[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Window Clients can't get past the Linux Server



I'm afraid I don't know how Novell logons work these days, so I can't be much more help. Do Novell logons work through NAT in other circumstances?

If it were AD I'd suspect your LTSP DNS was forwarding direct to a DNS on the internet (such as your ISP or maybe a router) that didn't have the entries for AD, but did allow name resolution for the Internet.

Setting DHCP on the LTSP server to send out the main DNS server address would help for this problem, if the test I suggested before works; but it might break other things, if your terminals use names rather than ip addresses for their logging server or other things (is DNS on your LTSP server just a caching server?). It would be better to make sure the LTSP server is forwarding to the main network's DNS server rather than (or as well as, perhaps) direct to the internet. If that doesn't fix the problem, then there is something else going on here.

If what I have suggested so far doesn't work, I'd use tcpdump or something better to sniff the traffic going in and out of the LTSP server on both interfaces, to see what gets through and what never comes back. Can the LTSP server ping the Novell login server, by ip address and by name? Can the Novell server ping the LTSP server? What iptables rules are in use on the LTSP server?

These are all ideas for further investigation - sorry I can't be more specific, I haven't touched Netware for over 15 years (and for that matter, AD for over 4 years - but that's a different story)!

jones yeates wrote:
I forgot to mention that it is a Novell 4.83 client that is trying to log onto the Windows network. I will try changing the DNS server address, as soon as I get into work on Monday.

Should I get the dhcp server on the LAN to send out the ip address for the DNS server on the school's network (10.*.*.*), instead of the 192.168.0.254?

I am a little unclear as to why the DNS server wouldn't be working for the Novell login. If the Internet is working, then wouldn't the DNS be doing its job? I believe the client goes to the ltsp server (for dns) then from there it would contact the other servers for name info.


From: Steve Jackson <sjxn bigpond net au>
Reply-To: "Support list for open source software in schools." <k12osn redhat com> To: "Support list for open source software in schools." <k12osn redhat com>
Subject: Re: [K12OSN] Window Clients can't get past the Linux Server
Date: Sun, 23 Sep 2007 08:23:11 +1000

This sounds like a DNS lookup problem to me. DNS is used to locate domain servers in Active Directory, assuming that's what you mean by "tree server" - and the same for Novell I think. To diagnose, I would hand-configure the W2K DNS server entry to be the same address as it would get if it were connected to the "main" network, and see if it now works. If it does, you need to look at where the LTSP server's DNS service is forwarding requests it can't handle to, and make it try the "main" network's DNS. If your LTSP server doesn't have a DNS service, change its DHCP config to tell the clients to use the main DNS address.

Transparent proxying only affects web traffic IIRC (and I'm not sure what's going on with squid, can't help there). The ip_forward setting must be 1. NAT must be used unless the "main" network knows how to route packets back into the "terminal & w2k" network.

Steve

jones yeates wrote:
I am using a floppy to boot onto the LTSP server. It is working fine. The clients can log in and access the Internet. =]

When the client doesn't boot from the floppy, it loads up Windows (2000). It is unable to find the "tree server" to authenticate the Windows user. However, if I say "Yes" to work on the Window's desktop, I can access the Internet.

On the Fedora Core 5 server that is running K12LTSP, I tried:
    #echo 1 >  /proc/sys/net/ipv4/ip_forward
and that took care of the Windows client being able to access the Internet.

I tried:
    #chkconfig --levels 345 transparent-proxying on
and there was no change so I entered
    #chkconfig --levels 345 transparent-proxying off

I restarted the server, for another attempt at solving this.
I turned off the firewall, installed and ran squid. I made the changes discussed in http://www.redhat.com/archives/k12osn/2007-August/msg00221.html but it failed to #service squid restart. I removed the transparent value and #service squid restart worked fine.

I tried
    #chkconfig --levels 345 transparent-proxying on
again. This time it couldn't be found. I listed all the values for chkconfig and it wasn't on the list. I am not sure how I removed that item, is there a way I can get it back?

Below is what the ipconfig looks like on the Window's client.

E:\>ipconfig /all
Windows 2000 IP Configuration
       Host Name . . . . . . . . . . . . : c-23
       Primary DNS Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ltsp
Ethernet adapter Local Area Connection 2:
       Connection-specific DNS Suffix  . : ltsp
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
       Physical Address. . . . . . . . . : 00-01-04-EB-12-1C
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IP Address. . . . . . . . . . . . : 192.168.0.218
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.254
       DHCP Server . . . . . . . . . . . : 192.168.0.254
       DNS Servers . . . . . . . . . . . : 192.168.0.254
Lease Obtained. . . . . . . . . . : Friday, September 21, 2007 4:25:40 PM Lease Expires . . . . . . . . . . : Friday, September 21, 2007 10:25:40PM

As a Windows client, I am able to ping outside of the 192.168.0.0 LAN and onto the school's regular network. I believe nat is working because I can access the Internet on the Window's client.


I am not sure what else to try. The transparent thing is my only guess.

_________________________________________________________________
Windows Live Hotmail. Even hotter than before. Get a better look now. www.newhotmail.ca?icid=WLHMENCA148

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

_________________________________________________________________
Get Cultured With Arts & Culture Festivals On Live Maps http://local.live.com/?mkt=en-ca&v=2&cid=A6D6BDB4586E357F!2010&encType=1&style=h&FORM=SERNEP

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]