[K12OSN] Window Clients can't get past the Linux Server
Steve Jackson
sjxn at bigpond.net.au
Sun Sep 23 23:27:06 UTC 2007
I'm afraid I don't know how Novell logons work these days, so I can't be
much more help. Do Novell logons work through NAT in other circumstances?
If it were AD I'd suspect your LTSP DNS was forwarding direct to a DNS
on the internet (such as your ISP or maybe a router) that didn't have
the entries for AD, but did allow name resolution for the Internet.
Setting DHCP on the LTSP server to send out the main DNS server address
would help for this problem, if the test I suggested before works; but
it might break other things, if your terminals use names rather than ip
addresses for their logging server or other things (is DNS on your LTSP
server just a caching server?). It would be better to make sure the LTSP
server is forwarding to the main network's DNS server rather than (or as
well as, perhaps) direct to the internet. If that doesn't fix the
problem, then there is something else going on here.
If what I have suggested so far doesn't work, I'd use tcpdump or
something better to sniff the traffic going in and out of the LTSP
server on both interfaces, to see what gets through and what never comes
back. Can the LTSP server ping the Novell login server, by ip address
and by name? Can the Novell server ping the LTSP server? What iptables
rules are in use on the LTSP server?
These are all ideas for further investigation - sorry I can't be more
specific, I haven't touched Netware for over 15 years (and for that
matter, AD for over 4 years - but that's a different story)!
jones yeates wrote:
> I forgot to mention that it is a Novell 4.83 client that is trying to
> log onto the Windows network. I will try changing the DNS server
> address, as soon as I get into work on Monday.
>
> Should I get the dhcp server on the LAN to send out the ip address for
> the DNS server on the school's network (10.*.*.*), instead of the
> 192.168.0.254?
>
> I am a little unclear as to why the DNS server wouldn't be working for
> the Novell login. If the Internet is working, then wouldn't the DNS
> be doing its job? I believe the client goes to the ltsp server (for
> dns) then from there it would contact the other servers for name info.
>
>
>> From: Steve Jackson <sjxn at bigpond.net.au>
>> Reply-To: "Support list for open source software in schools."
>> <k12osn at redhat.com>
>> To: "Support list for open source software in schools."
>> <k12osn at redhat.com>
>> Subject: Re: [K12OSN] Window Clients can't get past the Linux Server
>> Date: Sun, 23 Sep 2007 08:23:11 +1000
>>
>> This sounds like a DNS lookup problem to me. DNS is used to locate
>> domain servers in Active Directory, assuming that's what you mean by
>> "tree server" - and the same for Novell I think.
>> To diagnose, I would hand-configure the W2K DNS server entry to be
>> the same address as it would get if it were connected to the "main"
>> network, and see if it now works. If it does, you need to look at
>> where the LTSP server's DNS service is forwarding requests it can't
>> handle to, and make it try the "main" network's DNS. If your LTSP
>> server doesn't have a DNS service, change its DHCP config to tell the
>> clients to use the main DNS address.
>>
>> Transparent proxying only affects web traffic IIRC (and I'm not sure
>> what's going on with squid, can't help there). The ip_forward setting
>> must be 1. NAT must be used unless the "main" network knows how to
>> route packets back into the "terminal & w2k" network.
>>
>> Steve
>>
>> jones yeates wrote:
>>> I am using a floppy to boot onto the LTSP server. It is working
>>> fine. The clients can log in and access the Internet. =]
>>>
>>> When the client doesn't boot from the floppy, it loads up Windows
>>> (2000). It is unable to find the "tree server" to authenticate the
>>> Windows user. However, if I say "Yes" to work on the Window's
>>> desktop, I can access the Internet.
>>>
>>> On the Fedora Core 5 server that is running K12LTSP, I tried:
>>> #echo 1 > /proc/sys/net/ipv4/ip_forward
>>> and that took care of the Windows client being able to access the
>>> Internet.
>>>
>>> I tried:
>>> #chkconfig --levels 345 transparent-proxying on
>>> and there was no change so I entered
>>> #chkconfig --levels 345 transparent-proxying off
>>>
>>> I restarted the server, for another attempt at solving this.
>>> I turned off the firewall, installed and ran squid. I made the
>>> changes discussed in
>>> http://www.redhat.com/archives/k12osn/2007-August/msg00221.html but
>>> it failed to #service squid restart. I removed the transparent
>>> value and #service squid restart worked fine.
>>>
>>> I tried
>>> #chkconfig --levels 345 transparent-proxying on
>>> again. This time it couldn't be found. I listed all the values for
>>> chkconfig and it wasn't on the list. I am not sure how I removed
>>> that item, is there a way I can get it back?
>>>
>>> Below is what the ipconfig looks like on the Window's client.
>>>
>>> E:\>ipconfig /all
>>> Windows 2000 IP Configuration
>>> Host Name . . . . . . . . . . . . : c-23
>>> Primary DNS Suffix . . . . . . . :
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : ltsp
>>> Ethernet adapter Local Area Connection 2:
>>> Connection-specific DNS Suffix . : ltsp
>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE
>>> Network Connection
>>> Physical Address. . . . . . . . . : 00-01-04-EB-12-1C
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>> Autoconfiguration Enabled . . . . : Yes
>>> IP Address. . . . . . . . . . . . : 192.168.0.218
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.0.254
>>> DHCP Server . . . . . . . . . . . : 192.168.0.254
>>> DNS Servers . . . . . . . . . . . : 192.168.0.254
>>> Lease Obtained. . . . . . . . . . : Friday, September 21,
>>> 2007 4:25:40 PM
>>> Lease Expires . . . . . . . . . . : Friday, September 21,
>>> 2007 10:25:40PM
>>>
>>> As a Windows client, I am able to ping outside of the 192.168.0.0
>>> LAN and onto the school's regular network. I believe nat is working
>>> because I can access the Internet on the Window's client.
>>>
>>>
>>> I am not sure what else to try. The transparent thing is my only
>>> guess.
>>>
>>> _________________________________________________________________
>>> Windows Live Hotmail. Even hotter than before. Get a better look
>>> now. www.newhotmail.ca?icid=WLHMENCA148
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
> _________________________________________________________________
> Get Cultured With Arts & Culture Festivals On Live Maps
> http://local.live.com/?mkt=en-ca&v=2&cid=A6D6BDB4586E357F!2010&encType=1&style=h&FORM=SERNEP
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list