Re: [Nufw-users] no reaction

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-users] no reaction

From:	Henrik Lohse
Subject:	Re: [Nufw-users] no reaction
Date:	Tue, 23 Dec 2003 15:57:23 +0100 (CET)

hola,

> Guten tag !
> By the way, could you tell us in which context you are testing nufw ?

i am doing a practical training at a small company in argentina. we
are migrating their user authentification to a ldap-directory. now
they want more control about which user may use which internet
services (actually, i don't like the idea of big-brother, but the nufw is
interesting :-) .

btw, it would be nice to have a pam-like authentification that you don't
have to authenticate again (with nutcpc) but can use the login
information.

> you should be able to see message like :
> packet :
> connection: src=192.168.0.2 dst=ip_website proto=6
> sport=33764 dport=80

now, this message is coming, but entering the acl_check i get a warning
invalid return from ldap_search_st : No such object

the ldap-log says
Dec 23 09:28:22 linux slapd[1058]: conn=170 op=1 SRCH
base="ou=acls,dc=example,dc=com" scope=2
filter="(&objectClass=NuAccessControlList)(SrcIPStart<=3232235522)(SrcIPEnd>=3232235522)
(DstIPStart<=ippresentation)(DstIPEnd>=ippresentation)(Proto=6)(SrcPortStart<=32834)
(SrcPortEnd>=32834)(DstPortStart<=80)(DstPortEnd>=80))"
Dec 23 09:28:22 linux slapd[1058]: conn=170 op=1 RESULT tag=101 err=32
text=

the acls were created by nuaclgen, an manually performing an ldapsearch
shows the desired acl. (i have an acl to allow everything for gids 0 and
1000)

ldapsearch -x -D "cn=Manager,rc=example,rc=com" -W -b
"ou=acls,rc=example,rc=com"
"(&(objectClass=NuAccessControlList)(Proto=6))"

finds the acls for both groups.

the ldap-server is a different machine, but the user authentification
works with that ldap.

and i get a message, that i cannot connect to the postgressql database
(because there is none, but the nuauth log backend is set to syslog.
and logging is set to 0). i could put the database on another machine
but i don't know where to configure that. (the nutop.conf points to the
other machine, but the warnings remain), actually i'd prefer local logging
via syslog or no logging at all.

again, thank you very much for your help!

best regards
 henne

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] no reaction, Henrik Lohse, 2003/12/19
- Re: [Nufw-users] no reaction, Eric Leblond, 2003/12/19
  - Re: [Nufw-users] no reaction, Henrik Lohse, 2003/12/22
    - Re: [Nufw-users] no reaction, Eric Leblond, 2003/12/22
    - Re: [Nufw-users] no reaction, Henrik Lohse, 2003/12/23
    - Re: [Nufw-users] no reaction, Eric Leblond, 2003/12/23
    - Re: [Nufw-users] no reaction, Henrik Lohse <=
    - Re: [Nufw-users] no reaction, Eric Leblond, 2003/12/23
    - Re: [Nufw-users] no reaction, Vincent Deffontaines, 2003/12/23

Prev by Date: Re: [Nufw-users] no reaction
Next by Date: Re: [Nufw-users] no reaction
Previous by thread: Re: [Nufw-users] no reaction
Next by thread: Re: [Nufw-users] no reaction
Index(es):
- Date
- Thread