updated

2002-12-24 16:57:31 +00:00 · 2002-12-24 16:57:31 +00:00 · a4bced5fe7
parent 072b25377f
commit a4bced5fe7
3 changed files with 60 additions and 59 deletions
--- a/LDP/howto/docbook/HOWTO-INDEX/appsSect.sgml
+++ b/LDP/howto/docbook/HOWTO-INDEX/appsSect.sgml
@ -164,7 +164,7 @@ application for Linux. </Para>
 Game-Server-HOWTO</ULink>,
 <CiteTitle>Game Server HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: July 2001</CiteTitle>.
+<CiteTitle>Updated: December 2002</CiteTitle>.
 Explains how to install, configure and maintain servers
 for various popular multiplayer games. </Para>
 </ListItem>
@ -1027,7 +1027,7 @@ server on your Linux system. </Para>
 Game-Server-HOWTO</ULink>,
 <CiteTitle>Game Server HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: July 2001</CiteTitle>.
+<CiteTitle>Updated: December 2002</CiteTitle>.
 Explains how to install, configure and maintain servers
 for various popular multiplayer games. </Para>
 </ListItem>
--- a/LDP/howto/docbook/HOWTO-INDEX/howtoChap.sgml
+++ b/LDP/howto/docbook/HOWTO-INDEX/howtoChap.sgml
@ -997,7 +997,7 @@ this writing). </Para>
 Game-Server-HOWTO</ULink>,
 <CiteTitle>Game Server HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: July 2001</CiteTitle>.
+<CiteTitle>Updated: December 2002</CiteTitle>.
 Explains how to install, configure and maintain servers
 for various popular multiplayer games. </Para>
 </ListItem>
--- a/LDP/howto/linuxdoc/Samba-Authenticated-Gateway-HOWTO.sgml
+++ b/LDP/howto/linuxdoc/Samba-Authenticated-Gateway-HOWTO.sgml
@ -3,13 +3,13 @@
 <article><!-- LyX 1.2 created this file. For more info see http://www.lyx.org/ -->
 <title>Samba Authenticated Gateway HOWTO
 </title><author>Ricardo Alexandre Mattar 
-</author><date>v1.0, 2002-12-16
+</author><date>v1.0.1, 2002-12-24
 </date><abstract>This documents intends to show how to build a Firewall/Gateway
 with rules set on user basis having the users authenticated by a
- Samba Primary Domain Controller.
+ Samba Primary Domain Controller
 </abstract><sect>Introduction
 <p>As you can see by the poorness of my language, English is not
- my mother language. I am writing this document in English for the
+ my native language. I am writing this document in English for the
 sake of the Linux community. So, please, excuse me for my poor English.
 And, please, if you speak Portuguese, address me in this language.
 </p><p>This document intends to enlighten you (and myself) in the process
@ -25,11 +25,12 @@
 network.
 </p><p>Imagine that you have to build a gateway to let Windows workstation
 access the Internet and that you need to authenticate each user before
- letting them access the network. The first solution you think about
+ letting them access the external networks. The first solution you
- is Squid. Its indeed a great solution, when http and ftp access is
+ think about is Squid. Its indeed a great solution, when http and
- enough for your users. when it comes to let them access other services
+ ftp access is enough for your users. when it comes to let them access
- like pop, smtp, ssh, a database server or whatever else, you immediately
+ other services like pop, smtp, ssh, a database server or whatever
- think about NAT or MASQUERADE. But what happens to the user authentication?
+ else, you immediately think about NAT or MASQUERADE. But what happens
 to the user authentication?
 </p><p>Well, this is my solution. It gives you user authentication and
 fine grain control over their access to the network.
 </p><sect1>Disclaimer
@ -45,19 +46,18 @@
 </p><p>Naming of particular products or brands should not be seen as
 endorsements. 
 </p><sect1>New versions
-<p>The newest release of this document can be found at http://smbgate.sourceforge.net
+<p>The newest release of this document can be found at <url url="http://smbgate.sourceforge.net" name="http://smbgate.sourceforge.net">
 </p><p>Related HOWTOs can be found at the Linux Documentation Project
 homepage. 
 </p><sect1>Translations
-<p>A Portuguese version is on the way, but for moment there is only
+<p>A Portuguese version is available. If you want to contribute,
- this English version. If you want to contribute, be my guest.
+ please do.
 </p><sect1>Feedback
 <p>Contributions and criticism are both welcome.
 </p><p>Corrections to my English are also very welcome!
 </p><p>If you want to mail me, my account is ricardo.mattar at the computer
- named bol.com.br. You may thank this mail address format to our beloved
+ named bol.com.br. You may thank the spammers and their nice spiders
- spammers and their nice spiders.
+ for the format of my address.
 </p><sect1>Copyright and trademarks
 <p>Copyright (c) 2002 Ricardo Alexandre Mattar
 </p><p>Permission is granted to copy, distribute and/or modify this
@ -72,6 +72,7 @@
 document.
 </p><p>Thanks to Guillaume Lelarge for helping with the revision (he
 caught my english errors, but I insisted on a few).
 </p><p>Thanks to Erik Esplund for further language corrections.
 </p><sect>Requirements
 <sect1>Knowledge
 <p>You must have a fair knowledge about (at least know what these
@ -80,34 +81,33 @@
 <item>Linux netfilter; 
 <item>A scripting language (bash?); 
 <item>SAMBA and Windows networking and domain controllers; 
-</itemize></p><p>Fortunately, the Internet is plenty of documentation on these
+</itemize></p><p>Fortunately, there is plenty of documentation of these topics
- topics.
+ on the Internet.
 </p><sect1>Software
 <p>Installed on your server, you will need at least:
 </p><p><itemize><item>Samba;
 <item>Iptables;
 <item>A scripting language;
 </itemize></p><sect>Linux box setup
-<p>There are no important known issues up to the moment, but the
+<p>This Howto assumes you have kernel from the 2.4 series as it
- need of a kernel at least from 2.4 series if you intend to use iptables,
+ uses iptables. Other than that there are no know issues why this
- like the examples in this document. If you want to use a 2.2 series
+ should not work on a 2.2 kernel box with the scripts adapted to ipchains.
 kernel and ipchains, be my guest.
 </p><p>Of course, you need to install the iptables userland tools, an
 apache http server if you want to run a CGI tool to change passwords
 and SAMBA. And you will need a kernel compiled with iptables modules.
-</p><p>You may wish to use DHCP. If so, set it up! Remember to configure
+</p><p>You may wish to use DHCP. If so, it is easy to set up. Remember
- the dhcp server to give the nameserver IP address and the gateway
+ to configure the dhcp server to give the nameserver IP address and
- IP address as well. The Windows machines will make good use of this
+ the gateway IP address as well. The Windows machines will make good
- information.
+ use of this information.
 </p><sect1>Basic system setup
-<p>Generally any basic system setup from commercial Linux distributions
+<p>Generally any basic system setup from the common Linux distributions
 will fit in this gateway example. Just check if you have Samba and
 IPTABLES.
 </p><sect1>Additional directory hierarchy
 <p>The additional directory hierarchy will be required to accomplish
 the example of this howto:
 </p><p>This is used to keep track of the users and IP addresses:
-</p><p><verb>/var/run/mgate/
+</p><p><verb>/var/run/smbgate/
 </verb></p><p>This is where I place user specific scripts:
 </p><p><verb>/etc/smbgate/users/
 </verb></p><p>Directory for the netlogon share:
@ -142,21 +142,22 @@ echo &quot;1&quot; &gt; /proc/sys/net/ipv4/ip_dynaddr
 &dollar;IPTABLES -P FORWARD ACCEPT
 &dollar;IPTABLES -F FORWARD 
 &dollar;IPTABLES -t nat -F
-</verb></p><p>You will notice that this code does actually nothing, but loads
+</verb></p><p>You will notice that this code actually does nothing, but load
 the kernel modules related to nat and firewalling and turns the packet
 routing on. You can place any rules there to give your gateway a
 standard behavior, but the big magic will be done by scripts called
 by the SAMBA daemon.
-</p><p>Please, remember that this code doesn't have at least a bit of
+</p><p>Please, remember that this code doesn't have the least bit of
- security! If security is an issue, don't use this example in production
+ security! Don't use these examples in production environments. This
- boxes. This example intends only to be educational.
+ example intends only to be educational. You have to add a firewall
-</p><p>You were warned!
+ configuration that suits your systems.
 </p><p>You have been warned!
 </p><sect1>SAMBA setup
-<p>Check if you have Samba installed. If your distribution doen't
+<p>Check if you have Samba installed. If your distribution doesn't
 come with Samba pre-packaged then refer to <url url="http://www.samba.org" name="http://www.samba.org"> to get the packages and
- for documentation on how to install Samba. Roam around their web
+ for documentation on how to install Samba. Brows around their web
- site and learn about it. The site is plenty of documentation and
+ site and learn about it. The site has plenty of documentation and
- maybe your LINUX distribution is also plenty of SAMBA documentation.
+ maybe your LINUX distribution also has plenty of SAMBA documentation.
 </p><p>We will need to setup SAMBA as a Primary Domain Controller. I
 will give an example configuration file here, but you should read
 the <url url="http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html" name="Samba HOWTO Collection"> and learn all you can about a PDC.
@ -207,17 +208,16 @@ root postexec = /usr/local/bin/netlogoff.sh &percnt;u
 </p><sect2>The netlogon and the tracking shares
 <p>The netlogon share is where the Windows workstations download
 the logon script from. We need this share in order to place there
- a script which will tell the workstation to mount a share that we
+ a logon script, which will tell the workstation to mount a share
- will use to track the user's ip address.
+ that will be used to track the users ip addresses.
 </p><p>As you can see, there must be a line like the following in your
 smb.conf
 </p><p><verb>logon script = netlogon.bat
 </verb></p><p>This line will tell your Windows client to download and execute
 the script named netlogon.bat. This script must be placed at the
 netlogon share. So, we will also need a netlogon.bat script to your
- Windows workstations. You can take the following example and create
+ Windows workstations. You can use the following example and place
- a file, naming it NETLOGON.BAT and placing it at the netlogon share,
+ it at the netlogon share, in this case: /home/samba/netlogon/NETLOGON.BAT.
 in this case at /home/samba/netlogon/NETLOGON.BAT.
 </p><p><verb>REM NETLOGON.BAT
 net use z: &bsol;&bsol;linux&bsol;samba /yes
 </verb></p><p>This script will tell the Windows workstation to mount the specified
@ -225,8 +225,8 @@ net use z: &bsol;&bsol;linux&bsol;samba /yes
 through the output of the smbstatus program.
 </p><p>Quite simple! But not enough...
 </p><p>As you could see, we will need also a tracking share which, in
- this example, I named samba. You can see at the smb.conf file the
+ this example, I named samba. You can see the tracking share configuration
- tracking share configuration:
+ in smb.conf:
 </p><p><verb>&lsqb;samba&rsqb;
 comment = login tracking share
 path = /home/samba/samba
@ -234,11 +234,11 @@ root preexec = /usr/local/bin/netlogon.sh &percnt;u
 root postexec = /usr/local/bin/netlogoff.sh &percnt;u
 </verb></p><p>As you can guess or know if you read the SAMBA documentation,
 the root preexec and the root postexec lines tell SAMBA to run the
- indicated scripts when a user mounts and unmounts the share. In this
+ indicated scripts when a user mounts or unmounts the share. In this
- case, we are passing the user name to the script as a parameter.
+ case, we are passing the username to the script as a parameter. Note
- Note the &percnt;u at the end of the lines. These scripts are the
+ the &percnt;u at the end of the lines. These scripts are the beasts
- beasts which will call a script or program to modify our gateway's
+ which will call a script or program to modify our gateway's packet
- packet filtering rules.
+ filtering rules.
 </p><p>Take a look at the netlogon.sh and netlogoff.sh scripts:
 </p><p><verb>&num;!/bin/sh
 &num;
@ -255,7 +255,7 @@ ADDRESS=`cat /var/run/smbgate/&dollar;1`
 /etc/smbgate/users/&dollar;1 &dollar;COMMAND &dollar;ADDRESS &dollar;EXTIF
 </verb></p><p>This script (netlogon.sh) is intended to run when the user logs
 in and will filter the output of smbstatus extracting the user's
- ip address which will be wrote to a file at /var/run/smbgate. The
+ ip address which will be written to a file at /var/run/smbgate. The
 file will take the user's name and will be later used when the user
 log off. The address extracted will be passed as an argument to a
 script with the users' name which will finally update the firewall.
@ -288,8 +288,8 @@ IPTABLES='/usr/sbin/iptables'
 &dollar;IPTABLES &dollar;COMMAND POSTROUTING -t nat -s &dollar;ADDRESS -o &dollar;EXTIF -j MASQUERADE
 </verb></p><sect>Windows workstation setup
 <sect1>Introduction
-<p>We will stick to setup the network, user management and policies
+<p>We will stick to setting up the network, user management and
- on the Windows workstations.
+ policies on the Windows workstations.
 </p><p>I will not go through all those steps, naming each dialog box.
 I will presume that if you can read and understand this document
 you can find your way through that mess.
@ -299,7 +299,7 @@ IPTABLES='/usr/sbin/iptables'
 broadcast a lot, and this doesn't please anyone. Anyway, with TCP/IP
 who needs anything else?
 </p><sect1>DHCP setup
-<p>If you set a DHCP server on your Linux box, remember that Windows
+<p>If you setup a DHCP server on your Linux box, remember that Windows
 workstations can get the nameservers and gateway's address besides
 its own IP address from it. So, you don't need to set all these items
 on each workstation.
@ -324,16 +324,17 @@ IPTABLES='/usr/sbin/iptables'
 will annoy you asking for a Windows password and you will become
 nuts trying to synchronize and manage your Domain and Windows passwords.
 It seems that the OS doesn't know that it joined a domain. You must
- tell it and then you must slap it in the face so it can believe you.
+ tell it and then you have to slap it in the face so it will believe
 you.
 </p><sect>User management
 <sect1>Adding users
 <p>Adding a Linux user by usual means and setting a samba password
- using smbpass shall work. If you have any doubt, just refer to the
+ using smbpasswd will work. If you have any doubt, just refer to the
 SAMBA documentation. This is not a difficult issue.
 </p><sect1>Password management
-<p>I am issuing this as a major topic because I couldn't learn yet
+<p>I am issuing this a major topic because I couldn't learn yet
 how to manage users and users' passwords from a Windows workstation
- without using a web interface. I could not find and didn't know how
+ without using a web interface. I couldn't find and didn't know how
 to build integrated tools to solve this problem. So, I am using a
 CGI program to get it done.
 </p><p>Try the package at http://changepassword.sourceforge.net/ , it
@ -676,4 +677,4 @@ IPTABLES='/usr/sbin/iptables'
 to permit their use in free software. 
 </p>
-</article>
+</article>