LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue60/sipos.html

367 lines
17 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>Sharing an Encrypted Windows Partition With Linux (and notes about Sendmail) LG #60</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<CENTER>
<A HREF="http://www.linuxgazette.com/">
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.jpg"
WIDTH="600" HEIGHT="124" border="0"></H1></A>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sharma.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sipos.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="steffler.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
<P>
</CENTER>
<!--endcut ============================================================-->
<H4 ALIGN="center">
"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <HR> <P>
<!--===================================================================-->
<center>
<H1><font color="maroon">Sharing an Encrypted Windows Partition With Linux<BR>
(and notes about Sendmail)</font></H1>
<H4>By <a href="mailto:xvudpapc@savba.sk">Juraj Sipos</a></H4>
</center>
<P> <HR> <P>
<!-- END header -->
<P> I published an article in the September issue of Linux Gazette (LG #57) titled
<A HREF="../issue57/sipos.html">Making a Simple Linux Network Including Windows 9x</A>. I
received questions regarding my encrypted Windows partition. People
asked me questions like. "How did you do that?" So I'd like to answer,
"how did I do that?" I would also like to describe my successful
configuration of sendmail, which remained open in my previous article.
<P> The above-mentioned article was about how to configure simple network
including Windows 9x, but I was at that time unsuccessful with
configuration of sendmail. First, let me say that I was not interested
to have a standard mail server--one server from which I would fetch
mail. I was interested to configure sendmail to have a possibility to
send mail from machine one to machine two, and from machine two to
machine one. This is something not very usual; however, the information
revealed here may also be useful for such a standard sendmail server
configuration.
<P> I am using a term "sendmail configuration", by which I do not mean
"configuration of sendmail.cf file", but rather "making sendmail work".
In other texts of Linux documentation files the term "sendmail
configuration" is understood as manipulation of sendmail configuration
files in /etc directory.
<P> The following article will briefly describe how I configured this and
how I successfully shared an encrypted Windows partition with Linux.
<P> Normally, I use Linux at home, so I did not give my Linux workstation a
network name - a host name. I found most of the programs people
recommended me in their answers as ineffective (webadmin, configure
sendmail). This was obviously due to the following reasons including
the fact I must strongly emphasize here usually, sendmail is
preconfigured and no editing of its configuration file (sendmail.cf) is
necessary unless you want to do something special or at least something
of your particular choice:
<P> 1. The first important thing was to give my Linux a host name. I did
this with a "hostname one.juro.sk" command, where "one.juro.sk" may be a
name for your machine. If you do not have a real network name, it does
not matter. Just use the above-mentioned name and replace my name with
your name, e.g. one.frank.com. The article in September issue clearly
describes how to configure your network, so look there. The information
in the article you now read will also apply to configuring sendmail in
the plip network. You can open Linuxconf (RedHat) and change permanently
your
<PRE>
hostname &gt; Basic sendmail configuration &gt; present your system as: one.juro.sk
</PRE>
You should also do this on the computer TWO, where you will put
two.juro.sk instead of one.juro.sk.
<P> 2. The file sendmail.cw in /etc directory must contain a line with the
following text: one.juro.sk in computer ONE, and two.juro.sk in computer
TWO. The sendmail.cw file is preconfigured as empty and it only contains
the following commented text:
# sendmail.cw - include all aliases for your machine here.
<P> 3. DNS must be configured. DNS files are contained in the bind package.
Just install bind and change its configuration files in /etc directory.
Here I will give my DNS configuration files:
<PRE>
/etc/named.boot
;
; a caching only nameserver config
;
directory /etc/namedb
cache . root.cache
primary 0.0.127.in-addr.arpa named.local
</PRE>
The content of my /etc/named.conf file is different from the standard
Linux configuration. I changed it because I use FreeBSD and I backup the
/etc directory regularly. For me it is more convenient to have all
configuration files in /etc rather than few in /var and the rest in /etc
directory, but this is a matter of your choice. The file root.cache
contains the world root DNS servers and it is preconfigured, so I do not
include its content here. You will only make use of this file if you are
connected to the net. However, if you are not connected, it's OK to
leave it as it is. I noticed the file does not make any interference
with our configuration.
<H4>/etc/named.conf</H4>
<PRE>
options {
directory "/etc/namedb";
};
zone "." {
type hint;
file "root.cache";
};
zone "0.0.127.in-addr.arpa"{
type master;
file "named.local";
};
zone "juro.sk"{
type master;
file "juro.sk";
};
zone "0.0.10.IN-ADDR.ARPA"{
type master;
file "10.0.0";
};
</PRE>
<H4>/etc/namedb/named.local</H4>
<PRE>
$TTL 3600
@ IN SOA one.juro.sk. root.one.juro.sk. (
20000827 ; serial
3600 ; refresh
900 ; retry
3600000 ; expire
3600 ) ; Minimum
IN NS one.juro.sk.
1 IN PTR one.juro.sk.
</PRE>
The periods at the end are not a mistake; they are important here to
keep (one.juro.sk.) You can find more information in the
<A HREF="http://www.linuxdoc.org/HOWTO/DNS-HOWTO.html">DNS-HOWTO</A>. If
you don't understand something, just forget it and feel fine with my
assurance that this DNS configuration will work.
<H4>/etc/namedb/juro.sk</H4>
<PRE>
$TTL 3600
@ IN SOA one.juro.sk. root.one.juro.sk. (
2000080801 ; serial
3600 ; refresh
900 ; retry
1209600 ; expire
43200 ; default_ttl
)
IN NS one.juro.sk.
IN MX 0 one.juro.sk.
localhost. IN A 127.0.0.1
;info on particular computers
ns IN A 10.0.0.1
one IN A 10.0.0.1
www CNAME one
ftp CNAME one
two IN A 10.0.0.2
</PRE>
MX is a mail exchanger. NS is a nameserver, CNAME is a canonical name or
alias.
Now follows the reverse zone:
<H4>/etc/namedb/10.0.0 (yes the name of the file is simply "10.0.0")</H4>
<PRE>
$TTL 3600
@ IN SOA one.juro.sk. root.one.juro.sk. (
1997022700 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default_ttl
)
IN NS one.juro.sk.
1 IN PTR one.juro.sk.
2 IN PTR two.juro.sk.
; the above PTR is reverse mapping
</PRE>
SOA means Start of Authority, notice ";" at the beginning of some lines;
it is used as a comment. The numbers represent time in seconds.
<P> Now you can issue a command "ndc start". If your DNS (BIND) is already
running, try "ndc restart". You can try the nslookup command, which
should answer your queries, for example, issue nslookup. The shell
command line will change and you will see something like this:
<PRE>
$ nslookup
Default Name Server: one.juro.sk
Address: 127.0.0.1
</PRE>
<P> Now you can put 10.0.0.2 in the ndc command window and you should
receive a feedback that the computer you are asking for is two.juro.sk.
If you put 10.0.0.1, the reply will be one.juro.sk.
<P> No DNS server should be running on the other computer (TWO). This is a
detail, but newbies often configure DNS server on more machines. In our
network connection we have one DNS server and don't worry with the
Secondary DNS server. We're dealing here with a SIMPLE NETWORK. It's the
only way to start understanding something more complicated.
<P> 4. Putting the "domain juro.sk" in the resolv.conf file will tell the
second computer (and all other ones, if we plan to include them into our
network) about the domain we are in (juro.sk, frank.com, or planet.ru,
it's your choice, but keep only one domain. There's a possibility to
create more domains. This is something like "Workgroups" in MS Windows
and only computers in one domain [Workgroup] will be able to communicate
with one another, i.e. computers in the domain "juro.sk" will
communicate with one another; if you have computers in the "frank.com"
domain in the same network, "frank.com" computers will not communicate
with computers in "juro.sk" domain, albeit they all are cabled into one
network). And because we are using the private IP addresses here, there
will be no interference with Internet. Our DNS server will simply
translate one.juro.sk (or 1.frank.com) as 10.0.0.1. (However, for
Internet connection you need a router, if you want to use any of the
networked computers for dialing out. The router gives you a possibility
to share one modem with several computers. If you have a simple network
with two or three computers and need to make an immediate dial out
connection, try to dial out from the DNS server. A router is a computer
that serves as a gateway - a way out of the private Intranet. Please
look for information elsewhere, or else download a freesco mini dialout
router and install it; it's a preconfigured mini router with diald I
tested both from Windows and Linux and which worked well. You will only
need to configure your ISP. Find the software through search engines, freesco
should also be on <A HREF="http://freshmeat.net">http://freshmeat.net</A>, it's
a diskette mini distribution, so an old 386 without a hard disk might serve you
good).
<P> The computer TWO will read the DNS configuration from the computer ONE.
So the 10.0.0.1 is the address of the computer ONE (and 10.0.0.2 of the
computer TWO). The resolv.conf on the computer ONE has the following
syntax:
<PRE>
domain juro.sk
nameserver 127.0.0.1
nameserver 10.0.0.1 # (this is maybe not necessary, but I have it there)
</PRE>
The resolv.conf on the computer TWO needs this:
<PRE>
domain juro.sk
nameserver 10.0.0.1
</PRE>
<P> Again, read my article from the September issue on how to configure the
simple network. If you have a working network and the above-mentioned
configuration ready, you will be able to send mails from root or user
accounts either from computer ONE to computer TWO, or from computer TWO
to computer ONE. If you connect to the net, the DNS name server we just
configured will show you all IP addresses of addresses like
www.linuxgazette.com. So when you execute a command nslookup and type
any www address in the command line, you will get its numerical IP
address. This information will be given to you through these root DNS
servers we mentioned above.
<P> If there is anything wrong, try to run "ndc restart". If there is still
a problem, check your network connection.
<H2>Linux and Windows</H2>
<P> I haven't tested it yet, but it will certainly work. However, you must
install a Windows mail server like sendmail in Linux. One alternative
how to do this is to try some freeware or to use a professional software
like Winroute, which has a mail server, DHCP server, etc. (Winroute for
MS Windows can also be used as a dial-up router). Here it will be DNS
that will help you send mail. Let me repeat the most important
information I have from this hard digging - no editing of sendmail.cf
file is necessary. The sendmail configuration file is preconfigured to
work immediately.
<H2>Sharing Encrypted Windows Partition With Linux</H2>
<P> Some five years ago I downloaded the PCGuardian Encryption Engine
(<A HREF="http://www.pcguardian.com">www.pcguardian.com</A>) and used it. Although it is a shareware with
expiration, I managed to delete my C: Drive several times, so I could
install it even after it was already installed. Please understand that
everything you do here like I did will be done at your own risk.
<P> The PCGuardian Encryption Engine will totally encrypt a DOS FAT16 or
WINDOWS FAT32 partition and you will have to enter to your system
through a password. If you use a diskette and look in the drive C:, you
will see a garbage. If you later want to delete the encrypted partition,
the DOS fdisk will refuse it, but not Linux fdisk or cfdisk.
<P> Here the problem is, if you have a boot manager, that you must use such
a boot manager that would not interfere with the password boot manager.
This is quite a complicated issue, but generally speaking, the password
engine of PCGuardian software behaves like a boot manager in that it is
installed in MBR. I used the BOSS boot manager from FreeBSD distribution
disks. BOSS was installed first and the PCGuardian password manager did
not damage the BOSS boot manager, or the MBR. This means that first I
received a password invitation, then the BOSS boot manager and then I
could easily boot the encrypted Windows partition or Linux. When I
selected the "Restart in MS-DOS Mode" from the Windows partition, I
could also use the loadlin.exe file to boot Linux from the encrypted
partition, however, the Linux partition was obviously on a different
disk. Other boot managers will not work with PCGuardian or other
encryption "MBR password" managers. This means that you will either
destroy the MBR (for example, Boot Manager Menu, which also destroyed my
whole encrypted disk), or all data on the disk. So far I can say that
GAG boot manager also may work. You can download GAG from
<A HREF="http://www.arrakis.es/~scostas/SOFTWARE/GAG/gageng.htm">http://www.arrakis.es/~scostas/SOFTWARE/GAG/gageng.htm</A>
It is probably the best boot manager and it is free. If you want to
download BOSS, follow ftp links from
<A HREF="http://www.freebsd.org">www.freebsd.org</A>. Having two MBR
codes is a very dangerous thing. The best thing is not to try it.
Obviously, you cannot mount such an encrypted Windows partition from
Linux unless the manufacturer gave you a driver.
<!-- *** BEGIN copyright *** -->
<P> <hr> <!-- P -->
<H5 ALIGN=center>
Copyright &copy; 2000, Juraj Sipos.<BR>
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 60 of <i>Linux Gazette</i>, December 2000</H5>
<!-- *** END copyright *** -->
<!--startcut ==========================================================-->
<HR><P>
<CENTER>
<!-- *** BEGIN navbar *** -->
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sharma.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sipos.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="steffler.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink