RE: Help PLS, only guest can log in.

Subject: RE: Help PLS, only guest can log in.
From: Marcel Lammerse (lammerse@xs4all.nl)
Date: Thu Mar 08 2001 - 03:31:22 EST

• Next message: Jason Quigley: "Re: netatalk"
• Previous message: Kathy Quinlan: "netatalk"
• In reply to: Thomas Priore: "RE: Help PLS, only guest can log in."
• Next in thread: Thomas Priore: "RE: Help PLS, only guest can log in."
• Reply: Marcel Lammerse: "RE: Help PLS, only guest can log in."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok..

Things I can think of:

- netatalk is not compiled with the -DUSE_PAM option and the pam-library
is not linked with the object files

- the netatalk user in /etc/atalk/afppasswd exists, but pam requires that
the same users also exists as a Unix user. In that case, you might need
to add the user with the useradd command (on redhat at least).

In my case, I had created a Unix account before I used the afppasswd
command. When I typed affpasswd -c , it extracted accounts from my Unix
password file and set the passwords to '***********'. I had to use the
afppasswd -a command to set the password in /etc/atalk/afppasswd. The
passwords for both accounts were the same in my case.

Incidently, does anyone know who to 'link' these two files? I'm probably
doing something wrong, but now I have to manage two account databases
which is very cumbersome.

You startup log messages look fine.

When I get back from work I'll send you my configuration files etc.

Regards,

Marcel

--
Marcel Lammerse
			"One more time?"
				-Michael Flatley
On Wed, 7 Mar 2001, Thomas Priore wrote:
> Thanks for your help, I didn't get it working, but I'm much closer. I'm
> getting a new error from the Mac:
> "Unknown user, incorrect password, or log on disabled...."
> 
> there was no rand2numb.so, but randnumb.so was there. I think my problem now
> lies with the passwd file. I made the changes to afpd as you recommended:
>  - -transall -uamlist
> uams_randnum.so,uams_guest.so,uams_clrtxt.so,uams_dhx.so -passwdfile
> /etc/atalk/afppasswd -setpassword -savepassword
> 
> then I created the afppasswd file, and added a user with afppasswd.
> 
> Some thing interesting in the messages log, atalk seems to be coming up on
> the loop back address 127.0.0.1 and doesn't mention the actual ip of the
> server. Here is the messages log:
> 
> Mar  7 23:27:46 reznor atalkd[6634]: restart (1.5pre4)
> Mar  7 23:27:47 reznor atalkd[6634]: zip_getnetinfo for eth0
> Mar  7 23:28:06 reznor last message repeated 2 times
> Mar  7 23:28:16 reznor atalkd[6634]: config for no router
> Mar  7 23:28:17 reznor atalkd[6634]: ready 0/0/0
> Mar  7 23:28:17 reznor atalk: atalkd startup succeeded
> Mar  7 23:28:30 reznor papd[6649]: restart (1.5pre4)
> Mar  7 23:28:30 reznor atalk: papd startup succeeded
> Mar  7 23:28:30 reznor atalk: timelord startup succeeded
> Mar  7 23:28:30 reznor atalk: afpd startup succeeded
> Mar  7 23:28:36 reznor timelord[6659]: reznor:TimeLord started
> Mar  7 23:28:36 reznor afpd[6669]: reznor:AFPServer@* started on
> 65280.237:130 (1.5pre4)
> Mar  7 23:28:36 reznor afpd[6669]: ASIP started on 127.0.0.1:548(2)
> (1.5pre4)
> Mar  7 23:28:36 reznor afpd[6669]: uam: uams_randnum.so loaded
> Mar  7 23:28:36 reznor afpd[6669]: uam: uams_guest.so loaded
> Mar  7 23:28:36 reznor afpd[6669]: uam: uams_clrtxt.so loaded
> Mar  7 23:28:36 reznor afpd[6669]: uam: uams_dhx.so loaded
> Mar  7 23:28:36 reznor afpd[6669]: uam: "DHCAST128" available
> Mar  7 23:28:36 reznor afpd[6669]: uam: "Cleartxt Passwrd" available
> Mar  7 23:28:36 reznor afpd[6669]: uam: "No User Authent" available
> Mar  7 23:28:36 reznor afpd[6669]: uam: "2-Way Randnum exchange" available
> Mar  7 23:28:36 reznor afpd[6669]: uam: "Randnum exchange" available
> Mar  7 23:29:17 reznor afpd[6676]: ASIP session:548(2) from
> 192.168.0.2:49301(0)
> Mar  7 23:29:17 reznor afpd[6676]: 0.08KB read, 0.07KB written
> Mar  7 23:29:17 reznor afpd[6669]: server_child[1] 6676 done
> Mar  7 23:29:27 reznor afpd[6677]: ASIP session:548(2) from
> 192.168.0.2:49302(0)
> Mar  7 23:29:27 reznor afpd[6669]: server_child[1] 6677 done
> Mar  7 23:29:33 reznor afpd[6678]: ASIP session:548(2) from
> 192.168.0.2:49303(0)
> Mar  7 23:29:33 reznor afpd[6678]: 0.08KB read, 0.07KB written
> Mar  7 23:29:33 reznor afpd[6669]: server_child[1] 6678 done
> 
> 
> -----Original Message-----
> From: Marcel Lammerse [mailto:lammerse@xs4all.nl]
> Sent: Wednesday, March 07, 2001 3:53 AM
> To: Thomas Priore; netatalk-admins@umich.edu
> Subject: Re: Help PLS, only guest can log in.
> 
> 
> Hello Thomas,
> 
> it seems that I have had the exact same (first) problem. I can't explain
> your
> second problem, but here's something that might help you on your way. By the
> way, I have a Linux redhat 6.0 system and I'm using MacOS 9.0.4.
> 
> If you want to do user-authentication, netatalk needs to support a number of
> authentication methods. If you follow the instructions and compile netatalk
> with the pam modules and the des library, you can see in /var/log/messages
> which authentication methods are supported.
> 
> If you use the default configuration files for afpd, these methods are:
> cleartext password login, guest login and Diffie-Hellman/CAST-128. None of
> these will work, except for guest login.
> 
> What will work is if you look in /etc/atalk/uams and you find a randnum or
> rand2num file, encrypted random numbers are supported. You will need to
> configure this in afpd.conf. Just add it to uamslist. It should read
> something
> (I don't have Linux handy) like this:
> 
> "My volume" -transall -uamslist uams_randnum.so ...
> 
> If you've done that and you fire up netatalkd again (preferrable with the
> supplied script), you should see an additional supported authentication
> mechanism (encrypted random numbers).
> 
> Then what you need to do, is use the afppasswd command to create a password
> file and add your user to it. Something like:
> 
> afppasswd -c /etc/atalk/afppasswd
> afppasswd -a my-user
> [type password twice]
> 
> Then you should be able to connect to the share via your macintosh.
> 
> If anyone knows a better/more efficient way, I'd love to hear it. If you
> need
> any more help, just shout.
> 
> Regards,
> 
> Marcel
> 
> 
> Quoting Thomas Priore <tom@rupture.net>:
> 
> > Hi, I install netatalk 1.5pre4 on redhat linux 7.0. (actually I install a
> > bunch of different versions, from rpm and compiling) The problem seems to
> > be
> > that only guest can log on. From what I've read this seems to be a shadow
> > password problem, but I have no idea how to fix it. Can anyone help?
> >
> > I have a second problem too, which is more of a nuisance, the sever
> doesn't
> > show up in the client's chooser, the ip has to be typed in. Is there a fix
> > for this?
> >
> > Thanks.
> >
> > Tom
> >
> >
> 
> 
> 

• Next message: Jason Quigley: "Re: netatalk"
• Previous message: Kathy Quinlan: "netatalk"
• In reply to: Thomas Priore: "RE: Help PLS, only guest can log in."
• Next in thread: Thomas Priore: "RE: Help PLS, only guest can log in."
• Reply: Marcel Lammerse: "RE: Help PLS, only guest can log in."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:34 EDT