367 lines
17 KiB
HTML
367 lines
17 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>Sharing an Encrypted Windows Partition With Linux (and notes about Sendmail) LG #60</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<CENTER>
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.jpg"
|
|
WIDTH="600" HEIGHT="124" border="0"></H1></A>
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sharma.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sipos.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="steffler.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
<P>
|
|
</CENTER>
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4 ALIGN="center">
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H1><font color="maroon">Sharing an Encrypted Windows Partition With Linux<BR>
|
|
(and notes about Sendmail)</font></H1>
|
|
<H4>By <a href="mailto:xvudpapc@savba.sk">Juraj Sipos</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
<P> I published an article in the September issue of Linux Gazette (LG #57) titled
|
|
<A HREF="../issue57/sipos.html">Making a Simple Linux Network Including Windows 9x</A>. I
|
|
received questions regarding my encrypted Windows partition. People
|
|
asked me questions like. "How did you do that?" So I'd like to answer,
|
|
"how did I do that?" I would also like to describe my successful
|
|
configuration of sendmail, which remained open in my previous article.
|
|
|
|
<P> The above-mentioned article was about how to configure simple network
|
|
including Windows 9x, but I was at that time unsuccessful with
|
|
configuration of sendmail. First, let me say that I was not interested
|
|
to have a standard mail server--one server from which I would fetch
|
|
mail. I was interested to configure sendmail to have a possibility to
|
|
send mail from machine one to machine two, and from machine two to
|
|
machine one. This is something not very usual; however, the information
|
|
revealed here may also be useful for such a standard sendmail server
|
|
configuration.
|
|
|
|
<P> I am using a term "sendmail configuration", by which I do not mean
|
|
"configuration of sendmail.cf file", but rather "making sendmail work".
|
|
In other texts of Linux documentation files the term "sendmail
|
|
configuration" is understood as manipulation of sendmail configuration
|
|
files in /etc directory.
|
|
|
|
<P> The following article will briefly describe how I configured this and
|
|
how I successfully shared an encrypted Windows partition with Linux.
|
|
|
|
<P> Normally, I use Linux at home, so I did not give my Linux workstation a
|
|
network name - a host name. I found most of the programs people
|
|
recommended me in their answers as ineffective (webadmin, configure
|
|
sendmail). This was obviously due to the following reasons including
|
|
the fact I must strongly emphasize here usually, sendmail is
|
|
preconfigured and no editing of its configuration file (sendmail.cf) is
|
|
necessary unless you want to do something special or at least something
|
|
of your particular choice:
|
|
|
|
<P> 1. The first important thing was to give my Linux a host name. I did
|
|
this with a "hostname one.juro.sk" command, where "one.juro.sk" may be a
|
|
name for your machine. If you do not have a real network name, it does
|
|
not matter. Just use the above-mentioned name and replace my name with
|
|
your name, e.g. one.frank.com. The article in September issue clearly
|
|
describes how to configure your network, so look there. The information
|
|
in the article you now read will also apply to configuring sendmail in
|
|
the plip network. You can open Linuxconf (RedHat) and change permanently
|
|
your
|
|
|
|
<PRE>
|
|
hostname > Basic sendmail configuration > present your system as: one.juro.sk
|
|
</PRE>
|
|
|
|
You should also do this on the computer TWO, where you will put
|
|
two.juro.sk instead of one.juro.sk.
|
|
<P> 2. The file sendmail.cw in /etc directory must contain a line with the
|
|
following text: one.juro.sk in computer ONE, and two.juro.sk in computer
|
|
TWO. The sendmail.cw file is preconfigured as empty and it only contains
|
|
the following commented text:
|
|
# sendmail.cw - include all aliases for your machine here.
|
|
<P> 3. DNS must be configured. DNS files are contained in the bind package.
|
|
Just install bind and change its configuration files in /etc directory.
|
|
Here I will give my DNS configuration files:
|
|
|
|
<PRE>
|
|
/etc/named.boot
|
|
;
|
|
; a caching only nameserver config
|
|
;
|
|
directory /etc/namedb
|
|
cache . root.cache
|
|
primary 0.0.127.in-addr.arpa named.local
|
|
</PRE>
|
|
|
|
The content of my /etc/named.conf file is different from the standard
|
|
Linux configuration. I changed it because I use FreeBSD and I backup the
|
|
/etc directory regularly. For me it is more convenient to have all
|
|
configuration files in /etc rather than few in /var and the rest in /etc
|
|
directory, but this is a matter of your choice. The file root.cache
|
|
contains the world root DNS servers and it is preconfigured, so I do not
|
|
include its content here. You will only make use of this file if you are
|
|
connected to the net. However, if you are not connected, it's OK to
|
|
leave it as it is. I noticed the file does not make any interference
|
|
with our configuration.
|
|
|
|
<H4>/etc/named.conf</H4>
|
|
|
|
<PRE>
|
|
options {
|
|
directory "/etc/namedb";
|
|
};
|
|
zone "." {
|
|
type hint;
|
|
file "root.cache";
|
|
};
|
|
zone "0.0.127.in-addr.arpa"{
|
|
type master;
|
|
file "named.local";
|
|
};
|
|
zone "juro.sk"{
|
|
type master;
|
|
file "juro.sk";
|
|
};
|
|
zone "0.0.10.IN-ADDR.ARPA"{
|
|
type master;
|
|
file "10.0.0";
|
|
};
|
|
</PRE>
|
|
|
|
<H4>/etc/namedb/named.local</H4>
|
|
|
|
<PRE>
|
|
$TTL 3600
|
|
@ IN SOA one.juro.sk. root.one.juro.sk. (
|
|
20000827 ; serial
|
|
3600 ; refresh
|
|
900 ; retry
|
|
3600000 ; expire
|
|
3600 ) ; Minimum
|
|
IN NS one.juro.sk.
|
|
1 IN PTR one.juro.sk.
|
|
</PRE>
|
|
|
|
The periods at the end are not a mistake; they are important here to
|
|
keep (one.juro.sk.) You can find more information in the
|
|
<A HREF="http://www.linuxdoc.org/HOWTO/DNS-HOWTO.html">DNS-HOWTO</A>. If
|
|
you don't understand something, just forget it and feel fine with my
|
|
assurance that this DNS configuration will work.
|
|
|
|
<H4>/etc/namedb/juro.sk</H4>
|
|
|
|
<PRE>
|
|
$TTL 3600
|
|
@ IN SOA one.juro.sk. root.one.juro.sk. (
|
|
2000080801 ; serial
|
|
3600 ; refresh
|
|
900 ; retry
|
|
1209600 ; expire
|
|
43200 ; default_ttl
|
|
)
|
|
IN NS one.juro.sk.
|
|
IN MX 0 one.juro.sk.
|
|
localhost. IN A 127.0.0.1
|
|
;info on particular computers
|
|
ns IN A 10.0.0.1
|
|
one IN A 10.0.0.1
|
|
www CNAME one
|
|
ftp CNAME one
|
|
two IN A 10.0.0.2
|
|
</PRE>
|
|
|
|
MX is a mail exchanger. NS is a nameserver, CNAME is a canonical name or
|
|
alias.
|
|
Now follows the reverse zone:
|
|
|
|
<H4>/etc/namedb/10.0.0 (yes the name of the file is simply "10.0.0")</H4>
|
|
|
|
<PRE>
|
|
$TTL 3600
|
|
@ IN SOA one.juro.sk. root.one.juro.sk. (
|
|
1997022700 ; serial
|
|
28800 ; refresh
|
|
14400 ; retry
|
|
3600000 ; expire
|
|
86400 ; default_ttl
|
|
)
|
|
IN NS one.juro.sk.
|
|
1 IN PTR one.juro.sk.
|
|
2 IN PTR two.juro.sk.
|
|
; the above PTR is reverse mapping
|
|
</PRE>
|
|
|
|
|
|
SOA means Start of Authority, notice ";" at the beginning of some lines;
|
|
it is used as a comment. The numbers represent time in seconds.
|
|
|
|
<P> Now you can issue a command "ndc start". If your DNS (BIND) is already
|
|
running, try "ndc restart". You can try the nslookup command, which
|
|
should answer your queries, for example, issue nslookup. The shell
|
|
command line will change and you will see something like this:
|
|
|
|
<PRE>
|
|
$ nslookup
|
|
Default Name Server: one.juro.sk
|
|
Address: 127.0.0.1
|
|
</PRE>
|
|
|
|
<P> Now you can put 10.0.0.2 in the ndc command window and you should
|
|
receive a feedback that the computer you are asking for is two.juro.sk.
|
|
If you put 10.0.0.1, the reply will be one.juro.sk.
|
|
|
|
<P> No DNS server should be running on the other computer (TWO). This is a
|
|
detail, but newbies often configure DNS server on more machines. In our
|
|
network connection we have one DNS server and don't worry with the
|
|
Secondary DNS server. We're dealing here with a SIMPLE NETWORK. It's the
|
|
only way to start understanding something more complicated.
|
|
|
|
<P> 4. Putting the "domain juro.sk" in the resolv.conf file will tell the
|
|
second computer (and all other ones, if we plan to include them into our
|
|
network) about the domain we are in (juro.sk, frank.com, or planet.ru,
|
|
it's your choice, but keep only one domain. There's a possibility to
|
|
create more domains. This is something like "Workgroups" in MS Windows
|
|
and only computers in one domain [Workgroup] will be able to communicate
|
|
with one another, i.e. computers in the domain "juro.sk" will
|
|
communicate with one another; if you have computers in the "frank.com"
|
|
domain in the same network, "frank.com" computers will not communicate
|
|
with computers in "juro.sk" domain, albeit they all are cabled into one
|
|
network). And because we are using the private IP addresses here, there
|
|
will be no interference with Internet. Our DNS server will simply
|
|
translate one.juro.sk (or 1.frank.com) as 10.0.0.1. (However, for
|
|
Internet connection you need a router, if you want to use any of the
|
|
networked computers for dialing out. The router gives you a possibility
|
|
to share one modem with several computers. If you have a simple network
|
|
with two or three computers and need to make an immediate dial out
|
|
connection, try to dial out from the DNS server. A router is a computer
|
|
that serves as a gateway - a way out of the private Intranet. Please
|
|
look for information elsewhere, or else download a freesco mini dialout
|
|
router and install it; it's a preconfigured mini router with diald I
|
|
tested both from Windows and Linux and which worked well. You will only
|
|
need to configure your ISP. Find the software through search engines, freesco
|
|
should also be on <A HREF="http://freshmeat.net">http://freshmeat.net</A>, it's
|
|
a diskette mini distribution, so an old 386 without a hard disk might serve you
|
|
good).
|
|
|
|
<P> The computer TWO will read the DNS configuration from the computer ONE.
|
|
So the 10.0.0.1 is the address of the computer ONE (and 10.0.0.2 of the
|
|
computer TWO). The resolv.conf on the computer ONE has the following
|
|
syntax:
|
|
|
|
<PRE>
|
|
domain juro.sk
|
|
nameserver 127.0.0.1
|
|
nameserver 10.0.0.1 # (this is maybe not necessary, but I have it there)
|
|
</PRE>
|
|
|
|
The resolv.conf on the computer TWO needs this:
|
|
|
|
<PRE>
|
|
domain juro.sk
|
|
nameserver 10.0.0.1
|
|
</PRE>
|
|
|
|
<P> Again, read my article from the September issue on how to configure the
|
|
simple network. If you have a working network and the above-mentioned
|
|
configuration ready, you will be able to send mails from root or user
|
|
accounts either from computer ONE to computer TWO, or from computer TWO
|
|
to computer ONE. If you connect to the net, the DNS name server we just
|
|
configured will show you all IP addresses of addresses like
|
|
www.linuxgazette.com. So when you execute a command nslookup and type
|
|
any www address in the command line, you will get its numerical IP
|
|
address. This information will be given to you through these root DNS
|
|
servers we mentioned above.
|
|
|
|
<P> If there is anything wrong, try to run "ndc restart". If there is still
|
|
a problem, check your network connection.
|
|
|
|
<H2>Linux and Windows</H2>
|
|
|
|
<P> I haven't tested it yet, but it will certainly work. However, you must
|
|
install a Windows mail server like sendmail in Linux. One alternative
|
|
how to do this is to try some freeware or to use a professional software
|
|
like Winroute, which has a mail server, DHCP server, etc. (Winroute for
|
|
MS Windows can also be used as a dial-up router). Here it will be DNS
|
|
that will help you send mail. Let me repeat the most important
|
|
information I have from this hard digging - no editing of sendmail.cf
|
|
file is necessary. The sendmail configuration file is preconfigured to
|
|
work immediately.
|
|
|
|
<H2>Sharing Encrypted Windows Partition With Linux</H2>
|
|
|
|
<P> Some five years ago I downloaded the PCGuardian Encryption Engine
|
|
(<A HREF="http://www.pcguardian.com">www.pcguardian.com</A>) and used it. Although it is a shareware with
|
|
expiration, I managed to delete my C: Drive several times, so I could
|
|
install it even after it was already installed. Please understand that
|
|
everything you do here like I did will be done at your own risk.
|
|
|
|
<P> The PCGuardian Encryption Engine will totally encrypt a DOS FAT16 or
|
|
WINDOWS FAT32 partition and you will have to enter to your system
|
|
through a password. If you use a diskette and look in the drive C:, you
|
|
will see a garbage. If you later want to delete the encrypted partition,
|
|
the DOS fdisk will refuse it, but not Linux fdisk or cfdisk.
|
|
|
|
<P> Here the problem is, if you have a boot manager, that you must use such
|
|
a boot manager that would not interfere with the password boot manager.
|
|
This is quite a complicated issue, but generally speaking, the password
|
|
engine of PCGuardian software behaves like a boot manager in that it is
|
|
installed in MBR. I used the BOSS boot manager from FreeBSD distribution
|
|
disks. BOSS was installed first and the PCGuardian password manager did
|
|
not damage the BOSS boot manager, or the MBR. This means that first I
|
|
received a password invitation, then the BOSS boot manager and then I
|
|
could easily boot the encrypted Windows partition or Linux. When I
|
|
selected the "Restart in MS-DOS Mode" from the Windows partition, I
|
|
could also use the loadlin.exe file to boot Linux from the encrypted
|
|
partition, however, the Linux partition was obviously on a different
|
|
disk. Other boot managers will not work with PCGuardian or other
|
|
encryption "MBR password" managers. This means that you will either
|
|
destroy the MBR (for example, Boot Manager Menu, which also destroyed my
|
|
whole encrypted disk), or all data on the disk. So far I can say that
|
|
GAG boot manager also may work. You can download GAG from
|
|
<A HREF="http://www.arrakis.es/~scostas/SOFTWARE/GAG/gageng.htm">http://www.arrakis.es/~scostas/SOFTWARE/GAG/gageng.htm</A>
|
|
It is probably the best boot manager and it is free. If you want to
|
|
download BOSS, follow ftp links from
|
|
<A HREF="http://www.freebsd.org">www.freebsd.org</A>. Having two MBR
|
|
codes is a very dangerous thing. The best thing is not to try it.
|
|
Obviously, you cannot mount such an encrypted Windows partition from
|
|
Linux unless the manufacturer gave you a driver.
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<P> <hr> <!-- P -->
|
|
<H5 ALIGN=center>
|
|
|
|
Copyright © 2000, Juraj Sipos.<BR>
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 60 of <i>Linux Gazette</i>, December 2000</H5>
|
|
<!-- *** END copyright *** -->
|
|
|
|
<!--startcut ==========================================================-->
|
|
<HR><P>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="sharma.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue60/sipos.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="steffler.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|