No complaints here.
> I work for a college with 2 Mac labs and we currently have 58 licenses
> for Extensis Suitcase. I'm also currently putting together a pitch on
> why we should buy 2 XServe units (or alternatively 2 OS X Server
> systems running on two regular computers) for the NetBoot capabilities.
> However Suitcase is one of the roadblocks I've come across. When a
> computer is started up Suitcase will check the network to see if any
> other machines are running the same s/n and will shut off if it finds
> one. In order to use NetBoot they would all have to operate with the
> same number. I've contacted Extensis but their reply was simply they
> don't support network booting and never will.
Oddly, the details of Suitcase's network serial check do not appear to have
been made public. I basing that one the fact that I couldn't find anything
with a Google search, nor have a seen anything mentioned on the Newsgroups.
I remember the network serial check M$'s Word (or Office maybe) performed
was documented, flamed and broken very quickly.
Nonetheless, you can employ your own little bit of detective work, and
should have the information fairly quickly - depending on how clever
Extensis decide to be. First, you need a packet sniffer. There is a command
line one already installed in OS X (tcpdump) which is useable, but the front
ends MacSniffer and Sniffles can be a lot nicer.
Basically, all you need to do is fire up one of these sniffers on a computer
with Suitcase. It will be easier if this computer has nothing else running,
and it only connected to one other computer. Start the sniffer, and then
start Suitcase. If too many packets appear in the sniffer, you may need to
limit its scope by supplying a filter to the sniffer. You shouldn't have to
though, if nothing else is running on the computer.
Have a look at the packets which appear with Suitcase starts up. Most
importantly, check the source and destination port of packets which seem to
you to be part of the serial check.
If you can identify a common port number, then it is time to test a block.
Follow the instructions at <http://www3.sympatico.ca/dccote/firewall.html>
or elsewhere to set up an entry in your firewall which blocks the port you
saw during the sniffing.
Try Suitcase again, and see if it can still see the same serial being used.
You may need to do a few cycles of this technique to nail it.
> Their are probably more reasons why the bureaucrats wouldn't consider
> the proposal than reasons why they would (the top three reasons being
> 1. money, 2. money, and finally 3. money) so if I can eliminate the
> Suitcase issue before hand it would help. Is there any way to disable
> the s/n check Suitcase makes when it launches or anyplace I can look to
> find more information on the subject? We still own 58 licenses and can
> run it legally on 58 machines whether or not their all using the same
> s/n or not, our annual software audit wouldn't find a problem with
> that. Thanks much for any help you can offer.
Got me confinced.
LY
--
LightYear_ __ *"Programming today is a race between software
/ / / | / / / * engineers striving to build bigger and better
/ / / _ /-/ / * idiot-proof programs, and the Universe, trying
/__ / |_/ / / / * to produce bigger and better idiots. So far,
/-----------------/ * the Universe is winning." -Rich Cook
*--------------------------------------------------------*
| ^Nothing is foolproof to a sufficiently talented fool^ |
| Heath Raftery, HRSoftWorks _\|/_ |
*______________________________________m_('.')_m_________*
In article <b3u3h0$6vc$1...@seagoon.newcastle.edu.au>, LightYear
>that should work for a while until extensis gets smart enough to put in
>code to either force a connection by loading before the firewall does
>and conflict with it and disable it or or naggs by saying suitcase is
>disabled until you make a network connection and allow verifying.
From the discussion it seems like the issue is with a LAN check, not with some
registration server somewhere... so that shouldn't be an issue.
>Sounds like part of a plan, problem being we're not running X on the
>student machines, yet anyway. But I think I've got enough information
>to figure something out. We've blocked ports on the server side before
>(think Kazza), not sure how it will react from within the network but
>it's a start. Thanks so much for your imput.
Maybe I'm wrong but aren't you talking about a LAN check, ie, each copy of
suitcase broadcasts a hash of it's serial or something across the LAN and
locking up if anyone else has the same SN. That being the case, you need to
block at the machines, not at the gateway between the machines and the
internet.
If there's no checksums, the easiest solution would seem to be noping out OTSnd
or something.
You have no idea what the phuck you're talking about.
>In article <20030304072224...@mb-cg.aol.com>, MP0werd
><mp0...@aol.com> wrote:
>
>> Chris Moore chris...@mac.com wrote:
>>
>> >Sounds like part of a plan, problem being we're not running X on the
>> >student machines, yet anyway. But I think I've got enough information
>> >to figure something out. We've blocked ports on the server side before
>> >(think Kazza), not sure how it will react from within the network but
>> >it's a start. Thanks so much for your imput.
>>
>> Maybe I'm wrong but aren't you talking about a LAN check, ie, each copy
>of
>> suitcase broadcasts a hash of it's serial or something across the LAN
>and
>> locking up if anyone else has the same SN. That being the case, you need
>to
>> block at the machines, not at the gateway between the machines and the
>> internet.
>
>I was thinking on the OS X server side. With NetBoot, I make an
>unchangeable disk image that all the machines boot from. Then to
>temporarily store dynamic information such as preferences each machine
>copies that information to a space on the host machine which is flushed
>when the client machine shuts down or restarts. You can theoretically
>run client machines without hard drives. Do you think blocking the port
>on the OS X server would serve any purpose or would most of the checks
>come from the client side within the RAM?
From your earlier posts, it sounds like each copy of suitcase sends data on the
LAN about it's serial number. If another copy of suitcase has the serial number
and is listening on the LAN, it will respond preventing further copies of
suitcase with the same serial number from booting. That being the case, you
would have to block the communication between machines with the same serial
number, and for that you'd need each machine to run a firewall.
...
> Their are probably more reasons why the bureaucrats wouldn't consider
> the proposal than reasons why they would (the top three reasons being
> 1. money, 2. money, and finally 3. money) so if I can eliminate the
> Suitcase issue before hand it would help. Is there any way to disable
> the s/n check Suitcase makes when it launches or anyplace I can look to
> find more information on the subject? We still own 58 licenses and can
> run it legally on 58 machines whether or not their all using the same
> s/n or not, our annual software audit wouldn't find a problem with
> that. Thanks much for any help you can offer.
I dont get it. If you licensed 58 installations why isnt Extensis
willing to send you 58 SNs?
Depending on how the network check works, it may (note, MAY) be possible to
just have another app listening on the port preventing suitcase from listening
on the port. That requires that Open Transport restrict a port to 1 program
which is usually the case. That saves you from having to put a firewall on each
machine, just a program.
Use tcpdump or some other sniffer to see how the network check is done and get
back to us.