# Oidentd bad IRC Ident ~



## enCyde (May 4, 2012)

Can't get my ident on IRC to work (~) 

I have searched the forum for an answer but none of the threads has solved my problem, maybe I just don't understand. Anyway here is my problem. 

Oidentd installed. Port 113 is open.

```
oidentd_enable="YES"
```
 is added.

*H*ere is my oidentd.conf:


```
default {
        default {
                allow spoof
                deny spoof_all
                deny spoof_privport
                allow random_numeric
                allow numeric
                allow hide
        }
}

global { Reply "hello" }

user root {
        default {
                force reply "UNKNOWN"
        }
}
```

*W*hat have I missed? I'm doing something wrong, I know that.


----------



## SirDice (May 4, 2012)

If you're behind a router you need to make sure port 113 is forwarded on it.


----------



## enCyde (May 4, 2012)

Hi SirDice.

The port is forwarded to the server.


----------



## SirDice (May 4, 2012)

Run a tcpdump(1) on your server and see if packets are actually arriving.

Something like this should do the trick:
`# tcpdump -Xn port 113`


----------



## enCyde (May 4, 2012)

```
Listening on bgd0, link-type EN10MB (ethernet) capture size 65535 bytes.
```


----------



## SirDice (May 4, 2012)

When tcpdump(1) is running *e*licit an ident check. You should see the connection being built. If there's nothing being printed (besides the first line you showed) there's nothing coming in. Either your forwarding isn't working correctly or the IRC server isn't sending an ident request.


----------



## enCyde (May 4, 2012)

*H*mm, is there anything else that can cause it? *E*xcept the firewall. Anything in the hosts file? *O*r the network setup? I will take a look when I get home.


----------



## enCyde (May 4, 2012)

I have no idea why I don't get a respons*e* on port 113. It's all open in the firewall.


----------



## Abriel (May 4, 2012)

Try
[CMD="tcpdump"] -l -i your_internet_interface | grep auth[/CMD]
because 
[CMD="tcpdump"]-Xn port 113[/CMD]
don't work.

I remember *I* had a problem with D-Link routers and forwarding. After *I* kicked it from my network, everything started to work.

This 
	
	



```
global { Reply "hello" }
```

doesn't work in my config, try disabling it and run oidentd.


----------



## enCyde (May 5, 2012)

Thanks for the reply. But that did not solve my problem.

I was looking into /var/log/messages and I found this 
	
	



```
inetd[1623]: /etc/inetd.conf: too many arguments for service auth
```

Maybe this is the problem. I'm not sure


----------



## enCyde (May 5, 2012)

```
#auth   stream  tcp     nowait  root    internal
#auth   stream  tcp6    nowait  root    internal

#  auth stream  tcp     nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
#  auth stream  tcp6    nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
```

I have those lines.

---

And another thing is: my oidentd.conf is located in /usr/local/etc/oidentd.conf, isn't that wrong? *I*sn't it suppose*d* to be located like /etc/oidentd.conf ?


----------



## enCyde (May 5, 2012)

And when I run [cmd-]tcpdump -l -i bge0 | grep auth[/cmd] and connect to an IRC server that is trying to get my ident it shows this:


```
11:06:45.885338 IP 192.168.1.3.auth > irc.dal.net.56767: Flags [S.],
 seq 3121924455, ack 3002587242, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
```

*I*s that telling me something is wrong or what?


----------



## Abriel (May 5, 2012)

/usr/local/etc/oidentd.conf is correct.

Show me:
[CMD="ps"]aux | grep oidentd[/CMD]


----------



## enCyde (May 5, 2012)

```
4m3rz# ps aux | grep oidentd
root    9381   0.0  0.1   9748   1228   0  R+   12:52PM   0:00.00 grep oidentd
```

that is what I get.

*Abriel:*
You fixed yours. Is there anything I need to edit in /etc/inetd.conf ?


----------



## Abriel (May 5, 2012)

So, show me
[CMD="/usr/local/etc/rc.d/oidentd"]rcvar[/CMD]


----------



## enCyde (May 5, 2012)

```
l4m3rz# /usr/local/etc/rc.d/oidentd rcvar
# oidentd
#
oidentd_enable="YES"
#   (default: "")
```

There you go.


----------



## Abriel (May 5, 2012)

[CMD="/usr/local/etc/rc.d/oidentd"]start[/CMD]
and
[CMD="ps"]aux | grep oidentd[/CMD]


----------



## enCyde (May 5, 2012)

```
l4m3rz# /usr/local/etc/rc.d/oidentd start
oidentd already running? (pid=9020).

ps aux | grep oidentd
l4m3rz# root    9500   0.0  0.1   9748   1228   0  R+    1:30PM   0:00.00 grep o
```


----------



## Abriel (May 5, 2012)

Weird, you should have something like this

```
root     1695   0.0  0.0  10052   1496  ??  Is   12:40PM     0:00.00 /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.conf
```


----------



## enCyde (May 5, 2012)

Is there anything I need to edit in /etc/inetd.conf?


----------



## Abriel (May 5, 2012)

No, but you can try turn off *inetd*
[CMD="/etc/rc.d/inetd"]stop[/CMD]
and then
[CMD="/usr/local/etc/rc.d/oidentd"]restart[/CMD]


----------



## enCyde (May 5, 2012)

```
l4m3rz# /etc/rc.d/inetd stop
Stopping inetd.
Waiting for PIDS: 9213.
l4m3rz# /usr/local/etc/rc.d/oidentd restart
Stopping oidentd.
Starting oidentd.
l4m3rz# ps aux | grep oidentd
root    9660   0.0  0.1   9748   1240   1  RL+   2:38PM   0:00.00 grep oidentd
```


----------



## enCyde (May 5, 2012)

Okey I did a *chmod* on oidentd.conf and did.


```
l4m3rz# ps aux | grep oidentd
root    9760   0.0  0.1   9540   1324  ??  Is    3:05PM   0:00.00 /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.conf
root    9776   0.0  0.1   9748   1276   1  S+    3:07PM   0:00.00 grep oidentd
```

I think I got the correct output now, right?


----------



## Abriel (May 5, 2012)

How is ident reponse on irssi now?


----------



## enCyde (May 5, 2012)

I don't know what the heck is wrong. I still get 
	
	



```
*** No Ident response
```
 I don't know what to look at next.


----------



## Abriel (May 5, 2012)

I did
[CMD=""] tcpdump -l -i tun0 | grep auth[/CMD]
then
[CMD=""]irssi -c punch.va.us.dal.net[/CMD]
I got in tcpdump:

```
19:57:28.117748 IP punch.va.us.dal.net.62658 > zse.auth: Flags [S], seq 823519017, win 65535, options
 [mss 1414,nop,wscale 0,nop,nop,TS val 3202287616 ecr 0,sackOK,eol], length 0
19:57:28.117842 IP zse.auth > punch.va.us.dal.net.62658: Flags [S.], seq 801830597, ack 823519018, win 65535, options 
 [mss 1414,nop,wscale 6,sackOK,TS val 1265770280 ecr 3202287616], length 0
19:57:28.247268 IP punch.va.us.dal.net.62658 > zse.auth: Flags [.], ack 1, win 65535, options
 [nop,nop,TS val 3202287745 ecr 1265770280], length 0
19:57:28.247526 IP punch.va.us.dal.net.62658 > zse.auth: Flags [P.], seq 1:15, ack 1, win 65535, options
 [nop,nop,TS val 3202287745 ecr 1265770280], length 14
19:57:28.248714 IP zse.auth > punch.va.us.dal.net.62658: Flags [P.], seq 1:32, ack 15, win 1029, options
 [nop,nop,TS val 1265770411 ecr 3202287745], length 31
19:57:28.249001 IP zse.auth > punch.va.us.dal.net.62658: Flags [F.], seq 32, ack 15, win 1029, options
 [nop,nop,TS val 1265770411 ecr 3202287745], length 0
19:57:28.376670 IP punch.va.us.dal.net.62658 > zse.auth: Flags [.], ack 33, win 65535, options
 [nop,nop,TS val 3202287876 ecr 1265770411], length 0
19:57:28.376718 IP punch.va.us.dal.net.62658 > zse.auth: Flags [F.], seq 15, ack 33, win 65535, options
 [nop,nop,TS val 3202287876 ecr 1265770411], length 0
19:57:28.376756 IP zse.auth > punch.va.us.dal.net.62658: Flags [.], ack 16, win 1029, options 
[nop,nop,TS val 1265770539 ecr 3202287876], length 0
```

What is in your tcpdump?
Try [CMD=""]telnet your_internet_ip 113[/CMD] from other PC, and check tcpdump.


----------



## enCyde (May 6, 2012)

That is my tcpdump when I do `irssi -c punch.va.us.dal.net`


```
istening on bge0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:33:44.791022 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,nop,wscale 0,nop,nop,TS val 3233308731 ecr 0,sackOK,eol], length 0
04:33:44.791043 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3507088248 ecr 3233308731], length 0
04:33:47.790640 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,nop,wscale 0,nop,nop,TS val 3233311731 ecr 0,sackOK,eol], length 0
04:33:47.790675 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3507088248 ecr 3233311731], length 0
04:33:50.789943 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3507088248 ecr 3233311731], length 0
04:33:50.990586 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,nop,wscale 0,nop,nop,TS val 3233314931 ecr 0,sackOK,eol], length 0
04:33:50.990601 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3507088248 ecr 3233314931], length 0
04:33:53.989940 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3507088248 ecr 3233314931], length 0
04:33:54.190430 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,sackOK,eol], length 0
04:33:54.190458 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:33:57.189943 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:33:57.390274 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,sackOK,eol], length 0
04:33:57.390291 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:00.389930 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:00.590567 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,sackOK,eol], length 0
04:34:00.590578 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:03.589940 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:06.789990 IP punch.va.us.dal.net.42707 > 192.168.1.3.auth: Flags [S], seq 2310441118, win 65535, options [mss 1460,sackOK,eol], length 0
04:34:06.790025 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:09.789940 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:15.789939 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
04:34:27.789939 IP 192.168.1.3.auth > punch.va.us.dal.net.42707: Flags [S.], seq 1209949541, ack 2310441119, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
```

and I get 
	
	



```
*** No Ident response
```

And when I do


```
$ telnet MYIP 113
Trying MYIP...
Connected to MYIP.......
Escape character is '^]'.
```

I get in tcpdump


```
4:37:31.564807 IP staticMYIP.25888 > 192.168.1.3.auth: Flags [S], seq 1628161763, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 32838901 ecr 0], length 0
04:37:31.564826 IP 192.168.1.3.auth > staticMYIP.25888: Flags [S.], seq 3868942309, ack 1628161764, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 4242943730 ecr 32838901], length 0
04:37:31.565159 IP staticMYIP.auth > 192.168.1.3.25888: Flags [S.], seq 3868942309, ack 1628161764, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 4242943730 ecr 32838901], length 0
04:37:31.565177 IP 192.168.1.3.25888 > staticMYIP.auth: Flags [.], ack 1, win 1040, options [nop,nop,TS val 32838904 ecr 4242943730], length 0
04:37:31.565352 IP staticMYIP.25888 > 192.168.1.3.auth: Flags [.], ack 1, win 1040, options [nop,nop,TS val 32838904 ecr 4242943730], length 0
04:38:01.566234 IP 192.168.1.3.auth > staticMYIP.25888: Flags [F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 4242973732 ecr 32838904], length 0
04:38:01.566575 IP staticMYIP.auth > 192.168.1.3.25888: Flags [F.], seq 1, ack 1, win 1040, options [nop,nop,TS val 4242973732 ecr 32838904], length 0
04:38:01.566601 IP 192.168.1.3.25888 > staticMYIP.auth: Flags [.], ack 2, win 1040, options [nop,nop,TS val 32868905 ecr 4242973732], length 0
04:38:01.566707 IP 192.168.1.3.25888 > staticMYIP.auth: Flags [F.], seq 1, ack 2, win 1040, options [nop,nop,TS val 32868905 ecr 4242973732], length 0
04:38:01.566877 IP staticMYIP.25888 > 192.168.1.3.auth: Flags [.], ack 2, win 1040, options [nop,nop,TS val 32868905 ecr 4242973732], length 0
04:38:01.567036 IP staticMYIP.25888 > 192.168.1.3.auth: Flags [F.], seq 1, ack 2, win 1040, options [nop,nop,TS val 32868905 ecr 4242973732], length 0
04:38:01.567056 IP 192.168.1.3.auth > staticMYIP.25888: Flags [.], ack 2, win 1040, options [nop,nop,TS val 4242973733 ecr 32868905], length 0
04:38:01.567347 IP staticMYIP.auth > 192.168.1.3.25888: Flags [.], ack 2, win 1040, options [nop,nop,TS val 4242973733 ecr 32868905], length 0
```


----------

