[K12OSN] Window Clients can't get past the Linux Server

Steve Jackson sjxn at bigpond.net.au
Sun Sep 23 23:27:06 UTC 2007 

I'm afraid I don't know how Novell logons work these days, so I can't be 
much more help. Do Novell logons work through NAT in other circumstances?

If it were AD I'd suspect your LTSP DNS was forwarding direct to a DNS 
on the internet (such as your ISP or maybe a router) that didn't have 
the entries for AD, but did allow name resolution for the Internet.

Setting DHCP on the LTSP server to send out the main DNS server address 
would help for this problem, if the test I suggested before works; but 
it might break other things, if your terminals use names rather than ip 
addresses for their logging server or other things (is DNS on your LTSP 
server just a caching server?). It would be better to make sure the LTSP 
server is forwarding to the main network's DNS server rather than (or as 
well as, perhaps) direct to the internet. If that doesn't fix the 
problem, then there is something else going on here.

If what I have suggested so far doesn't work, I'd use tcpdump or 
something better to sniff the traffic going in and out of the LTSP 
server on both interfaces, to see what gets through and what never comes 
back. Can the LTSP server ping the Novell login server, by ip address 
and by name? Can the Novell server ping the LTSP server? What iptables 
rules are in use on the LTSP server?

These are all ideas for further investigation - sorry I can't be more 
specific, I haven't touched Netware for over 15 years (and for that 
matter, AD for over 4 years - but that's a different story)!

jones yeates wrote:
> I forgot to mention that it is a Novell 4.83 client that is trying to 
> log onto the Windows network.  I will try changing the DNS server 
> address, as soon as I get into work on Monday.
>
> Should I get the dhcp server on the LAN to send out the ip address for 
> the DNS server on the school's network (10.*.*.*), instead of the 
> 192.168.0.254?
>
> I am a little unclear as to why the DNS server wouldn't be working for 
> the Novell login.  If the Internet is working, then wouldn't the DNS 
> be doing its job?  I believe the client goes to the ltsp server (for 
> dns) then from there it would contact the other servers for name info.
>
>
>> From: Steve Jackson <sjxn at bigpond.net.au>
>> Reply-To: "Support list for open source software in schools." 
>> <k12osn at redhat.com>
>> To: "Support list for open source software in schools." 
>> <k12osn at redhat.com>
>> Subject: Re: [K12OSN] Window Clients can't get past the Linux Server
>> Date: Sun, 23 Sep 2007 08:23:11 +1000
>>
>> This sounds like a DNS lookup problem to me. DNS is used to locate 
>> domain servers in Active Directory, assuming that's what you mean by 
>> "tree server" - and the same for Novell I think.
>> To diagnose, I would hand-configure the W2K DNS server entry to be 
>> the same address as it would get if it were connected to the "main" 
>> network, and see if it now works. If it does, you need to look at 
>> where the LTSP server's DNS service is forwarding requests it can't 
>> handle to, and make it try the "main" network's DNS. If your LTSP 
>> server doesn't have a DNS service, change its DHCP config to tell the 
>> clients to use the main DNS address.
>>
>> Transparent proxying only affects web traffic IIRC (and I'm not sure 
>> what's going on with squid, can't help there). The ip_forward setting 
>> must be 1. NAT must be used unless the "main" network knows how to 
>> route packets back into the "terminal & w2k" network.
>>
>> Steve
>>
>> jones yeates wrote:
>>> I am using a floppy to boot onto the LTSP server.  It is working 
>>> fine.  The clients can log in and access the Internet. =]
>>>
>>> When the client doesn't boot from the floppy, it loads up Windows 
>>> (2000).  It is unable to find the "tree server" to authenticate the 
>>> Windows user.  However, if I say "Yes" to work on the Window's 
>>> desktop, I can access the Internet.
>>>
>>> On the Fedora Core 5 server that is running K12LTSP, I tried:
>>>     #echo 1 >  /proc/sys/net/ipv4/ip_forward
>>> and that took care of the Windows client being able to access the 
>>> Internet.
>>>
>>> I tried:
>>>     #chkconfig --levels 345 transparent-proxying on
>>> and there was no change so I entered
>>>     #chkconfig --levels 345 transparent-proxying off
>>>
>>> I restarted the server, for another attempt at solving this.
>>> I turned off the firewall, installed and ran squid.  I made the 
>>> changes discussed in 
>>> http://www.redhat.com/archives/k12osn/2007-August/msg00221.html but 
>>> it failed to #service squid restart.  I removed the transparent 
>>> value and #service squid restart worked fine.
>>>
>>> I tried
>>>     #chkconfig --levels 345 transparent-proxying on
>>> again.  This time it couldn't be found.  I listed all the values for 
>>> chkconfig and it wasn't on the list.  I am not sure how I removed 
>>> that item, is there a way I can get it back?
>>>
>>> Below is what the ipconfig looks like on the Window's client.
>>>
>>> E:\>ipconfig /all
>>> Windows 2000 IP Configuration
>>>        Host Name . . . . . . . . . . . . : c-23
>>>        Primary DNS Suffix  . . . . . . . :
>>>        Node Type . . . . . . . . . . . . : Hybrid
>>>        IP Routing Enabled. . . . . . . . : No
>>>        WINS Proxy Enabled. . . . . . . . : No
>>>        DNS Suffix Search List. . . . . . : ltsp
>>> Ethernet adapter Local Area Connection 2:
>>>        Connection-specific DNS Suffix  . : ltsp
>>>        Description . . . . . . . . . . . : Intel(R) PRO/100 VE 
>>> Network Connection
>>>        Physical Address. . . . . . . . . : 00-01-04-EB-12-1C
>>>        DHCP Enabled. . . . . . . . . . . : Yes
>>>        Autoconfiguration Enabled . . . . : Yes
>>>        IP Address. . . . . . . . . . . . : 192.168.0.218
>>>        Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>        Default Gateway . . . . . . . . . : 192.168.0.254
>>>        DHCP Server . . . . . . . . . . . : 192.168.0.254
>>>        DNS Servers . . . . . . . . . . . : 192.168.0.254
>>>        Lease Obtained. . . . . . . . . . : Friday, September 21, 
>>> 2007 4:25:40 PM
>>>        Lease Expires . . . . . . . . . . : Friday, September 21, 
>>> 2007 10:25:40PM
>>>
>>> As a Windows client, I am able to ping outside of the 192.168.0.0 
>>> LAN and onto the school's regular network.  I believe nat is working 
>>> because I can access the Internet on the Window's client.
>>>
>>>
>>> I am not sure what else to try.  The transparent thing is my only 
>>> guess.
>>>
>>> _________________________________________________________________
>>> Windows Live Hotmail. Even hotter than before. Get a better look 
>>> now. www.newhotmail.ca?icid=WLHMENCA148
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
> _________________________________________________________________
> Get Cultured With Arts & Culture Festivals On Live Maps 
> http://local.live.com/?mkt=en-ca&v=2&cid=A6D6BDB4586E357F!2010&encType=1&style=h&FORM=SERNEP 
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list