Remote Client Access: Difference between revisions
imported>WaybackImport Imported via HTML fallback (before-primary) |
imported>ImportBot Imported from scrape |
||
| Line 1: | Line 1: | ||
By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Rivendell clients and the Rivendell applications for Windows to access the Rivendell DB on what I'll refer to as the "Rivendell Server." Note that these procedures have been tested with Debian and Suse so these directions may have to be adjusted a bit to fit your flavor of Linux. | By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Rivendell clients and the Rivendell applications for Windows to access the Rivendell DB on what I'll refer to as the "Rivendell Server." Note that these procedures have been tested with Debian and Suse so these directions may have to be adjusted a bit to fit your flavor of Linux. | ||
== Prepare your Rivendell Server for MySQL == | == Prepare your Rivendell Server for MySQL == | ||
Ensure that the mysql server is running (i.e. /etc/init.d/mysql start). | Ensure that the mysql server is running (i.e. /etc/init.d/mysql start). | ||
Install MySQL Administrator (mysql-admin) if you prefer to use a graphical interface to edit the database otherwise it's NOT required. (Note: MySQL Administrator that ships with Suse 10.0 has bugs that prevent it from making the changes outlined below.) | Install MySQL Administrator (mysql-admin) if you prefer to use a graphical interface to edit the database otherwise it's NOT required. (Note: MySQL Administrator that ships with Suse 10.0 has bugs that prevent it from making the changes outlined below.) | ||
== Configure Rivendell DB for remote access with MySQL Administrator == | == Configure Rivendell DB for remote access with MySQL Administrator== | ||
Load the MySQL Administrator GUI. From a console: | Load the MySQL Administrator GUI. From a console: | ||
mysql-admin | |||
server: localhost<br> | |||
username: root<br> | |||
server: localhost | password: <your root password><br> | ||
username: root | |||
password: | |||
In MySQL Administrator: | In MySQL Administrator: | ||
*Select User Administration | |||
*Right-click rduser (or whatever your rivendell user for mysql is) in User Accounts | |||
*Select Add Host from the popup menu | |||
*Select Any Host for full remote access (least secure) or use the Hostname or IP box to allow certain remote PCs to connect | |||
*When done adding a host, click Apply Changes | |||
*With rduser still selected, change to the Schema Privileges tab | |||
*Select Rivendell from the Schema list | |||
*Assign all Privileges EXCEPT: GRANT, REFERENCES, CREATE_TMP_TABLE, and LOCK_TABLES | |||
*Click Apply Changes when done | |||
*Close mysql-admin | |||
== Configure Rivendell DB for remote access withOUT MySQL Administrator== | |||
== Configure Rivendell DB for remote access withOUT MySQL Administrator == | |||
From a console: | From a console: | ||
mysql --user=root mysql -p | |||
mysql --user=root mysql -p | #enter your mysql root password when asked | ||
#enter your mysql root password when asked | |||
In mysql console: | In mysql console: | ||
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER | |||
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER | ON Rivendell.* | ||
TO 'rduser'@'%' | |||
IDENTIFIED BY 'letmein'; | |||
#you should see a message such as: Query OK, 0 rows affected (0.05 sec) | |||
#you should see a message such as: Query OK, 0 rows affected (0.05 sec) | #just replace the... | ||
#just replace the... | #"rduser" -- with rivendell mysql user name | ||
#"rduser" -- with rivendell mysql user name | #"%" -- with IP of remote host or hostname to allow only one specific host | ||
#"%" -- with IP of remote host or hostname to allow only one specific host | #"letmein" -- with the correct rivendell db password | ||
#"letmein" -- with the correct rivendell db password | exit | ||
exit | |||
== Configure MySQL to allow remote connections == | == Configure MySQL to allow remote connections == | ||
At a console as root: | At a console as root: | ||
netstat -an|grep 3306 #change 3306 if your mysql port is different | |||
#that will give you something like: | |||
#tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN | |||
#note the "127.0.0.1:3306" which indicates MySQL is only monitoring for | |||
local connections on port 3306 | |||
#You want to see something like: | |||
#tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN | |||
#note the "0.0.0.0:3306" which indicates MySQL is monitoring | |||
all network adapters | |||
#open /etc/mysql/my.cnf in your favorite editor (i.e. vi /etc/mysql/my.cnf) | #open /etc/mysql/my.cnf in your favorite editor (i.e. vi /etc/mysql/my.cnf) | ||
#find "bind-address = 127.0.0.1" and replace it with | #find "bind-address = 127.0.0.1" and replace it with | ||
bind-address = 0.0.0.0 | bind-address = 0.0.0.0 | ||
#save the file and restart mysql: | #save the file and restart mysql: | ||
/etc/init.d/mysql restart | /etc/init.d/mysql restart | ||
#test the change by: | #test the change by: | ||
netstat -an|grep 3306 #this should give you the second set of | netstat -an|grep 3306 #this should give you the second set of | ||
results listed above | |||
== Open up local firewall (if enabled) to allow connections == | == Open up local firewall (if enabled) to allow connections == | ||
This varies per Linux distribution. | This varies per Linux distribution. | ||
=== SUSE === | === SUSE === | ||
Add "MySQL Remote Access" to ''Allowed Services'' in the ''Firewall'' under ''Security and Users''. | |||
Add "MySQL Remote Access" to Allowed Services in the Firewall under Security and Users. | |||
== Testing MySQL Connection from a remote (Linux/Windows) client == | == Testing MySQL Connection from a remote (Linux/Windows) client == | ||
From a DOS Prompt or console | From a DOS Prompt or console | ||
telnet <rivendell_server> 3306 #where <rivendell_server> is the name/IP | |||
of your Rivendell Server | |||
#you should see a string containing the version of mysql and gibberish | |||
#type in anything and you'll eventually see "Bad handshake" | |||
and the connection will be lost | |||
#NOTE: if you see something like "Host '192.168.0.10' is not allowed to connect to | |||
this MySQL server," you have to revisit the section above pertaining to using | |||
MySQL Administrator to allow rduser to connect to mysql. | |||
Your remote Windows or Linux box will now be able to connect to the Rivendell Server. If something went wrong during the [[Remote_Client_Access#Configure Rivendell DB for remote access with MySQL Administrator]] setup, you will still NOT be able to log into to MySQL. | |||
# | |||
NOTE: The instructions above should be modified to meet the security demands of your particular installation. Opening MySQL to remote connections is inherently risky and should only be done with proper precautions. | |||
== Configure NFS on the server == | == Configure NFS on the server == | ||
=== SUSE yast2 GUI === | === SUSE yast2 GUI === | ||
On SUSE 10.2, ensure that the yast2-nfs-server package is installed. | On SUSE 10.2, ensure that the yast2-nfs-server package is installed. | ||
* Start "yast2" | * Start "yast2" | ||
* In the "Network Services" category select "NFS Server". | |||
* In the "Network Services" category select "NFS Server". | |||
* Start the NFS Server. | * Start the NFS Server. | ||
* Click the "Add Directory" button. | * Click the "Add Directory" button. | ||
* Set "/var/snd" as the directory to export. | * Set "/var/snd" as the directory to export. | ||
* For a more secure environment, set a better host wild card matching, ex: 192.168.1.0/255.255.255.0 . Optionally, for a less secure environment, leave the deafult host wild card of "*". | * For a more secure environment, set a better host wild card matching, ex: 192.168.1.0/255.255.255.0 . Optionally, for a less secure environment, leave the deafult host wild card of "*". | ||
* Set NFS options to read-write, ex: rw,root_squash,sync. NOTE: options should be comma seperated, do not enter spaces between them. | * Set NFS options to read-write, ex: rw,root_squash,sync. NOTE: options should be comma seperated, do not enter spaces between them. | ||
* Click the "Finish" button. | * Click the "Finish" button. | ||
=== command line (ex: Debian) === | === command line (ex: Debian) === | ||
Ensure that an NFS enabled kernel is installed. From the command line: | Ensure that an NFS enabled kernel is installed. From the command line: | ||
aptitude install nfs-kernel-server | |||
$EDIT /etc/exports | |||
# add an entry to share /var/snd, something like the following | |||
# /var/snd 192.168.1.0/255.255.255.0(rw,root_squash,sync) | |||
exportfs -rv # for re-export and verbose | |||
== Configure NFS on the client == | == Configure NFS on the client == | ||
=== SUSE yast2 GUI === | === SUSE yast2 GUI === | ||
* Start "yast2" | * Start "yast2" | ||
* In the "Network Services" category select "NFS Client". | * In the "Network Services" category select "NFS Client". | ||
* Click the "Add" button. | * Click the "Add" button. | ||
* Set the NFS Server hostname of your server. | * Set the NFS Server hostname of your server. | ||
* Set the remote filesystem (ex: /var/snd) | * Set the remote filesystem (ex: /var/snd) | ||
* Set the local mount point (ex: /var/snd) | * Set the local mount point (ex: /var/snd) | ||
* Options can be left to default. | * Options can be left to default. | ||
* Click the "Finish" button. | * Click the "Finish" button. | ||
=== command line (ex: Debian) === | === command line (ex: Debian) === | ||
From the command line: | From the command line: | ||
$EDIT /etc/fstab | |||
$EDIT /etc/fstab | # add an entry to mount /var/snd from the server, something like the following | ||
# rivserver:/var/snd /var/snd nfs defaults 0 0 | |||
mount /var/snd | |||
mount /var/snd | |||
== Testing NFS on the client and server == | == Testing NFS on the client and server == | ||
Confirm that the Rivendell users can read and write to the /var/snd directory. Simply editing a file on both the client and the workstation to confirm that both can make edits should be a sufficient test. | Confirm that the Rivendell users can read and write to the /var/snd directory. Simply editing a file on both the client and the workstation to confirm that both can make edits should be a sufficient test. | ||
== Add client workstations to the Rivendell system == | == Add client workstations to the Rivendell system == | ||
* On a machine connected to the Rivendell server (ex: the server itself) start the "rdadmin" utility. | * On a machine connected to the Rivendell server (ex: the server itself) start the "rdadmin" utility. | ||
* Select "Manage Hosts" | * Select "Manage Hosts" | ||
* Click "Add" on the workstation list | * Click "Add" on the workstation list | ||
* Set a new host name on the Add Host dialog and click OK | * Set a new host name on the Add Host dialog and click OK | ||
== Configure a client workstation to connect to the Rivendell server == | == Configure a client workstation to connect to the Rivendell server == | ||
First configure Rivendell on the workstation to talk to the server. | First configure Rivendell on the workstation to talk to the server. | ||
* $EDIT /etc/rd.conf | * $EDIT /etc/rd.conf | ||
* In the [mySQL] section, set the Hostname to the name of the server configured above. | * In the [mySQL] section, set the Hostname to the name of the server configured above. | ||
* Ensure that in the [Identity] section that the Password value there is the same on all clients and the server. | * Ensure that in the [Identity] section that the Password value there is the same on all clients and the server. | ||
* Stop and start all rivendell daemons (a reboot may be easiest). | * Stop and start all rivendell daemons (a reboot may be easiest). | ||
Once the Rivendell daemons have been restarted on the workstation configure the sound devices on the workstation. | Once the Rivendell daemons have been restarted on the workstation configure the sound devices on the workstation. | ||
* Start rdadmin | * Start rdadmin | ||
* Select Manage Hosts | * Select Manage Hosts | ||
* Select the workstation and Edit | * Select the workstation and Edit | ||
* Set the Card and Port for the various audio apps as the required. | * Set the Card and Port for the various audio apps as the required. | ||
| Line 248: | Line 157: | ||
For NFS to work correctly, the "uid" for a user must match on all machines (server and workstations). This can be accomplished by setting up an NIS or LDAP server (more effort but better for large deployments) or by manually configuring the uids to match in /etc/passwd and /etc/group on all machines. | For NFS to work correctly, the "uid" for a user must match on all machines (server and workstations). This can be accomplished by setting up an NIS or LDAP server (more effort but better for large deployments) or by manually configuring the uids to match in /etc/passwd and /etc/group on all machines. | ||
Some info on unix file permissions: | Some info on unix file permissions: http://www.dartmouth.edu/~rc/help/faq/permissions.html | ||
Some info on the linux filesystem hierarchy: | Some info on the linux filesystem hierarchy: http://www.pathname.com/fhs/ | ||
Information on NFS exports: | Information on NFS exports: | ||
man 5 exports | |||
{{Languages|Remote Client Access}} | |||
Latest revision as of 10:18, 9 May 2026
By default and for good security reasons, Rivendell and MySQL are configured to only allow connections on localhost. Here are the steps I've gone through to allow remote Rivendell clients and the Rivendell applications for Windows to access the Rivendell DB on what I'll refer to as the "Rivendell Server." Note that these procedures have been tested with Debian and Suse so these directions may have to be adjusted a bit to fit your flavor of Linux.
Prepare your Rivendell Server for MySQL
Ensure that the mysql server is running (i.e. /etc/init.d/mysql start).
Install MySQL Administrator (mysql-admin) if you prefer to use a graphical interface to edit the database otherwise it's NOT required. (Note: MySQL Administrator that ships with Suse 10.0 has bugs that prevent it from making the changes outlined below.)
Configure Rivendell DB for remote access with MySQL Administrator
Load the MySQL Administrator GUI. From a console:
mysql-admin
server: localhost
username: root
password: <your root password>
In MySQL Administrator:
- Select User Administration
- Right-click rduser (or whatever your rivendell user for mysql is) in User Accounts
- Select Add Host from the popup menu
- Select Any Host for full remote access (least secure) or use the Hostname or IP box to allow certain remote PCs to connect
- When done adding a host, click Apply Changes
- With rduser still selected, change to the Schema Privileges tab
- Select Rivendell from the Schema list
- Assign all Privileges EXCEPT: GRANT, REFERENCES, CREATE_TMP_TABLE, and LOCK_TABLES
- Click Apply Changes when done
- Close mysql-admin
Configure Rivendell DB for remote access withOUT MySQL Administrator
From a console:
mysql --user=root mysql -p #enter your mysql root password when asked
In mysql console:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON Rivendell.* TO 'rduser'@'%' IDENTIFIED BY 'letmein'; #you should see a message such as: Query OK, 0 rows affected (0.05 sec) #just replace the... #"rduser" -- with rivendell mysql user name #"%" -- with IP of remote host or hostname to allow only one specific host #"letmein" -- with the correct rivendell db password exit
Configure MySQL to allow remote connections
At a console as root:
netstat -an|grep 3306 #change 3306 if your mysql port is different
#that will give you something like:
#tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
#note the "127.0.0.1:3306" which indicates MySQL is only monitoring for
local connections on port 3306
#You want to see something like:
#tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
#note the "0.0.0.0:3306" which indicates MySQL is monitoring
all network adapters
#open /etc/mysql/my.cnf in your favorite editor (i.e. vi /etc/mysql/my.cnf) #find "bind-address = 127.0.0.1" and replace it with bind-address = 0.0.0.0 #save the file and restart mysql: /etc/init.d/mysql restart
#test the change by:
netstat -an|grep 3306 #this should give you the second set of
results listed above
Open up local firewall (if enabled) to allow connections
This varies per Linux distribution.
SUSE
Add "MySQL Remote Access" to Allowed Services in the Firewall under Security and Users.
Testing MySQL Connection from a remote (Linux/Windows) client
From a DOS Prompt or console
telnet <rivendell_server> 3306 #where <rivendell_server> is the name/IP
of your Rivendell Server
#you should see a string containing the version of mysql and gibberish
#type in anything and you'll eventually see "Bad handshake"
and the connection will be lost
#NOTE: if you see something like "Host '192.168.0.10' is not allowed to connect to
this MySQL server," you have to revisit the section above pertaining to using
MySQL Administrator to allow rduser to connect to mysql.
Your remote Windows or Linux box will now be able to connect to the Rivendell Server. If something went wrong during the Remote_Client_Access#Configure Rivendell DB for remote access with MySQL Administrator setup, you will still NOT be able to log into to MySQL.
NOTE: The instructions above should be modified to meet the security demands of your particular installation. Opening MySQL to remote connections is inherently risky and should only be done with proper precautions.
Configure NFS on the server
SUSE yast2 GUI
On SUSE 10.2, ensure that the yast2-nfs-server package is installed.
- Start "yast2"
- In the "Network Services" category select "NFS Server".
- Start the NFS Server.
- Click the "Add Directory" button.
- Set "/var/snd" as the directory to export.
- For a more secure environment, set a better host wild card matching, ex: 192.168.1.0/255.255.255.0 . Optionally, for a less secure environment, leave the deafult host wild card of "*".
- Set NFS options to read-write, ex: rw,root_squash,sync. NOTE: options should be comma seperated, do not enter spaces between them.
- Click the "Finish" button.
command line (ex: Debian)
Ensure that an NFS enabled kernel is installed. From the command line:
aptitude install nfs-kernel-server $EDIT /etc/exports # add an entry to share /var/snd, something like the following # /var/snd 192.168.1.0/255.255.255.0(rw,root_squash,sync) exportfs -rv # for re-export and verbose
Configure NFS on the client
SUSE yast2 GUI
- Start "yast2"
- In the "Network Services" category select "NFS Client".
- Click the "Add" button.
- Set the NFS Server hostname of your server.
- Set the remote filesystem (ex: /var/snd)
- Set the local mount point (ex: /var/snd)
- Options can be left to default.
- Click the "Finish" button.
command line (ex: Debian)
From the command line:
$EDIT /etc/fstab # add an entry to mount /var/snd from the server, something like the following # rivserver:/var/snd /var/snd nfs defaults 0 0 mount /var/snd
Testing NFS on the client and server
Confirm that the Rivendell users can read and write to the /var/snd directory. Simply editing a file on both the client and the workstation to confirm that both can make edits should be a sufficient test.
Add client workstations to the Rivendell system
- On a machine connected to the Rivendell server (ex: the server itself) start the "rdadmin" utility.
- Select "Manage Hosts"
- Click "Add" on the workstation list
- Set a new host name on the Add Host dialog and click OK
Configure a client workstation to connect to the Rivendell server
First configure Rivendell on the workstation to talk to the server.
- $EDIT /etc/rd.conf
- In the [mySQL] section, set the Hostname to the name of the server configured above.
- Ensure that in the [Identity] section that the Password value there is the same on all clients and the server.
- Stop and start all rivendell daemons (a reboot may be easiest).
Once the Rivendell daemons have been restarted on the workstation configure the sound devices on the workstation.
- Start rdadmin
- Select Manage Hosts
- Select the workstation and Edit
- Set the Card and Port for the various audio apps as the required.
misc information
For NFS to work correctly, the "uid" for a user must match on all machines (server and workstations). This can be accomplished by setting up an NIS or LDAP server (more effort but better for large deployments) or by manually configuring the uids to match in /etc/passwd and /etc/group on all machines.
Some info on unix file permissions: http://www.dartmouth.edu/~rc/help/faq/permissions.html
Some info on the linux filesystem hierarchy: http://www.pathname.com/fhs/
Information on NFS exports:
man 5 exports
Available in multiple languages