RE: Help PLS, only guest can log in.


Subject: RE: Help PLS, only guest can log in.
From: Thomas Priore (tom@rupture.net)
Date: Wed Mar 07 2001 - 23:50:41 EST


Thanks for your help, I didn't get it working, but I'm much closer. I'm
getting a new error from the Mac:
"Unknown user, incorrect password, or log on disabled...."

there was no rand2numb.so, but randnumb.so was there. I think my problem now
lies with the passwd file. I made the changes to afpd as you recommended:
 - -transall -uamlist
uams_randnum.so,uams_guest.so,uams_clrtxt.so,uams_dhx.so -passwdfile
/etc/atalk/afppasswd -setpassword -savepassword

then I created the afppasswd file, and added a user with afppasswd.

Some thing interesting in the messages log, atalk seems to be coming up on
the loop back address 127.0.0.1 and doesn't mention the actual ip of the
server. Here is the messages log:

Mar 7 23:27:46 reznor atalkd[6634]: restart (1.5pre4)
Mar 7 23:27:47 reznor atalkd[6634]: zip_getnetinfo for eth0
Mar 7 23:28:06 reznor last message repeated 2 times
Mar 7 23:28:16 reznor atalkd[6634]: config for no router
Mar 7 23:28:17 reznor atalkd[6634]: ready 0/0/0
Mar 7 23:28:17 reznor atalk: atalkd startup succeeded
Mar 7 23:28:30 reznor papd[6649]: restart (1.5pre4)
Mar 7 23:28:30 reznor atalk: papd startup succeeded
Mar 7 23:28:30 reznor atalk: timelord startup succeeded
Mar 7 23:28:30 reznor atalk: afpd startup succeeded
Mar 7 23:28:36 reznor timelord[6659]: reznor:TimeLord started
Mar 7 23:28:36 reznor afpd[6669]: reznor:AFPServer@* started on
65280.237:130 (1.5pre4)
Mar 7 23:28:36 reznor afpd[6669]: ASIP started on 127.0.0.1:548(2)
(1.5pre4)
Mar 7 23:28:36 reznor afpd[6669]: uam: uams_randnum.so loaded
Mar 7 23:28:36 reznor afpd[6669]: uam: uams_guest.so loaded
Mar 7 23:28:36 reznor afpd[6669]: uam: uams_clrtxt.so loaded
Mar 7 23:28:36 reznor afpd[6669]: uam: uams_dhx.so loaded
Mar 7 23:28:36 reznor afpd[6669]: uam: "DHCAST128" available
Mar 7 23:28:36 reznor afpd[6669]: uam: "Cleartxt Passwrd" available
Mar 7 23:28:36 reznor afpd[6669]: uam: "No User Authent" available
Mar 7 23:28:36 reznor afpd[6669]: uam: "2-Way Randnum exchange" available
Mar 7 23:28:36 reznor afpd[6669]: uam: "Randnum exchange" available
Mar 7 23:29:17 reznor afpd[6676]: ASIP session:548(2) from
192.168.0.2:49301(0)
Mar 7 23:29:17 reznor afpd[6676]: 0.08KB read, 0.07KB written
Mar 7 23:29:17 reznor afpd[6669]: server_child[1] 6676 done
Mar 7 23:29:27 reznor afpd[6677]: ASIP session:548(2) from
192.168.0.2:49302(0)
Mar 7 23:29:27 reznor afpd[6669]: server_child[1] 6677 done
Mar 7 23:29:33 reznor afpd[6678]: ASIP session:548(2) from
192.168.0.2:49303(0)
Mar 7 23:29:33 reznor afpd[6678]: 0.08KB read, 0.07KB written
Mar 7 23:29:33 reznor afpd[6669]: server_child[1] 6678 done

-----Original Message-----
From: Marcel Lammerse [mailto:lammerse@xs4all.nl]
Sent: Wednesday, March 07, 2001 3:53 AM
To: Thomas Priore; netatalk-admins@umich.edu
Subject: Re: Help PLS, only guest can log in.

Hello Thomas,

it seems that I have had the exact same (first) problem. I can't explain
your
second problem, but here's something that might help you on your way. By the
way, I have a Linux redhat 6.0 system and I'm using MacOS 9.0.4.

If you want to do user-authentication, netatalk needs to support a number of
authentication methods. If you follow the instructions and compile netatalk
with the pam modules and the des library, you can see in /var/log/messages
which authentication methods are supported.

If you use the default configuration files for afpd, these methods are:
cleartext password login, guest login and Diffie-Hellman/CAST-128. None of
these will work, except for guest login.

What will work is if you look in /etc/atalk/uams and you find a randnum or
rand2num file, encrypted random numbers are supported. You will need to
configure this in afpd.conf. Just add it to uamslist. It should read
something
(I don't have Linux handy) like this:

"My volume" -transall -uamslist uams_randnum.so ...

If you've done that and you fire up netatalkd again (preferrable with the
supplied script), you should see an additional supported authentication
mechanism (encrypted random numbers).

Then what you need to do, is use the afppasswd command to create a password
file and add your user to it. Something like:

afppasswd -c /etc/atalk/afppasswd
afppasswd -a my-user
[type password twice]

Then you should be able to connect to the share via your macintosh.

If anyone knows a better/more efficient way, I'd love to hear it. If you
need
any more help, just shout.

Regards,

Marcel

Quoting Thomas Priore <tom@rupture.net>:

> Hi, I install netatalk 1.5pre4 on redhat linux 7.0. (actually I install a
> bunch of different versions, from rpm and compiling) The problem seems to
> be
> that only guest can log on. From what I've read this seems to be a shadow
> password problem, but I have no idea how to fix it. Can anyone help?
>
> I have a second problem too, which is more of a nuisance, the sever
doesn't
> show up in the client's chooser, the ip has to be typed in. Is there a fix
> for this?
>
> Thanks.
>
> Tom
>
>



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:34 EDT