Crack: Google Authentication Services are Vulnerable

There is a vulnerability in the way Google authentication service works. Whenever you login to any of the Google’s online services like GMail, Orkut, Groups, Docs, Youtube, Calendar etc., you are redirected to an authentication server which authenticates against the entered username and password and redirect back to the required service (GMail, Youtube etc.) setting the session variables.

Now, if you are able to grab the url used to set the session variables, you can login as the user to whom that url belongs from any machine on the Internet (need not be the machine belonging to the same subnet) without entering the username and password of the user.

The proxy servers in the organizations can be used to exploit this vulnerability. Squid is the most popular proxy server used. In the default configuration, squid strips the query terms of a url before logging. So, this vulnerability can’t be exploited. But if you turn off the stripping mechanism by adding the line shown below, then squid will log the complete url.

strip_query_terms off

So, after turning stripping mechanism off, the log will contain urls which will look like this

http://www.google.co.in/accounts/SetSID?ssdc=1&sidt=Q5UrfB0BAAA%3D.oHVGErODzffQ%2Bms%2FOKfk53g5naReDKehRNHOBsmJlBu3VTNXjF03SbgX%2FVEEhmImhR4mlu5IAAjM%2BdbuXvMMSIb0oU8IGCYpnLcSNkbCIrG%2BQnm81YmX5%2Brcrq7U6Qx65%2F1yaQ2NzgmKD94jg0Iw13iXDen3qD5qn6L%2FhmmYWwTrcOeuTzGbO%2BAehpjEU3mrWapRafaq3b4kxyigJ68s8QrGQqZTINNE%2Bs%2BoIkZWmGt5kNzoT8fkVAsWJeu3CKFkxj4oVMngeDvpwb1nyFpsJCltOzmAr46fTxVJSpvQdx0%3D.BMLtjUdIDCcuszktZSvYzA%3D%3D&continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D0%26ts%3D1226148773097%3A1226148773386%3A1226148774868%26auth%3DDQAAAIcAAAC1pPE1QT4chKgrU4B3oyKZrQRkEVPtYlclpESQoXV_d9x9gdoe75Z0hfJ_22Pn5tVMR7j-uV5YCps3NB48L0bFlDeX-4PGHVT6Loztp_ru3tAy_gxDa9_YAEbz4d9CO4wD2VTKtzax9zvpGgrnJVZQfoWPkkIomUmxDtVGoH7g3fA3UjS0vdBJ2PJtgFMElso

Replace .co.in with your tld specific to your country. If you paste this url in any browser, it’ll directly log you in and you can do whatever you want to that account. Remember that all such urls remains valid only for two minutes. So, if you use that url after two minutes, it’ll lead nowhere.

At the time of writing this post Orkut, Google Docs, Google Calendar, Google Books and Youtube are vulnerable.

So, make sure your squid has stripping mechanism turned on and your squid server is properly firewalled.

You can watch the Video proof for Orkut on Blip.tv, Youtube.

 

How To: Configure Caching Nameserver (named)

Mission

To configure a caching nameserver on a local machine which will cascade to another previously configured and functional nameserver (may or may not be caching. It’ll generally be your ISP nameserver or the one provided by your organization).

Advantage

  • Reduces the delay in domain name resolution drastically as the requests for frequently accessed websites are served from cache.

Working

  • named gets a request for domain resolution.
  • It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time :)
  • If request can’t be satisfied from cache, named queries the first parent. If it replies with the answer, then named will cache the response and subsequent requests for the same domain name will be satisfied from the cache.
  • In case first parent fails to reply, named will query the second parent and so on.

(The working is my understanding of caching-nameserver using wireshark as traffic analysis tool and caching-nameserver may not behave exactly as explained above.)

How to install

named is by default on most of the systems by the package name ‘caching-nameserver‘. If its not present on your system, install using

[root@localhost ~]# yum install caching-nameserver [ENTER]
# If that doesn't work try this
[root@localhost ~]# yum install bind [ENTER]

How to configure

The main configuration file for named resides in /var/named/chroot/etc/named.caching-nameserver.conf which is also soft linked from /etc/named.caching-nameserver.conf . named configuration file supports C/C++ style comments.

For a caching nameserver which will cascade to another nameserver, there is nothing much to be configured. You need to configure “options” block. Below is a configuration file for a machine with IP address 172.17.8.64 cascading to two nameserver 192.168.36.204 and 192.168.36.210. The comments inline explain what each option does.

options {
  // Set the port to 53 which is standard port for DNS.
  // Add the IP address on which named will listen separated by semi-colons.
  // It'll be your own IP address.
  listen-on port 53 {127.0.0.1; 172.17.8.64;};
  // These are default. Leave them as it is.
  directory   "/var/named";
  dump-file   "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  // The machines which are allowed to query this nameserver.
  // Normally you'll allow only your machine. But you can allow other machines also.
  // The address should be separated by semi-colons. To allow a network 172.16.31.0/24,
  // the line would be
  // allow-query {localhost; 172.16.31.0/24; };
  // Don't forget the semi-colons.
  allow-query     { localhost; 172.17.8.64; };
  recursion yes;
  // The parent nameservers. List all the nameserver which you can query.
  forwarders { 192.168.36.204; 192.168.36.210; };
  forward first;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
  type hint;
  file "named.ca";
};
include "/etc/named.rfc1912.zones";

Start caching-nameserver

Now start the caching-nameserver using the following command

[root@localhost ~]# server named start [ENTER]

OR

[root@localhost ~]# /etc/init.d/named start [ENTER]

To make named start every time your reboot your machine use following command

[root@localhost ~]# chkconfig named on [ENTER]

Using caching-nameserver

To use your caching-nameserver, open /etc/resolv.conf file and add the following line

nameserver 127.0.0.1

Comment all other lines in the file, so that finally the file looks like

; generated by /sbin/dhclient-script
#search wlan.iiit.ac.in
#nameserver 192.168.36.204
#nameserver 192.168.36.210
nameserver 127.0.0.1

Now your system will use your own nameserver (in caching mode) for resolving all domain names. To test if your nameserver use the following command

[root@localhost ~]# dig fedora.co.in [ENTER]

Now if you use that command for the second time, the resolution time will be around 2-3 milli seconds while first time it would be around 400-700 milli seconds.

Example

Below is two subsequent runs of dig for fedora.co.in . Notice the Query time.

[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7839
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in.                  IN      A
;; ANSWER SECTION:
fedora.co.in.           83629   IN      A       72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in.           79709   IN      NS      ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in.        79709   IN      A       72.249.126.241
;; Query time: 531 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:47 2008
;; MSG SIZE  rcvd: 79
[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64233
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in.                  IN      A
;; ANSWER SECTION:
fedora.co.in.           83625   IN      A       72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in.           79705   IN      NS      ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in.        79705   IN      A       72.249.126.241
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:51 2008
;; MSG SIZE  rcvd: 79
[root@bordeaux SPECS]#
 

Bug: Knetstats Bandwidth Monitoring Problem

I use knetstats for monitoring my wireless traffic. One fine day my wireless connection was not working as expected. I reloaded the module and reactivated the wifi device. Just to check if there were some traffic, I opened knetstats and guess what happened. I was blown the by the huge traffic on my wifi interface. The upload speed was something around 5.33 ExaBytes/sec ( or 5864061874995MB/sec) for sometime. I almost survived a heart attack. I wonder when we will have Internet connection with that speed. Here is the proof :)

Knetstats Gone Mad

 

Review: Spicebird – A Collaboration Platform

Well, I happened to attend this workshop on “How to build business around open source tools” organized by Twincling Society and IIIT Hyderabad. There I came to know about Spicebird. Spicebird is a single platform for many collaboration needs. It provides e-mail, calendaring and instant messaging with intuitive integration and unlimited extensibility. Spicebird is being developed by a Hyderabad based Indian start-up named Synovel (All four founders are alumni of IIIT Hyderabad). Below we look at some features that Spicebird provides.

1. Tabbed Interface

The tabbed interface for different utilities like mail, calendar, contacts, tasks etc. looks pretty clean. The interface is not at all cluttered in any way and navigation to different utilities is straight forward. You don’t have to brainstorm before getting something done.

2. Familiar Interface & Crisp Icon Set

Spicebird has an interface similar to loads of mozilla based application out there. The settings, preferences and the way things have been managed are familiar. So people who are switching from other open source email clients will not face any problems at all. Spicebird uses icons from Tango Project. The icons used are really good looking.

3. Nice Home Tab

The way Home tab has been organized is really appealing. You can add applets which includes rss feeds from you favourite blogs, mail folder views, calendar, upcoming events and Date & Time. Geeks love rss feeds. And what can be better than having it on your home tab all the time along with your mails. Event applet comes handy to remind you of the upcoming meetings and deadlines. And its on home tab all the time :) Date & Time is specially helpful when you collaborate with people in different timezones. So you can add their timezone on home tab and you know when is the right time to ping them.

Spicebird Home Tab

4. Email

Email experience is more or less like any other open source email client. But Spicebird provides some intitutive features like if it finds that the content of a mail is about a meeting, it’ll give an option for creating a calendar event for the same. This is a really good feature and this is just the begining. Spicebird is still beta.

SpiceBird Intutive Mail

5. Instant Messaging

This is a really cool feature from collaboration point of view and which makes Spicebird different from the masses. Spicebird is supporting IM via any jabber server. So if you are a startup, setup your own jabber server on Intranet and use it for collaboration. Mind blowing!! This also includes Gmail/GTalk. So you can just say bye bye to your messenger and start using it right away with GTalk. Plus this will import all your contacts to your local address book. Another real good feature which is not there in lot of other email clients.

SpiceBird Instant Message using Jabber, GTalk

6. Calendar & Task Management

Another good feature. Integrated calendar and task management. You can quickly add tasks and events. And you need not check your calendar for upcoming events, add upcoming event applet on home tab and you will have them all the time in front of your eyes :)

Spicebird Calendar and Task Manager

Conclusion

Whether you are a startup which is looking for tools to collaborate or a user who is excited about using open source tools, just go and download Spicebird from here and explore a new way of managing things at a single place :)

You can look at Spicebird Roadmap here and checkout the video demo of Spicebird here.

 

How To: Configure Hierarchicy of Proxy Servers (Squid)

Yesterday I came across this idea of caching all the data that I browse on my hard disk so that the average load time of a website decreases. Actually the idea is I’ll cache all the static data that I browse like images, static html pages, CSS files and similar things which does not change frequently and can be served from the cache. But while setting up the proxy server on my machine, I faced the problem that my machine which is going to act as a proxy server is behind my institute’s proxy. So, a simple caching proxy server can’t serve my needs and I have to really figure out how to setup a hierarchical proxy server. Below we’ll see how to setup a hierarchical proxy server.

Approach

When I thought of setting up a caching proxy server, squid immediately struck my mind. Actually I don’t know about any other proxy servers. I never setup proxy server before this ( I tried a lot of time, but in vain). So, I started googling about squid setup. There were a lot of tutorials, but either they were too small to get things going or they were too verbose that I couldn’t manage to read them. So, I directly jump into squid configuration file squid.conf . And with references from here and there, I managed to setup the proxy server successfully.

Note: The configurations below worked on Fedora 7 with squid 2.6STABLE16. The same configurations may work with other squid versions and on other operating systems as well, but try them at your own risk.

Part 1 : Setting up simple proxy server with squid

Setting up a very simple and usable proxy server is really easy. You need to add/edit only 2-3 lines /etc/squid/squid.conf to get started.

Add your ip to the access list.

1
2
3
acl myip src 172.17.8.175 #<your_ip_which_will_use_the_proxy_server> (e.g. )
http_access allow myip
http_port 8080 #<http_proxy_port> (this is 3128 by default. you can set it to anything you like. e.g. 8080)

Save the squid.conf file. Then issue these commands.

1
2
[root@localhost squid]# squid -z [Enter] (as root) (This needs to be executed only once.)
[root@localhost squid]# service squid start [Enter] (as root)

If you want to start the squid server on boot, issue this command.

[root@localhost squid]# chkconfig --level 345 squid on [Enter] (as root)

Now, your machine is a proxy server. You can setup your browser to use the machine as a proxy server.

Conditions

The proxy server will work only if your machine has a public IP and is directly connected to internet.

Part 2: Setting up a hierarchical caching proxy server with squid

The above setup works fine if a machine is directly connected to internet. But my machine itself is behind a proxy, so setting up a proxy on my machine is of no use unless the proxy on my machine uses the institute proxy for connecting to internet. So, here we jump into squid.conf again and this time we have to really do some brain storming. If you are a newbie to Linux and don’t know how to make a system work when nothing seems to help, you will probably be better off by using institute’s proxy.

Here is the scenario.

1
2
3
4
5
6
7
8
9
10
11
12
13
1. Your browser sends a content request to proxy on your machine.
2. Check: if a cache HIT from institute proxy cache (HIT means content was found in cache)
	2a. Check: if content is older than the original upstream content
		2aa. Fetch content from upstream and serve the client
	2b. else
		2ba. Serve the content from the cache
3. Check: if cache HIT from proxy on your machine
	3a. Check: if content is older than the original upstream content
		3aa. Fetch content from upstream and serve the client
	3b. else
		3ba. Serve the content from the cache
4. Cache MISS from both the proxies
	4a. Fetch the content from upstream and serve the client

The above method of operation is very basic and is my understanding of squid. It may not be the exact squid behavior.

Now, lets see the configurations needed for setting up the hierarchical caching proxy server with squid.

Assumptions

I assume that we already have squid setup at institute’s proxy whether in caching mode or not. The best way to add/edit the following lines in your squid.conf is to search for particular parameter and then edit the value to set as given.

I also assume that you have simple proxy server setup on your machine and now we want to make it act as child proxy of the institute’s proxy.

Configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Your local machine will act as a sibling proxy
cache_peer 172.17.8.175 sibling 3128 3130 no-query weight=10
# The institute's proxy server will act as a parent proxy
# 'default' mean the last-resort
cache_peer 192.168.36.204 parent 8080 3130 no-query proxy-only no-digest default
# allow accessing peer cache for access list 'myip'
cache_peer_access 172.17.8.175 allow myip
# Don't cache dynamic content
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
# Size of main memory to be used for caching
cache_mem 200 MB
# max size of content to be stored in main memory
maximum_object_size_in_memory 7000 KB
# policy for cache replacement if memory is full
cache_replacement_policy heap LFUDA
# the directory to be used for storing cache on your hdd
cache_dir aufs /var/spool/squid 200 16 256
# max file descriptor open at a time .. 0(unlimited)
max_open_disk_fds 0
# min object size to cache on hdd
minimum_object_size 0 KB
# max object size to cache on hdd
maximum_object_size 16384 KB
# access log
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
store_avg_object_size 20 KB
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
refresh_stale_hit 5 seconds
acl SSL_ports port 443 563 1863 5190 5222 5050 6667
# Allow AIM protocols
acl AIM_ports port 5190 9898 6667
acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net
acl AIM_domains dstdomain .messaging.aol.com .aim.com
acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net
acl AIM_nets dst 64.12.0.0/255.255.0.0
acl AIM_methods method CONNECT
http_access allow AIM_methods AIM_ports AIM_nets
http_access allow AIM_methods AIM_ports AIM_hosts
http_access allow AIM_methods AIM_ports AIM_domains
# Allow Yahoo Messenger
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
# Allow GTalk
acl GTALK_ports port 5222 5050
acl GTALK_domains dstdomain .google.com
acl GTALK_hosts dstdomain talk.google.com
acl GTALK_methods method CONNECT
http_access allow GTALK_methods GTALK_ports GTALK_hosts
http_access allow GTALK_methods GTALK_ports GTALK_domains
# Allow MSN
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 207.46.111.0/255.255.255.0
acl MSN_methods method CONNECT
http_access allow MSN_methods MSN_ports MSN_hosts
# Turn this off if hierarchical behavior is needed
nonhierarchical_direct off
never_direct deny myip
hosts_file /etc/hosts
coredump_dir /var/spool/squid

That’s the minimal configuration you need for running squid in hierarchical way. Save the squid.conf file and start/restart/reload the squid service. Setup your browser to use your machine as proxy and while using it’ll cache all the static content. You should experience some reduction in average page load time.

Advantages

I am currently using squid in above configuration. And its turning out to be nice for me. I am browsing websites faster and saving a chunk of bandwidth for my institute.

Disadvantages

Introduction of another proxy server increases the latency for dynamic content.

Notice

The above configurations and views are a result of my understanding of squid. If you feel this may break your system or it may have adverse effects, don’t use them. At least don’t use these on a production system.

 

Review: Firefox 3 Beta 1

Firefox 3 Beta 1 is available now. I downloaded the package yesterday morning and started using it right away. While using, I figured out some of the good things and at the same time there are some bad things about this test release. Here is what I feel about Firefox 3 Beta 1.

BTW, you can get beta 1 for Firefox 3 here. I am not going to tell, how to install firefox :)

Positives:

1.Nice Default Font:

Well someone may argue that you can configure any font in any version of Firefox, so whats the good thing about this default font in Firefox 3 Beta1. Well, I’ll say that configuration is always available but nobody gives a damn to configure the font in browser. I am liking this default font in FF3 Beta1 and everything now seems interesting to read. I have Read more than 40 wiki pages since last two days.

2.New FTP Listing Style:

The FTP listings in Firefox 3 Beta 1 has got new stylesheet. Its not dirty any more. It feels good while browsing ftp now. See the screen-shot below.

FTP Listing In Firefox

3.Website Identity:

This is new feature, but I couldn’t find it useful. When you click on favicon in the location bar, a pop-up kinda thing comes up, which tells about the identity of the site you are visiting. Check out the snapshot below.

Website Identity in Firefox

4.Drag n Drop:

You can now hold any thing in Firefox 3 Beta 1 and drag it anywhere you want. Though I could not drop the images to gimp or anywhere else, it looks good. I think its in the development stage right now.

Drag and Drop in Firefox Drag and Drop in Firefox

5.Bookmarks:

Bookmarking a website or editing your bookmarks is far easier now. You can edit a bookmarked site while its loading or can bookmark the site by just clicking a button. A new star-shaped button has been added in the location bar before the go button. If a site is not bookmarked, clicking the button will just bookmark it without asking for anything. If you again click on the button, now you can edit or delete the site you just bookmarked.

Bookmark Editing in Firefox

6.Adding Search Engine:

In firefox 3 beta 1, you can add the site you are browsing in you search engine list just like google, imdb, wikipedia, yahoo or whatever. But this is not valid for every website. Every website in this world can’t be a search engine 😛 Checkout the snapshot or KDE.

Adding Search Engine in Firefox

7.Link sorting/searching in location bar:

Firefox 3 beta 1 implements a new searching/sorting mechanism for links in location bar. As you type some letters, those are now searched in the link as well as the title of the page and then the links are sorted and displayed as list. In drop down list, you can also see the sites on your bookmarks.

8.Places Folder:

A new bookmark folder named ‘Places’ has been added. It has 6 sub-folders which contains links to different site based on a particular criterion. Some of them are ‘Recently Starred Pages’, ‘Recently Visited Starred Pages’, ‘Most Visited Starred Pages’ etc. I was looking for something like this since a long time. Because every time I login into my PC and fire up my firefox, first of all, I visit 8-10 sites (students mail, slashdot, iiit blogroll, yahoo mail, gmail, forum, orkut etc.). Now, I can open all of them in just one click. I click on ‘Most Visited Starred Pages’ and done.

9.Low Memory:

Well, a review of Firefox 3 Beta 1 on zdnet, say that Firefox 3 beta 1 is consuming low memory than Firefox 2 and IE 7. That review is for Firefox in windows. But in Fedora 7, I didn’t experience any reduction in memory usage.

10.Faster:

I don’t know how to justify this, but Firefox 3 Beta 1 seems to load pages faster. What I could think was that, when you click go, it loads the page in the background for some-time and then suddenly flushes the page to the screen and it appears that the entire page has been loaded in one go. I may be wrong though.

11.Improved GUI:

The rendering of buttons, input fields, images in the pages have improved a lot and buttons and drop down menus look better now.

Negatives:

1.Extensions:

Life is a bit or I should say a byte difficult with Firefox extensions. Now, I am too much used to use these extensions that I can’t live without them. I’ll crash if I don’t have ‘Undo Closed Tab’ extension. I keep making stupid mistakes. All the extensions are not yet available for Firefox 3, so its a problem.

2.Multiple Tabs:

Firefox 3 Beta 1 immediately dies if I open more than 20 tabs. I opened my wiki saved session (39 tabs) and after sometime I was searching for Firefox. Where the hell firefox window has gone?

3.Crashes:

I don’t know what exactly is the problem, but I think Firefox 3 revolts against Yahoo Mail and GMail. Whenever I open Yahoo Mail or GMail, Firefox 3 Beta 1 crashes. Either there is some problem with the heavily loaded mail pages or it doesn’t want me to use GMail or Yahoo.

Well, there may be lot more positives and negatives. These are the things I noticed about Firefox 3 Beta 1 in last two days. As the positives list is ruling the negatives, I am using Firefox 3 Beta 1 full time these days.

PS : @Paresh I think FF3 is better than FF2 in many ways. But you may want to wait for all the extensions to be compatible with FF3.

 

How To: Configure Wireless with Ralink (rt2500) Level One WNC 0301 in Fedora 7

If you are searching for wireless lan configuration in Fedora Core 6, a detailed description is available here. Though Fedora 7 – Moonshine detect the Ralink rt2500 Level One WNC-0301 wireless lan card, the network doesn’t work properly with default drivers. You may be able to connect sometime, but some other time it may not function properly. Because ralink drivers are not yet stable. See the discussions here. So, here is a step by step complete reference to how to make it work properly.

Step 1: Download the latest CVS release of Ralink rt2500 drivers from here.

Step 2: Unload the kernel module for rt2500 drivers

[root@bordeaux kulbirsaini] rmmod rt2500pci [Enter]

Step 3: Go to the directory /lib/modules/2.6.21-1.3194.fc7/kernel/drivers/net/wireless/mac80211/rt2x00 and take backup of the current rt2500pci driver module.

[root@bordeaux rt2x00] mv rt2500pci.ko back.rt2500pci.ko [Enter]

Step 4: Untar the download driver tar ball and change to the directory ./rt2500-cvs-XXXXXXXXXX/Module/

1
2
[root@bordeaux Module] make [Enter]
[root@bordeaux Module] make install-fedora [Enter]

Step 5: Open /etc/modprobe.conf file and add a line

alias wlan0 rt2500

Save the file and load the rt2500 driver.

[root@bordeaux kulbirsaini] modprobe rt2500 [Enter]

Step 6: Go to the directory /etc/sysconfig/network-scripts/ and create a file named ifcfg-wmaster0. Copy the contents of ifcfg-wlan0 to the ifcfg-wmaster0. If you don’t have ifcfg-wlan0 file, then issue command ‘neat’ as root and add new wireless device with appropriate configurations and ifcfg-wlan0 will be created in the process.

Step 7: Activate the device, what else ???

PS1 : You can refer to my ifcfg-wlan0 and ifcfg-wmaster0 files.

PS2 : You can ask for more details on any issues in the any of the above steps.

 

How To: Configure Wireless with Ralink (rt2500) Level One WNC-0301 in Fedora Core 6

Well … Yesterday I switched from Fedora Core 4 to Fedora Core 6. The main problem was the wireless lan. As I was using ndiswrapper for wlan in FC4, I tried compiling it for FC6. But FC6 doesn’t have build packages so it didn’t work out. Then I installed the kernel-devel packages from here. Now the build packages were not a problem. I installed ndiswrapper from here. Now while installing ndiswrapper it gave an error that your kernel is using 4k stack, while for windows driver you need to have a kernel with 16k stack. I googled and searched the 16k stack version for my kernel but didnt get one. I used to download 16k stack kernel from here. But 16k stack kernel is not yet out for FC6. So its almost impossible for me to get ndiswrapper to work if I dont want to mess up with the patched and all.

Then I thought of using the native drivers for rt2500 (Level One wnc-0301). I downloaded the drivers from here.
The step by step installation is here ….

Step 0

Install the kernel-devel package from the above specified site.

[root@localhost ~]# rpm -ivh kernel-devel-yourkernel.rpm

Step 1

Untar the drivers.

[root@localhost ~]# tar -xvzf rt2500-1.1.0-b4.tar.gz

Step 2

Change the directory to Module

[root@localhost ~]# cd rt2500-1.1.0-b4/Module/

Step 3

compile the modules

[root@localhost ~]# make

If this gives error like this

1
2
3
4
5
6
7
8
9
make[1]: Entering directory '/usr/src/kernels/2.6.18-1.2798.fc6-xen-i686'
CC [M]  /home2/Softwares/Drivers/rt2500-1.1.0-b4/Module/rtmp_main.o
In file included from /home2/Softwares/Drivers/rt2500-1.1.0-b4/Module/rtmp_main.c:50:
/home2/Softwares/Drivers/rt2500-1.1.0-b4/Module/rt_config.h:58:40: error: linux/config.h: No such file or directory
make[2]: *** [/home2/Softwares/Drivers/rt2500-1.1.0-b4/Module/rtmp_main.o] Error 1
make[1]: *** [_module_/home2/Softwares/Drivers/rt2500-1.1.0-b4/Module] Error 2
make[1]: Leaving directory '/usr/src/kernels/2.6.18-1.2798.fc6-xen-i686'
rt2500.ko failed to build!
make: *** [module] Error 1

Then open the file rt_config.h and comment the line #include<linux/config.h> and again compile by issuing make.
If you get a different error try to debug if you know c-programming a bit.
Step 4. [Do as root]
Install the module

[root@localhost ~]# make install-fedora

Step 5 [Do as root]

Configure the wlan card.

[root@localhost ~]# neat

Now select a new connection and wireless and the the Ralink driver. Thats it. Activate the wlan0.

Hope this help a bit.
More suggestions are welcome.

Edit : If you are looking for wireless configuration in Fedora 7, here is a reference.

 

How To: Configure Wireless with Ralink (RT2500) Level One WNC 0301 in Fedora Core 4

Yesterday after a lot of trials with Fedora Core 5 to activate my wireless LAN card, I switched to Fedora Core 4, which looked much more stable than FC5. Actually with FC5, I mainly faced problems with gui , my mouse which is Microsoft USB mouse and my wlan card which is level one Ralink RT2500. In FC5, I tried both with ndiswrapper and madwifi but nothing worked out for me. Also my mouse was not working well. I can click things but the pointer was not visible like microsoft gave me a invisible mouse or this microsoft mouse don’t want to work with Linux. After installing FC4, I felt very comfortable with guis and my mouse. They worked fine. But now there were two problems. One is that FC4 was not able to detect my soundcard and the wlan was not working again. Anyway soundcard is not a big problem, as it worked in FC5, I’ll make it work with some up-gradation or things like that. But the major problem is wlan. And here goes the methods which I tried to activate my wlan card.

Method 1. With rpms

I downloaded these rpms

1
2
3
madwifi-0.9.4.12-16.rhfc4.at.i386.rpm
madwifi-kmdl-2.6.11-1.1369_FC4-0.9.4.12-16.rhfc4.at.i686.rpm
madwifi-hal-kmdl-2.6.16-1.2111_FC4smp-0.9.6.0-20.rhfc4.at.i686.rpm

from the site atrpms and tried installing them but they failed the dependency /boot/vmlinuz-2.6.16-1.2111_FC4 , then i tried to find this rpm everywhere on google , rpmfind etc …. but I could not find it. Then I installed it with –nodeps option and configured according to the data given here .
But in vain.

Method 2. With ndiswrapper using Microsoft Windows XP drivers

I downloaded the ndiswrapper-1.16 from sourceforge.
I untarred it and used these commands.

1
2
3
make uninstall
make
make install

Please don’t forget to the read the INSTALL and README files in the ndiswrapper-1.* directory. Then I inserted my LAN card driver cd for XP and copied the drivers directory which contains .inf and .sys files to my root directory. Then I used the commands .

1
2
3
4
5
ndiswrapper -i Rt2500.INF
ndiswrapper -l
modprobe ndiswrapper
iwconfig "wlan0" key open "wep 128 bit hex key" ESSID "IIIT WLAN"
dhclient wlan0

I ran all this command and I am very happy to say that wireless LAN did not work. :) Then I ran this command

touch /etc/sysconfig/network-scripts/ifcfg-wlan0

and then edited this file. I entered all the data suggested here except that second line I wrote

DEVICE=wlan0

OK. Then i ran

neat

and edited the properties of wlan device by double clicking it and gave the 26 letters wlan key there and activated the device and it worked 😀