Re: Network members
My apologies if current technology has made my response moot, but to teh
best of my knowledge. . .
On 03 Aug 2002, 12:06:10, Daniel D Jones wrote:
>
> How does the system determine what computers belong to a network? For
> example, given an exports entry like:
>
> /share *.domain.org
>
> how does the system know whether a particular IP is part of that
> network?
It does reverse address lookups. Assuming you use DNS and using your example below, PTR records in the DNS database would be
setup as follows:
117.z.x.y.in-addr.arpa. IN PTR host117.domain.org
118.z.x.y.in-addr.arpa. IN PTR host118.domain.org
119.z.x.y.in-addr.arpa. IN PTR host119.domain.org
120.z.x.y.in-addr.arpa. IN PTR host120.domain.org
These mappings are typically contained on your ISP's nameserver, and the
ISP has to maintain them for you. Typically, they resolve to something ugly,
such as: client1.board. router.pop.isp.net . . . . some ISPs let you set
them yourself via a web-interface, or will take an email from you and enter
them by hand on your behalf . . .
So, when the host sees an access from x.y.z.118 or x.y.z.119, it issues a
request for a reverse lookup on that IP address, and gets (hopefully) a name
back that it can compare to *.domain.org.
If it matches, access is allowed.
If you use /etc/hosts file instead, you need to have the name to address
mappings for all 4 hosts on all 4 workstations AND you have to be sure your
workstations are configured to use /etc/hosts before querying DNS.
> I have four static IPs x.y.z.117 - 120. IP x.y.z.117 is sharing a
> directory with an entry similar to the above. x.y.z.119 can access the
> share. x.y.z.118 is explicitly denied - /var/logs/daemon.log shows an
> "Unauthorized access by NFS client x.y.z.118" and "Blocked attempt of
> x.y.z.118 to mount /share"
> 118 is listed by qualified and unqualified name in my hosts file. I can
> ping 118name and 118name.domain.org successfully from the machine
> sharing the directory.
>
> How do I tell it that x.y.z.118 is part of the domain, and why does it
> recognize x.y.z.119 but not x.y.z.118?
Since host119 can access, and host118 can't, if the /etc/hosts or dns information
is correct, it sounds like permissions errors. Can root on host118 access
/share without error?
You will need some way to keep username and UIDs (the numbers) and groupnames
and GIDs consistent accross the systems.
madmac
>
>
>
>
>
>
--
Doug MacFarlane
madmac@covad.net
Reply to: