 model? > > Thanks, > Troy > > << File: error2.htm >> |
From: Harding, T. <td...@sa...> - 2005-07-29 22:27:46
|
I'm back at it with NetPass. I'm setting up a test environment using a single Cisco 2950 switch and a single netpass server. I think I'm making some progress, but have some questions. When accessing the netpass server via a browser on a remote machine I got the following error: error: no DB object specified at /opt/netpass/lib/SNMP/Device/Cisco.pm line 282 line 282 read: my $cfg = new NetPass::Config('/opt/netpass/etc/netpass.conf'); I changed it to: my $cfg = new NetPass::Config(-db=>NetPass::DB); Does that sound right? After doing this I get another error. I'm not sure if I this is related to the change or if there are other issues. Here's the error from the client's browser: Can't locate object method "log" via package "SNMP::Device::Cisco" at /opt/netpass/lib/SNMP/Device.pm line 73. I'll attach the full error report. By the way, is there something I need to do with Cisco.pm or the configuration file to make it work with the 2950 model? Thanks, Troy <<error2.htm>> |
From: Harding, T. <td...@sa...> - 2005-07-21 18:25:16
|
Thanks! That's good to know. We'll have to make sure we test it thoroughly and have procedures in place to work around those situations. -----Original Message----- From: net...@li... [mailto:net...@li...]On Behalf Of Don Rugh Sent: Thursday, July 21, 2005 12:33 PM To: net...@li... Subject: Re: [Netpass-users] User authentication using IMAP server? Troy, may not be relevant to your circumstances, but -- we use(d) NetReg here last year (still in place until NetPass is fully operational), and used Active Directory/Exchange to provide POP authentication. We have several dozen accounts which would not authenticate in this manner for some reason (thanks again, Mr. G) -- they needed to be registered with NetReg manually.... Regards, Don Donald G. Rugh Director of Network Services Information Services Saint Vincent College 300 Fraser Purchase Road Latrobe, PA 15650 724-805-2559 don...@em... On Jul 21, 2005, at 12:25 PM, Harding, Troy wrote: > Thanks. Eventually we'll probably use LDAP for student > authentication. > However, right now the entity that controls the LDAP server doesn't > want to > allow outside apps to access it directly. Thus, we have to do it > indirectly > by using the mail server to authenticate. > > > -----Original Message----- > From: net...@li... > [mailto:net...@li...]On Behalf Of > Rugh, Don > Sent: Wednesday, July 20, 2005 5:49 PM > To: net...@li...; > net...@li... > Subject: RE: [Netpass-users] User authentication using IMAP server? > > > Troy, > > We have LDAP working (I still owe Jeff the module!!) -- if you are > going > against AD, our LDAP module should work. > > Don Rugh > > > -----Original Message----- > From: Harding, Troy [mailto:td...@sa...] > Sent: Wed 7/20/05 18:16 > To: net...@li... > Cc: > Subject: [Netpass-users] User authentication using IMAP server? > > Anyone tried using an IMAP server to authenticate users? This > would work > best for us. > > If this hasn't already been done, I might be able to hack together an > IMAP.pm for authenication. What else would need to be modified to > add a new > authenication method? > > Thanks, > Troy > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users |
From: Don R. <don...@em...> - 2005-07-21 17:33:13
|
Troy, may not be relevant to your circumstances, but -- we use(d) NetReg =20 here last year (still in place until NetPass is fully operational), =20 and used Active Directory/Exchange to provide POP authentication. We =20 have several dozen accounts which would not authenticate in this =20 manner for some reason (thanks again, Mr. G) -- they needed to be =20 registered with NetReg manually.... Regards, Don Donald G. Rugh Director of Network Services Information Services Saint Vincent College 300 Fraser Purchase Road Latrobe, PA 15650 724-805-2559 don...@em... On Jul 21, 2005, at 12:25 PM, Harding, Troy wrote: > Thanks. Eventually we'll probably use LDAP for student =20 > authentication. > However, right now the entity that controls the LDAP server doesn't =20= > want to > allow outside apps to access it directly. Thus, we have to do it =20 > indirectly > by using the mail server to authenticate. > > > -----Original Message----- > From: net...@li... > [mailto:net...@li...]On Behalf Of =20 > Rugh, Don > Sent: Wednesday, July 20, 2005 5:49 PM > To: net...@li...; > net...@li... > Subject: RE: [Netpass-users] User authentication using IMAP server? > > > Troy, > > We have LDAP working (I still owe Jeff the module!!) -- if you are =20 > going > against AD, our LDAP module should work. > > Don Rugh > > > -----Original Message----- > From: Harding, Troy [mailto:td...@sa...] > Sent: Wed 7/20/05 18:16 > To: net...@li... > Cc: > Subject: [Netpass-users] User authentication using IMAP server? > > Anyone tried using an IMAP server to authenticate users? This =20 > would work > best for us. > > If this hasn't already been done, I might be able to hack together an > IMAP.pm for authenication. What else would need to be modified to =20 > add a new > authenication method? > > Thanks, > Troy > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dcli= ck > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dclick > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dcli= ck > _______________________________________________ > Netpass-users mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-users > |
From: Harding, T. <td...@sa...> - 2005-07-21 17:24:28
|
Thanks. Eventually we'll probably use LDAP for student authentication. However, right now the entity that controls the LDAP server doesn't want to allow outside apps to access it directly. Thus, we have to do it indirectly by using the mail server to authenticate. -----Original Message----- From: net...@li... [mailto:net...@li...]On Behalf Of Rugh, Don Sent: Wednesday, July 20, 2005 5:49 PM To: net...@li...; net...@li... Subject: RE: [Netpass-users] User authentication using IMAP server? Troy, We have LDAP working (I still owe Jeff the module!!) -- if you are going against AD, our LDAP module should work. Don Rugh -----Original Message----- From: Harding, Troy [mailto:td...@sa...] Sent: Wed 7/20/05 18:16 To: net...@li... Cc: Subject: [Netpass-users] User authentication using IMAP server? Anyone tried using an IMAP server to authenticate users? This would work best for us. If this hasn't already been done, I might be able to hack together an IMAP.pm for authenication. What else would need to be modified to add a new authenication method? Thanks, Troy ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users |
From: Harding, T. <td...@sa...> - 2005-07-21 16:31:44
|
Sounds good. I'll add it to my list of things to do. Thanks! -----Original Message----- From: net...@li... [mailto:net...@li...]On Behalf Of Jeff Murphy Sent: Wednesday, July 20, 2005 8:09 PM To: net...@li... Subject: Re: [Netpass-users] User authentication using IMAP server? Harding, Troy wrote: >Anyone tried using an IMAP server to authenticate users? This would work >best for us. > >If this hasn't already been done, I might be able to hack together an >IMAP.pm for authenication. What else would need to be modified to add a new >authenication method? > > just the module. add it to the NetPass/Auth/ directory and change your auth method (you'll need use coconf and ciconf since the web ui wont know about your module) to use your module and it should "just work" you might want to add a configuration section like <imap server:port>var1=foo</imap> and work that into Config.pm just to be thorough. jeff ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users |
From: Jeff M. <jcm...@os...> - 2005-07-21 01:09:33
|
Harding, Troy wrote: >Anyone tried using an IMAP server to authenticate users? This would work >best for us. > >If this hasn't already been done, I might be able to hack together an >IMAP.pm for authenication. What else would need to be modified to add a new >authenication method? > > just the module. add it to the NetPass/Auth/ directory and change your auth method (you'll need use coconf and ciconf since the web ui wont know about your module) to use your module and it should "just work" you might want to add a configuration section like <imap server:port>var1=foo</imap> and work that into Config.pm just to be thorough. jeff |
From: Rugh, D. <don...@em...> - 2005-07-20 22:48:50
|
Troy, We have LDAP working (I still owe Jeff the module!!) -- if you are going = against AD, our LDAP module should work. Don Rugh -----Original Message----- From: Harding, Troy [mailto:td...@sa...] Sent: Wed 7/20/05 18:16 To: net...@li... Cc:=09 Subject: [Netpass-users] User authentication using IMAP server? Anyone tried using an IMAP server to authenticate users? This would = work best for us. =20 If this hasn't already been done, I might be able to hack together an IMAP.pm for authenication. What else would need to be modified to add a = new authenication method? Thanks, Troy ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. = http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dclick _______________________________________________ Netpass-users mailing list Net...@li... https://lists.sourceforge.net/lists/listinfo/netpass-users |
From: Harding, T. <td...@sa...> - 2005-07-20 22:16:25
|
Anyone tried using an IMAP server to authenticate users? This would work best for us. If this hasn't already been done, I might be able to hack together an IMAP.pm for authenication. What else would need to be modified to add a new authenication method? Thanks, Troy |
From: Harding, T. <td...@sa...> - 2005-07-15 20:30:56
|
Yes, I'm using FC3. Thanks! -----Original Message----- From: net...@li... [mailto:net...@li...]On Behalf Of Jeff Murphy Sent: Friday, July 15, 2005 12:36 PM To: net...@li... Subject: RE: [Netpass-users] Apache error On Fri, 2005-07-15 at 12:27 -0500, Harding, Troy wrote: > Yes, the symlink is there. > > No, startup.pl does not exist in that directory or anywhere else on the > system. oops. looks like we omitted it from the FC3 apache package. i'm guessing that's what you're using? i attached the file for you, drop it into your apache/conf dir. we'll fix up the FC3/apache binary package. jeff |