Configuring and Managing MPE/iX Internet Services HP e3000 MPE/iX Computer Systems Edition 5 Manufacturing Part Number: 32650-90898 E0701 U.S.A.
Notice The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for direct, indirect, special, incidental or consequential damages in connection with the furnishing or use of this material.
Contents 1. Introduction to Internet Services Overview of Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary of HP e3000 Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying Installation of Internet Services Files . . . . . . . . . . . . . . . . . . . .
Contents Summary of inetd Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Using inetd Message Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Connection Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Enable and Disable Connection Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 5. TFTP Service Overview of tftpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring tftpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing the Services File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding TFTP Service to inetd Configuration . . . . . . . . . . . . . . . . . .
Contents Name Resolve Order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96 Global Printer Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96 Controlling User Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 Share Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Address-to-Name Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing Your Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Run The DNS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the DNS Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents hw.c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 APXS Default Makefile (mod_hw) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186 Modified APXS Makefile (mod_hw) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 Extended Apache Programming Interface (EAPI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures Figure 7-1. HP e3000 Interoperating With Microsoft Platforms . . . . . . . . . . . . . . . . . . . . 87 Figure 7-2. SMB Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Figure 7-3. SMB NegProt Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Figure 7-4. SMB Sesssetup Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Figure 7-5.
Figures 10
Tables Table 1-1. Summary of HP e3000 Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Table 1-2. Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Table 2-1. The Internet Daemon Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Table 4-1. Files for bootpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tables 12
Preface This manual describes how to configure and operate Internet Services on the HP e3000. It is written for members of the system administration staff who have been assigned system manager (SM) or system supervisor (OP) capability and who are responsible for installing, configuring and managing system and network software. As such, it presumes a good understanding of networking concepts and familiarity with HP e3000 system operations.
Appendix B , “BIND 8 Configuration File,” describes the BIND 8 configuration file. Appendix C , “BIND 8.1 Enhanced Features,” describes the options and enhanced features available. Appendix D , “Server Configuration Migration,” describes configuration migration utilities. Appendix E , “Configure and Run Syslog/iX,” describes the parameters in a syslog configuration file.
1 Introduction to Internet Services The HP e3000 Internet Services consist of a set of programs that help the HP e3000 computer exchange information with other nodes on the internet. The Internet Services offered on the HP e3000 are a subset of the Internet Services available on the HP 9000, which were previously called the ARPA Services.
Introduction to Internet Services Overview of Internet Services Overview of Internet Services Internet Services on the HP e3000 consist of eight individual services that enable the HP e3000 to communicate with other nodes on an internetwork. The program and configuration files needed to run Internet Services is part of the MPE/iX Fundamental Operating Software. No separate software product is necessary to use Internet Services. The services are briefly described in Table 1-1.
Introduction to Internet Services Overview of Internet Services NOTE Throughout this manual, the term daemon, which is familiar to UNIX users, and the term server are used interchangeably. System Requirements The Internet Services program and configuration files come with version C.55.00 or greater, of the MPE/iX Fundamental Operating Software (FOS). (The exception to this is the Telnet Client, which was made available to customers on the earlier version of MPE/iX, C.50.00.
Introduction to Internet Services Overview of Internet Services 4. Run the Node Manager Maintenance utility to verify that you have successfully installed the set of Internet Services files (except for Telnet files, which you will check in Chapter 3 , “Telnet Service.”) :NMMAINT,73 You will see information similar to the following: : nmmaint,73 NMS Maintenance Utility 32098-20014 B.00.09 (C) Hewlett Packard Co. 1984 WED, JUL 23, 1997, 11:08 AM Data comm products build version: N.55.
Introduction to Internet Services Overview of Internet Services Sample Configuration Files When you install or update to version C.60.00 of MPE/iX, a set of sample configuration files is automatically copied to the NET group of the SYS account for you. For example, INCNFSMP is the name of the sample inetd configuration file. These files were named and installed in this form to prevent overwriting any genuine configuration files already in use. To view the group of files installed in NET.
Introduction to Internet Services Overview of Internet Services • Making the POSIX name point to the MPE name ensures that the file will be backed up with standard MPE STORE procedures in case you haven’t modified your STORE command to back up new or changed files in the POSIX name space. Installed Configuration Files If you install and configure all of the Internet Services according to the instructions in this manual, you will have the set of files described in Table 1-2.
Introduction to Internet Services Overview of Internet Services For each individual service you install, you will always edit the services file and the inetd configuration file. It is unlikely that you will need to edit the protocols file. The remainder of this chapter explains the services and protocols file. Chapter 2 , “Internet Daemon,” explains working with the inetd configuration files.
Introduction to Internet Services Services File Services File The services file associates an official service name and alias with the port number and protocol that a service uses. You will edit the services file for each new service that you want to add to your system. The remaining chapters in this book, which describe the configuration of individual services, will assume that you know the following information. And, of course, you can refer back to this section as needed.
Introduction to Internet Services Services File discard daytime daytime chargen chargen ftp telnet time time domain domain bootps bootpc tftp DAServer shell 9/udp 13/tcp 13/udp 19/tcp 19/udp 21/tcp 23/tcp 37/tcp 37/udp 53/tcp 53/udp 67/udp 68/udp 69/udp 987/tcp 514/tcp sink null ttytst source ttytst source timeserver timeserver nameserver nameserver cmd # # Daytime # # Character Generator # # # # # # # # # # Time Domain Name Service Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Tr
Introduction to Internet Services Protocols File Protocols File The protocols file contains a list of protocols known to the system, plus the identification number and one or more aliases for each. It is unlikely that you will need to edit the protocols file, but you may need to install and link it. Creating and Linking Protocols File You may already have a protocols file installed on your system.
Introduction to Internet Services Protocols File Viewing Protocols File Use an MPE text editor to open the file. It is unlikely that you will need to edit the file, but you can look at it now to familiarize yourself with its contents. # This file associates protocol numbers with official protocol names and # aliases. This allows the user to refer to a protocol by a symbolic # name instead of a number.
Introduction to Internet Services Protocols File 26 Chapter 1
2 Internet Daemon The Internet daemon inetd is the master server (sometimes called a “superserver”) for the Internet Services. When it is running, inetd listens for connection requests for the services listed in its configuration file and, in response to such requests, starts the appropriate server. You, as system manager, determine which Internet Services are available to your users by editing the inetd configuration file.
Internet Daemon Overview of inetd Overview of inetd The Internet daemon, or inetd, is the master server that coordinates the use of individual network services on your system. It listens for connection requests from other nodes on the network who want access to a service such as tftpd or bootpd. The Internet daemon checks if the requesting node has permission to use the service, starts the appropriate server if it does and, optionally, records information about the connection request.
Internet Daemon Overview of inetd Internal Services Provided by inetd The Internet daemon provides several internal trivial services which are described here. Service Description echo Returns a character to the socket that sent it discard Discards all input from socket chargen Generates characters and sends them to a socket daytime Returns the current time in a format readable by people.
Internet Daemon inetd Configuration File inetd Configuration File The Internet daemon accesses the configuration data it needs by reading the file /etc/inetd.conf in the POSIX name space. When you install or update to version C.60.00 of MPE/iX, you receive a sample configuration file that you can use as a template for your own inetd configuration file if you don’t already have one.
Internet Daemon inetd Configuration File Adding New Services to inetd Configuration There are two steps required to add a new service to the suite of Internet Services offered on your system. First you enter a line of information for the specific service to the inetd configuration file. Then you have inetd reread its configuration file, which is sometimes called reconfiguring the Internet daemon.
Internet Daemon inetd Configuration File are explained later in this chapter.) If not, enter the line now using the “Editing Tips” section, as a guideline. For more information on FTP, refer to Installing and Managing HP ARPA File Transfer Protocol Network Manager’s Guide or HP ARPA File Transfer Protocol User’s Guide. NOTE 3. Save the file and exit the editor program. 4. Signal inetd to reread the configuration file by entering the following command at the CI prompt: INETD.NET.
Internet Daemon inetd Configuration File Reading an entry from left to right, these fields are: Field Purpose service name The name of the service in the services file. socket type Either stream if the socket is a stream socket, or dgram if the socket is a datagram socket. protocol A valid protocol name, either tcp or udp, as entered in the protocols file. wait state One of two states, wait or nowait, that applies only to datagram sockets.
Internet Daemon inetd Security File inetd Security File There is an optional security file associated with inetd that allows you to control which nodes have access to the Internet Services available on your system. The inetd security file will prevent inetd from starting a service unless the node making the request has permission to do so. Individual entries in the inetd security file determine which nodes are allowed or disallowed for a particular service.
Internet Daemon inetd Security File Updating inetd Security File Each line in the inetd security file contains a service name, a permission field, and the IP addresses or domain names of the hosts and networks allowed to use that service on your host system. You can open the file to view the current security restraints or to change them. To do so: 1. Open the security file with an MPE text editor.
Internet Daemon inetd Security File Editing Tips When you edit the inetd security file, remember the following points: • To “comment out” a line, begin column 1 with a pound symbol (#). To enable a security provision that has been commented out, delete the pound symbol and any blank spaces preceding the service name. • Enter the real service name, not the alias, of a valid service in the inetd configuration file. • Separate the IP addresses and domain names by a white space.
Internet Daemon inetd Security File Using Range Character You may use the range indicator (-) in any of the fields of the address to specify which hosts or networks in a group are exempted from the permission assignment. This makes it more convenient to allow or deny a service for a subnet within the network you specify. The following sample entry, for example, denies hosts in subnets 3 through 5 of network 10 access to Telnet.
Internet Daemon Starting and Stopping inetd Starting and Stopping inetd On the HP e3000, the instructions for starting the Internet daemon are contained in the job file JINETD.NET.SYS. When you stream JINETD, it invokes the daemon and reads the inetd configuration file to determine what services have been configured, and listens for connection requests for those services. Any messages relating to inetd are sent either to the console or to $STDLIST for JINETD, which is a spool file.
Internet Daemon Starting and Stopping inetd Passwords on JINETD When you stream the job file JINETD.NET.SYS, it logs on as MANAGER.SYS. As part of the installation of inetd, you must take care of any password requirements for this job. Two of the ways that you can do this include: • Add the MANAGER.SYS passwords directly to the job file, then alter the file security afterwards so that only MANAGER.SYS can read it. For example: :ALTSEC JINETD.NET.
Internet Daemon Starting and Stopping inetd You will see a display of job information similar to the following: JOBNUM STATE IPRI JIN #J6546 #J6539 #J6540 EXEC EXEC EXEC JLIST 10S LP 10S PP 10S LP INTRODUCED JOB NAME THU 12:42A THU 12:32A THU 12:41A TRNSPOOL,MGR.NSD SPOOLJ,UNISPOOL.SYS JINETD.NET.
Internet Daemon Using inetd Message Logging Using inetd Message Logging There are two kinds of message logging that you, as System Manager, can use to monitor and manage Internet Services on your system. The first type is event logging, which is always enabled. It records informational messages, error messages and warnings about the Internet Services. The second type is connection logging, which you can enable and disable. It records successful and failed connection attempts and its own status (on or off).
Internet Daemon Using inetd Message Logging Enable and Disable Connection Logging The same command turns connection logging on or off, depending upon its current state. So, for example, if message logging is currently disabled, enter the following command at the CI prompt to turn it on: :INETD.NET.SYS -1’’ Or, from the POSIX shell, enter the following command: $/etc/inetd -1 If message logging is enabled, use either the CI or POSIX command shown above to turn it off.
Internet Daemon Troubleshooting inetd Troubleshooting inetd This section explains the kinds of error messages you may see regarding the operation of inetd. The messages will appear either on the console or they will be sent to the $STDLIST for inetd or both, depending upon the message’s level of importance. Message Explanation An inetd is already running You attempted to start inetd when one is already running.
Internet Daemon Troubleshooting inetd Message Explanation Too many services running The maximum number of services allowed to access inetd simultaneously has been exceeded. file: found before end of the line An entry in a configuration file may need to exceed one line. If so, you indicate that the line continues by inserting a backslash at the end, then continue typing data on the next line.
Internet Daemon Troubleshooting inetd The following diagnostic and error messages are generated by problems in the inetd security file. Message Explanation /usr/adm/inetd.sec: Field contains other characters in addition to * for service The wildcard character (*) is used in combination with additional integer(s) in one part of an address field, which is not allowed. For example, the Internet address 10.5*.8.
Internet Daemon Implementation Differences Implementation Differences The implementation of inetd on the HP e3000 differs from inetd on the HP 9000 in the following ways: • On the HP e3000, you normally run inetd as a job. • On the HP e3000, there is no syslogd server. Instead, all error and informational messages about inetd are automatically written to $STDLIST for inetd. When you run inetd as a job, messages are sent to the job’s output spool file.
3 Telnet Service With the release of version C.55.00 of MPE/iX, Telnet server functionality is available to HP e3000 customers. The Telnet server allows users on a remote system that supports the TCP/IP and Telnet protocols to log on and run applications on the HP e3000. The Telnet client, which was first made available on version C.50.00 of MPE/iX, gives users on an HP e3000 direct access to other systems that support Telnet and TCP/IP.
Telnet Service Overview of Telnet Service Overview of Telnet Service Telnet service consists of a Telnet client and a Telnet server. The Telnet server uses the standard virtual terminal protocol, originally developed by the Advanced Research Projects Agency (ARPA) to allow users on a remote node that supports the Telnet and TCP/IP protocols to log on and run applications on the host HP e3000.
Telnet Service Verifying Installation of Telnet Files Verifying Installation of Telnet Files If you have installed or updated to version C.60.00 of MPE/iX, use the following steps to verify that the Telnet software exists on your system: 1. If necessary, log on the system as MANAGER.SYS. 2. Run NMMAINT to verify that you have successfully installed the Telnet files. :NMMAINT,72 You will see information similar to the following. NMS Maintenance Utility 32098-20014 B.00.09 (C) Hewlett Packard Co.
Telnet Service Configuring Telnet Server Configuring Telnet Server To configure Telnet, you will edit two files: the services file, which lists the individual services that comprise the suite of Internet Services, and the inetd configuration file, which informs the Internet daemon about running Telnet on this system. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use.
Telnet Service Configuring Telnet Server 5. Signal inetd to reread the configuration file by entering the following command at the CI prompt: :INETD.NET.SYS -c Or you may enter this command from the POSIX shell: $/etc/inetd -c 6. If you have added the Telnet server to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the Telnet server. To do so, stream the job JINETD.NET.SYS from the CI prompt. :STREAM JINETD.NET.
Telnet Service Troubleshooting Telnet Troubleshooting Telnet This section explains the kinds of errors that may arise regarding the operation of Telnet. The Telnet client user will, in all but one case, be alerted about the problem directly; an error message will appear on the client's terminal. You, as system manager of the host system may receive phone calls from client asking you to investigate the problem. Problem Explanation Unknown service This message will be written to $STDLIST for JINETD.NET.
Telnet Service Troubleshooting Telnet Problem Explanation The Telnet server cannot run an application The Telnet client successfully established a Telnet connection and logs on to the host system. But, when the user runs the application, the software behaves oddly or it produces error messages.
Telnet Service Implementation Differences Implementation Differences The implementation of Telnet on the HP e3000 does not use a separate telnetd server file similar to the tftpd or bootpd server. Instead, Telnet server functionality is provided by code that resides in NL.PUB.SYS on version C.60.00 of MPE/iX. As a result, the last column of the Telnet entry in the inetd configuration file is the word “internal.” For example: telnet stream tcp nowait MANAGER.
4 BOOTP Service The Internet Boot Protocol daemon, or bootpd, is used to boot LAN devices such as routers, printers, X-terminals, and diskless workstations. Nodes on the network use bootpd to get configuration information such as an IP address and a subnet mask and automatically boot the device. This chapter describes: • How to configure bootpd. • How to start bootpd once it has been configured. • Implementation differences between bootpd for MPE/iX and bootpd for HP-UX.
BOOTP Service Overview of bootpd Overview of bootpd The Bootstrap Protocol BOOTP allows a client system to get boot information such as its own IP address, the address of a BOOTP server, and the name of the file it needs to load into its memory and execute to boot the printer. The bootstrap operation happens in two phases. In the first phase, the BOOTP daemon bootpd determines the address of a BOOTP server and selects a boot file.
BOOTP Service Configuring bootpd Configuring bootpd To configure bootpd, you will edit three files: the services file, which lists the individual services that comprise the suite of Internet Services, the inetd configuration file, which informs the Internet daemon about running bootpd on this host, and the bootpd configuration file, which contains client and relay information. These tasks are explained in the following sections.
BOOTP Service Configuring bootpd 4. Save the file and exit the editor program. 5. Signal inetd to reread the configuration file by entering the following command at the CI prompt: :INETD.NET.SYS -c Or you may enter this command from the POSIX shell: $/etc/inetd -c 6. If you have added bootpd to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the BOOTP server. To do so, stream the job JINETD.NET.SYS from the CI prompt. :STREAM JINETD.NET.
BOOTP Service The bootpd Configuration File The bootpd Configuration File When bootpd is started, it reads a configuration file to find out information about clients and relays, then listens for boot request packets. By default, bootpd uses the configuration file /etc/bootptab, but you may specify another configuration file.
BOOTP Service The bootpd Configuration File Adding Client and Relay Data to bootpd Configuration File To allow a client to boot from your local system or to allow a boot request to be relayed to the appropriate boot server, you must add information about the client to the bootpd configuration file. This file contains client entries and relay entries. Client entries provide the information necessary to allow clients to boot from your system.
BOOTP Service The bootpd Configuration File forwarded. Syntax of bootpd Configuration Entries An entry in the bootpd configuration file consists of a single line with the following format: hostname:tag=value tag=value tag=value The hostname is the actual name of a BOOTP client and the tag is a two-character case-sensitive symbol. Most tags are followed by an equal sign and a value, as shown above, though some tags do not require a value.
BOOTP Service The bootpd Configuration File Tag Description gw=ip address list Specifies the IP address of one or more gateways for the client’s subnet. If you prefer one of multiple gateways, list it first. ha=hardware-address Specifies the hardware address of the client in hexadecimal. You may include periods and/or a leading 0x for readability. The ha tag must be preceded by the ht tag either explicitly or implicitly; see tc below.
BOOTP Service The bootpd Configuration File Tag Description to=offset Specifies the client’s time zone offset in seconds from UTC. The time offset can be either a signed decimal integer or the keyword auto which uses the server’s time zone offset. ts=ip_address_list Specifies the IP address of one or more RFC868 Time Protocol servers.
BOOTP Service The bootpd Configuration File Sample bootpd Configuration Files The two following examples show sample bootpd configuration files. The first examle shows the configuration for a simple network without gateways or subnets. # # # The first entry is the template for options common to all of the printers. # #global.defaults:\\ # hn:\\ # ht=ether:\\ # vm=rfc1048:\\ # # Now the actual entries for the individual printers are listed. # #printer1:\\ # tc=global.
BOOTP Service Starting bootpd Starting bootpd To successfully start bootpd, you must have a current and correct configuration file for it. The default file is /etc/bootptab but you may use an alternate configuration file by specifying its POSIX file name on the command line. Without this configuration file, bootpd will not be able to service BOOTP requests. You can run bootpd under the Internet daemon only. You may not run it as a standalone server.
BOOTP Service Troubleshooting bootpd Troubleshooting bootpd The BOOTPQRY program is a diagnostic tool used to check the configuration of bootpd. It uses the supplied parameters to construct a boot request to send to a BOOTP server. It prints the contents of the boot reply, including the client’s Internet address, the name of a boot file, and the name and address of the server that sent the reply. BOOTPQRY formats and prints RFC1048 or CMU-style vendor information included in the reply.
BOOTP Service Troubleshooting bootpd bootreply. Otherwise, the server returns the bootreply directly to ipaddr. -s The name of the BOOTP server to which the boot request should be sent directly. When the BOOTP server is known, the boot request is not broadcast. -v Request vendor information for . The vendor can be specified as rfc1048 or CMU. For any other vendor specification, the first four characters of the parameter are used as the vendor magic cookie.
BOOTP Service Implementation Differences Implementation Differences The implementation of bootpd on the HP e3000 differs from bootpd on the HP 9000 in following ways: • The BOOTP entry in the inetd configuration file must have an MPE/iX compatible user name. Hewlett-Packard recommends that you use MANAGER.SYS. • You cannot run bootpd as a standalone server. It can only be run by the Internet daemon.
5 TFTP Service The Trivial File Transfer Protocol (TFTP) is a basic communications protocol used to transmit files between nodes on a network. It is implemented on top of the Internet User Datagram Protocol (UDP), so it can be used across networks that support UDP. On the HP e3000, the TFTP daemon tftpd transfers boot files to or from the host HP e3000 to remote nodes on the network. This permits a network device to get the information it needs to start itself.
TFTP Service Overview of tftpd Overview of tftpd TFTP is a simplified version of the File Transfer Protocol (FTP). The primary function of the TFTP daemon tftpd is to support the Bootstrap Protocol BOOTP, which allows network devices to get the information they need to boot, or start, themselves. Network devices commonly use TFTP to transmit boot files because TFTP is simple enough to be implemented in ROM.
TFTP Service Configuring tftpd Configuring tftpd To configure tftpd, you will edit two files: the services file, which lists the individual services that comprise the suite of Internet Services, and the inetd configuration file, which informs the Internet daemon about running tftpd on this system. These tasks are explained in the next sections. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use.
TFTP Service Configuring tftpd There are two options in the tftpd entry, [user] and [path], which are explained in the next two sections. For more detailed information about editing the configuration file, read Chapter 2 , “Internet Daemon.” Specifying the TFTP User The Internet daemon runs tftpd as the user specified in the [user] parameter of its entry in the inetd configuration file. For example, this entry instructs inetd to run the TFTP server as USER.TFTP: tftp dgram udp wait USER.
TFTP Service Configuring tftpd Specifying a Search Path As an option, you can use the [path…] parameter in the inetd configuration file entry to specify the list of files or directories that are available to TFTP clients. For example, if you would like to have the /tmp and /bin directories available to TFTP clients in addition to the home group of the TFTP user, edit the line to look like this: tftp dgram udp wait USER.
TFTP Service Starting tftpd Starting tftpd The TFTP daemon runs under the Internet daemon. If you have just added tftpd to the inetd configuration, you must reconfigure inetd to begin using TFTP. To reconfigure inetd, enter the following command at the CI prompt: :INETD.NET.SYS -c Or, from the POSIX shell, enter this command: $/etc/inetd -c If you have added tftpd to the inetd configuration file while the Internet daemon is not running, you must start inetd to start the TFTP server.
TFTP Service Troubleshooting tftpd Troubleshooting tftpd The following error messages may be generated by TFTP and logged with the syslog facility, if it is enabled. Message Explanation Unknown option ignored An invalid option was specified in the tftpd arguments. Remove or correct the arguments and restart tftpd. Invalid total time-out The value given for the -T option was either not a number or was a negative number. Correct the value and restart tftpd.
TFTP Service Implementation Differences Implementation Differences The implementation of tftpd on the HP e3000 differs from tftpd on the HP 9000 in three ways: • On HP-UX, tftpd is usually run as root. On MPE/iX, it is usually run as USER.TFTP. • On HP-UX, tftpd checks if the user tftp can write to or read the file. On MPE, tftpd checks if the user specified in its configuration file can write to or read the file. If you configure tftpd as recommended in this chapter, USER.
6 REMSH Service The remote shell, or remsh, service is used to connect to a specified host and execute a command on that remote host. The remote shell or remsh is available with version C.60.00 of the MPE/iX operating system. This chapter describes: • How to configure the services file to allow remsh to run. • How to verify that remsh is available on the system. • How to run remsh • Implementation differences between remsh on MPE/iX and remsh for HP-UX.
REMSH Service Overview of remsh Service Overview of remsh Service The remote shell remsh, is the same service as rsh on BSD UNIX systems. The name was changed due to a conflict with the existing command rsh (restricted shell) on System V UNIX systems. Use remsh to connect to the remote system and execute a command on that remote system. Output from the remote command is sent to standard output for remsh, so the user can see the results of the command.
REMSH Service Configuring remsh Client Configuring remsh Client There is only one file on the MPE/iX system that you will need to change in order to allow use of the remsh client. That is the file SERVICES.NET.SYS. However, there are some files that will need to be configured on the remote UNIX systems. Editing the Services File The services file associates official service names and aliases with the port number and protocol the services use. To enable remsh, you must edit the services file.
REMSH Service Configuring remsh Client UNIX Configuration The remsh service does not prompt for user ID and passwords. That information is handled via the command line parameters and configuration on the UNIX host. See the “Using remsh” section for details on how the user id is determined and passed to the UNIX host. Password information is bypassed by use of a .rhosts in the remote user’s home directory or by use of the file /etc/hosts.equiv.
REMSH Service Using remsh Using remsh The remsh service is accessed by running the REMSH.NET.SYS program. You may do so under the MPE/iX CI or under the POSIX shell. While the format of the commands will differ depending on how you run the program, the parameter list remains the same. For the purposes of explaining the parameters, look at a sample invocation from the POSIX shell. Detailed examples of both the POSIX shell and MPE/iX invocations will follow later.
REMSH Service Using remsh MPE/iX Examples To run remsh from MPE/iX prompt, type: run remsh.net.sys;info="remotehost -l remoteuser remotecommand" jhereg(PUB): run remsh.net.
REMSH Service Troubleshooting remsh shell/iX>taltos -l cawti pwd /u2/home/cawti shell/iX> Troubleshooting remsh remsh MPE/iX/X version won’t support rlogin or rexec functionality usage: remsh host -l login -n command Be sure to provide a command to execute. remshd Login incorrect. Probably invalid entry in remote .rhosts file. Be sure host name and user id are correct. User ID must be in uppercase.
REMSH Service Implementation Differences Implementation Differences The full remote shell service typically consists of two parts (the remsh client which allows a user on this machine to access remote hosts and the remshd server which allows remsh clients on other hosts to access the local host). Only the remsh client functionality has been implemented on the MPE/iX system. The UNIX version of the remsh client has an optional -n parameter that tells the client to not read from STDIN.
7 Samba for MPE/iX Services Samba for MPE/iX is a suite of programs which work together to allow clients to access a server’s file space and printers via the Server Message Block (SMB) file server. Samba for MPE/iX runs on MPE/iX shell operating system starting with the MPE/iX 6.0 release. It allows the MPE/iX shell operating system to act as a file and printer server for SMB clients which are, primarily, Windows for Workgroups, Windows 95, Windows NT, and other clients.
Samba for MPE/iX Services Overview of Samba for MPE/iX Overview of Samba for MPE/iX Samba for MPE/iX is a suite of programs which allow an HP e3000 running MPE/iX operating system to provide service using a Microsoft networking protocol called Server Message Block (SMB).
Samba for MPE/iX Services Overview of Samba for MPE/iX features can be configured from a browser interface, in effect giving added flexibility. A general UNIX program that is part of the Samba suite has also been ported to MPE/iX shell operating system. This program allows MPE users to use an FTP-like interface to access filespace and printers on any other SMB servers. This capability enables these operating systems to act like a LAN server or Windows NT server.
Samba for MPE/iX Services Overview of Samba for MPE/iX • Samba for MPE/iX provides seamless interoperability between common desktop operating systems, popular PC applications, and HP e3000 through Microsoft network. Major Components of Samba for MPE/iX Table 7-1 shows the major components of the Samba for MPE/iX suite. Table 7-1 Major Components SMBD The SMB server handles connections from clients, performing all the file, permission, and username authentication.
Samba for MPE/iX Services Overview of Samba for MPE/iX This program simply listens for such requests, and if its own name is specified, it will respond with the IP address of the host on which it is running. Its “own name” is, by default, the name of the host on which it is running. • SMBCLIENT: The SMBCLIENT is a client that can “talk” to an SMB server. When this program is run on the HP e3000, it will be acting as a client.
Samba for MPE/iX Services Overview of Samba for MPE/iX TCP/IP, NetBEUI, and IPX/SPX. In the case of TCP/IP or NetBEUI, the NetBIOS API is being used. Samba for MPE/iX uses SMB over TCP/IP. Figure 7-2 SMB Protocol Applications SMB NetBIOS on TCP/IP NetBeui NetBIOS API NetBIOS on IPX PPP, 802.x Token Ring, Ethernet, Serial The SMB messages can be categorized into four types of messages: session control, file, printer, and message. Session control messages start, authenticate, and terminate sessions.
Samba for MPE/iX Services Overview of Samba for MPE/iX Figure 7-3 SMB NegProt Connection NegProt command Client NegProt response Server Once a protocol has been established, the client can proceed to logon to the server. Client now sends a SMB Session Setup command (SesssetupX), see Figure 7-4. The response indicates whether the username password pair is valid, and if so, can provide additional information.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Samba for MPE/iX Configuration File Options The Samba for MPE/iX configuration file contains the runtime configuration information for Samba for MPE/iX. This file contains the sections and parameters. There are four special sections: the [global] section, the [printers] section, [homes] section and other sections.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Global Configuration Options The global configuration options can be defined in the [Global] Section in the “smb.conf” file.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Example: default service = public Default: none Mapping PC Usernames to MPE/iX Usernames username map This username map parameter allows you to map PC style usernames to MPE/iX-style usernames. You can specify the location of your username map file with the username map parameters. Example: username map = /usr/location/samba/lib/user.map The syntax of the username map file is simple.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Default: 0 (in minutes) Setting Logging Behavior max log size The max log size option specifies the maximum size in kilobytes to which log files can grow. The default value of the maximum log file size is 5000 in kilobytes. If the file exceeds the specified size, it is renamed by adding the .old extension.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Name Resolve Order In Samba version 2.0.7 for MPE/iX, the name resolve order has been made user selectable. The resolution can be done in several different ways: broadcast, lmhosts, DNS lookup, WINS. name resolve order The order in which the names need to be resolved can be specified as shown: Example: name resolve order = lmhosts bcast The samp-lmhosts file is provided in /usr/local/samba/lib directory.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options print command The print command parameter defines the shell command which Samba for MPE/iX will use to submit a print job. After Samba for MPE/iX has finished spooling a print job to the disk, it calls this command. After processing the file, this command must remove the spoolfile, unless you don’t mind spool files building up on your system.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Controlling User Access Rights allow hosts Default: none deny hosts These parameters allow users to define a set of client IP addresses which will be granted access to service. If an “allow hosts option” is present, only hosts matching the pattern are allowed to access the service. If a “deny hosts option” exists, only hosts not matching the pattern will be granted access. Example: allow hosts = 192.1.2.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Share Configuration Options This section covers the share configuration options that you use when you configure for a specific disk or printer-share in the Samba for MPE/iX configuration file. Setting the Shared Directory path The path parameter specifies the pathname of the shared directory.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Controlling Read/Write Access guest ok If guest ok is true, then guest access will be allowed. The access rights of a client connecting as guest will be those of the username set in the “guest account.” Example: guest ok = yes Default: guest ok = no guest only If guest only is true, then access of service/share is only granted with the rights of usernames given in the “guest account” parameter.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Configuring the Shares for File Sharing The PCs can access the server side filespaces using Samba for MPE/iX. Whenever the clients want to connect to the server, the server side validates the username and password, which are sent by the client, and grants access to the requests share if it is appropriate.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Configuring a Printer Section for Printer Sharing The PCs can access the server side printer using Samba for MPE/iX. With printer sharing the client creates a file on the server directory associated with the printer, and then lets the server process trigger a configurable command to push the file into the MPE spooler.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options NOTE Printer sharing only works for guest users. The current configuration option for printer sharing needs to be set “guest ok” and “guest only.” Add a printer, as shown in Figure 7-6. With printer sharing, the printers are accessible to HP e3000. Figure 7-6 ADD a Printer You can connect your server shares using the NT explorer, as shown in Figure 7-7.
Samba for MPE/iX Services Samba for MPE/iX Configuration File Options Figure 7-7 Connect to the HP e3000 Shares You can view the contents of the share from NT explorer, as shown in Figure 7-8. Click the share name at NT explorer window; it will list the files residing in this share.
Samba for MPE/iX Services Description and Usage of SWAT Description and Usage of SWAT Remote Configuration: Samba Web Administration Tool (SWAT). Before invoking SWAT: Before SWAT can be run, the following lines in the configuration files need to be updated. SWAT is available for guest users only. In the file SERVICES.NET.SYS, the following line should be added to include SWAT service: swat 901/tcp #SWAT Tool In the file INETDCNF.NET.
Samba for MPE/iX Services Description and Usage of SWAT Figure 7-9 SWAT SWAT can be used to open pages with links to online help and documentation, as shown in Figure 7-9. This is done from a remote location with the aid of a Web browser.
Samba for MPE/iX Services Description and Usage of SWAT SWAT is used to provide a Web interface to view and configure smb.conf. It provides the flexibility of altering the configuration file to reflect changes with respect to shares. View or configure Global Variables using SWAT as shown in Figure 7-10.
Samba for MPE/iX Services Description and Usage of SWAT Use SWAT to view the currently configured smb.conf file in abbreviated and full views, as shown in Figure 7-11.
Samba for MPE/iX Services Description and Usage of SWAT A snapshot of active connections, shares and open files can be provided by SWAT, as shown in Figure 7-12. The Server Status can be actively monitored by SWAT.
Samba for MPE/iX Services Description and Usage of SWAT How to use SWAT: To use the SWAT interface, just point and click on any of the options on the front page banner. The following are the brief descriptions of what each link in the banner stands for: 110 Home Samba help and documentation page Globals Link to global variable and configuration options Shares This link allows you to select the available shares for configuration or lets you create/delete shares from the record.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX Starting and Stopping Samba for MPE/iX This section covers the steps to start or stop Samba for MPE/iX. Starting Samba for MPE/iX Before you start to run Samba for MPE/iX server or client components, you should have set up the TCP/IP networking on your HP e3000 system as well as your PC. On the HP e3000 system, you should have a proper IP address and subnet mask configured in NMMGR as well as NETCONTROL START successfully executed.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX The following example displays when you run the command netcontrol status; net = lan1. NETWORK NAME: LAN1 NETWORK IP ADDRESS: $0F0DC750 15.13.188.80 NETWORK SUBNET MASK: $0FF000000 255.0.0.0 Add PM Capability To access share security modes, both samba and mgr.samba user accounts should have PM capabilities. 1. Logon as manager.sys 2. Add PM capability to samba account 3. Add PM capability to mgr.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX Starting Samba for MPE/iX Under the INETD Control If you choose to run SMBD and NMBD processes under control of INETD, you should have new entries in SERVICES.NET.SYS and INETDCNF.NET.SYS. You will then have to create symbolic links to make SERVICES.NET.SYS link to /etc/services and INETDCNF.NET.SYS symbolic links to /etc/inetd.conf respectively. Perform the following steps: 1. Logon as manager.sys. 2. Copy SERVSAMP.NET.SYS file to SERVICES.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX NOTE The new version of Samba for MPE/iX 2.0.7 is released as the official patch/6.5. The Samba for MPE/iX 2.0.7 software resides inside the SAMBA account in HFS directories under /SAMBA/SMB207 after you install the official release patch for Samba. The current version of Samba for MPE/iX 1.9.16p9 still exists inside the SAMBA account in HFS directories under /SAMBA/PUB. You can run only one version of Samba for MPE/iX at a time.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX This command should display a list of available shares (services) that matches your configuration file. If NMBD is running, a list of workgroups and related computers that NMBD could find on your network/subnet will be displayed, see Figure 7-13.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX shell/iX> smbclient \\\\\\sambadoc -N -c help This command should connect to the sambdoc share on your HP e3000 using -N to suppress password prompt and effectively become guest user and display the contents of on-line help screen of smbclient, see Figure 7-14. Figure 7-14 smbclient for MPE/iX (2) NOTE All smbclient examples used the -c option to specify the command on the command line.
Samba for MPE/iX Services Starting and Stopping Samba for MPE/iX Initial Test From a PC Client at DOS Prompt You can open a DOS command window and issue the command line using the following commands for initial test from a PC client: C:\> net view\\servername This command, will display a list of available shares for the server, see Figure 7-15.
Samba for MPE/iX Services Samba for MPE/iX Share Level Security Mode Samba for MPE/iX Share Level Security Mode The process of user authentication depends whether Samba for MPE/iX is running in share level or user level. The “security” parameter in the configuration file is used to specify the share level or user level authentication. If the “security” parameter is set to “share,” Samba for MPE/iX will tell clients it is granting access under share mode security.
Samba for MPE/iX Services Samba for MPE/iX Server Security Mode Samba for MPE/iX Server Security Mode Samba for MPE/iX server mode security is just one of the security policies of user level authentication. This mode of security is one of the types in processing user authentication. After the user is validated, access rights are enforced for the user: To make Samba for MPE/iX operate in server security mode: • Add security = server in the [global] section for smb.conf specifying security = server in smb.
Samba for MPE/iX Services New Functionalities New Functionalities New functionalities supported in Samba for MPE/iX 2.0.7. User-selectable name resolution order: The resolution of NetBIOS names into IP addresses can be done in several different ways (broadcast, lmhosts, DNS lookup, WINS). In the Samba for MPE/iX version 2.0.7, it is a new parameter that allows administrators to select the methods of name resolution, and the order in which such methods are applied, check “Global Configuration Options.
Samba for MPE/iX Services New Functionalities How to use mapdiffs: When you install this new version of Samba for MPE/iX, one must check the MPE/iX side file and directory names to see whether some of them have to be adjusted to the changed mapping methods. The mapdiffs utility (under /SAMBA/PUB/lib) is provided to check a given list of file or directory names for the name mapping differences between the Samba for MPE/iX version 1.9.16p9 and the new Samba for MPE/iX 2.0.7.
Samba for MPE/iX Services Troubleshooting Samba for MPE/iX Server Troubleshooting Samba for MPE/iX Server This section covers a list of tests you can perform to validate or diagnose your Samba for MPE/iX server. If your server passes all these tests, it is probably working fine. Prerequisites In all of the tests it is assumed you have a Samba for MPE/iX server 1.19.16p9 or later running on your HP e3000.
Samba for MPE/iX Services Troubleshooting Samba for MPE/iX Server If you get a “connection refused” response, then the SMBD server could not be running. If you get a “session request failed,” the server refused the connection to SMBD. Check your config file (smb.conf) for syntax errors with “testparm” as well as the various directories where Samba for MPE/iX keeps its log and lock files.
Samba for MPE/iX Services Troubleshooting Samba for MPE/iX Server TEST 7: On the PC, type the command “net view \\SAMBAIXSERVER”. You will need to do this from within a “DOS prompt” window. You should get a list of available shares on the server. If you get a “network name not found” or similar error NetBIOS name resolution is not working. This is usually caused by a problem in NMBD. To overcome the error, you could do one of the following (you only need to choose one): • Fix the NMBD installation.
Samba for MPE/iX Services Troubleshooting Samba for MPE/iX Server • Verify files created by PC user are owned by correct MPE/iX username and account • Verify full file read and create access to the user’s default home share. 2. Configure Samba for MPE/iX in Share security mode and set passwords on file shares. • Verify that the file and print access from PC users works. 3. Configure Samba for MPE/iX in Server security mode, pointing user validation to a NT server.
Samba for MPE/iX Services Troubleshooting Samba for MPE/iX Server Using Logfiles of Samba for MPE/iX In case of problems, check for the job listings for useful error messages and also look into the Samba for MPE/iX log file /usr/local/samba/var/log.smb and log.nmb for hints. You can control the amount of log messages with the “debug level” directive inside the config file smb.conf. Increasing the log level to 3 or 4 can shed light on the cause of most problems.
8 DNS BIND/iX BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS). It consists of a network of servers which provide a distributed database, including names and addresses of host machines. This information is accessible to client hosts which are running resolver software. This enables them to send queries to and receive replies from the servers. The resolver software runs on MPE/iX versions preceding 6.
DNS BIND/iX Introduction Introduction This section of the Configuring and Managing MPE/iX Internet Services manual assumes that the reader has prior experience with DNS BIND as implemented on other operating systems, or has familiarity with the concepts involved. There are a number of good textbooks available on this subject to which the reader is recommended — the following is a brief overview of a sophisticated system. The Domain Name System is a distributed and structured directory of information.
DNS BIND/iX Introduction commonly used version 4.9.4, (with which the majority of experienced DNS users will be familiar). This is the latest version of BIND, 8.1.1.
DNS BIND/iX Explanation of Terms Explanation of Terms BIND, which stands for Berkeley Internet Name Domain, is the most commonly used implementation of DNS. DNS is essentially a distributed data base, with control of the different elements of the data base maintained by individuals responsible for the domain served by that DNS server.
DNS BIND/iX Explanation of Terms known as “primary” and “secondary”. The rest of this section concerns itself with only “leaf ” DNS servers, that is. servers that only serve hosts. These servers have no domains under it, only hosts. There are four types of db or zone files used by a DNS server, each identified in the server’s named.conf file: • zone.DOMAIN — provides name-to-address mapping • zone.ADDR — provides address-to-name mapping • zone.LOCAL — a zone.
DNS BIND/iX Overview of DNS BIND/iX Overview of DNS BIND/iX In this implementation of BIND 8.1.1, the configuration and data files for the DNS server are found under the /BIND/PUB directory of the POSIX name space, though the DNS server is started by running a job from the MPE/iX name space — JNAMED.PUB.BIND which runs program NAMED.PUB.BIND.
DNS BIND/iX DNS BIND/iX Component Files DNS BIND/iX Component Files The major files for the implementation of DNS BIND/iX are found in PUB.BIND and NET.SYS in the MPE/iX name space, and under directories /BIND/PUB and /etc in the POSIX name space. JNAMED.PUB.BIN The job which runs the DNS server. NAMED.PUB.BIND The DNS server program. RESLVCNF.NET.SYS The DNS client (resolver) configuration file. Linked to /etc/resolv.conf. /etc/resolv.conf The DNS client (resolver) configuration file. Linked to RESLVCNF.
DNS BIND/iX DNS BIND/iX Component Files /BIND/PUB/bin/ addr Address lookup tool. /BIND/PUB/bin/ named- bootconf.pl Perl script to assist in converting BIND 4.x named.boot to 8.x named.conf. /BIND/PUB/bin/ nsupdate Zone transfer program — called internally by nameservers to transfer zone information from primary to secondary servers /BIND/PUB/ public_html Linked to sub-directory /BIND/PUB/doc-8.1.
DNS BIND/iX Server Configuration File named.conf Server Configuration File named.conf The configuration file, named.conf, has a completely new syntax. The configuration file in BIND 4.x was called named.boot. The utility “named-bootconf.pl”, written in Perl, available with the package, can be used to convert 4.x (8.1.1) configuration files. The complete path of this file in the installation is /BIND/PUB/bin/named-bootconf.pl.
DNS BIND/iX Server Configuration File named.conf Advanced users may need to refer to Appendix B , “BIND 8 Configuration File,” for a complete list of directives that can be configured for BIND 8. The following is the template /BIND/PUB/etc/named.conf file: options { directory “/BIND/PUB/etc”; // The following is the IP address of the MPE/iX system that is running NAMED. // YOU MUST CHANGE THIS TO BE YOUR OWN IP ADDRESS! listen-on { nnn.nnn.nnn.
DNS BIND/iX Server Configuration File named.conf Configuring Master Zones A sample configuration unit for a master zone is shown here: Example: zone “43.10.15.IN-ADDR.ARPA” { type master; file “zone.15.10.43”; }; The file zone.15.10.43 will have entries like: IN SOA IN NS bindserver.india.hp.com. 104 10800 3600 604800 86400 ) bindserver.india.hp.com. 1 2 3 4 5 IN IN IN IN IN PTR PTR PTR PTR PTR ; ; ; ; ; bind_admin.india.hp.com.
DNS BIND/iX Data Files Data Files The files that the primary nameservers load their zone data from are called data files or zone files. They are also referred to as db files, short for database files. The data files contain resource records that describe the zone. The resource records describe all the hosts in the zone. Root Cache Data (Hint File) Besides your local information, the nameserver also needs to know where the nameservers for the root domain are.
DNS BIND/iX Data Files news mail ns loghost lucy linux lucy messdos messdos pentium solaris solaris maxx4 maxx5 maxx5 maxx6 maxx6 IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN CNAME CNAME CNAME CNAME A CNAME MX 10 A MX 10 CNAME A MX 10 CNAME A MX 10 A MX 10 nova.maxx.net. nova.maxx.net. nova.maxx.net. nova.maxx.net. 204.251.17.242 lucy.maxx.net. lucy.maxx.net. 204.251.17.243 messdos.maxx.net. messdos.maxx.net. 204.251.17.244 solaris.maxx.net. solaris.maxx.net. 204.251.17.245 maxx5.maxx.net. 204.251.
DNS BIND/iX Data Files The open parenthesis at the end of the line allows you to split the SOA record across physical lines for readability: 9602171 ; Serial 36000 3600 360000 36000 ; ; ; ; Refresh every 10 hours Retry after 1 hour Expire after 100 hours Minimum TTL is 10 hours ) The “serial” field was discussed earlier.
DNS BIND/iX Data Files queries, that is, queries for the host maxx.net. Other A records like this one: lucy IN A 204.251.17.242 provide name-to-address mapping for a specific named host. The domain defined in this file (maxx.net) is appended to the host name you show in the first field. The CNAME records create aliases for existing hosts. These examples illustrate a few common uses: www IN CNAME maxx.maxx.net. ftp IN CNAME maxx.maxx.net.
DNS BIND/iX Data Files Address-to-Name Mapping Also called reverse mapping, the zone.ADDR db file allows resolvers to post queries armed with only the IP address of a host. This reverse mapping is used, for example, by Internet server software that prefers to log host names rather than less informative IP addresses. Address-to-name mapping data will be provided for a DNS server by PTR entries in its zone.ADDR files, one for every network served by this DNS server, and its zone.LOCAL file.
DNS BIND/iX Data Files This file lists the root domain servers in human-readable format. You’ll need to reformat it for consumption by named. Here’s what the cache file looks like: ; ; ; . . . . . . . . . Servers from the root domain ftp://nic.ddn.mil/netinfo/root-servers.txt 99999999 99999999 99999999 99999999 99999999 99999999 99999999 99999999 99999999 IN IN IN IN IN IN IN IN IN NS NS NS NS NS NS NS NS NS A.ROOT-SERVERS.NET B.ROOT-SERVERS.NET C.ROOT-SERVERS.NET D.ROOT-SERVERS.NET E.ROOT-SERVERS.
DNS BIND/iX Data Files command line arguments, it displays a prompt and waits for your command: >server mpe3000 Default Name Server: mpe3000.cup.hp.com Address: 15.13.199.80 By default, nslookup performs queries based on host names you submit; just enter a host name after the prompt: > romeo Server: Address: mpe3000.cup.hp.com 15.13.199.80 Name: Address: romeo.cup.hp.com 15.13.194.242 > 15.12.194.242 Server: mpe3000.cup.hp.com Address: 15.13.199.80 Name: Address: romeo.cup.hp.com 15.12.194.
DNS BIND/iX How to Run The DNS Server How to Run The DNS Server 1. Configure and start Syslog/iX see Appendix E , “Configure and Run Syslog/iX.” 2. Examine /BIND/PUB/etc/named.conf and customize for your own environment. 3. Configure the zone data files referenced in your /BIND/PUB/etc/named.conf. 4. Add your server’s IP address as the first nameserver entry in /etc/resolv.conf for all MPE and HPUX hosts that you wish to use this server for resolution queries. On MPE hosts, make sure that /etc/resolv.
DNS BIND/iX Configuring the DNS Resolver Configuring the DNS Resolver The file RESLVCNF.NET.SYS is the configuration file for the Domain Name resolver. It should be linked to /etc/resolv.conf. If the file does not already exist, then it can be copied from RSLVSAMP.NET.SYS to RESLVCNF.NET.SYS and then modified to contain information about your local domain and servers. Each entry in the resolver file consists of a keyword followed by a value separated by white space.
DNS BIND/iX Configuring the DNS Resolver servers if there is no response, if the previous nameserver has already replied that it cannot resolve a query, no further lookup will be attempted. NOTE It is very important that you omit the leading zeros in the domain name resolver files. If you enter leading zeros here, the resolver routines will interpret the numbers as octal numbers.
DNS BIND/iX List of Utilities List of Utilities • nslookup — query Internet name servers interactively Example: * nslookup quasar.india.hp.com Name Server: hpmpea2.cup.hp.com Address: 15.61.192.116 Non-authoritative answer: Name: quasar.india.hp.com Address: 15.10.45.114 • dig — Domain Information Groper Example: shell/iX> dig ; <<>> DiG 8.
DNS BIND/iX List of Utilities ;; ;; ;; ;; Total query time: 0 msec FROM: mpeworld to SERVER: default -- 0.0.0.0 WHEN: Mon May 18 22:15:45 1998 MSG SIZE sent: 17 rcvd: 494 • host — look up host names using domain server. Example: shell/iX> host quasar.india.hp.com quasar.india.hp.com has address 15.10.45.114 quasar.india.hp.com mail is handled (pri=90) by hpmdd58.india.hp.com quasar.india.hp.com mail is handled (pri=100) by palsmtp.hp.com quasar.india.hp.com mail is handled (pri=150) by atlsmtp.hp.
DNS BIND/iX DNS and Electronic Mail DNS and Electronic Mail One of the advantages of the Domain Name System over host tables is its support of advanced mail routing. DNS offers a mechanism for specifying backup hosts for mail delivery. The mechanism also allows hosts to assume mail handling responsibilities for other hosts. This lets diskless workstations that don’t run mailers, for example, have mail addressed to them processed by their server.
DNS BIND/iX DNS BIND Troubleshooting Steps DNS BIND Troubleshooting Steps 1. Resources: Find a resource who is experienced with DNS BIND/iX! If you’re entering into this without DNS BIND/iX experience, you’re off to a difficult start. Problems with this product are generally caused by poor configuration, so it’s critical to have a DNS BIND literate engineering resource available for problem classification and management. 2.
DNS BIND/iX DNS BIND Troubleshooting Steps Figure 8-1 Labeling Nodes server1.cup.hp.com IP Addr: 15.1.1.1 Function: Primary Nameserver server2.cup.hp.com IP Addr: 15.1.1.2 Function: Secondary Nameserver foo.cup.hp.com IP Addr: 15.1.1.3 Function: DNS User 5. Configuration Gathering: Once you have a good understanding of the history, symptoms, and topology, it’s time start examining the DNS configuration at the site. Relying on assumptions does not work with DNS BIND troubleshooting.
DNS BIND/iX DNS BIND Troubleshooting Steps Experience is the best tool, but there is one very good resource available that will help in troubleshooting DNS BIND: DNS & BIND is a book written by Paul Albitz and Cricket Lui. The 2nd edition has recently been published, with some useful additions for the newer, post 4.8.3, versions of BIND (4.9.3 is covered in some detail). Published by O’Reilly & Associated, Inc. [2nd Edition ISBN: 1-56592-236-0] 7.
DNS BIND/iX DNS BIND Troubleshooting Steps 154 Chapter 8
9 Apache for MPE/iX Apache for MPE/iX is server software that turns an HP e3000 into a full-featured web server. With the Apache Webserver, HP e3000 users can do business over the Internet. As a web server, an HP e3000 can provide users with direct access to documents and applications residing on the system. These applications can include Internet and intranet dynamic database connectivity using a browser as a common interface.
Apache for MPE/iX Introduction Introduction Users make requests to the web server via a client browser using the Hypertext Transfer Protocol (HTTP). The client browser can be any one of a variety of browsers, including those from Microsoft and Netscape. The sole purpose of a web server is to translate the client’s request (URL) into either a filename, and then send that file back over the network, or to translate a URL into a program name, run that program, and then send its output back.
Apache for MPE/iX Feature Set Feature Set Apache for MPE/iX supports a rich feature set. The entire feature set is determined by both the modules that are compiled into the Apache program and by the extension modules (Dynamic Shared Objects) that are loaded at Apache runtime. In addition to the http core (http_core.c) which is the heart of the Apache code, there are a number of other compiled-in modules. These modules provide the following major features: HTTP/1.
Apache for MPE/iX Feature Set Cookies Cookies are pieces of information generated by the web server and sent back to the browser for storage. For each subsequent request from the same client, the cookie is returned to the server. Cookies are useful for tracking which clients are accessing a server. Server-side Imagemaps Server-side imagemaps are zones defined in an image that, when clicked, will send the client to a different URL.
Apache for MPE/iX Feature Set Rewrite URLs can be translated on-the-fly to new addresses. A complex set of translation rules allows server variables, environment variables, HTTP headers, time stamps, and other values to be used in these address translations. Virtual Hosts (Vhost) A single copy of the Apache web server can be made to look like multiple web servers by using virtual hosts.
Apache for MPE/iX Feature Set mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_speling.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_auth_anon.c mod_digest.c mod_proxy.c mod_cern_meta.c mod_expires.c mod_headers.c mod_usertrack.c mod_unique_id.c mod_so.c mod_setenvif.c Version Identification To view the Apache version, run the program file with the -v option. Each Apache release has an open source version number (for example, Apache 1.3.
Apache for MPE/iX Feature Set quite large. Each request to the web server creates one entry in the access log. To periodically purge or archive the log files, refer to the section on “Managing Log Files”. Product Installation Earlier versions of Apache for MPE/iX were installed under PUB.APACHE. Starting with Apache 1.3.14, each Apache version is installed in its own directory tree under the APACHE account and in a group named by its MPE/iX version. For example, Apache 1.3.
Apache for MPE/iX Feature Set With new Apache releases, the previous version-specific group is not purged. When satisfied with the new version, the user can execute :PURGEGROUP on the previous version-specific group to remove it from the machine. :PURGEGROUP /APACHE/VUUFF To backdate, the CURRENT symlink should be purged and recreated to point to previous version-specific group.
Apache for MPE/iX Major Components Major Components After installing the Apache product, the following major files and directories will be created on the system under the directory /APACHE/VUUFF/: HTTPD The Apache web server program. “HTTP” stands for the protocol used between the client browser and the Apache web server. “D” stands for daemon, a system program which automatically handles certain system operations.
Apache for MPE/iX Major Components programs and much more. Apache is highly configurable and Apache’s config files determine how the web server will behave. htdocs/ The htdocs directory contains the public documents, images, and data to be served to clients. The htdocs directory and the directories below it are available to anyone accessing your web server. htdocs/manual/ This directory contains a full, on-line manual set (HTML format) for Apache.
Apache for MPE/iX Major Components public_html/ The home directory for MGR.APACHE. It is accessed by http://yourserver.com/~MGR.APACHE/. Preparing HP e3000 for Network Access Before an HP e3000 can act as a web server, it must be available for network access via TCP/IP: • Configure TCP/IP on the system. • Have a domain name associated with the system’s IP address. Apache communicates on the network using the HTTP Hypertext Transfer Protocol which, in turn, uses TCP/IP.
Apache for MPE/iX Major Components C:\>ping yourserver.com Pinging yourserver.com [15.99.200.390] with 32 bytes of data Reply from 15.99.200.390: bytes=32 time<10ms TTL=199 Reply from 15.99.200.390: bytes=32 time<10ms TTL=199 Reply from 15.99.200.390: bytes=32 time<10ms TTL=199 You will also want a domain name. This is a unique identifier such as “yourserver.abc.com” which is used (instead of the IP address) to direct requests from a browser to a web server.
Apache for MPE/iX Major Components Configure Apache The /APACHE/VUUFF/conf directory contains the Apache configuration files. You will need your own copies of these under the /APACHE/PUB/conf directory. The .sample files are derived from the .default files with modifications for MPE/iX. The installation job sets up links to the /APACHE/VUUFF/conf directory so the following copy commands will get the new versions. Make sure to logon as MGR.APACHE before beginning configuration: :HELLO MGR.APACHE :XEQ SH.
Apache for MPE/iX Major Components These are the only changes that need to be made to start up the web server. For information about other configuration directives, visit the online Apache documentation at http://www.apache.org/docs. 2. Verify the configuration file. It is a good idea to verify your configuration files before trying to start the web server. This verification is for syntax checking only. shell/iX> /APACHE/PUB/HTTPD -t Syntax OK Setup the JHTTPD Job Stream File The JHTTPD.
Apache for MPE/iX Major Components Start Apache Start the HTTPD web server program by streaming the JHTTPD job file. This can be done from either the CI or the POSIX shell: :STREAM JHTTPD.PUB.APACHE or :XEQ SH.HPBIN.SYS -L shell/iX>callci “stream jhttpd.pub.apache” Verify that Apache is Running There are a number of ways to verify if the Apache web server is running or, if it is not, to isolate how far the startup process has progressed.
Apache for MPE/iX Major Components After the HTTPD program is running, verify that files in the directory tree are accessible: • Server home page, http://yourserver.com. This brings up the default Apache home page /APACHE/PUB/htdocs/index.html. • MGR.APACHE home page, http://yourserver.com/~MGR.APACHE. This brings up the page /APACHE/PUB/public_html/index.html. To create a new default page for MGR.
Apache for MPE/iX Major Components If telnet to Apache’s port fails, then the problem is not with the web server, since the connection is not yet reaching the HP e3000 box. A successful telnet connection should look something like: $telnet hostname 80 (from a UNIX machine) Trying... Connected to hostname.hp.com. Escape character is '^]'. GET / HTTP/1.0 <--- user input or :xeq telnet.arpa.sys (from an MPE machine) Telnet Client [A6000000] (C) Hewlett-Packard Co.
Apache for MPE/iX Major Components Stopping Apache Apache can be stopped by issuing an :ABORTJOB or kill. Kill can be issued by users WWW.APACHE, MGR.APACHE, and MANAGER.SYS. Using kill (which defaults to kill -TERM) is the preferred method for stopping Apache since it uses Apache’s internal routines to clean up open resources. Using :ABORTJOB will result in leaked SVIPC semaphores. The CI command file IPCS.HPBIN.SYS can be used to display SVIPC semaphores and the CI command file IPCRM.HPBIN.
Apache for MPE/iX Major Components Error Logging Apache error logging is useful when trying to start Apache as well as for monitoring a running web server. Apache will log errors into a log file called error_log by default. This log file resides in the /APACHE/PUB/logs directory. The number of messages logged in the error log is set by the LogLevel directive in the httpd.conf file. Possible values for LogLevel (by increasing significance) are debug, info, notice, warn, error, crit, alert, emerg.
Apache for MPE/iX Major Components home group of USER.ACCOUNT. File /ACCOUNT/GROUP/public_html/foo.html would be accessed by http://yourserver.com/~USER.ACCOUNT/foo.html. All files and directories must be readable by WWW.APACHE, the runtime user for the Apache web server on MPE/iX. Directories must also have traverse directory permission (TD) for all the directories in the path to the file Apache is accessing.
Apache for MPE/iX Major Components Creating Apache Modules DSOs can be written in either the C programming language or in the Perl scripting language. DSOs written in C must be compiled on MPE/iX. Those written in Perl require a Perl interpreter to be embedded into Apache. This embedded Perl interpreter is provided by the mod_perl module. Mod_perl is part of the HP WebWise MPE/iX Secure Web Server product, version 2 or later, but is not part of standard Apache on MPE/iX.
Apache for MPE/iX Major Components Tools There are a number of options available when choosing tools to build an Apache module for MPE/iX. Some of these tools are open source tools from the GNU Project, a provider of free software. The GNU tools are used on many operating system platforms for development of open source code, including MPE/iX. Module compilations on MPE/iX can be done with the GNU C compiler, gcc, or with the MPE/iX POSIX compiler, c89.
Apache for MPE/iX Major Components To create the module file “mod_hw.c” from file “mod_example.c”, log on as MGR.APACHE so that the file is created with the right ownership: :HELLO MGR.APACHE :XEQ SH.HPBIN.SYS -L shell/iX> mkdir hw shell/iX> cd hw shell/iX> cp /APACHE/PUB/libexec/mod_example.c mod_hw.c Change all references inside mod_hw.c from mod_example, example_module, example_handler, etc. to mod_hw, hw_module, hw_handler, etc., and modify/add any other code, as needed.
Apache for MPE/iX Major Components directive is necessary when functions are called across object boundaries such as mod_hw.o calling helloworld() in hw.o. The share option is needed when global data is shared between multiple object files. The share option is not actually needed by the sample code. The compile and link steps can be put in a Makefile to facilitate multiple builds of a module. As an example, refer to the section “Modified APXS Makefile (mod_hw)”. Mod_hw.
Apache for MPE/iX Major Components shown in the section “Modified APXS Makefile (mod_hw)”. The modified Makefile still calls apxs for getting the correct compile options and include files but does not use apxs for compiling and linking. Makefile can easily be modified for customization. For the sample module, mod_hw, the additional source file, hw.c, was added to Makefile. Using a Makefile is a convenient and flexible way to build modules.
Apache for MPE/iX Major Components a - /APACHE/PUB/hw/hw.o 1 OBJECT FILE HAS BEEN ADDED. shell/iX> callci linkedit HP Link Editor/iX (HP30315A.06.15) Copyright Hewlett-Packard Co 1986 LinkEd> buildxl xl=./mod_hw.so;limit=5 LinkEd> addxl from=./mod_hw.o;to=./mod_hw.so;merge;share;rl=./hw.a,/lib/libm.a, /lib/libc.a 1 OBJECT FILE HAS BEEN ADDED. Shared libraries Shared libraries (XLs) can also be used for resolving external function calls from a DSO.
Apache for MPE/iX Major Components Here is a POSIX script that shows how libraries might be set up programmatically. It uses hw.o as the archive library, hw.a: shell/iX> cat xlbuild.sh #!/bin/sh # # set the location of Apache AP=/APACHE/PUB # # create the old libraries rm -f ${AP}/XLC ${AP}/XLM ${AP}/XLHW # # copy the latest versions cp /lib/libc.sl ${AP}/XLC cp /lib/libm.sl ${AP}/XLM # #create a custom XL callci "xeq linkedit.pub.sys 'buildxl xl=${AP}/XLHW'" callci "xeq linkedit.pub.
Apache for MPE/iX Major Components # Example: # LoadModule foo_module libexec/mod_foo.so # LoadModule example_module libexec/mod_example.so LoadModule hw_module libexec/mod_hw.so ... AddModule mod_cern_meta.c AddModule mod_expires.c AddModule mod_headers.c AddModule mod_usertrack.c #AddModule mod_example.c AddModule mod_jw.c AddModule mod_unique_id.c AddModule mod_so.c AddModule mod_setenvif.c ... Mod_hw includes a handler so the following additional directives are added to httpd.conf: ...
Apache for MPE/iX Major Components Testing a DSO After configuration or at any time after modifying a DSO, restart Apache in order to load the module: shell/iX> cd /APACHE/PUB/logs shell/iX> kill -HUP `cat ./httpd.pid` or kill -TERM ‘cat httpd.pid`;callci stream ../JHTTPD To execute the mod_hw DSO, access the specified in the httpd.conf file. A DSO may be executed in a different way, depending on the DSO’s functionality: http://yourserver.
Apache for MPE/iX Sample Module Code (mod_hw) Sample Module Code (mod_hw) This section contains source code for the sample DSO module discussed in the previous sections, mod_hw.so. The module source code consists of two files, mod_hw.c and hw.c. Mod_hw.c contains the module structure and hw.c contains a function called by mod_hw.c. mod_hw.c Mod_hw.c is a simple Apache module. It calls pow() (in the math library, /lib/libm) and helloworld() in hw.c.
Apache for MPE/iX Sample Module Code (mod_hw) STANDARD_MODULE_STUFF, NULL, /* module initializer NULL, /* per-directory config creator NULL, /* dir config merger NULL, /* server config creator NULL, /* server config merger NULL, /* command table hw_handlers, /* [7] content handlers NULL, /* [2] URI-to-filename translation NULL, /* [5] check/validate user_id NULL, /* [6] check user_id is valid *here* NULL, /* [4] check access by host address NULL, /* [7] MIME type checker/setter NULL, /* [8] fixups NULL, /*
Apache for MPE/iX Sample Module Code (mod_hw) APXS Default Makefile (mod_hw) This is the Makefile auto-generated by apxs -g -n hw. ## ## ## ## Makefile -- Build procedure for sample hw Apache module Autogenerated via ``apxs -n hw -g''. # the used tools APXS=apxs APACHECTL=apachectl # additional defines, includes and libraries #DEF=-Dmy_define=my_value #INC=-Imy/include/dir #LIB=-Lmy/lib/dir -lmylib # the default target all: mod_hw.so # compile the shared object file mod_hw.so: mod_hw.
Apache for MPE/iX Sample Module Code (mod_hw) Modified APXS Makefile (mod_hw) This Makefile is a modified version of the apxs auto-generated Makefile. It shows how to call gcc for compiling and LinkEditor for linking. The APXS variable was also changed to contain a fully qualified path to apxs. Apxs is used for getting the correct defines and includes. It is also used for installing the new module in the libexec/ directory.
Apache for MPE/iX Sample Module Code (mod_hw) # simple test test: reload lynx -mime_header http://localhost/hw # install and activate shared object by reloading Apache to # force a reload of the shared object file reload: install restart # the general Apache start/restart/stop # procedures start: $(APACHECTL) start restart: $(APACHECTL) restart stop: $(APACHECTL) stop Extended Apache Programming Interface (EAPI) Apache 1.3.9 and later are built with an extended set of Apache APIs. This means that Apache 1.
Apache for MPE/iX Sample Module Code (mod_hw) Unsupported Functionality HP does not support Apache binaries or DSOs built by individuals or organizations outside of HP. HP supports the htpasswd and apxs utilities in the /APACHE/PUB/bin directory but not the other scripts and programs in the bin directory. Performance For best performance, files returned to the user should be in bytestream format. For example; .html, .htm, .shtml, .shtm, .txt, .gif, .jpeg, and .
Apache for MPE/iX Sample Module Code (mod_hw) CODE ------------LOGICAL RECORD------SIZE TYP EOF LIMIT R/B 128W VB 80B FA 19 54 204800 204800 ----SPACE---- FILENAME SECTORS #X MX 1 1 32 1 32 1 8 index.html 8 index1.html To convert an ASCII-type file (.htm*, .shtm*, or .txt), use the tobyte utility with the -at option. If it is a binary-type file (such as .jpeg, .jpg, or .gif), do not use the -at option: shell/iX>tobyte -at /APACHE/PUB/htdocs/index.html /APACHE/PUB/htdocs/newindex.
Apache for MPE/iX Sample Module Code (mod_hw) • http://modules.apache.org is a repository of Apache modules. New modules are continually added. These modules are available from a wide-variety of sources with different types of licenses. Some modules are free (e.g., available under the Apache license), some have license restrictions, and some are commercial products. • The Perl interpreter and the gnu tools can be downloaded via the Jazz server, http://jazz.external.hp.com. • http://httpd.apache.
Apache for MPE/iX Sample Module Code (mod_hw) 192 Chapter 9
A Samba for MPE/iX Sample Comfiguration File The following is the sample configuration file samp-smb.cnf for Samba for MPE/iX that you can find in the /usr/local/samba/lib directory on the HP e3000 system: # Sample config file for Samba for MPE/iX 0.7 and later” # # # # Copy this file to /usr/local/samba/lib/smb.conf and adjust as needed.
Samba for MPE/iX Sample Comfiguration File # --------------------------------------------------------------------# GLOBAL section (general parms and defaults for other sections) [global] # you MUST supply IP address and subnet mask of your 3000 here interfaces = 12.34.56.78/255.0.0.
Samba for MPE/iX Sample Comfiguration File load printers = yes # the workgroup that your server belongs to workgroup = SambaIX # these can be used e.g.
Samba for MPE/iX Sample Comfiguration File # --------------------------------------------------------------------# PRINTERS section (optional but useful) # # # # # This section work in conjunction with the printcap file and allows to configure a large number of printer shares without having to add separate detailed sections for each of them. The printer names and optional aliases are listed in the printcap file and the config parms are defined here. Special printers can still be defined explicitly.
Samba for MPE/iX Sample Comfiguration File # --------------------------------------------------------------------# HOMES section (optional but sometimes useful) # # # # # This section provides access to user’s home directories without having to add a separate section for each of them. The share name is considered to be a valid user id and the path defaults to that user’s home directory. The share is created “on the fly” by using attributes from this section.
Samba for MPE/iX Sample Comfiguration File # --------------------------------------------------------------------# OTHER sections (explicit definitions of file or printer shares) # The writable shares are placed under an MPE group with space limit [temp] # multiple users share one server directory but independent file # ownership is maintained so that they might be able to “see” other # users’ files but still be unable to get read or write access comment = Shared temp space for non-guest users guest ok = n
Samba for MPE/iX Sample Comfiguration File path = /SAMBA/SHR/public [sambadoc] comment = Samba doc files (readonly but guest allowed) guest ok = yes write ok = no path = /usr/local/samba/docs [sambahtm] comment = Samba HTML files (readonly but guest allowed) guest ok = yes write ok = no path = /usr/local/samba/docs/htmldocs [sambaman] comment = Samba Man pages files (read only but guest allowed) guest ok= yes write ok = no path = /usr/local/samba/man Appendix A 199
Samba for MPE/iX Sample Comfiguration File 200 Appendix A
BIND 8 Configuration File B The following is a dummy configuration file example. This explains in brief what each configuration directive is useful for and its syntax. All the directives are not required for a typical BIND configuration. /* * This is a worthless, nonrunnable example of a named.conf file that has * every conceivable syntax element in use. We use it to test the parser. * It could also be used as a conceptual template for users of new features.
BIND 8 Configuration File sites // for load balancing. allow-query { any; }; allow-transfer { any; }; transfers-in 10; be // DEFAULT_XFERS_RUNNING, cannot // set > than MAX_XFERS_RUNNING (20) transfers-per-ns 2; transfers-out 0; max-transfer-time-in 120; number // DEFAULT_XFERS_PER_NS // not implemented // MAX_XFER_TIME; the default // of minutes an inbound zone transfer // may run. May be set on a per-zone // basis. /* * The “transfer-format” option specifies the way outbound zone * transfers (i.e.
BIND 8 Configuration File forward first; forwarders { }; // default is no forwarders /* * Here’s a forwarders example that isn’t trivial */ /* forwarders { 1.2.3.4; 5.6.7.8; }; */ topology { localhost; localnets; }; // prefer local nameservers /* * Here’s a more complicated topology example; it’s commented out * because only one topology block is allowed. * topology { 10/8; // prefer network 10.0.0.0 // netmask 255.0.0.0 most !1.2.3/24; // don’t like 1.2.3.0 netmask // 255.255.255.0 at all { 1.
BIND 8 Configuration File }; zone “master.demo.zone” { type master; file “master.demo.zone”; check-names fail; allow-update { none; }; allow-transfer { any; }; allow-query { any; }; // notify yes; also-notify { }; // what used to be called “primary” // // // // // // // send NOTIFY messages for this zone? The global option is used if “notify” is not specified here. don’t notify any nameservers other than those on the NS list for this zone }; zone “slave.demo.zone” { type slave; file “slave.demo.
BIND 8 Configuration File acl can_query { !1.2.3/24; any; }; acl can_axfr { 1.2.3.4; can_query; }; // // // // network 1.2.3.0 mask 255.255.255.0 is disallowed; rest are OK host 1.2.3.4 and any host allowed by can_query are OK zone “non-default-acl.demo.zone” { type master; file “foo”; allow-query { can_query; }; allow-transfer { can_axfr; }; allow-update { 1.2.3.4; 5.6.7.8;servers.
BIND 8 Configuration File * critical * error * warning * notice * info * debug 1 * ... * debug 99 */ a fatal error a normal, but significant event an informational message the least detailed debugging info the most detailed debugging info /* * Here are the built-in channels: * * channel default_syslog { * syslog daemon; * severity info; * }; * * channel default_debug { * file “named.
BIND 8 Configuration File * * * they all end up here. also, if you don’t specify any channels for a category, the default category is used * * * * parser instead. high-level configuration file processing low-level configuration file * queries what used to be called “query * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ lame-servers statistics panic messages like “Lame server on ...
BIND 8 Configuration File /* * Note that debugging must have been turned on either * on the command line or with a signal to get debugging * output (non-debugging output will still be written to * this channel). */ }; /* * If you don’t want to see “zone XXXX loaded” messages but do * want to see any problems, you could do the following.
C BIND 8.1 Enhanced Features The following points are explained in this appendix. 1. BIND 8 highlights 2. BIND Configuration File Guide — Logging Statement 3. BIND Configuration File Guide — Zone Statement 4. BIND Configuration File Guide — Option Statement 5. Converting From BIND 4.9.
BIND 8.
BIND 8.1 Enhanced Features BIND 8 Highlights Definition and Usage The logging statement configures a wide variety of logging options for the nameserver. Its channel phrase associates output methods, format options and severity levels with a name that can then be used with the category phrase to select how various classes of messages are logged. Only one logging statement is used to define as many channels and categories as are wanted.
BIND 8.1 Enhanced Features BIND 8 Highlights in this manual. How syslog will handle messages sent to this facility is described under syslog.conf earlier in this manual. If you have a system which uses a very old version of syslog and that only uses two arguments to the openlog() function, then this clause is silently ignored. The severity clause works like syslog’s “priorities”, except that they can also be used if you are writing straight to a file rather than using syslog.
BIND 8.1 Enhanced Features BIND 8 Highlights The category phrase. channel default_syslog { syslog daemon; severity info; }; # send to syslog’s daemon facility # only send priority info and higher channel default_debug { file “named.run”; # write to named.run in the working directory # Note: stderr is used instead of “named.run” # if the server is started with the “-f” option.
BIND 8.1 Enhanced Features BIND 8 Highlights category is used instead. If you do not define the default category, the following definition is used: category default { default_syslog; default_debug; }; config High-level configuration file processing. parser Low-level configuration file processing. queries A short log message is generated for every query the server receives. lame-servers Messages like “Lame server on ...” statistics Statistics.
BIND 8.1 Enhanced Features BIND 8 Highlights security Approved/unapproved requests. os Operating system problems. insist Internal consistency check failures. maintenance Periodic maintenance events. load Zone loading messages. response-checks Messages arising from response checking, such as “Malformed response ...”, “wrong ans. name ...”, “unrelated additional info ...”, “invalid RR type ...”, and “bad referral ...”.
BIND 8.1 Enhanced Features BIND 8 Highlights Definition and Usage (Zone Types) NOTE master The master copy of the data in a zone. slave A slave zone is a replica of a master zone. The masters list specifies one or more IP addresses that the slave contacts to update its copy of the zone. If file is specified, then the replica will be written to the file. Use of file is recommended, since it often speeds server startup and eliminates a needless waste of bandwidth.
BIND 8.1 Enhanced Features BIND 8 Highlights DNS NOTIFY message for this zone is made up of all the listed nameservers for the zone (other than the primary master) plus any IP addresses specified with also-notify. also-notify is not meaningful for stub zones. The default is the empty list.
BIND 8.1 Enhanced Features BIND 8 Highlights Definition and Use The options statement sets up global options to be used by BIND. This statement may appear at only once in a configuration file; if more than one occurrence is found, the first occurrence determines the actual options used, and a warning will be generated. If there is no options statement, an options block with each option set to its default will be used. Pathnames directory The working directory of the server.
BIND 8.1 Enhanced Features BIND 8 Highlights specified, the default is “named.stats”. Boolean Options auth-nxdomain NOTE If yes, then the AA bit is always set on NXDOMAIN responses, even if the server is not actually authoritative. The default is yes. Do not turn off auth-nxdomain unless you are sure you know what you are doing, as some older software won’t like it.
BIND 8.1 Enhanced Features BIND 8 Highlights Forwarding notify If yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes. The use of NOTIFY speeds convergence between the master and its slaves. Slave servers that receive a NOTIFY message and understand it, will contact the master server for the zone and see if they need to do a zone transfer, and if they do, they will initiate it immediately.
BIND 8.1 Enhanced Features BIND 8 Highlights Name Checking The server can check domain names based upon their expected client contexts. For example, a domain name used as a hostname can be checked for compliance with the RFCs defining valid hostnames. Three checking methods are available: ignore No checking is done. warn Names are checked against their expected client contexts. Invalid names are logged, but processing continues normally. fail Names are checked against their expected client contexts.
BIND 8.1 Enhanced Features BIND 8 Highlights Interfaces The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes an optional port, and an address_match_list. The server will listen on all interfaces allowed by the address match list. If a port is not specified, port 53 will be used. Multiple listen-on statements are allowed. For example: listen-on { 5.6.7.8; }; listen-on port 1234 { !1.2.3.4; 1.
BIND 8.1 Enhanced Features BIND 8 Highlights limit the number of concurrent outbound zone transfers. It is checked for syntax, but is otherwise ignored. transfers-per-ns The maximum number of inbound zone transfers (named-xfer processes) that can be concurrently transferring from a given remote nameserver. The default value is 2. Increasing transfers-per-ns may speed up the convergence of slave zones, but it also may increase the load on the remote nameserver.
BIND 8.1 Enhanced Features BIND 8 Highlights Periodic Task Intervals Topology cleaning-interval The server will remove expired resource records from the cache every cleaning-interval minutes. The default is 60 minutes. If set to 0, no periodic cleaning will occur. interface-interval The server will scan the network interface list every interface-interval minutes. The default is 60 minutes. If set to 0, interface scanning will only occur when the configuration file is loaded.
BIND 8.1 Enhanced Features BIND 8 Highlights Converting From BIND 4.9.x BIND 4.9.x configuration files can be converted to the new format by using src/bin/named/named-bootconf.pl, a perl script that is part of the BIND 8.1 source kit.
BIND 8.
D Server Configuration Migration There is a host of configuration migration utility available now. If you want to convert 4.x named.boot files to 8.x named.conf files, there is a perl script, named-bootconf.pl available on the system. This perl script file resides in /BIND/PUB/bin directory. Explanation of configuration migration utilities; The named-bootconf.pl is a perl script. Perl is a scripting language, like a shell script, it runs under an interpreter environment on MPE.
Server Configuration Migration 228 Appendix D
E Configure and Run Syslog/iX How to Run Syslog/iX: 1. Log on as mgr.syslog. 2. Examine syslog.conf and customize for your own environment. 3. :stream JSYSLOGD.PUB.SYSLOG. 4. Stop Syslog/iX by issuing the command :ABORTJOB.## ## ## :TELL @.@ ## *.emerg * ## ## Write to the :CONSOLE ## *.alert /dev/console ## ## :TELL @.SYSLOG ## *.crit @.SYSLOG ## ## :TELL MANAGER.SYS ## *.err MANAGER.SYS ## ## Forward to syslogd on another host via UDP ## *.warning @some.host.running.syslogd ## ## Write to the :CONSOLE *.
Configure and Run Syslog/iX They are classified as follows: debug info error critical warning alert emergency Now these messages could also be sent to a particular user by using the “tell” option followed by the user name. They can also be sent to another machine by using “@machine name”.
Index Symbols $STDLIST messages, 43 /etc directory, 19, 30 /etc/bootpd, 56 /etc/bootpquery, 56 /etc/bootptab, 20, 56, 59 /etc/hosts.equiv, 80 /etc/inetd, 29 /etc/inetd.conf, 20, 29, 30, 50, 57, 71 /etc/protocols, 20 /etc/services, 79 /usr/adm/inetd.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
Index operation, 66 BOOTPQRY.NET.SYS, 56 BOOTPTAB.NET.SYS, 20, 59 BPTABSMP.NET.SYS, 20, 56, 59 broadcast address, 61 browseable, 99 bs tag, 61 creating TFTP account, 72 TFTPDIR, 72 creating symbolic links, 19, 30, 59 creating the inetd security file, 34 creating the protocols file, 24 creating the services file, 22 C -c command, 40, 50, 58, 71, 74 c89, 176 capabilities for ARPA.SYS, 49 for MGR.TFTP, 72 for USER.
