LINUX GAZETTE

[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]

"Linux Gazette...making Linux just a little more fun!"


Sharing an Encrypted Windows Partition With Linux
(and notes about Sendmail)

By


I published an article in the September issue of Linux Gazette (LG #57) titled Making a Simple Linux Network Including Windows 9x. I received questions regarding my encrypted Windows partition. People asked me questions like. "How did you do that?" So I'd like to answer, "how did I do that?" I would also like to describe my successful configuration of sendmail, which remained open in my previous article.

The above-mentioned article was about how to configure simple network including Windows 9x, but I was at that time unsuccessful with configuration of sendmail. First, let me say that I was not interested to have a standard mail server--one server from which I would fetch mail. I was interested to configure sendmail to have a possibility to send mail from machine one to machine two, and from machine two to machine one. This is something not very usual; however, the information revealed here may also be useful for such a standard sendmail server configuration.

I am using a term "sendmail configuration", by which I do not mean "configuration of sendmail.cf file", but rather "making sendmail work". In other texts of Linux documentation files the term "sendmail configuration" is understood as manipulation of sendmail configuration files in /etc directory.

The following article will briefly describe how I configured this and how I successfully shared an encrypted Windows partition with Linux.

Normally, I use Linux at home, so I did not give my Linux workstation a network name - a host name. I found most of the programs people recommended me in their answers as ineffective (webadmin, configure sendmail). This was obviously due to the following reasons including the fact I must strongly emphasize here usually, sendmail is preconfigured and no editing of its configuration file (sendmail.cf) is necessary unless you want to do something special or at least something of your particular choice:

1. The first important thing was to give my Linux a host name. I did this with a "hostname one.juro.sk" command, where "one.juro.sk" may be a name for your machine. If you do not have a real network name, it does not matter. Just use the above-mentioned name and replace my name with your name, e.g. one.frank.com. The article in September issue clearly describes how to configure your network, so look there. The information in the article you now read will also apply to configuring sendmail in the plip network. You can open Linuxconf (RedHat) and change permanently your

hostname > Basic sendmail configuration > present your system as: one.juro.sk
You should also do this on the computer TWO, where you will put two.juro.sk instead of one.juro.sk.

2. The file sendmail.cw in /etc directory must contain a line with the following text: one.juro.sk in computer ONE, and two.juro.sk in computer TWO. The sendmail.cw file is preconfigured as empty and it only contains the following commented text: # sendmail.cw - include all aliases for your machine here.

3. DNS must be configured. DNS files are contained in the bind package. Just install bind and change its configuration files in /etc directory. Here I will give my DNS configuration files:

     /etc/named.boot
    ;
    ; a caching only nameserver config
    ;
    directory                             /etc/namedb
    cache           .                      root.cache
    primary         0.0.127.in-addr.arpa   named.local
The content of my /etc/named.conf file is different from the standard Linux configuration. I changed it because I use FreeBSD and I backup the /etc directory regularly. For me it is more convenient to have all configuration files in /etc rather than few in /var and the rest in /etc directory, but this is a matter of your choice. The file root.cache contains the world root DNS servers and it is preconfigured, so I do not include its content here. You will only make use of this file if you are connected to the net. However, if you are not connected, it's OK to leave it as it is. I noticed the file does not make any interference with our configuration.

/etc/named.conf

   options {
           directory "/etc/namedb";
   };
   zone "." {
           type hint;
           file "root.cache";
   };
   zone "0.0.127.in-addr.arpa"{
           type master;
           file "named.local";
   };
   zone "juro.sk"{
           type master;
           file "juro.sk";
   };
   zone "0.0.10.IN-ADDR.ARPA"{
           type master;
           file "10.0.0";
   };

/etc/namedb/named.local

   $TTL    3600
   @               IN      SOA     one.juro.sk.    root.one.juro.sk. (
                           20000827 ; serial
                           3600 ; refresh
                           900  ; retry
                           3600000 ; expire
                           3600 )  ; Minimum
                   IN      NS     one.juro.sk.
   1              IN      PTR   one.juro.sk.
The periods at the end are not a mistake; they are important here to keep (one.juro.sk.) You can find more information in the DNS-HOWTO. If you don't understand something, just forget it and feel fine with my assurance that this DNS configuration will work.

/etc/namedb/juro.sk

    $TTL    3600
    @               IN      SOA     one.juro.sk.    root.one.juro.sk. (
                            2000080801 ; serial
                            3600 ; refresh
                            900 ; retry
                            1209600 ; expire
                            43200 ; default_ttl
                            )
                    IN      NS         one.juro.sk.
                    IN      MX    0 one.juro.sk.
    localhost.      IN      A       127.0.0.1
    ;info on particular computers
    ns              IN      A     10.0.0.1
    one            IN      A     10.0.0.1
    www                   CNAME   one
    ftp                       CNAME   one
    two            IN      A       10.0.0.2
 
MX is a mail exchanger. NS is a nameserver, CNAME is a canonical name or alias. Now follows the reverse zone:

/etc/namedb/10.0.0 (yes the name of the file is simply "10.0.0")

    $TTL    3600
    @               IN      SOA     one.juro.sk.    root.one.juro.sk. (
                            1997022700 ; serial
                            28800 ; refresh
                            14400 ; retry
                            3600000 ; expire
                            86400 ; default_ttl
                            )
                     IN      NS      one.juro.sk.
    1               IN     PTR     one.juro.sk.
    2               IN     PTR     two.juro.sk.
    ; the above PTR is reverse mapping
SOA means Start of Authority, notice ";" at the beginning of some lines; it is used as a comment. The numbers represent time in seconds.

Now you can issue a command "ndc start". If your DNS (BIND) is already running, try "ndc restart". You can try the nslookup command, which should answer your queries, for example, issue nslookup. The shell command line will change and you will see something like this:

$ nslookup
  Default Name Server: one.juro.sk
  Address:  127.0.0.1

Now you can put 10.0.0.2 in the ndc command window and you should receive a feedback that the computer you are asking for is two.juro.sk. If you put 10.0.0.1, the reply will be one.juro.sk.

No DNS server should be running on the other computer (TWO). This is a detail, but newbies often configure DNS server on more machines. In our network connection we have one DNS server and don't worry with the Secondary DNS server. We're dealing here with a SIMPLE NETWORK. It's the only way to start understanding something more complicated.

4. Putting the "domain juro.sk" in the resolv.conf file will tell the second computer (and all other ones, if we plan to include them into our network) about the domain we are in (juro.sk, frank.com, or planet.ru, it's your choice, but keep only one domain. There's a possibility to create more domains. This is something like "Workgroups" in MS Windows and only computers in one domain [Workgroup] will be able to communicate with one another, i.e. computers in the domain "juro.sk" will communicate with one another; if you have computers in the "frank.com" domain in the same network, "frank.com" computers will not communicate with computers in "juro.sk" domain, albeit they all are cabled into one network). And because we are using the private IP addresses here, there will be no interference with Internet. Our DNS server will simply translate one.juro.sk (or 1.frank.com) as 10.0.0.1. (However, for Internet connection you need a router, if you want to use any of the networked computers for dialing out. The router gives you a possibility to share one modem with several computers. If you have a simple network with two or three computers and need to make an immediate dial out connection, try to dial out from the DNS server. A router is a computer that serves as a gateway - a way out of the private Intranet. Please look for information elsewhere, or else download a freesco mini dialout router and install it; it's a preconfigured mini router with diald I tested both from Windows and Linux and which worked well. You will only need to configure your ISP. Find the software through search engines, freesco should also be on http://freshmeat.net, it's a diskette mini distribution, so an old 386 without a hard disk might serve you good).

The computer TWO will read the DNS configuration from the computer ONE. So the 10.0.0.1 is the address of the computer ONE (and 10.0.0.2 of the computer TWO). The resolv.conf on the computer ONE has the following syntax:

domain juro.sk
nameserver 127.0.0.1
nameserver 10.0.0.1         # (this is maybe not necessary, but I have it there)
The resolv.conf on the computer TWO needs this:
domain        juro.sk
nameserver 10.0.0.1

Again, read my article from the September issue on how to configure the simple network. If you have a working network and the above-mentioned configuration ready, you will be able to send mails from root or user accounts either from computer ONE to computer TWO, or from computer TWO to computer ONE. If you connect to the net, the DNS name server we just configured will show you all IP addresses of addresses like www.linuxgazette.com. So when you execute a command nslookup and type any www address in the command line, you will get its numerical IP address. This information will be given to you through these root DNS servers we mentioned above.

If there is anything wrong, try to run "ndc restart". If there is still a problem, check your network connection.

Linux and Windows

I haven't tested it yet, but it will certainly work. However, you must install a Windows mail server like sendmail in Linux. One alternative how to do this is to try some freeware or to use a professional software like Winroute, which has a mail server, DHCP server, etc. (Winroute for MS Windows can also be used as a dial-up router). Here it will be DNS that will help you send mail. Let me repeat the most important information I have from this hard digging - no editing of sendmail.cf file is necessary. The sendmail configuration file is preconfigured to work immediately.

Sharing Encrypted Windows Partition With Linux

Some five years ago I downloaded the PCGuardian Encryption Engine (www.pcguardian.com) and used it. Although it is a shareware with expiration, I managed to delete my C: Drive several times, so I could install it even after it was already installed. Please understand that everything you do here like I did will be done at your own risk.

The PCGuardian Encryption Engine will totally encrypt a DOS FAT16 or WINDOWS FAT32 partition and you will have to enter to your system through a password. If you use a diskette and look in the drive C:, you will see a garbage. If you later want to delete the encrypted partition, the DOS fdisk will refuse it, but not Linux fdisk or cfdisk.

Here the problem is, if you have a boot manager, that you must use such a boot manager that would not interfere with the password boot manager. This is quite a complicated issue, but generally speaking, the password engine of PCGuardian software behaves like a boot manager in that it is installed in MBR. I used the BOSS boot manager from FreeBSD distribution disks. BOSS was installed first and the PCGuardian password manager did not damage the BOSS boot manager, or the MBR. This means that first I received a password invitation, then the BOSS boot manager and then I could easily boot the encrypted Windows partition or Linux. When I selected the "Restart in MS-DOS Mode" from the Windows partition, I could also use the loadlin.exe file to boot Linux from the encrypted partition, however, the Linux partition was obviously on a different disk. Other boot managers will not work with PCGuardian or other encryption "MBR password" managers. This means that you will either destroy the MBR (for example, Boot Manager Menu, which also destroyed my whole encrypted disk), or all data on the disk. So far I can say that GAG boot manager also may work. You can download GAG from http://www.arrakis.es/~scostas/SOFTWARE/GAG/gageng.htm It is probably the best boot manager and it is free. If you want to download BOSS, follow ftp links from www.freebsd.org. Having two MBR codes is a very dangerous thing. The best thing is not to try it. Obviously, you cannot mount such an encrypted Windows partition from Linux unless the manufacturer gave you a driver.


Copyright © 2000, Juraj Sipos.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 60 of Linux Gazette, December 2000

[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]