Configuring and Managing MPE/iX Internet Services HP 3000 MPE/iX Computer Systems Edition 2 32650-90859 E1098 Printed in: U.S.A.
Notice The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for direct, indirect, special, incidental or consequential damages in connection with the furnishing or use of this material.
Contents 1. Introduction to Internet Services Overview of Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying Installation of Internet Services Files. . . . . . . . . . . . . . . . Using Domain Name Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sample Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4 3. Telnet Service Overview of Telnet Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying Installation of Telnet Files . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Telnet Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing the Services File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Telnet Service to inetd Configuration. . . . . . . . . . . . . . . . . . Troubleshooting Telnet .
Contents 6. REMSH Service Overview of remsh Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying Installation of remsh Files. . . . . . . . . . . . . . . . . . . . . . . . . Configuring remsh Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing the Services File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UNIX Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using remsh . . . .
Contents Initial Test With smbclient Utility . . . . . . . . . . . . . . . . . . . . . . . . . Initial Test From a PC Client at DOS Prompt . . . . . . . . . . . . . . . . Samba/iX Share level Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . Samba/iX Server Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Samba/iX Server . . . . . . . . . . . . . . . . . . . . . . . . . . . Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents E.
Contents 8
Figures Figure 7-1 . HP 3000 Interoperating With Microsoft Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87 Figure 7-2 . SMB Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Figure 7-3 . SMB NegProt Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 Figure 7-4 . SMB Sesssetup Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures 10
Tables Table 1-1. Summary of HP 3000 Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Table 1-2. Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Table 2-1. The Internet Daemon Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Table 4-1. Files for bootpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface This manual describes how to configure and operate Internet Services on the HP 3000. It is written for members of the system administration staff who have been assigned system manager (SM) or system supervisor (OP) capability and who are responsible for installing, configuring and managing system and network software. As such, it presumes a good understanding of networking concepts and familiarity with HP 3000 system operations.
Appendix C, “BIND 8.1 Enhanced Features,” describes the options and enhanced features available. Appendix D, “Server Configuration Migration,” describes configuration migration utilities. Appendix E, “Configure and Run Syslog/iX,” describes the parameters in a syslog configuration file.
Introduction to Internet Services 1 Introduction to Internet Services The HP 3000 Internet Services consist of a set of programs that help the HP 3000 computer exchange information with other nodes on the internet. The Internet Services offered on the HP 3000 are a subset of the Internet Services available on the HP 9000, which were previously called the ARPA Services.
Introduction to Internet Services Overview of Internet Services Overview of Internet Services Internet Services on the HP 3000 consist of eight individual services that enable the HP 3000 to communicate with other nodes on an internetwork. The program and configuration files needed to run Internet Services is part of the MPE/iX Fundamental Operating Software. No separate software product is necessary to use Internet Services. The services are briefly described in Table 1-1.
Introduction to Internet Services Overview of Internet Services System Requirements The Internet Services program and configuration files come with version C.55.00 or greater, of the MPE/iX Fundamental Operating Software (FOS). (The exception to this is the Telnet Client, which was made available to customers on the earlier version of MPE/iX, C.50.00.) As part of MPE/iX FOS, Internet Services can run on any Precision Architecture-RISC model of the HP 3000.
Introduction to Internet Services Overview of Internet Services : nmmaint,73 NMS Maintenance Utility 32098-20014 B.00.09 (C) Hewlett Packard Co. 1984 WED, JUL 23, 1997, 11:08 AM Data comm products build version: N.55.15 Subsystem version ID's: Internet Services for the HP3000 module versions: NM NM NM NM NM XL XL XL XL XL XL XL program file: program file: program file: program file: program file: procedure: procedure: procedure: procedure: procedure: procedure: procedure: INETD.NET.SYS BOOTPD.NET.
Introduction to Internet Services Overview of Internet Services • If there are configuration files already in use, you will add the information needed to use each of the Internet Services to those files. • If you are not already using Internet Services configuration files, you will use the sample configuration files that were installed with the FOS as templates for your own set.
Introduction to Internet Services Overview of Internet Services Table 1-2 Configuration Files Sample name MPE name space SERVSAMP.NET.SYS SERVICES.NET.SYS /etc/services The services name file, which associates an official service name and alias with the port number and protocol that a service uses. You will edit the services file for each new service you are adding to your system. The executing program uses the file named SERVICES.NET.SYS. PROTSAMP.NET.SYS PROTOCOL.NET.
Introduction to Internet Services Overview of Internet Services Sample name MPE name space HFS name space Description INCNFSMP.NET.SYS INETDCNF.NET.SYS /etc/inetd.conf The configuration file for the Internet daemon inetd, which determines which installed Internet Services are available to users. The executing program uses the file named /etc/inetd.conf. INSECSMP.NET.SYS INETDSEC.NET.SYS /usr/adm/inetd.
Introduction to Internet Services Services File Services File The services file associates an official service name and alias with the port number and protocol that a service uses. You will edit the services file for each new service that you want to add to your system. The remaining chapters in this book, which describe the configuration of individual services, will assume that you know the following information. And, of course, you can refer back to this section as needed.
Introduction to Internet Services Services File chargen ftp telnet time time domain domain bootps bootpc tftp DAServer shell 19/udp 21/tcp 23/tcp 37/tcp 37/udp 53/tcp 53/udp 67/udp 68/udp 69/udp 987/tcp 514/tcp ttytst source # timeserver timeserver nameserver nameserver # # # # # # # # # cmd Time Domain Name Service Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Transfer Protocol SQL distributed access Remote command no password used 2.
Introduction to Internet Services Protocols File Protocols File The protocols file contains a list of protocols known to the system, plus the identification number and one or more aliases for each. It is unlikely that you will need to edit the protocols file, but you may need to install and link it. Creating and Linking Protocols File You may already have a protocols file installed on your system.
Introduction to Internet Services Protocols File Other Sources of Information You may find the following books useful when you are working with Internet Services: • Unix Network Programming written by W. Richard Stevens.
Introduction to Internet Services Protocols File 26 Chapter 1
Internet Daemon 2 Internet Daemon The Internet daemon inetd is the master server (sometimes called a “superserver”) for the Internet Services. When it is running, inetd listens for connection requests for the services listed in its configuration file and, in response to such requests, starts the appropriate server. You, as system manager, determine which Internet Services are available to your users by editing the inetd configuration file.
Internet Daemon Overview of inetd Overview of inetd The Internet daemon, or inetd, is the master server that coordinates the use of individual network services on your system. It listens for connection requests from other nodes on the network who want access to a service such as tftpd or bootpd. The Internet daemon checks if the requesting node has permission to use the service, starts the appropriate server if it does and, optionally, records information about the connection request.
Internet Daemon Overview of inetd daytime Returns the current time in a format readable by people. time Returns current time in a format useful to machines, for example, the number of seconds since Jan 1, 1970. inetd Files There are four files of importance as shown in Table 2-1, for configuring and using inetd. Once you have installed or updated to version C.60.00 or later, of MPE/iX, these files are located in the NET group of the SYS account.
Internet Daemon inetd Configuration File inetd Configuration File The Internet daemon accesses the configuration data it needs by reading the file /etc/inetd.conf in the POSIX name space. When you install or update to version C.60.00 of MPE/iX, you receive a sample configuration file that you can use as a template for your own inetd configuration file if you don’t already have one.
Internet Daemon inetd Configuration File Adding New Services to inetd Configuration There are two steps required to add a new service to the suite of Internet Services offered on your system. First you enter a line of information for the specific service to the inetd configuration file. Then you have inetd reread its configuration file, which is sometimes called reconfiguring the Internet daemon.
Internet Daemon inetd Configuration File For more information on FTP, refer to Installing and Managing HP ARPA File Transfer Protocol Network Manager’s Guide or HP ARPA File Transfer Protocol User’s Guide. NOTE 3. Save the file and exit the editor program. 4. Signal inetd to reread the configuration file by entering the following command at the CI prompt: INETD.NET.
Internet Daemon inetd Configuration File wait state One of two states, wait or nowait, that applies only to datagram sockets. The wait entry instructs inetd to execute only one datagram server for the specified socket at any one time. This is a single-threaded datagram server. The nowait entry instructs inetd to execute a datagram server for a specified socket whenever a datagram arrives, which frees the socket so that inetd can receive further datagrams. This is a multi-threaded datagram server.
Internet Daemon inetd Security File inetd Security File There is an optional security file associated with inetd that allows you to control which nodes have access to the Internet Services available on your system. The inetd security file will prevent inetd from starting a service unless the node making the request has permission to do so. Individual entries in the inetd security file determine which nodes are allowed or disallowed for a particular service.
Internet Daemon inetd Security File Updating inetd Security File Each line in the inetd security file contains a service name, a permission field, and the IP addresses or domain names of the hosts and networks allowed to use that service on your host system. You can open the file to view the current security restraints or to change them. To do so: 1. Open the security file with an MPE text editor.
Internet Daemon inetd Security File • Separate the IP addresses and domain names by a white space. You may enter any mix of addresses and names. For example, the following entry denies Telnet access to host hp22.cup.hp.com, any hosts on the network named “testlan,” and the host with IP address 192.54.24.5: telnet deny hp22.cup.hp.com testlan 192.54.24.5 • To continue an entry on the next line, place a slash (/) at the end of the line to be continued.
Internet Daemon Starting and Stopping inetd Starting and Stopping inetd On the HP 3000, the instructions for starting the Internet daemon are contained in the job file JINETD.NET.SYS. When you stream JINETD, it invokes the daemon and reads the inetd configuration file to determine what services have been configured, and listens for connection requests for those services. Any messages relating to inetd are sent either to the console or to $STDLIST for JINETD, which is a spool file.
Internet Daemon Starting and Stopping inetd Passwords on JINETD When you stream the job file JINETD.NET.SYS, it logs on as MANAGER.SYS. As part of the installation of inetd, you must take care of any password requirements for this job. Two of the ways that you can do this include: • Add the MANAGER.SYS passwords directly to the job file, then alter the file security afterwards so that only MANAGER.SYS can read it. For example: :ALTSEC JINETD.NET.
Internet Daemon Starting and Stopping inetd You will see a display of job information similar to the following: JOBNUM STATE IPRI JIN #J6546 #J6539 #J6540 EXEC EXEC EXEC JLIST 10S LP 10S PP 10S LP INTRODUCED JOB NAME THU 12:42A THU 12:32A THU 12:41A TRNSPOOL,MGR.NSD SPOOLJ,UNISPOOL.SYS JINETD.NET.
Internet Daemon Using inetd Message Logging Using inetd Message Logging There are two kinds of message logging that you, as System Manager, can use to monitor and manage Internet Services on your system. The first type is event logging, which is always enabled. It records informational messages, error messages and warnings about the Internet Services. The second type is connection logging, which you can enable and disable. It records successful and failed connection attempts and its own status (on or off).
Internet Daemon Using inetd Message Logging Enable and Disable Connection Logging The same command turns connection logging on or off, depending upon its current state. So, for example, if message logging is currently disabled, enter the following command at the CI prompt to turn it on: :INETD.NET.SYS -1’’ Or, from the POSIX shell, enter the following command: $/etc/inetd -1 If message logging is enabled, use either the CI or POSIX command shown above to turn it off.
Internet Daemon Troubleshooting inetd Troubleshooting inetd This section explains the kinds of error messages you may see regarding the operation of inetd. The messages will appear either on the console or they will be sent to the $STDLIST for inetd or both, depending upon the message’s level of importance. Message Explanation An inetd is already running You attempted to start inetd when one is already running.
Internet Daemon Troubleshooting inetd Message Explanation /etc/inetd.cnf: Unusable configuration file The Internet daemon cannot access its configuration. The error message preceding this one specifies the reason for the failure. /etc/inetd.conf: line number: nnn error There is an error on the line specified by nnn in the inetd configuration file. The Internet daemon skips this line, continues reading the rest of the file, and configures itself accordingly.
Internet Daemon Troubleshooting inetd Message Explanation service/protocol: Server failing (looping), service terminated. When inetd tries to start 40 servers within 60 seconds for a datagram service, it assumes that the server is failing to handle the connection. To avoid entering a potentially infinite loop, inetd issues this message, discards the packet requesting the socket connection, and refuses further connections for this service.
Internet Daemon Troubleshooting inetd Message Explanation /usr/adm/inetd.sec: Field contains other characters in addition to * for service The wildcard character (*) is used in combination with additional integer(s) in one part of an address field, which is not allowed. For example, the Internet address 10.5*.8.7 entered in the inetd security file will generate an error message because the second field includes a 5 followed by the * character.
Internet Daemon Implementation Differences Implementation Differences The implementation of inetd on the HP 3000 differs from inetd on the HP 9000 in the following ways: • On the HP 3000, you normally run inetd as a job. • On the HP 3000, there is no syslogd server. Instead, all error and informational messages about inetd are automatically written to $STDLIST for inetd. When you run inetd as a job, messages are sent to the job’s output spool file.
Telnet Service 3 Telnet Service With the release of version C.55.00 of MPE/iX, Telnet server functionality is available to HP 3000 customers. The Telnet server allows users on a remote system that supports the TCP/IP and Telnet protocols to log on and run applications on the HP 3000. The Telnet client, which was first made available on version C.50.00 of MPE/iX, gives users on an HP 3000 direct access to other systems that support Telnet and TCP/IP.
Telnet Service Overview of Telnet Service Overview of Telnet Service Telnet service consists of a Telnet client and a Telnet server. The Telnet server uses the standard virtual terminal protocol, originally developed by the Advanced Research Projects Agency (ARPA) to allow users on a remote node that supports the Telnet and TCP/IP protocols to log on and run applications on the host HP 3000.
Telnet Service Verifying Installation of Telnet Files Verifying Installation of Telnet Files If you have installed or updated to version C.60.00 of MPE/iX, use the following steps to verify that the Telnet software exists on your system: 1. If necessary, log on the system as MANAGER.SYS. 2. Run NMMAINT to verify that you have successfully installed the Telnet files. :NMMAINT,72 You will see information similar to the following. NMS Maintenance Utility 32098-20014 B.00.09 (C) Hewlett Packard Co.
Telnet Service Configuring Telnet Server Configuring Telnet Server To configure Telnet, you will edit two files: the services file, which lists the individual services that comprise the suite of Internet Services, and the inetd configuration file, which informs the Internet daemon about running Telnet on this system. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use.
Telnet Service Configuring Telnet Server 5. Signal inetd to reread the configuration file by entering the following command at the CI prompt: :INETD.NET.SYS -c Or you may enter this command from the POSIX shell: $/etc/inetd -c 6. If you have added the Telnet server to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the Telnet server. To do so, stream the job JINETD.NET.SYS from the CI prompt. :STREAM JINETD.NET.
Telnet Service Troubleshooting Telnet Troubleshooting Telnet This section explains the kinds of errors that may arise regarding the operation of Telnet. The Telnet client user will, in all but one case, be alerted about the problem directly; an error message will appear on the client's terminal. You, as system manager of the host system may receive phone calls from client asking you to investigate the problem. Problem Explanation Unknown service This message will be written to $STDLIST for JINETD.NET.
Telnet Service Troubleshooting Telnet Problem Explanation The Telnet client cannot logon to a host The Telnet client successfully established a connection to the host, but could not logon. The user may call you, as host system manager, to verify that the logon account and passwords are correct and to see if the system limits are set such that new Telnet sessions are prohibited.
Telnet Service Implementation Differences Implementation Differences The implementation of Telnet on the HP 3000 does not use a separate telnetd server file similar to the tftpd or bootpd server. Instead, Telnet server functionality is provided by code that resides in NL.PUB.SYS on version C.60.00 of MPE/iX. As a result, the last column of the Telnet entry in the inetd configuration file is the word “internal.” For example: telnet stream tcp nowait MANAGER.
BOOTP Service 4 BOOTP Service The Internet Boot Protocol daemon, or bootpd, is used to boot LAN devices such as routers, printers, X-terminals, and diskless workstations. Nodes on the network use bootpd to get configuration information such as an IP address and a subnet mask and automatically boot the device. This chapter describes: • How to configure bootpd. • How to start bootpd once it has been configured. • Implementation differences between bootpd for MPE/iX and bootpd for HP-UX.
BOOTP Service Overview of bootpd Overview of bootpd The Bootstrap Protocol BOOTP allows a client system to get boot information such as its own IP address, the address of a BOOTP server, and the name of the file it needs to load into its memory and execute to boot the printer. The bootstrap operation happens in two phases. In the first phase, the BOOTP daemon bootpd determines the address of a BOOTP server and selects a boot file.
BOOTP Service Configuring bootpd Configuring bootpd To configure bootpd, you will edit three files: the services file, which lists the individual services that comprise the suite of Internet Services, the inetd configuration file, which informs the Internet daemon about running bootpd on this host, and the bootpd configuration file, which contains client and relay information. These tasks are explained in the following sections.
BOOTP Service Configuring bootpd 4. Save the file and exit the editor program. 5. Signal inetd to reread the configuration file by entering the following command at the CI prompt: :INETD.NET.SYS -c Or you may enter this command from the POSIX shell: $/etc/inetd -c 6. If you have added bootpd to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the BOOTP server. To do so, stream the job JINETD.NET.SYS from the CI prompt. :STREAM JINETD.NET.
BOOTP Service The bootpd Configuration File The bootpd Configuration File When bootpd is started, it reads a configuration file to find out information about clients and relays, then listens for boot request packets. By default, bootpd uses the configuration file /etc/bootptab, but you may specify another configuration file.
BOOTP Service The bootpd Configuration File Adding Client and Relay Data to bootpd Configuration File To allow a client to boot from your local system or to allow a boot request to be relayed to the appropriate boot server, you must add information about the client to the bootpd configuration file. This file contains client entries and relay entries. Client entries provide the information necessary to allow clients to boot from your system.
BOOTP Service The bootpd Configuration File • Maximum number of hops that the client’s boot request can be forwarded Syntax of bootpd Configuration Entries An entry in the bootpd configuration file consists of a single line with the following format: hostname:tag=value tag=value tag=value The hostname is the actual name of a BOOTP client and the tag is a two-character case-sensitive symbol. Most tags are followed by an equal sign and a value, as shown above, though some tags do not require a value.
BOOTP Service The bootpd Configuration File Tag Description ba or ba=address Tells bootpd to broadcast the boot reply to the client. If you specify no value for ba, bootpd sends the boot reply on the configured broadcast address of each network interface on the server’s system. If you specify an IP-address for its value, bootpd sends the boot reply to a specific IP or broadcast address. Use the ba tag only for diagnostic purposes, for example when debugging boot replies with BOOTPQRY.
BOOTP Service The bootpd Configuration File Tag Description Tnnn=generic-data A generic tag where nnn is an RFC1048 vendor field tag number. This allows bootpd to immediately take advantage of future extensions to RFC1048. The generic-data data can be represented as either a stream of hexadecimal numbers or as a quoted string of ASCII characters. The length of the generic data is automatically determined and inserted into the proper fields of the RFC1048-style boot reply.
BOOTP Service The bootpd Configuration File • Blank lines and lines that begin with the pound sign (#) are ignored. A relay entry can contain relay parameters for an individual system or for a group of systems. If a BOOTP client does not have an individual entry in the bootpd configuration file, bootpd searches the group relay entries and uses the first group relay entry that matches the BOOTP client. Sample bootpd Configuration Files The two following examples show sample bootpd configuration files.
BOOTP Service Starting bootpd Starting bootpd To successfully start bootpd, you must have a current and correct configuration file for it. The default file is /etc/bootptab but you may use an alternate configuration file by specifying its POSIX file name on the command line. Without this configuration file, bootpd will not be able to service BOOTP requests. You can run bootpd under the Internet daemon only. You may not run it as a standalone server.
BOOTP Service Troubleshooting bootpd Troubleshooting bootpd The BOOTPQRY program is a diagnostic tool used to check the configuration of bootpd. It uses the supplied parameters to construct a boot request to send to a BOOTP server. It prints the contents of the boot reply, including the client’s Internet address, the name of a boot file, and the name and address of the server that sent the reply. BOOTPQRY formats and prints RFC1048 or CMU-style vendor information included in the reply.
BOOTP Service Troubleshooting bootpd -i The Internet address of the BOOTP client to use in the boot request. If the BOOTP client doesn’t know its IP address, the BOOTP server supplies it in the bootreply. Otherwise, the server returns the bootreply directly to ipaddr. -s The name of the BOOTP server to which the boot request should be sent directly. When the BOOTP server is known, the boot request is not broadcast. -v Request vendor information for .
BOOTP Service Implementation Differences Implementation Differences The implementation of bootpd on the HP 3000 differs from bootpd on the HP 9000 in following ways: • The BOOTP entry in the inetd configuration file must have an MPE/iX compatible user name. Hewlett-Packard recommends that you use MANAGER.SYS. • You cannot run bootpd as a standalone server. It can only be run by the Internet daemon.
TFTP Service 5 TFTP Service The Trivial File Transfer Protocol (TFTP) is a basic communications protocol used to transmit files between nodes on a network. It is implemented on top of the Internet User Datagram Protocol (UDP), so it can be used across networks that support UDP. On the HP 3000, the TFTP daemon tftpd transfers boot files to or from the host HP 3000 to remote nodes on the network. This permits a network device to get the information it needs to start itself.
TFTP Service Overview of tftpd Overview of tftpd TFTP is a simplified version of the File Transfer Protocol (FTP). The primary function of the TFTP daemon tftpd is to support the Bootstrap Protocol BOOTP, which allows network devices to get the information they need to boot, or start, themselves. Network devices commonly use TFTP to transmit boot files because TFTP is simple enough to be implemented in ROM.
TFTP Service Configuring tftpd Configuring tftpd To configure tftpd, you will edit two files: the services file, which lists the individual services that comprise the suite of Internet Services, and the inetd configuration file, which informs the Internet daemon about running tftpd on this system. These tasks are explained in the next sections. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use.
TFTP Service Configuring tftpd There are two options in the tftpd entry, [user] and [path], which are explained in the next two sections. For more detailed information about editing the configuration file, read Chapter 2, “Internet Daemon.” Specifying the TFTP User The Internet daemon runs tftpd as the user specified in the [user] parameter of its entry in the inetd configuration file. For example, this entry instructs inetd to run the TFTP server as USER.TFTP: tftp dgram udp wait USER.
TFTP Service Configuring tftpd Specifying a Search Path As an option, you can use the [path…] parameter in the inetd configuration file entry to specify the list of files or directories that are available to TFTP clients. For example, if you would like to have the /tmp and /bin directories available to TFTP clients in addition to the home group of the TFTP user, edit the line to look like this: tftp dgram udp wait USER.
TFTP Service Starting tftpd Starting tftpd The TFTP daemon runs under the Internet daemon. If you have just added tftpd to the inetd configuration, you must reconfigure inetd to begin using TFTP. To reconfigure inetd, enter the following command at the CI prompt: :INETD.NET.SYS -c Or, from the POSIX shell, enter this command: $/etc/inetd -c If you have added tftpd to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the TFTP server.
TFTP Service Troubleshooting tftpd Troubleshooting tftpd The following error messages may be generated by TFTP and logged with the syslog facility, if it is enabled. Message Explanation Unknown option ignored An invalid option was specified in the tftpd arguments. Remove or correct the arguments and restart tftpd. Invalid total time-out The value given for the -T option was either not a number or was a negative number. Correct the value and restart tftpd.
TFTP Service Implementation Differences Implementation Differences The implementation of tftpd on the HP 3000 differs from tftpd on the HP 9000 in three ways: • On HP-UX, tftpd is usually run as root. On MPE/iX, it is usually run as USER.TFTP. • On HP-UX, tftpd checks if the user tftp can write to or read the file. On MPE, tftpd checks if the user specified in its configuration file can write to or read the file. If you configure tftpd as recommended in this chapter, USER.
REMSH Service 6 REMSH Service The remote shell, or remsh, service is used to connect to a specified host and execute a command on that remote host. The remote shell or remsh is available with version C.60.00 of the MPE/iX operating system. This chapter describes: • How to configure the services file to allow remsh to run. • How to verify that remsh is available on the system. • How to run remsh • Implementation differences between remsh on MPE/iX and remsh for HP-UX.
REMSH Service Overview of remsh Service Overview of remsh Service The remote shell remsh, is the same service as rsh on BSD UNIX systems. The name was changed due to a conflict with the existing command rsh (restricted shell) on System V UNIX systems. Use remsh to connect to the remote system and execute a command on that remote system. Output from the remote command is sent to standard output for remsh, so the user can see the results of the command.
REMSH Service Configuring remsh Client Configuring remsh Client There is only one file on the MPE/iX system that you will need to change in order to allow use of the remsh client. That is the file SERVICES.NET.SYS. However, there are some files that will need to be configured on the remote UNIX systems. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use. To enable remsh, you must edit the services file.
REMSH Service Configuring remsh Client This will cause the remsh daemon on the UNIX host to allow a connection from MANAGER.SYS on jhereg to the cawti user on the host “taltos.” The .rhosts file for user cawti would contain an entry for every host and userid that you desired to access the “taltos” host as if they were the user cawti. NOTE The MPE/iX equivalent of the UNIX user id is the User.Account. An artifact of the MPE/iX implementation is that the MPE/iX information is usually reported in upper case.
REMSH Service Using remsh Using remsh The remsh service is accessed by running the REMSH.NET.SYS program. You may do so under the MPE/iX CI or under the POSIX shell. While the format of the commands will differ depending on how you run the program, the parameter list remains the same. For the purposes of explaining the parameters, look at a sample invocation from the POSIX shell. Detailed examples of both the POSIX shell and MPE/iX invocations will follow later.
REMSH Service Using remsh MPE/iX Examples To run remsh from MPE/iX prompt, type: run remsh.net.sys;info="remotehost -l remoteuser remotecommand" jhereg(PUB): run remsh.net.
REMSH Service Troubleshooting remsh Troubleshooting remsh remsh MPE/iX/X version won’t support rlogin or rexec functionality usage: remsh host -l login -n command Be sure to provide a command to execute. remshd Login incorrect. Probably invalid entry in remote .rhosts file. Be sure host name and user id are correct. User ID must be in uppercase. Be sure you provided a -l userid parameter or that the remote system has a userid that matches your MPE/iX logon.
REMSH Service Implementation Differences Implementation Differences The full remote shell service typically consists of two parts (the remsh client which allows a user on this machine to access remote hosts and the remshd server which allows remsh clients on other hosts to access the local host). Only the remsh client functionality has been implemented on the MPE/iX system. The UNIX version of the remsh client has an optional -n parameter that tells the client to not read from STDIN.
7 Samba/iX Services Samba/iX is a suite of programs which work together to allow clients to access a server’s file space and printers via the Server Message Block (SMB) file server. Samba/iX runs on MPE/iX shell operating system starting in the MPE/iX 6.0 release. It allows the MPE/iX shell operating system to act as a file and printer server for SMB clients, which are, primarily, Windows for Workgroups, Windows 95, Windows NT, and other clients.
Samba/iX Services Overview of Samba/iX Overview of Samba/iX Samba/iX is a suite of programs which allow an HP 3000 running MPE/iX operating system to provide service using a Microsoft networking protocol called Server Message Block (SMB).
Samba/iX Services Overview of Samba/iX A general UNIX program that is part of the Samba suite has also been ported to MPE/iX shell operating system. This program allows MPE users to use an FTP-like interface to access filespace and printers on any other SMB (Server Message Block) servers. This capability enables these operating systems to act like a LAN server or Windows NT server. See Figure 7-1 for HP 3000 interoperating with the Microsoft platforms.
Samba/iX Services Overview of Samba/iX • Samba/iX provides seamless interoperability between common desktop operating systems, popular PC applications, and HP 3000 through Microsoft network. Major Components of Samba/iX Table 7-1 shows the major components of the Samba/iX suite. Table 7-1 Major Components SMBD The SMB server handles connections from clients, performing all the file, permission, and username authentication.
Samba/iX Services Overview of Samba/iX This program simply listens for such requests, and if its own name is specified, it will respond with the IP address of the host on which it is running. Its “own name” is by default the name of the host on which it is running. • SMBCLIENT: The SMBCLIENT is a client that can “talk” to an SMB server. When this program is run on the HP 3000, it will be acting as a client. It is a command line program and offers an interface similar to that of the FTP program.
Samba/iX Services Overview of Samba/iX Figure 7-2 SMB Protocol Applications SMB NetBIOS on TCP/IP NetBeui NetBIOS API NetBIOS on IPX PPP, 802.x Token Ring, Ethernet, Serial The SMB messages can be categorized into four types of messages: session control, file, printer, and message. Session control messages start, authenticate, and terminate sessions. File command controls file access and printer command controls printer access.
Samba/iX Services Overview of Samba/iX Figure 7-3 SMB NegProt Connection NegProt command Client NegProt response Server Once a protocol has been established, the client can proceed to logon to the server. Client now sends a SMB Session Setup command (SesssetupX), see Figure 7-4. The response indicates whether the username password pair is valid, and if so, can provide additional information.
Samba/iX Services Overview of Samba/iX After connecting to a tree, the client can now open a file with an open SMB, followed by reading it with read SMBs, writing it with write SMBs, and closing it with close SMBs.
Samba/iX Services Samba/iX Configuration File Options Samba/iX Configuration File Options The Samba/iX configuration file contains the runtime configuration information for Samba/iX. This file contains the sections and parameters. There are four special sections: the [global] section, the [printers] section, [homes] section and other sections. This file also contains the information required for each share (service) and defines attributes like associated directory path, read or write access for each share.
Samba/iX Services Samba/iX Configuration File Options • Mapping PC usernames to MPE usernames • Setting the maximum SMB packet size • Disconnecting idle clients • Setting logging behaviors • Login/logout commands • Global printer service option Configuration File Option config file The config file parameter allows you to specify the pathname for the configuration file used by Samba/iX. Example: config file = /usr/local/samba/lib/smb.
Samba/iX Services Samba/iX Configuration File Options The syntax of the username map file is simple. Each line consists of a MPE style name like manager.sys and a list of possible PC style username like webuser, separated by an equal sign. A sample username map in the user.map file is defined as follows. Example: manager.
Samba/iX Services Samba/iX Configuration File Options Default: 5000 (in kilobytes) log file The log file parameter allows you to specify the pathname of log file used by SMBD and NMBD processes. Example: log file = /usr/local/samba/var/log.smb debug level The debug level parameter allows the debug logging level to be specified in the Samba/iX configuration file. This option defines the level of trace messages that you want to log into the logfile. The typical range of the debug level can be from 0 to 5.
Samba/iX Services Samba/iX Configuration File Options load printers The load printers parameter is used in conjunction with printcap file and [printers] section. It is a boolean variable that controls whether all printers in the “printcap” file will be loaded for browsing. If the load printers parameter is set to true, all printers defined in the printcap file will be loaded for browsing by default.
Samba/iX Services Samba/iX Configuration File Options Example: allow hosts = 192.1.2.3 Default: none valid users Default: none invalid users If neither of these parameters are set, then any authenticated user will be granted access to the service. The valid users parameter may contain a comma-delimited list of users who will be allowed to access the service. The invalid users parameter may contain a similar comma-delimited list of users who will never be granted access to the service.
Samba/iX Services Samba/iX Configuration File Options Example: path = /usr/local/samba/docs For printer services, this parameter describes the directory used to temporarily spool files sent from clients for printing before they are spooled to the local HP 3000 printer. Example: path = /usr/local/samba/spool Browser Option browseable This parameter controls whether this share is seen in the list of available shares in the browse list.
Samba/iX Services Samba/iX Configuration File Options Default: guest only = no create mode The “create mode” is used to define the permission used by share services. This option sets an octal value representing the file permissions available to a file created by Samba/iX. Example: create mode = 0744 The value of 0744 causes the group and other write and execute bit to be removed from a file created by Samba.
Samba/iX Services Samba/iX Configuration File Options guest ok = no write ok = yes path = /sample/test 3. Add a username mapping in “user.map” file. For example: mgr.sample = pcusername 4. When you connect a share from a PC, the password format that you enter from a PC should be userpassword, acctpassword. NOTE For accessing share/user security modes, both SAMBA account and MGR.SAMBA user should have PM capabilities.
Samba/iX Services Samba/iX Configuration File Options guest ok = yes guest only = yes # the “staging” directory for print requests path = /user/local/samba/spool # The rawlp utility sends file contents to spooler like “lp -oraw” print command = /usr/local/samba/lib/rawlp %s %p; rm %s NOTE For the current version of Samba/iX, the printer sharing only works for guest users. The current configuration option for printer sharing needs to set “guest ok” and “guest only”. Add a printer, as shown in Figure 7-6.
Samba/iX Services Samba/iX Configuration File Options The menu tool includes a “map network drive” which brings up the small windows shown in Figure 7-7. You connect a network driver by typing in a share name with \\servername\sharename syntax in the “path” box. Figure 7-7 Connect to the HP 3000 Shares You can view the contents of the share from NT explorer, as shown in Figure 7-8.
Samba/iX Services Samba/iX Configuration File Options Figure 7-8 View the HP 3000 Share 104 Chapter 7
Samba/iX Services Starting and Stopping Samba/iX Starting and Stopping Samba/iX This section covers the steps to start or stop Samba/iX. Starting Samba/iX Before you start to run Samba/iX server or client components, you should have set up the TCP/IP networking on your HP 3000 system as well as your PC. On the HP 3000 system side, you should have a proper IP address and subnet mask configured in NMMGR as well as NETCONTROL START successfully executed.
Samba/iX Services Starting and Stopping Samba/iX NETWORK SUBNET MASK: $0FF000000 255.0.0.0 Add PM Capability To access share security modes, both samba and mgr.samba user accounts should have PM capabilities. 1. Logon as manager.sys 2. Add PM capability to samba account 3. Add PM capability to mgr.samba user Starting SMBD and NMBD Listener Jobs 1. Logon as mgr.samba 2. Copy the sample configuration file samp-smb.conf, samp-printcap and samp-user.map to smb.conf, printcap and user.map.
Samba/iX Services Starting and Stopping Samba/iX 3. Copy INCNFSMP.NET.SYS file to INETDCNF.NET.SYS if INETDCNF.NET.SYS doesn’t exist, the following two entries should exist in file INETDCNF.NET.SYS: nmbp dgram udp wait MGR.SAMBA /SYS/SAMBA/NMBD nmbd smbp stream tcp nowait MGR.SAMBA /SYS/SAMBA/SMBD smbd 4. Use the following two commands to create symbolic links to make SERVICES.NET.SYS link to /etc/services and INETDCNF.NET.SYS links to /etc/inetd.
Samba/iX Services Starting and Stopping Samba/iX : sh.hpbin.sys shell/iX> cd bin shell/iX> smbclient -L This command should display a list of available shares (services) that matches your configuration file. If NMBD is running, a list of workgroups and related computers that NMBD could find on your network/subnet will be displayed, see Figure 7-9.
Samba/iX Services Starting and Stopping Samba/iX Figure 7-10 smbclient for MPE/iX (2) NOTE All smbclient examples used the -c option to specify the command on the command line. The smbclient program has an interactive mode which looks like FTP. Due to limitations of the select() system call on MPE/iX, the interactive mode does not yet work properly.
Samba/iX Services Starting and Stopping Samba/iX Figure 7-11 Display Available Shares From a PC Client If you want to display a list of available shares on the Samba/iX server named “HP 3000; enter the following command at the DOS prompt: Example: C:\> net view \\hp3000 C:\>net use x:\\servername\servicename This command will connect to a network drive X by entering the sharename \\servername\servicename.
Samba/iX Services Samba/iX Share level Security Mode Samba/iX Share level Security Mode The process of user authentication depends whether Samba/iX is running in share level or user level. The “security” parameter in the configuration file is used to specify the share level or user level authentication. If the “security” parameter is set to share, Samba/iX will tell clients it is granting access under share mode security.
Samba/iX Services Samba/iX Server Security Mode Samba/iX Server Security Mode Samba/iX server mode security is just one of the security policies of user level authentication. This mode of security is one of the types in processing user authentication. After the user is validated, access rights are enforced for the user: To make Samba/iX operate in server security mode: • Add security = server in the [global] section for smb.conf specifying security = server in smb.conf, the server security mode is on.
Samba/iX Services Samba/iX Server Security Mode This means even if you have the same password on the NT box and the Samba/iX server you will get prompted for a password. Entering the correct password will get you connected.
Samba/iX Services Troubleshooting Samba/iX Server Troubleshooting Samba/iX Server This section covers a list of tests you can perform to validate or diagnose your Samba/iX server. If it passes all these tests, then it is probably working fine. Prerequisites In all of the tests it is assumed you have a Samba/iX server 1.19.16p9 or later running on your HP 3000. It is also assumed that the PC is running Windows for Workgroups, Windows 95 or Windows NT with a recent copy of the Microsoft TCP/IP stack.
Samba/iX Services Troubleshooting Samba/iX Server Run the command “smbclient -L SAMBAIXSERVER” on the HP 3000 system. You should get a list of available shares back. If you get a “connection refused” response, then the SMBD server could not be running. If you get a “session request failed” then the server refused the connection to SMBD. Check your config file (smb.conf) for syntax errors with “testparm” as well as the various directories where Samba/iX keeps its log and lock files.
Samba/iX Services Troubleshooting Samba/iX Server If your PC, and server aren’t on the same subnet, then you will need to use the -B option to set the broadcast address to that of the PC’s subnet. This test will probably fail if your subnet mask and broadcast address are not correct. (Refer to TEST 3 notes). TEST 7: On the PC, type the command “net view \\SAMBAIXSERVER”. You will need to do this from within a “DOS prompt” window. You should get a list of available shares on the server.
Samba/iX Services Troubleshooting Samba/iX Server Some other tests, along with the ones mentioned previously, might be useful. These tests can be done to check the behavior of the Samba/iX server with these security policies: 1. Configure Samba/iX in User security mode: • map a PC username to a valid MPE/iX username.
Samba/iX Services Troubleshooting Samba/iX Server NOTE Before using the logging feature of Samba/iX, make sure you check the Electronic Support Center (ESC) for information on any possible Samba/iX problems. (use of the HP Electronic Support Center is governed by the HP Electronic Support Center Terms and Conditions.) URL: http://us-support.external.hp.
8 DNS BIND/iX BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS). It consists of a network of servers which provide a distributed database, including names and addresses of host machines. This information is accessible to client hosts which are running resolver software. This enables them to send queries to and receive replies from the servers. The resolver software runs on MPE/iX versions preceding 6.
DNS BIND/iX Introduction Introduction This section of the Configuring and Managing MPE/iX Internet Services manual assumes that the reader has prior experience with DNS BIND as implemented on other operating systems, or has familiarity with the concepts involved. There are a number of good textbooks available on this subject to which the reader is recommended — the following is a brief overview of a sophisticated system. The Domain Name System is a distributed and structured directory of information.
DNS BIND/iX Introduction DNS BIND/iX on MPE/iX 6.0 is an implementation of BIND version 8.1.1, which has introduced many new features since the more commonly used version 4.9.4, (with which the majority of experienced DNS users will be familiar). This is the latest version of BIND, 8.1.1.
DNS BIND/iX Explanation of Terms Explanation of Terms BIND, which stands for Berkeley Internet Name Domain, is the most commonly used implementation of DNS. DNS is essentially a distributed data base, with control of the different elements of the data base maintained by individuals responsible for the domain served by that DNS server.
DNS BIND/iX Explanation of Terms It is also common, in fact recommended, for a DNS Server to have at least one “backup”, another machine that will respond to queries when the main server is down. The main server is knows as the “master” and the backup as the “slave”. In previous versions of BIND, they were known as “primary” and “secondary”. The rest of this section concerns itself with only “leaf ” DNS servers, that is. servers that only serve hosts. These servers have no domains under it, only hosts.
DNS BIND/iX Overview of DNS BIND/iX Overview of DNS BIND/iX In this implementation of BIND 8.1.1, the configuration and data files for the DNS server are found under the /BIND/PUB directory of the POSIX name space, though the DNS server is started by running a job from the MPE/iX name space — JNAMED.PUB.BIND which runs program NAMED.PUB.BIND.
DNS BIND/iX DNS BIND/iX Component Files DNS BIND/iX Component Files The major files for the implementation of DNS BIND/iX are found in PUB.BIND and NET.SYS in the MPE/iX name space, and under directories /BIND/PUB and /etc in the POSIX name space. JNAMED.PUB.BIN The job which runs the DNS server. NAMED.PUB.BIND The DNS server program. RESLVCNF.NET.SYS The DNS client (resolver) configuration file. Linked to /etc/resolv.conf. /etc/resolv.conf The DNS client (resolver) configuration file. Linked to RESLVCNF.
DNS BIND/iX DNS BIND/iX Component Files /BIND/PUB/bin/ nsupdate Zone transfer program — called internally by nameservers to transfer zone information from primary to secondary servers /BIND/PUB/ public_html Linked to sub-directory /BIND/PUB/doc-8.1.1/html In addition, there are the following directories included with this product: /BIND/PUB/ include Include code files.
DNS BIND/iX Server Configuration File named.conf Server Configuration File named.conf The configuration file, named.conf, has a completely new syntax. The configuration file in BIND 4.x was called named.boot. The utility “named-bootconf.pl”, written in Perl, available with the package, can be used to convert 4.x (8.1.1) configuration files. The complete path of this file in the installation is /BIND/PUB/bin/named-bootconf.pl.
DNS BIND/iX Server Configuration File named.conf // Defines the root. From ftp://rs/internic.net/domain/named.root. zone “.” { type master; file “zone.hint” }; // // // DNS optimiation tricks for “special” addresses. You will need to edit all of these files to specify the hostname of your own nameserver and the e-mail address of the DNS maintainer. zone “0.0.127.in-addr.arpa” { type master; file “zone.127.0.0”; }; zone “0.in-addr.arpa” { type master; file “zone.bogus.0”; }; zone “255.in-addr.
DNS BIND/iX Server Configuration File named.conf Configuring Slave Zones A sample configuration unit for a slave zone is shown here: zone “41.10.15.IN-ADDR.ARPA” { type slave; file “zone.15.10.41”; masters { 15.70.188.45; }; }; The IP address of the server that is primary for that domain is specified in the masters { } section of the configuration. There could be more than one master for a given zone.
DNS BIND/iX Data Files Data Files The files that the primary nameservers load their zone data from are called data files or zone files. They are also referred to as db files, short for database files. The data files contain resource records that describe the zone. The resource records describe all the hosts in the zone. Root Cache Data (Hint File) Besides your local information, the nameserver also needs to know where the nameservers for the root domain are.
DNS BIND/iX Data Files messdos messdos pentium solaris solaris maxx4 maxx5 maxx5 maxx6 maxx6 IN IN IN IN IN IN IN IN IN IN A MX 10 CNAME A MX 10 CNAME A MX 10 A MX 10 204.251.17.243 messdos.maxx.net. messdos.maxx.net. 204.251.17.244 solaris.maxx.net. solaris.maxx.net. 204.251.17.245 maxx5.maxx.net. 204.251.17.246 maxx6.maxx.net. Most database file entries are known as DNS resource records.
DNS BIND/iX Data Files The remaining four fields specify various time intervals (all values in seconds) used by the secondary name server: Refresh The time interval that must elapse between each poll of the primary by the secondary name server (here 36,000 seconds or 10 hours). If the “serial number” has been updated on the primary, the secondary assumes its data is stale and requests updated information as a “zone transfer.
DNS BIND/iX Data Files The CNAME records create aliases for existing hosts. These examples illustrate a few common uses: www IN CNAME maxx.maxx.net. ftp IN CNAME maxx.maxx.net. You can give a host any alias you like, and as many aliases as you want. The host needn’t answer to that name, that is, the alias doesn’t need to be the host’s true name as reported by hostname or uname. The other vital type of record is MX.
DNS BIND/iX Data Files Each entry will indicate the IP address in reverse order, then the host name. For example, for host littledog.maxx.net, whose IP address is 204.251.17.249, in the zone.ADDR file it’s PTR entry would look like: 249.17.251.204. IN PTR littledog.maxx.net. Why is it backwards? Recall that DNS does its parsing from right to left, from most inclusive to most specific. For IP addresses, it needs to parse in the same direction.
DNS BIND/iX Data Files ; Root servers by address A.ROOT-SERVERS.NET B.ROOT-SERVERS.NET C.ROOT-SERVERS.NET D.ROOT-SERVERS.NET E.ROOT-SERVERS.NET F.ROOT-SERVERS.NET G.ROOT-SERVERS.NET H.ROOT-SERVERS.NET I.ROOT-SERVERS.NET 99999999 99999999 99999999 99999999 99999999 99999999 99999999 99999999 99999999 IN IN IN IN IN IN IN IN IN A A A A A A A A A 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 Here, the dot (.
DNS BIND/iX Data Files You can check the resource records information about name server: > set type=ns > mpeworld Name Server: mpeworld.cup.hp.com Address: 15.13.199.80 origin = dns.cup.hp.com mail addr = dns-admin.dns.cup.hp.
DNS BIND/iX How to Run The DNS Server How to Run The DNS Server 1. Configure and start Syslog/iX see Appendix E, “Configure and Run Syslog/iX.” 2. Examine /BIND/PUB/etc/named.conf and customize for your own environment. 3. Configure the zone data files referenced in your /BIND/PUB/etc/named.conf. 4. Add your server’s IP address as the first nameserver entry in /etc/resolv.conf for all MPE and HPUX hosts that you wish to use this server for resolution queries. On MPE hosts, make sure that /etc/resolv.
DNS BIND/iX Configuring the DNS Resolver Configuring the DNS Resolver The file RESLVCNF.NET.SYS is the configuration file for the Domain Name resolver. It should be linked to /etc/resolv.conf. If the file does not already exist, then it can be copied from RSLVSAMP.NET.SYS to RESLVCNF.NET.SYS and then modified to contain information about your local domain and servers. Each entry in the resolver file consists of a keyword followed by a value separated by white space.
DNS BIND/iX Configuring the DNS Resolver servers if there is no response, if the previous nameserver has already replied that it cannot resolve a query, no further lookup will be attempted. NOTE It is very important that you omit the leading zeros in the domain name resolver files. If you enter leading zeros here, the resolver routines will interpret the numbers as octal numbers.
DNS BIND/iX List of Utilities List of Utilities • nslookup — query Internet name servers interactively Example: * nslookup quasar.india.hp.com Name Server: hpmpea2.cup.hp.com Address: 15.61.192.116 Non-authoritative answer: Name: quasar.india.hp.com Address: 15.10.45.114 • dig — Domain Information Groper Example: shell/iX> dig ; <<>> DiG 8.
DNS BIND/iX List of Utilities • host — look up host names using domain server. Example: shell/iX> host quasar.india.hp.com quasar.india.hp.com has address 15.10.45.114 quasar.india.hp.com mail is handled (pri=90) by hpmdd58.india.hp.com quasar.india.hp.com mail is handled (pri=100) by palsmtp.hp.com quasar.india.hp.com mail is handled (pri=150) by atlsmtp.hp.com quasar.india.hp.com mail is handled (pri=10) by quasar.india.hp.com quasar.india.hp.com mail is handled (pri=50) by fakir.india.hp.
DNS BIND/iX DNS and Electronic Mail DNS and Electronic Mail One of the advantages of the Domain Name System over host tables is its support of advanced mail routing. DNS offers a mechanism for specifying backup hosts for mail delivery. The mechanism also allows hosts to assume mail handling responsibilities for other hosts. This lets diskless workstations that don’t run mailers, for example, have mail addressed to them processed by their server.
DNS BIND/iX DNS BIND Troubleshooting Steps DNS BIND Troubleshooting Steps 1. Resources: Find a resource who is experienced with DNS BIND/iX! If you’re entering into this without DNS BIND/iX experience, you’re off to a difficult start. Problems with this product are generally caused by poor configuration, so it’s critical to have a DNS BIND literate engineering resource available for problem classification and management. 2.
DNS BIND/iX DNS BIND Troubleshooting Steps Figure 8-1 Labeling Nodes server1.cup.hp.com IP Addr: 15.1.1.1 Function: Primary Nameserver server2.cup.hp.com IP Addr: 15.1.1.2 Function: Secondary Nameserver foo.cup.hp.com IP Addr: 15.1.1.3 Function: DNS User 5. Configuration Gathering: Once you have a good understanding of the history, symptoms, and topology, it’s time start examining the DNS configuration at the site. Relying on assumptions does not work with DNS BIND troubleshooting.
DNS BIND/iX DNS BIND Troubleshooting Steps DNS & BIND is a book written by Paul Albitz and Cricket Lui. The 2nd edition has recently been published, with some useful additions for the newer, post 4.8.3, versions of BIND (4.9.3 is covered in some detail). Published by O’Reilly & Associated, Inc. [2nd Edition ISBN: 1-56592-236-0] 7.
DNS BIND/iX DNS BIND Troubleshooting Steps 146 Chapter 8
A Samba/iX Sample Comfiguration File The following is the sample configuration file samp-smb.cnf for Samba/iX that you can find in the /usr/local/samba/lib directory on the HP 3000 system: # Sample config file for Samba/iX 0.7 and later # Copy this file to /usr/local/samba/lib/smb.conf and adjust as needed. # You must at least adjust the “interfaces” directive to match # your IP address and subnet mask (if used) as the current version # of Samba/iX is unable to retrieve the NMMGR configured values.
Samba/iX Sample Comfiguration File # like eg %S or %m to get different files for each service or # client machine, which allows very sophisticated (albeit complex) # configurations (also see “include” directive and smb.conf doc) # config file = /usr/local/samba/lib/smb.conf # log file = /usr/local/samba/var/log.smb # mapping of incoming usernames is possible and may e.g. be used # to allow clients using Unix or PC style names like root or lappel # instead of MPE style names like manager.sys or lars.
Samba/iX Sample Comfiguration File # user id and password (similar to anonymous ftp) and then assume the # guest logon identity for accessing files and printers guest account = mgr.samba # --------------------------------------------------------------------# PRINTERS section (optional but useful) # This section work in conjunction with the printcap file and allows # to configure a large number of printer shares without having to add # separate detailed sections for each of them.
Samba/iX Sample Comfiguration File # the lp family of print command only work as of MPE/iX release 5.5 # the rawlp utility sends file contents to spooler like “lp -oraw” print command = /usr/local/samba/lib/rawlp %s %p ; rm %s # --------------------------------------------------------------------# HOMES section (optional but sometimes useful) # This section provides access to user’s home directories without # having to add a separate section for each of them.
Samba/iX Sample Comfiguration File # mind that there is also the file system permissions that decide # if the connecting user (validated by password) may read or write write ok = yes # this one attempts to restrict “cross access” e.g. the user lars.appel # to the home of manager.
Samba/iX Sample Comfiguration File path = /SAMBA/SHR/public [sambadoc] comment = Samba doc files (readonly but guest allowed) guest ok = yes write ok = no path = /usr/local/samba/docs [sambahtm] comment = Samba HTML files (readonly but guest allowed) guest ok = yes write ok = no path = /usr/local/samba/html 152 Appendix A
B BIND 8 Configuration File The following is a dummy configuration file example. This explains in brief what each configuration directive is useful for and its syntax. All the directives are not required for a typical BIND configuration. /* * This is a worthless, nonrunnable example of a named.conf file that has * every conceivable syntax element in use. We use it to test the parser. * It could also be used as a conceptual template for users of new features.
BIND 8 Configuration File /* * The “transfer-format” option specifies the way outbound zone * transfers (i.e. from us to them) are formatted. Two values are * allowed: * * one-answer Each RR gets its own DNS message. * This format is not very efficient, * but is widely understood.All * versions of BIND prior to 8.1 generate * this format for outbound zone * and require it on inbound transfers. * * many-answers As many RRs as will fit are put into * each DNS message.
BIND 8 Configuration File listen-on port 53 { any; }; // // // // // // listen for queries on port 53 on any interface on the system (i.e. all interfaces). The “port 53” is optional; if you don’t specify a port, port 53 is assumed. /* * Multiple listen-on statements are allowed. Here’s a more * complicated example: */ /* listen-on { 5.6.7.8; }; // listen on port 53 on interface // 5.6.7.8 listen-on port 1234 { // listen on port 1234 on any !1.2.3.4; // interface on network 1.2.3 1.2.
BIND 8 Configuration File zone “stub.demo.zone” { type stub; file “stub.demo.zone”; masters { 1.2.3.4; 5.6.7.8; // stub zones are like slave zones, // except that only the NS records // are transferred. // where to zone transfer from }; check-names warn; allow-update { none; }; allow-transfer { any; }; allow-query { any; }; max-transfer-time-in 120; // if not set, global option is used. }; zone “.” { type hint; file “cache.db”; }; acl can_query { !1.2.3/24; any; }; acl can_axfr { 1.2.3.
BIND 8 Configuration File channel syslog_errors { syslog user; severity error; }; // this channel will send errors or // or worse to syslog (user facility) /* * Channels have a severity level. Messages at severity levels * greater than or equal to the channel’s level will be logged on * the channel.
BIND 8 Configuration File * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ parser queries lame-servers statistics panic update ncache xfer-in xfer-out db eventlib packet notify cname security os insist maintenance load response-checks category parser { syslog_errors; default_syslog; }; processing low-level configuration file processing what used to be called “query logging” messages like “Lame server on ...
BIND 8 Configuration File /* * You can also define category “default”; it gets used when no * “category” statement has been given for a category. */ category default { default_syslog; moderate_debug; }; /* * If you don’t define category default yourself, the default * default category will be used. It is * * category default { default_syslog; default_debug; }; */ /* * If you don’t define category panic yourself, the default * panic category will be used.
BIND 8 Configuration File 160 Appendix B
C BIND 8.1 Enhanced Features The following points are explained in this appendix. 1. BIND 8 highlights 2. BIND Configuration File Guide — Logging Statement 3. BIND Configuration File Guide — Zone Statement 4. BIND Configuration File Guide — Option Statement 5. Converting From BIND 4.9.
BIND 8.
BIND 8.1 Enhanced Features BIND 8 Highlights Definition and Usage The logging statement configures a wide variety of logging options for the nameserver. Its channel phrase associates output methods, format options and severity levels with a name that can then be used with the category phrase to select how various classes of messages are logged. Only one logging statement is used to define as many channels and categories as are wanted.
BIND 8.1 Enhanced Features BIND 8 Highlights The argument for the syslog clause is a syslog facility described earlier in this manual. How syslog will handle messages sent to this facility is described under syslog.conf earlier in this manual. If you have a system which uses a very old version of syslog and that only uses two arguments to the openlog() function, then this clause is silently ignored.
BIND 8.1 Enhanced Features BIND 8 Highlights There are four predefined channels that are used for named’s default logging as follows. How they are used is described in the next section, The category phrase. channel default_syslog { syslog daemon; severity info; }; # send to syslog’s daemon facility # only send priority info and higher channel default_debug { file “named.run”; # write to named.run in the working directory # Note: stderr is used instead of “named.
BIND 8.1 Enhanced Features BIND 8 Highlights config High-level configuration file processing. parser Low-level configuration file processing. queries A short log message is generated for every query the server receives. lame-servers Messages like “Lame server on ...” statistics Statistics. panic If the server has to shut itself down due to an internal problem, it will log the problem in this category as well as in the problem’s native category.
BIND 8.1 Enhanced Features BIND 8 Highlights BIND Configuration File Guide—Zone Statement Syntax zone domain_name [ ( in | hs | hesiod | chaos ) ] { type master; file path_name; [ check-names ( warn | fail | ignore ); ] [ allow-update { address_match_list }; ] [ allow-query { address_match_list }; ] [ allow-transfer { address_match_list }; ] [ notify yes_or_no; ] [ also-notify { ip_addr; [ ip_addr; ...
BIND 8.1 Enhanced Features BIND 8 Highlights Class The zone’s name may optionally be followed by a class. If a class is not specified, class in is used. Options check-names See Name Checking. allow-query See the description of allow-query in the Access Control section. allow-update Specifies which hosts are allowed to submit Dynamic DNS updates to the server. The default is to deny updates from all hosts. allowtransfer See the description of allow-transfer in the Access Control section.
BIND 8.1 Enhanced Features BIND 8 Highlights [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ forward ( only | first ); ] forwarders { [ in_addr ; [ in_addr ; ...
BIND 8.1 Enhanced Features BIND 8 Highlights pid-file The pathname of the file the server writes its process ID in. If not specified, the default is operating system dependent, but is usually “/var/run/named.pid” or “/etc/named.pid”. The pid-file is used by programs like “ndc” that want to send signals to the running nameserver. statisticsfile The pathname of the file the server appends statistics to when it receives SIGILL signal (ndc stats). If not specified, the default is “named.stats”.
BIND 8.1 Enhanced Features BIND 8 Highlights because previous versions of BIND allowed multiple CNAME records, and these records have been used for load balancing by a number of sites. Forwarding notify If yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes. The use of NOTIFY speeds convergence between the master and its slaves.
BIND 8.1 Enhanced Features BIND 8 Highlights fail Names are checked against their expected client contexts. Invalid names are logged, and the offending data is rejected. The server can check names in three areas; master zone files, slave zone files, and in responses to queries the server has initiated. If check-names response fail has been specified, and answering the client’s question would require sending an invalid name to the client, the server will send a REFUSED response code to the client.
BIND 8.1 Enhanced Features BIND 8 Highlights Query Address If the server doesn’t know the answer to a question, it will query other nameservers. query-source specifies the address and port used for such queries. If address is * or is omitted, a wildcard IP address (INADDR_ANY) will be used. If port is * or is omitted, a random unprivileged port will be used.
BIND 8.1 Enhanced Features BIND 8 Highlights Resource Limits The server’s usage of many system resources can be limited. Some operating systems don’t support some of the limits. On such systems, a warning will be issued if the unsupported limit is used. Some operating systems don’t support limiting resources, and on these systems a cannot set resource limits on this system message will be logged. Scaled values are allowed when specifying resource limits.
BIND 8.1 Enhanced Features BIND 8 Highlights Topology All other things being equal, when the server chooses a nameserver to query from a list of nameservers, it prefers the one that is topologically closest to itself. The topology statement takes an address_match_list and interprets it in a special way. Each top-level list element is assigned a distance.
BIND 8.
D Server Configuration Migration There is a host of configuration migration utility available now. If you want to convert 4.x named.boot files to 8.x named.conf files, there is a perl script, named-bootconf.pl available on the system. This perl script file reside in /BIND/PUB/bin directory. Explanation of configuration migration utilities; The named-bootconf.pl is a perl script. Perl is a scripting language like a shell script, it requires to be run under a interpreter environment on MPE.
Server Configuration Migration 178 Appendix D
E Configure and Run Syslog/iX How to Run Syslog/iX: 1. Log on as mgr.syslog. 2. Examine syslog.conf and customize for your own environment. 3. :stream JSYSLOGD.PUB.SYSLOG. 4. Stop Syslog/iX by issuing the command :ABORTJOB.## ## ## :TELL @.@ ## *.emerg * ## ## Write to the :CONSOLE ## *.alert /dev/console ## ## :TELL @.SYSLOG ## *.crit @.SYSLOG ## ## :TELL MANAGER.SYS ## *.err MANAGER.SYS ## ## Forward to syslogd on another host via UDP ## *.warning @some.host.running.
Configure and Run Syslog/iX critical warning alert emergency Now these messages could also be sent to a particular user by using the “tell” option followed by the user name. They can also be sent to another machine by using “@machine name”.
Glossary A address An identifier defined and used by a particular protocol and associated software to distinguish one node from another. address resolution In NS networks, the mapping of node names to IP addresses and the mapping of IP addresses to subnet addresses. See also probe protocol, ARP. alias A character string that is used as an alternate name for a protocol or a node. ARP Address Resolution Protocol. ARP provides IP to LAN station address resolution for Ethernet nodes on a LAN.
Glossary basis. Daemons are typically started once, on system startup, and they frequently start other processes to handle service requests. The Internet daemon inetd is a good example of such a process. datagram A message consisting of content and all of the information needed to deliver the content between one system and another. Datagrams are sent using the User Datagram Protocol, or UDP. See also UDP.
Glossary reconverts received data signals into user information. Data terminal equipment operations in conjunction with data circuit-terminating equipment. E environment A session that is established on a remote node. Ethernet A Local Area Network system that uses baseband transmission at 10 Mbps over coaxial cable. Ethernet is a trademark of Xerox Corporation. F file equation An assignment statement that is used to associate a file with a specific device or type of device during execution of a program.
Glossary internet An aggregation of computer systems and other types of computing equipment that share information according to a set of defined communications protocols. Local networks, such as all computer systems linked together within a company, are typically linked to other local networks via the Internet.
Glossary possesses one or more network interfaces for each of the networks to which it belongs. Examples of network interfaces include Local Area Networks (LANs), point-to-point (router), X.25, token ring, SNA, loopback, and gateway half. The maximum number of supportable network interfaces is 12, one of which is reserved for loopback. Network Services Software application products that can be used to access data, initiate processes, and exchange information among nodes in the network.
Glossary ThinLAN 3000/iX Link and its ThickLAN option, the DTC/X.25 iX Network Link, and the NS Point-to-Point 3000/iX Link. NS 3000/iX Network Services Software applications that can be used to access data, initiate processes, and exchange information among nodes in a network. The services are RPM, VT, RFA, RDBA, and NFT. NSDIR.NET.SYS The name of the active network directory file. See also network directory. P packets Encapsulated messages transmitted across a network or an internetwork.
Glossary RESLVCNF.NET.SYS An initialization file for the domain name resolver. It contains information needed by the network to determine how to resolve a domain name to an IP address. S server A node on a network or internetwork that provides on-demand service to requesting clients. connection between two systems, client and host, similar to a leased or dedicated phone line between two parties. stream socket A type of socket that is used to establish stream services between two systems.
Glossary TCP/IP and AFCP to allow incoming calls from the Internet Services environment to HP 3000 systems. Telnet The application protocol offering virtual terminal service in the Internet suite of protocols developed by the Advanced Research Projects Agency (ARPA). TELNET.ARPA.SYS A file that contains the Telnet client program. TELNTDOC.ARPA.SYS The readme file for the Telnet client program. TFTP Trivial File Transfer Protocol, TFTP, a set of rules used to read and write files to or from a remote system.
Index Symbols $STDLIST messages, 42 /etc directory, 19, 30 /etc/bootpd, 56 /etc/bootpquery, 56 /etc/bootptab, 21, 56, 59 /etc/hosts.equiv, 79 /etc/inetd, 29 /etc/inetd.conf, 20, 29, 30, 50, 57, 71 /etc/protocols, 20 /etc/services, 79 /usr/adm/inetd.sec, 21, 29 A aborting JINETD, 39 access to the inetd security file, 34 adding Internet services, 31 additional information on Internet Services, 25 addr, 141 allow hosts, 97 allowing Telnet access, 54 ARPA.
Index ds tag, 62 DTC Telnet access, 47 hd tag, 62 home directory of bootfile, 62 ht tag, 62 E echo service, 28 editing bootpd configuration file, 63 inetd configuration file, 31 inetd security file, 35 services file, 22, 50, 57, 71 entries in the bootpd configuration file, 61 entries in the inetd configuration file, 32 error messages inetd, 38, 42 tftpd, 75 event logging for inetd, 42 F fields in the inetd configuration file, 32 file access for TFTP clients, 73 to /etc/bootptab, 59 to BOOTPTAB.NET.
Index protocols file, 24 services file, 22 list of Internet Services, 16 load printers, 97 log file, 96 logging connection attempts in inetd, 40 logging events in inetd, 40 logging messages in bootpd, 65 M master server, 27 master zone, 128 max log size, 95 max xmit, 95 message syntax, connection attempts, 40 MPE/iX examples, 82 multi-threaded datagram, 32 N named.conf, 127 negprot command, 90 Net Transport software, 17 NET.
Index telnetd server file, 54 troubleshooting, 52 TELNET.ARPA.
