30 Nov
2023
30 Nov
'23
12:07 a.m.
On 2023-11-29 23:06, John Forecast wrote:
I'm not sure if VMS does things the same way as RSX here, but it seems
plausible. In which case the default DECnet account (which don't exist
in RSX) would be used in case no user information was provided. The
account for the object is what account the server program will run
under, which is separate from the authentication here.
But if user information is included in the connection request, that
obviously takes precedence.
On Nov 29, 2023, at 4:16 PM, Johnny Billquist
<bqt(a)softjar.se> wrote:
Just tested from Mim. It can definitely talk MAIL11 to 41.249. No problems there.
So I guess 41.202 is your DECnet implementation under Linux.
I don't understand why the audit event talks about login. But also, why username
"DECNET"? VMS systems usually deal with MAIL running under user MAIL$SERVER.
When you try to connect from your Linux implementation, what kind of connect block and
content are you setting up?
That’s because I set it up with a default DECnet account. It’s a documented
feature during DECnet configuration depending on what level of security you want. I’ve
been building various DECnet configurations and that’s the last one I had tried. Anyway, I’ve found the problem! sendvmsmail (the
program Linux uses to send mail to VMS) tries really hard to put something in the account
field of access control. This seems to cause login to the nonpriviledged account to fail.
I don’t believe I’ve seen any documentation about this issue. Comment out the logic which
fills in the accountfield and everything works OK, even the V3 protocol is almost
functional.
Yeah, that was part what I was asking/curious about. In RSX, the mail
object explicitly ignores any user authentication information, but I
don't know if that is even possible in VMS. Not providing any user
information is, however, the right thing to do.
The nonprivileged account is only applied if there is no user
information. It would be weird if it were applied if user information
was provided.
Johnny
John.
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt(a)softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Johnny
On 2023-11-29 20:29, John Forecast wrote:
_______________________________________________
HECnet mailing list -- hecnet(a)lists.dfupdate.se
To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se Well I can successfully send mail from PKVMS2
(41.65), Paul's OpenVMS/86 system to 41.249 but I can't get a connection from
41.202 to the mailobject on 41.249 - time to grab some pcap traces.
John.
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt(a)softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
_______________________________________________
HECnet mailing list -- hecnet(a)lists.dfupdate.se
To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se On Nov 29, 2023, at 2:11 PM, John Forecast
<john(a)forecast.name> wrote:
41.202 is my debug/test environment on Linux so it may or may not workat any given time.
I’m trying to send mail to 41.249, usename FORECAST.
John.
> On Nov 29, 2023, at 2:03 PM, Johnny Billquist <bqt(a)softjar.se> wrote:
>
> I had a brilliant idea.
>
> Since John was trying to send mails to 41.202 on HECnet (I assume),Idecided to try
that myself. And I can't send any mails there either.
>
> It seems to fail at accepting. Not exactly sure what system 41.202 (EMULAT) is. It
won't speak NICE to me. :-(
>
> .ncp tell emulat sho exec cha
> NCP -- Show failed, incompatible Management version
>
>
> Anyway, not entirely sure in which direction John is sending mails,nor which systems
are involved. Clarification needed. :-)
>
> Johnny
>
> On 2023-11-29 19:13, Trevor Warwick wrote:
>> On the VAX, run NCP and what does "SHOW OBJECT MAIL" say ? It should
have mail$server as the account, then run AUTHORIZE and make sure that account exists and
has Network access.
>> On Wed, 29 Nov 2023 at 17:48, Johnny Billquist <bqt(a)softjar.se
<mailto:bqt@softjar.se>> wrote:
>> Well, the obvious first question would be - does the default DECnet
>> account actually exist and is not expired?
>> If you want to experiment in a slightly simpler way, try sending toan
>> RSX system instead. They are usually set up with no requirementforany
>> authentication for mail.
>> On MIM::
>> .ncp sho obj 27
>> Object summary as of 29-NOV-23 18:48:13
>> Object Name Copies User Verification
>> 27 MAI$$$ 5 Default Off
>> Johnny
>> On 2023-11-29 16:56, John Forecast wrote:
>>> I’m trying to get mail working from my latest Linux DECnet
>> release to
>>> OopenVMS with the intention of eventually upgrading to the mail11v3
>>> protocol. I’m running an up to date version of VAX OpenVMS
>> V7.3with all
>>> patches I’ve found on a recent download of OpenSimh on a
>> reallyslow ARM
>>> system. The system has a default DECnet account as well as a
>> MAIL$SERVER
>>> account. Whenever I try to send e-mail, the connection is
>> rejected with
>>> a “No such user” error:
>>>
>>> Auditable event: Network loginfailure
>>> Event time: 29-NOV-2023 10:14:32.96
>>> PID: 00000098
>>> Process name: MAIL_8198
>>> Username: DECNET
>>> Remote node id: 42186 (41.202)
>>> Remote username: Linux0000
>>> Status: %LOGIN-F-NOSUCHUSER, no such user
>>>
>>> I also get the same rejection error if I try to connect to FAL
>> with no
>>> access control information. However, if I connect to FAL using the
>>> explicit nonpriviledged userid/password returned by NCP, everything
>>> works as expected.
>>>
>>> Any ideas?
>>>
>>> Thanks,
>>> John.
>>>
>>>
>>> _______________________________________________
>>> HECnet mailing list -- hecnet(a)lists.dfupdate.se
>> <mailto:hecnet@lists.dfupdate.se>
>>> To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se
>> <mailto:hecnet-leave@lists.dfupdate.se>
>> -- Johnny Billquist || "I'm on a bus
>> || on a psychedelic trip
>> email: bqt(a)softjar.se <mailto:bqt@softjar.se> || Reading
murder books
>> pdp is alive! || tryin' to stay hip" - B. Idol
>> _______________________________________________
>> HECnet mailing list -- hecnet(a)lists.dfupdate.se
>> <mailto:hecnet@lists.dfupdate.se>
>> To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se
>> <mailto:hecnet-leave@lists.dfupdate.se>
>> _______________________________________________
>> HECnet mailing list -- hecnet(a)lists.dfupdate.se
>> To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se
>
> --
> Johnny Billquist || "I'm on a bus
> || on a psychedelic trip
> email: bqt(a)softjar.se || Reading murder books
> pdp is alive! || tryin' to stay hip" - B. Idol
> _______________________________________________
> HECnet mailing list -- hecnet(a)lists.dfupdate.se
> To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se
_______________________________________________
HECnet mailing list -- hecnet(a)lists.dfupdate.se
To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se
_______________________________________________
HECnet mailing list -- hecnet(a)lists.dfupdate.se
To unsubscribe send an email to hecnet-leave(a)lists.dfupdate.se