https://www.stress-free.co.nz/tech/border_manager en https://www.stress-free.co.nz/border_manager_with_linux_howto <div class="field-body"> <p>After some experimenting today I have put together a howto for getting Linux to authenticate to a Border Manager proxy server. If you do not know what that means do not worry but if you do and have tried in the past you maybe very interested to have a read of <a href="/index.php?option=com_content&amp;task=view&amp;id=160">this tutorial</a>.</p> <p> </p> </div> <ul class="field-taxonomy-vocabulary-1"> <li> <a href="/tech/linux">linux</a> </li> <li> <a href="/tech/security">security</a> </li> <li> <a href="/tech/novell">novell</a> </li> <li> <a href="/tech/border_manager">border manager</a> </li> </ul> Mon, 31 Oct 2005 09:13:21 +0000 David 161 at https://www.stress-free.co.nz https://www.stress-free.co.nz/border_manager_authentication_with_linux <div class="field-body"> <p>Getting a Linux server or workstation to work nicely with Novell's Border Manager can be very difficult. Novell have recently brought out a <a href="http://www.novell.com/coolsolutions/tip/15611.html">Linux version</a> of their clntrust.exe application for Linux workstations (available in Border Manager 3.8 SP4) but this requires Gnome and the Novell Linux Client. If you are running a server (or use a non-Novell supported Linux distro) meeting these requirements can be difficult. Fortunately there is <a href="http://cl4others.sourceforge.net/">cl4others</a> which authenticates to the Border Manager through simple command line instructions in a far more flexible manner. Documentation for cl4others is pretty sparse so I have written this little tutorial on how to get it set up and running. </p> <p>This solution is really intended for servers where shell access by normal users is limited as Border Manager authentication is not handled on a per user basis. For web and file servers such a setup is fine but if you require per user authentication to the Border Manager you should probably look at the Gnome/Netware Linux Client/clntrust stack from Novell. </p> <p><span style="font-weight: bold">NOTE: </span>For instructions 1-9 you will need to have root privileges. </p> <p>1. Install ncp for your distribution. <br />The easiest way to find the rpm is through rpmfind or if you are running SuSE you will find ftp.suse.com has an rpm for your specific version. <br /><br />2. Extract the cl4others x86 binary and copy it to /usr/bin. <br />Make sure its permissions are set so that it can be executed by non-root users. </p> <p class="codesnippet">chmod a+x /usr/bin/cl4others</p> <p>3. Make a directory in /mnt called bordermanager so that you can mount the volume to it. </p> <p>4. Edit /etc/fstab and add the following entry: (all on one line)</p> <p class="codesnippet">NW_SERVER/NW_USER /mnt/bordermanager ncp defaults,ro,mode=400,uid=root,gid=root,owner=root,ipserver=NW_SERVERIP, <br />passwdfile=/root/.ncppasswd,multiple 0 0 </p> <p> Replace the following with your network details: <br />NW_SERVER = Netware BorderManager server name <br />NW_SERVERIP = Netware BorderManager IP/DNS name <br />NW_USER = Netware user you will be accessing the proxy as </p> <p>This mounts the Border Manager volume read-only with all files owned by root with read access to the files only granted to root. This means if one of your server accounts gets compromised (other than root) your Border Manager files will be safe and away from prying eyes. <br /><br /><span style="font-weight: bold">NOTE: </span>In order for cl4others to work you must have read access to the BorderManager SYS volume. Remember to set a Border Manager access rule for the user you are connecting attempting to access the Internet as. <br /><br />5. Now create a file for storing the login password to the server: </p> <p class="codesnippet">pico /root/.ncppasswd </p> Add the following entry: <p class="codesnippet">NW_SERVER/NW_USER:Your Password </p> Change the file so that it can only be read by root: <p class="codesnippet">chmod og-rwx /root/.ncppasswd </p> 6. Mount the Border Manager volume: <p class="codesnippet">mount /mnt/bordermanager </p> (This should mount the SYS volume of the BM server <br /><br />7. If you have a firewall running you will need to open port 3024 for UDP traffic. <br />For SuSE edit edit /etc/sysconfig/SuSEfirewall2 and add an entry: <p class="codesnippet">FW_SERVICES_EXT_UDP="3024" </p> Restart the firewall, for SuSE: <p class="codesnippet">rcSuSEfirewall2 restart </p>8. Now as root start cl4others (I have had mixed results starting it as any other user). <p class="codesnippet">cl4others /mnt/bordermanager &amp; </p>9. With Yast setup the proxy. You don't need to specify any user just point the proxy to the url of the proxy server. Save the changes. In order for them to take effect you will need to logout of the console and log back in again. <br /><br />You should be able to access websites now through the Border Manager proxy with any of the Linux accounts. <br /><br />10 .Test it by downloading an html file: <p class="codesnippet">wget https://www.stress-free.co.nz/sites/default/files/images/whichdoctor.jpg </p> <p> Hopefully if everything works correctly you should be authenticating and using your Border Manager proxy with Linux.</p> <p> </p> </div> <ul class="field-taxonomy-vocabulary-1"> <li> <a href="/tech/linux">linux</a> </li> <li> <a href="/tech/security">security</a> </li> <li> <a href="/tutorials">software tutorials</a> </li> <li> <a href="/tech/novell">novell</a> </li> <li> <a href="/tech/border_manager">border manager</a> </li> </ul> Mon, 31 Oct 2005 07:20:35 +0000 David 160 at https://www.stress-free.co.nz