Best of Technical Support
The first Best of Tech question in the March 2003 issue is a question that is becoming more and more common, because people and distributions are choosing higher security as a default or as an option. A possible reason that the user can't connect by SSH is the /etc/hosts.allow and /etc/hosts.deny files. Set sshd: ALL in hosts.allow, or preferably, if you know where you will SSH from, list only those hosts.
—Benjamin Judson
I am using a Seagate ST32550 SCSI hard drive with an AHA1720 interface card, but I am unable to partition it with fdisk. When I run fdisk on the drive, the changes do not become permanent, even after a reboot. The SCSI interface can detect it and can do low-level formats and verifications without a problem. When I enter fdisk, though, it creates the partition, but it does not stay put.
—Eskinder Mesfin, mesfin@attbi.com
It sounds like you are not writing the changes to the partition table; fdisk doesn't write until you tell it to write. Before you q to quit, do a w to write the changes.
—Christopher Wingert, cwingert@qualcomm.com
My modem is configured to work with the KInternet program that is activated through the KDE desktop on SuSE 8.0. The modem initializes fine, calls the server of my ISP (MSN) and then it dies. I look at the activity log and see these error messages:
Failed Authentication with peer Possible Bad Account or Bad Password
Does MSN require a different login process than what is accommodated under KInternet?
—Chris, cgsnip@msn.com
You might want to try a different authentication scheme, such as PAP or CHAP.
—Christopher Wingert, cwingert@qualcomm.com
Some users on mailing lists report success by prepending MSN/ to the user name. So if your user name were joe, you would set the user name in KInternet to MSN/joe.
—Don Marti, dmarti@ssc.com
My SuSE 6.0 system has worked like a charm for almost five years nonstop—except for power failures—holding my DNS and Sendmail. Suddenly, the user account I always use is no longer allowed to log in. The only users that can log in are root and a second user account, but I can't figure why that user account is special. Although there's no login, I can su to any account by giving the correct password. The accounts are not locked; the passwords have not expired, the passwords are correct; the users have permissions on their home directories, and the permissions on passwd and shadow are correct. I've tried creating an account in the same group ID (admin) and groups as where the special account is listed—the one that can log in—but it didn't work. The messages in syslog are incorrect password.
—Juan Alvarez, juan.alvarez@thales-is.com
Without a closer look at your system, the gut reaction to this type of situation is to investigate the possibility of a system intrusion. Telnet sends your password in the clear over the network, and other dæmons installed on any five-year-old distribution have had vulnerability reports over the past few years. Your problem report does have that fishy smell. Barring any problems on that end, you can investigate some configuration facilities that control user logins. For example, is there an /etc/nologin file? This prevents any non-root user from logging in, and your extra user account may be given special treatment here if it is a member of the root group in /etc/group. Also, examine /etc/passwd and verify that the other users all have valid shells and home directories.
—Chad Robinson, crobinson@rfgonline.com
Given the age of the installation, you may want to upgrade to a newer and more secure distribution. A second guess would be the amount of available disk space.
—Christopher Wingert, cwingert@qualcomm.com
The two measures that prevent most security problems are 1) remove or disable unused software, which should include telnet—use OpenSSH and 2) subscribe to your distribution's security mailing list to get news of updates, then install the updates when they're available.
—Don Marti, dmarti@ssc.com
At work we are about to deploy our first web site that will run under Linux, which I'm quite happy about. However, I'm having a problem with the servers and hope you can help. Our development servers are Dell 2550 machines, and our production servers are Dell 2650s. We are running Red Hat 8.0 on the equipment, which runs fine for the most part. We have had unexplained lockups, however, on all the servers, in which the console becomes locked and the machine has to be hard reset. No indication of what caused the lockup is reported in any of the log files. After searching the Dell and Red Hat forums I've found some help. Essentially, this help is to put the option noapic on the kernel command line in the grub.conf file. After doing this, the machines seem to run well. What does the noapic command option do on an SMP system? And has anyone else experienced this problem on Dell 2550/2650 machines?
—Doug Farrell, dfarrell@grolier.com
The advanced programmable interrupt controller (APIC) replaces the standard, external interrupt controller with functionality inside the CPU itself. It supports some neat tricks such as performance counters and watchdog facilities. Normally, this support is not supposed to interfere with systems that do not have an APIC. However, in some instances this creates system lockups such as the ones you've experienced. The major implication of running in noapic mode is a performance hit, as interrupts are not handled as efficiently. For systems that are heavily interrupt-driven (this unfortunately includes those that do a lot of networking work, such as web servers) this might be measurable. Nonetheless, the benefits of SMP almost always outweigh this impact. Some load testing on your end should help you identify the maximum user loads that you can expect from your systems.
—Chad Robinson, crobinson@rfgonline.com
I am trying to get the Belkin wireless PCMCIA card to connect to a wireless access point from my laptop. I am wondering what module I should use for the PCMCIA card.
—Charles R. Fuller, charlesrfuller@netscape.net
Another Linux user was kind enough to post the details of his own experience with Belkin's wireless components on his web site. This site may be helpful to you: www.jacked-in.org/linux/belkin_wireless.php.
—Chad Robinson, crobinson@rfgonline.com
The Belkin card uses the same chipset as the Orinoco card. A simple solution is to alias the wireless device's Ethernet interface to orinoco_cs in /etc/modules.conf. If this does not work, you can find out more about the chipset with cardctl ident.
—Christopher Wingert, cwingert@qualcomm.com
When I attempt to boot Red Hat 7.3, I receive a message stating there is an invalid system disk. It also indicates I should replace the disk and press any key. What can I do to eliminate this problem short of reinstalling Linux?
—Logan, crossl@lakecitycc.edu
This message typically indicates that your BIOS was unable to find a boot loader on your drive. If you installed LILO or another boot manager when you installed Linux, chances are it was not properly done, and you should double-check the parameters you used. If you didn't install a boot manager, your problem is a bit easier to identify. Either way, you should be able to use an emergency recovery disk or the original installation disk to boot your system. Then you can install the boot loader again.
—Chad Robinson, crobinson@rfgonline.com
If there is a floppy in the disk drive, remove it.
—Christopher Wingert, cwingert@qualcomm.com
I cannot get Linux (Red Hat 7.2) to boot into the X GUI. Instead, I get a login prompt. Is there a way to edit the default init level? It also fails WINE on boot up.
—Keith Raposo, keith.raposo@sms.siemens.com
To make sure X is correctly installed, type startx. If this works, you then can change the first non-comment line of /etc/inittab to
id:5:initdefault:
—Usman S. Ansari, uansari@yahoo.com
In your /etc/inittab there is a line that reads id:NUM:initdefault:. Change the number to your desired init level, which is 5 for an XDM login screen.
—Christopher Wingert, cwingert@qualcomm.com