dial-up Server Maintenance

The maintenance and management of dial-up servers is a complex task involving both the server side and the client, software and hardware. It requires administrators to practice more, and good at induction and summary, only in this way, can form a set of effective management experience and methods.

First, check the physical circuit

When the client is unable to dial in, the server side first check the physical line is unobstructed, that is, check the modem and the server serial port connection. An external modem and a server serial port (COM1 or COM2) connection typically uses a standard rs-232c connection cable. The connection of the cable can be easily detected using minicom. Minicom is a utility that can be run on Linux systems, primarily for communication between the system and the modem and for modem control. In the Linux terminal State Input command: minicom, the screen to display the initialization of the modem, and then display the welcome information after the "OK", indicating that the system and the modem connected smoothly, otherwise you have to check the cable connectors are loose. Sometimes, a little loosening of the cable connector is not visible, then use minicom will be handy. In fact, when solving a general network failure, we start by checking the physical line connectivity first.

Second, check the/var/lock/lck. Ttysx Device lock file

Because the modem is an exclusive resource, that is, when a user uses the resource, other users cannot use it until the previous user releases the resource, and the Linux system uses the device lock file to control the use of the device. There are two main types of device lock files:

When the server-side modem power is off, the device is disconnected from the computer, the system automatically generates the device lock file in the/var/lock/directory, indicating that the device is currently unavailable, the customer can not dial in, for the specific serial port, produce such as LCK. TtyS0 or LCK. ttyS1 file; When the modem power is turned on, the lock file automatically disappears after a few seconds, and the device returns to the status of accepting dial-in.

The directory also produces a device-locked file for a specific serial port that indicates that an existing user is using the exclusive device and that other users cannot use the device at this time. When a dial-in user disconnects, the locked file is automatically released and the user waiting for the dial-in can dial in. The primary purpose of checking for a locked file is to check that the server-side modem power is turned on.

Third, check the IP forwarding function

When a user connects to the Internet through a dial-in server, the kernel of the server must support IP forwarding and allow IP forwarding, or a situation in which a dial-through client can only ping to a dial-up server and not ping to another server or local gateway. Check that the current system's IP Forwarding feature has no open use commands:

Cat/proc/sys/net/ipv4/ip_forward

If the output is 1, the IP forwarding feature is turned on, and if the output is 0, which means that the feature is turned off, you can use the command "Echo 1 >/proc/sys/net/ipv4/ip_forward" To turn on the feature, but the opening is not permanent. When you reboot the system, it will revert to the original set value. In order to open this function and make it always effective, the easiest way is to modify the/etc/sysclt.conf file as root, found in the file: Net.ipv4.ip_forward = 0, the "0" to "1", restart the system can be effective.

Check the setuid position of PPPD

If the dial-up user enters the username and password in a terminal window that pops up after the modem is connected, the following message appears:

-pppd:must be root to run-pppd,since it isn't setuid-root

This is because of security considerations, PPPD can only be run by root or users with root privileges, and dial-up users that the system has created do not have permission to run PPPD. You can resolve this problem by setting the setuid bit on the PPPD. Setting setuid on an executable binary allows other users to run the program as the owner of the file. Enter the following command to set the PPPD setuid bit:

chmod 4755/USR/SBIN/PPPD

Because the pppd file owner is root, such a regular user, such as a dial-up user who has been created, can execute the program as root. In addition, when running the linuxconf program, because it is to check the file system security, sometimes delete the pppd setuid bit, so after running linuxconf, pay attention to check the PPPD property settings.

Source: Chinabyte Author: Richard Carey Zebian: Bean Technology Application