Koozali.org: home of the SME Server

Gettng latest components - a step-by-step guid

Scott Duncan

Gettng latest components - a step-by-step guid
« on: August 01, 2000, 06:54:50 PM »
Ok, I’ve had a couple of requests for this, so here ‘goes;

Note: This is NOT endorsed by e-smith, inc! I am simply sharing my
experience as it’s been requested!

E-Smith is based on Redhat 6.1. However you my have a RedHat 6.2 CD
and would like ALL the updates to your components. This will ALSO add
the functionality of PORT FORWARDING, so you may want to go through
this exercise for that reason alone! J

Stuff you will need:

Redhat 6.2 cd.  You can get a fresh ISO to burn HERE à
http://www.linuxiso.org/download/redhat-6.2-i386.iso

The latest, greatest SAMBA! Get it HERE à
http://ca.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/6.2/samba-2.0.7-20000425.i386.rpm

IPMASQADM which works very nicely to forward ports! Get it
HERE à http://www.nx2000.net/ipmasqadm-0.4.2-3.i386.rpm If you want to
know about this module go HERE à http://members.home.net/ipmasq/

Place the SAMBA and IPMASQADMN rpms in a directory on your e-smith
server.

Step 1: BACK UP YOUR DATA!!!!  BACK UP YOUR E-SMITH CONFIGURATION!
(You can do this from the e-smith manager)

Step 2: Boot with your RedHat 6.2 CD and go through the preamble. (I
type “text” at the LILO boot prompt so I’m not prompted about
irrelevant X config and mouse questions.) When prompted, select
UPGRADE and Customize packages to upgrade. Add the MC and IPCHAINS
modules. MC is VERY handy for editing rc scripts! J  After you have
selected these...proceed with the upgrade....it should take about 6
minutes....just enough time to make coffee.

Step 3 (Optional): Drink Coffee ß MAY be endorsed by e-smith, inc.

Step 4: After reboot your e-smith server may be slightly dysfunctional
/   That’s Ok....we’re gonna do worse! J   You must UNINSTALL
Samba-client and Samba-Common using the rpm -U command. (Type rpm |
more , for help here). This is because the NEW SAMBA does NOT run 2
daemons anymore. Usually you see [SMB] and [NMB] at startup...this
means you have the older SAMBA installed...the NEW one ONLY has [SMB]
at startup.  Once you have purged the old SAMBA, use the rpm -I
command to install the new one.....which causes a problem; The
SMB.CONF file is overwritten....That’s ok....simply connect to your
e-smith server with a browser and go to the workgroup function...do
NOT change anything...just press the button...this will re-generate
your e-smith SAMBA configuration.

Step 5: Reboot

Step 6: IPCHAINS and port forwarding - this is SUCH a HUGE subject and
you MAY want to skip it! J    I am really in my home turf here so this
may get a bit dry. J  Your work is done otherwise and all you really
need to do is re-commit your settings in e-smith manager...I go
through all of them to be sure... but I digress...

IPCHAINS can lock your server RIGHT down and provide services nicely
to your internal network. Note that you have to connect to web, ftp,
telnet etc, via INTERNAL addresses. In MY example I will be using the
FIRST class C range 192.168.0.0-255. Also...you are going to be
navigating the e-smith directories off the /ETC directory, so you will
REALLY appreciate the MC install!

First install the IPMASQADMN rpm using the rpm -I command. You may
also choose to compile the IPCHAINS and IPMASQADMN into your
kernel....but ONLY if you know your way around LINUX!

Next create a file in your /ETC directory. I call mine rc.damnimgood.
(Yes...it’s a character flaw I have NO intention of working on) This
will be added to the RC.INIT script....place it at the end. You will
find it off the e-smith ETC subfolder.

E-smith has its own rules implemented and you should leave them in
case you want to back out of this little adventure....to remove this
process we are installing, simply comment out the rc.danimgood script
from the rc.init.

Next you will write your rules...we are going to use mine as an
example:



#Permanent Variables that don’t need changed.

ANYWHERE=”any/0”

#Remember your choice that you made when you FIRST installed
e-smith! If the adaptors are reversed, SWITCH THEM!

EXTERNAL_INTERFACE=”eth0”

LOCAL_INTERFACE_1=”eth1”

LOOPBACK_INTERFACE=”lo”

LOOPBACK=”127.0.0.0/8”

CLASS_A=”10.0.0.0/8”

CLASS_B=”172.16.0.0/12”

CLASS_C=”192.168.0.0/16”

MULTICAST=”240.0.0.0/3”

BROADCAST_0=”0.0.0.0”

BROADCAST_1=”255.255.255.255”

PRIVPORTS=”0:1023”

UNPRIVPORTS=”1024:65535”

RESTRICTED_PORTS=”2049”                         # (TCP/UDP)
NFS

RESTRICTED_OPENWINDOWS=”2000”           # (TCP) openwindows

RESTRICTED_XWINDOWS=”6000:6001”         # (TCP) X windows

SSH_PORTS=”1022:1023”                           # range for
SSH privileged ports

echo “Starting firewalling... “

# Remove all existing rules belonging to this filter

ipchains -F

# Set the default policy of the filter to deny.

ipchains -P input  DENY

ipchains -P output ACCEPT

ipchains -P forward DENY

# SPOOFING & BAD ADDRESSES; NONE of these events should occur on your
external interface! They are ALWAYS hostile if they do! So we will
stop them...

# Refuse spoofed packets pretending to be to or from the
external address.

ipchains -A input -i $EXTERNAL_INTERFACE -s $OUTSIDE_IP -l -j
DENY

ipchains -A output -i $EXTERNAL_INTERFACE -d $OUTSIDE_IP -l -j
REJECT

# Refuse packets claiming to be to or from a Class A private
network

ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_A  -j DENY

ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_A  -j DENY

ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_A  -j
REJECT

ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_A  -j
REJECT

# Refuse packets claiming to be to or from a Class B private
network

ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_B  -j DENY

ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_B  -j DENY

ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_B  -j
REJECT

ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_B  -j
REJECT

# Refuse packets claiming to be to or from a Class C private
network

ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_C  -j DENY

ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_C  -j DENY

ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_C  -j
REJECT

ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_C  -j
REJECT

# Refuse packets claiming to be to or from the loopback
interface

ipchains -A input -i $EXTERNAL_INTERFACE -s $LOOPBACK -l -j
DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -d $LOOPBACK -l -j
DENY

ipchains -A output -i $EXTERNAL_INTERFACE -s $LOOPBACK -l -j
REJECT

ipchains -A output -i $EXTERNAL_INTERFACE -d $LOOPBACK -l -j
REJECT

# Refuse broadcast address SOURCE packets

ipchains -A input -i $EXTERNAL_INTERFACE -s $BROADCAST_1 -l -j
DENY

ipchains -A input -i $EXTERNAL_INTERFACE -d $BROADCAST_0 -l -j
DENY

# Refuse multicast/anycast/broadcast addresses (in.h)
(NET-3-HOWTO)

ipchains -A input -i $EXTERNAL_INTERFACE -s $MULTICAST  -j
DENY

#
----------------------------------------------------------------------------

# ICMP

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp

-s $ANYWHERE 0 -d $OUTSIDE_IP  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp

-s $ANYWHERE 3 -d $OUTSIDE_IP  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp

-s $ANYWHERE 4 -d $OUTSIDE_IP  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp

-s $ANYWHERE 11 -d $OUTSIDE_IP  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp

-s $ANYWHERE 12 -d $OUTSIDE_IP  -j ACCEPT

#
----------------------------------------------------------------------------

# Disallow certain outgoing traffic to protect yourself from mistakes.

# openwindows: establishing a connection

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -y

-s $OUTSIDE_IP -d $ANYWHERE $RESTRICTED_OPENWINDOWS -j REJECT

# Xwindows: establishing a connection

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -y

-s $OUTSIDE_IP -d $ANYWHERE $RESTRICTED_XWINDOWS -j REJECT

# SOCKS: establishing a connection

ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -y

-s $OUTSIDE_IP -d $ANYWHERE 1080 -j REJECT

#
----------------------------------------------------------------------------

# LOOPBACK

# Unlimited traffic on the loopback interface.

ipchains -A input  -i $LOOPBACK_INTERFACE  -j ACCEPT

# Avoid ports subject to protocol & system administration problems.

# Deny access to the NFS, openwindows and X windows
unprivileged ports

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -y

-d $OUTSIDE_IP $RESTRICTED_PORTS -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -y

-d $OUTSIDE_IP $RESTRICTED_OPENWINDOWS -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -y

-d $OUTSIDE_IP $RESTRICTED_XWINDOWS -l -j DENY

# SOCKS: incoming connection

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -y

-s $ANYWHERE -d $OUTSIDE_IP 1080  -j DENY

#
----------------------------------------------------------------------------

# UDP UNPRIVILEGED PORTS -edit as needed

# Avoid ports subject to protocol & system administration problems.

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp

-d $OUTSIDE_IP $RESTRICTED_PORTS -l -j DENY

# UDP INCOMING TRACEROUTE

# traceroute usually uses -S 32769:65535 -D 33434:33523

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE 32769:65535

-d $OUTSIDE_IP 33434:33523 -l -j DENY

#
----------------------------------------------------------------------------

# DNS: full server

# server/client to server query or response

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE $UNPRIVPORTS -d $OUTSIDE_IP 53  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS -d $OUTSIDE_IP 53  -j ACCEPT

#zone transfers

ipchains -A input -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE 53 -d $OUTSIDE_IP 53 -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE 53 -d $OUTSIDE_IP 53 -j ACCEPT

# DNS client (53)


ipchains -A input  -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE 53 -d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 53 -d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

#
----------------------------------------------------------------------------

# Backup server (308)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 308  -j ACCEPT

# Backup Client (308)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 308

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

#
----------------------------------------------------------------------------

# TELNET server (23)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 23  -j ACCEPT

# TELNET client (23)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 23

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# HTTP server (80)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 80  -j ACCEPT

# HTTP client (80)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 80

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# HTTP server (443)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 443  -j ACCEPT

# HTTPS client (443)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 443

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# POP server (110)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 110  -j ACCEPT


# POP client (110)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 110

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# NNTP NEWS client (119)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 119

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# FINGER client (79)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 79

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# AUTH server (113)


# Reject, rather than deny, the incoming auth port.
(NET-3-HOWTO)

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE

-d $OUTSIDE_IP 113  -j REJECT

# AUTH client (113)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 113

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# SMTP server (25)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 25  -j ACCEPT

# SMTP client (25)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 25

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# IMAP server (143)


ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 143  -j ACCEPT

# IMAP client (143)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 143

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# IRC client (6667)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 6667

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# AOL IM client (5190)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 5190

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# ICQ client (4000)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 2000:4000

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE 4000

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# FTP server (20, 21)


# incoming request

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 21  -j ACCEPT

# PORT MODE data channel responses

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 20  -j ACCEPT

# PASSIVE MODE data channel responses

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

# FTP client (20, 21)


# outgoing request

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 21

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

# NORMAL mode data channel

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE 20

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT

# PASSIVE mode data channel responses

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP $UNPIRVPORTS  -j ACCEPT


# RealAudio client


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 554 -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 7070:7071 -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 6970:7170 -j ACCEPT


# WHOIS client (43)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y

-s $ANYWHERE 43

-d $OUTSIDE_IP $UNPRIVPORTS  -j ACCEPT


# PCAnywhere Server (5631:5632)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 5631 -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE $UNPRIVPORTS

-d $OUTSIDE_IP 5632 -j ACCEPT

# PCAnywhere client (5631:5632)


ipchains -A input -i $EXTERNAL_INTERFACE -p tcp

-s $ANYWHERE 5631

-d $OUTSIDE_IP $UNPRIVPORTS -j ACCEPT

ipchains -A input -i $EXTERNAL_INTERFACE -p udp

-s $ANYWHERE 5632

-d $OUTSIDE_IP $UNPRIVPORTS -j ACCEPT

#
----------------------------------------------------------------------------

# Unlimited traffic within the local network.

# All internal machines have access to the firewall machine.

ipchains -A input  -i $LOCAL_INTERFACE_1 -s $LOCALNET_1  -j
ACCEPT

ipchains -A output -i $LOCAL_INTERFACE_1 -d $LOCALNET_1  -j
ACCEPT

#
----------------------------------------------------------------------------

# Masquerade internal traffic.

# All internal traffic is masqueraded externally.

ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ

#Forward Services to Internal Server...note this will bypass
the same service on E-Smith! If you forward to another web

#server inside your network THAT is what the outside world
sees, NOT E-SMITH!

#Replace the $XXXXSERVER with the ip of your internal
server(s) or make them environment variables.

echo “Forwarding Needed Services”

ipmasqadm portfw -f

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 21 -R $FTPSERVER 21

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 23 -R $TELNETSERVER
23

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 25 -R $MAILSERVER 25

ipmasqadm portfw -a -P udp -L $OUTSIDE_IP 53 -R $DNSSERVER 53

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 53 -R $DNSSERVER 53

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 80 -R $MAILSERVER 80

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 443 -R $MAILSERVER
443

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 110 -R $MAILSERVER
110

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 308 -R $BACKUPSERVER
308

ipmasqadm portfw -a -P tcp -L $OUTSIDE_IP 5631 -R $PCASERVER
5631

ipmasqadm portfw -a -P udp -L $OUTSIDE_IP 5632 -R $PCASERVER
5632

#
----------------------------------------------------------------------------

# Enable logging for selected denied packets

# Basically anything that makes it through all the above rules without
getting accepted

# will be denied and logged by the rules below.

echo “logging enabled”

ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -d
$OUTSIDE_IP -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp -d
$OUTSIDE_IP $PRIVPORTS -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p udp -d
$OUTSIDE_IP $UNPRIVPORTS -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp -s $ANYWHERE
5 -d $OUTSIDE_IP -l -j DENY

ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp -s $ANYWHERE
13:18 -d $OUTSIDE_IP -l -j DENY

#
----------------------------------------------------------------------------

echo “forwarding enabled”

echo “Firewall Enabled!”




Well there you have it...MY e-smith server....I can’t believe you read
this far....you guys need to get out more...

-Scott

Charlie Brady

Caution advised (was Re: getting latest components
« Reply #1 on: August 02, 2000, 03:46:19 AM »
Scott Duncan wrote:

> Note: This is NOT endorsed by e-smith, inc!

It's certainly not, as I explained in a little detail on the developers mailing list.

- applying a RedHat 6.2 upgrade to a working e-smith server will most likely lead to a non-booting system

- all of the updates in RedHat 6.2 which have significant security or reliability advantages have already been incorporated into e-smith 4.0

- in particular, e-smith 4.0 already incorporates the "latest and greatest  samba".

I agree with Scott that "mc" is a useful addition if people wish to explore or customise their system, and have no doubt that some people will find the port forwarding advice useful. But I think that Scott's advice is rather adventurous for production servers, and he has a few of his facts wrong.

Best wishes

Charlie

Scott Duncan

RE: Caution advised (was Re: getting latest compon
« Reply #2 on: August 02, 2000, 06:36:58 AM »
- in particular, e-smith 4.0 already incorporates the "latest and greatest samba".

Um....better check YOUR facts...Pull the edition of SAMBA down from the URL provided, the E-Smith version is NOT the latest

Charlie Brady

RE: Caution advised (was Re: getting latest compon
« Reply #3 on: August 02, 2000, 10:42:52 PM »
Scott Duncan wrote:

> Um....better check YOUR facts...Pull the edition of SAMBA down
> from the URL provided, the E-Smith version is NOT the latest

I'll let others decide that. Here's the RPM info from the URL you provided - note the "Build Date":

bash$ rpm -qivp http://ca.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/6.2/samba-2.0.7-20000425.i386.rpm
Name        : samba                        Relocations: /usr
Version     : 2.0.7                             Vendor: (none)
Release     : 20000425                      Build Date: Tue Apr 25 22:46:34 2000
Install date: (not installed)               Build Host: cthulhu.su.valinux.com
Group       : Networking                    Source RPM: samba-2.0.7-20000425.src.rpm
Size        : 15846876                         License: GNU GPL version 2
Packager    : John H Terpstra [Samba-Team]
Summary     : Samba SMB client and server
Description :
Samba provides an SMB server which can be used to provide
network services to SMB (sometimes called "Lan Manager")
clients, including various versions of MS Windows, OS/2,
and other Linux machines. Samba also provides some SMB
clients, which complement the built-in SMB filesystem
in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols
and does NOT need NetBEUI (Microsoft Raw NetBIOS frame)
protocol.
...

And the source from which it was built:

bash$ rpm -qlvp samba-2.0.7-20000425.src.rpm-rw-r--r--     root     root          390 Feb  5  1999 makefile-path.patch
-rw-r--r--     root     root      4274132 Apr 25 22:43 samba-2.0.7.tar.gz
-rw-r--r--     root     root        27412 Apr 25 21:59 samba2.spec
-rw-r--r--     root     root          350 Oct  5  1998 smbw.patch
bash$

And here's the RPM shipped with e-smith 4.0:

bash$ rpm -qivp /mnt/cdrom/RedHat/RPMS/samba-2.0.7-4.i386.rpm
Name        : samba                        Relocations: (not relocateable)
Version     : 2.0.7                             Vendor: Red Hat, Inc.
Release     : 4                             Build Date: Wed May 17 15:47:23 2000
Install date: (not installed)               Build Host: porky.devel.redhat.com
Group       : System Environment/Daemons    Source RPM: samba-2.0.7-4.src.rpm
Size        : 10084808                         License: GNU GPL Version 2
Packager    : Red Hat, Inc. http://bugzilla.redhat.com/bugzilla
Summary     : Samba SMB server.

And the source from which it was built:
...
bash$ rpm -qlvp samba-2.0.7-4.src.rpm
-rw-r--r--     root     root         1457 Sep 28  1999 samba-2.0.3-fixinit.patch
-rw-rw-r--     root     root          342 Aug 30  1999 samba-2.0.5a-gawk.patch
-rw-rw-r--     root     root      4276392 Apr 26 03:40 samba-2.0.7.tar.gz
-rw-rw-r--     root     root         1513 Mar 16 17:25 samba-autoconf.patch
-rw-------     root     root         1318 Feb  4 19:59 samba-glibc21.patch
-rw-r--r--     root     root          561 May  8 17:08 samba-ia64.patch
-rw-rw-r--     root     root          395 Mar 16 17:29 samba-logrotate.patch
-rw-rw-r--     root     root          436 Jul 21  1999 samba-makefilepath.patch
-rw-rw-r--     root     root         2567 Feb  1  2000  samba-smbprint.patch
-rw-r--r--     root     root          111 Mar 16 17:28 samba.log
-rw-rw-r--     root     root        13379 May 17 15:41 samba.spec
-rw-r--r--     root     root          350 Mar 21  1999 smbw.patch
bash$

Charlie

Januz_

RE: Gettng latest components - a step-by-step guid
« Reply #4 on: October 03, 2000, 12:28:03 PM »
And does this work fine too if you up it to redhad 7.0?

Scott Duncan

RE: Gettng latest components - a step-by-step guid
« Reply #5 on: October 03, 2000, 01:30:05 PM »
We don't know yet...

We were given the COOLEST idea from here....get the Mandrake Apache server working on E-Smith...Not having as much luck as we would like :(

We cant GET Redhat 7.0...all the servers are busy :( ...and 6.2 is stable when updated...i cannot say that about 7.0 until i get a chance to put it through its paces



Januz_ wrote:

> And does this work fine too if you up it to redhad 7.0?