TCP Wrappers: Problem logging in from local domain.

TCP Wrappers: Problem logging in from local domain.

Post by Chris Pric » Wed, 28 Jun 2000 04:00:00



Hi,

I've compiled the TCP Wrappers 7.6 on fif* Solaris 7 boxes which are
located at fif* different locations. I have configured inetd.conf to only
provide telnet and ftp access, commenting out all the other services
controlled by inetd.

I have the following /etc/hosts.deny file:
ALL: ALL

And the following /etc/hosts.allow file:
ALL: LOCAL : ALLOW
in.telnetd: a few other remote IP addresses
in.ftpd: a few other remote IP addresses
in.tftpd: a few other remote IP addresses

For some reason, users in the same domain as the Sun server cannot telnet
into the box, unless I include their IP addresses in the in.telnetd line. I
want to allow everybody at the remote domain to be able to FTP and telnet
into the box.

I thought that I'd allowed telnet & ftp access for all localdomain users by
using the ALL: LOCAL : ALLOW statement, but this doesn't seem to work...

Running tcpdcheck doesn't throw up any errors.

What am I doing wrong? I can get it to work on Linux, but Solaris is a bit
tricky! I've checked dejanews, the FAQ's and the README's and nothing on
there for this particular problem! Apart from this, the TCP Wrappers work
like a dream.

Thanks for your help.

Chris

 
 
 

TCP Wrappers: Problem logging in from local domain.

Post by Steve Menar » Sat, 01 Jul 2000 04:00:00



> Hi,

> I've compiled the TCP Wrappers 7.6 on fif* Solaris 7 boxes which are
> located at fif* different locations. I have configured inetd.conf to
only
> provide telnet and ftp access, commenting out all the other services
> controlled by inetd.

> I have the following /etc/hosts.deny file:
> ALL: ALL

> And the following /etc/hosts.allow file:
> ALL: LOCAL : ALLOW
> in.telnetd: a few other remote IP addresses
> in.ftpd: a few other remote IP addresses
> in.tftpd: a few other remote IP addresses

> For some reason, users in the same domain as the Sun server cannot telnet
> into the box, unless I include their IP addresses in the in.telnetd line.
I
> want to allow everybody at the remote domain to be able to FTP and telnet
> into the box.

> I thought that I'd allowed telnet & ftp access for all localdomain users
by
> using the ALL: LOCAL : ALLOW statement, but this doesn't seem to work...

> Running tcpdcheck doesn't throw up any errors.

> What am I doing wrong? I can get it to work on Linux, but Solaris is a
bit
> tricky! I've checked dejanews, the FAQ's and the README's and nothing on
> there for this particular problem! Apart from this, the TCP Wrappers work
> like a dream.

> Thanks for your help.

> Chris

You should put the domain inthe hosts.allow file.
ALL:   somewhere.com :ALLOW
This allow everyone in a particular domain to access the server.

--
Posted via CNET Help.com
http://www.veryComputer.com/

 
 
 

TCP Wrappers: Problem logging in from local domain.

Post by Steve Menar » Sat, 01 Jul 2000 04:00:00



> Hi,

> I've compiled the TCP Wrappers 7.6 on fif* Solaris 7 boxes which are
> located at fif* different locations. I have configured inetd.conf to
only
> provide telnet and ftp access, commenting out all the other services
> controlled by inetd.

> I have the following /etc/hosts.deny file:
> ALL: ALL

> And the following /etc/hosts.allow file:
> ALL: LOCAL : ALLOW
> in.telnetd: a few other remote IP addresses
> in.ftpd: a few other remote IP addresses
> in.tftpd: a few other remote IP addresses

> For some reason, users in the same domain as the Sun server cannot telnet
> into the box, unless I include their IP addresses in the in.telnetd line.
I
> want to allow everybody at the remote domain to be able to FTP and telnet
> into the box.

> I thought that I'd allowed telnet & ftp access for all localdomain users
by
> using the ALL: LOCAL : ALLOW statement, but this doesn't seem to work...

> Running tcpdcheck doesn't throw up any errors.

> What am I doing wrong? I can get it to work on Linux, but Solaris is a
bit
> tricky! I've checked dejanews, the FAQ's and the README's and nothing on
> there for this particular problem! Apart from this, the TCP Wrappers work
> like a dream.

> Thanks for your help.

> Chris

In Previous post the info was not quite correct the entry should look like:
ALL: .somewhere.com :ALLOW
The dot is needed to allow for all of the users in the domain to access the
server. You need the dot.

Steve

--
Posted via CNET Help.com
http://www.veryComputer.com/