3 <li><a href="#Using Samba as an AFS gateway"> Using Samba as an AFS gateway</a><ul>
4 <li><a href="#Plain text passwords sent over n"> Plain text passwords sent over network</a><ul>
5 <li><a href="#Compile Samba 2 --with-pam"> Compile Samba 2 --with-pam</a></li>
6 <li><a href="#Compile Samba 2 --with-afs"> Compile Samba 2 --with-afs</a></li>
9 <li><a href="#No plain text passwords sent ove"> No plain text passwords sent over network</a><ul>
10 <li><a href="#kSAMBA"> kSAMBA</a></li>
11 <li><a href="#SMBKlog"> SMBKlog</a></li>
12 <li><a href="#FOKSTRAUT"> FOKSTRAUT</a></li>
15 <li><a href="#New: More secure options"> New: More secure options</a><ul>
16 <li><a href="#Samba 3 built-in AFS support"> Samba 3 built-in AFS support</a></li>
17 <li><a href="#kimpersonate"> kimpersonate </a></li>
20 <li><a href="#Random Links"> Random Links</a></li>
21 <li><a href="#Attachments"> Attachments</a></li>
27 # <a name="Using Samba as an AFS gateway"></a> Using Samba as an AFS gateway
29 Recently I've been researching methods of using Samba as an AFS gateway. Below are my findings so far. Please feel free to add/correct stuff. -- [[DanielClark]] - 04 Aug 2002
31 ## <a name="Plain text passwords sent over n"></a> Plain text passwords sent over network
33 In these solutions the plain text password is sent over the network. This requires [[EnablePlainTextPassword]] be set on your Windows hosts. Plain text passwords are necessary with stock Samba because the method that SMB uses for secure authentication is not compatible with Kerberos. Therefore the Samba server must have your plain text password so it can in turn get you AFS tokens using your password.
37 - No new software needs to be installed on clients
38 - Only required change on clients is to set a registry key
42 - Passwords sent in plain text over the network
43 - Clients may initially try to use plain text passwords to login to SMB servers other than the AFS gateway
44 - Client gets no warning before AFS tokens expire
45 - To get new tokens, client must unmap and then remap the drive letter corresponding to the AFS gateway
47 ### <a name="Compile Samba 2 --with-pam"></a> Compile Samba 2 --with-pam
49 This causes Samba to use pluggable authentication modules (PAM) for authentication. PAM is available on many Unix variants, notably Linux and Solaris. There are PAM modules for the various Kerberos implementations that work with AFS; the module for the default kaserver comes with [[OpenAFS]]. For some more info on PAM see the [Samba doc](http://de.samba.org/samba/ftp/docs/htmldocs/Samba-HOWTO-Collection.html#PAM). Many precompiled versions of Samba are built with this option (i.e. Redhat's Samba RPMs)
53 - The only method that is integrated into Samba core and pretty much guaranteed to be maintained and work with all future Samba releases, as it is generally useful to people for purposes other then using Samba as an AFS gateway. There seem to be no people on the Samba core team that have an active interest in AFS.
57 - Doesn't work with operating systems that do not support PAM.
59 ### <a name="Compile Samba 2 --with-afs"></a> Compile Samba 2 --with-afs
61 This links Samba against AFS authentication code directly.
65 - May work with systems that do not support PAM.
69 - Not actively maintained. Author states the option may be suffering from bit rot.
70 - Several people have mentioned difficulty getting the library and header paths right, mentioning conflicts between [[OpenAFS]], [[OpenSSL]] and non-AFS Kerberos libraries and header files. It is unclear if this code is works with the latest Samba and [[OpenAFS]] releases at all.
71 - May need to hunt around on the internet for a patch to make this work against a specific OS type and Samba version, and then use that older Samba version.
72 - Patch for AIX / Samba 2.0.4b: <http://www.mail-archive.com/info-afs@transarc.com/msg02493.html>
74 ## <a name="No plain text passwords sent ove"></a> No plain text passwords sent over network
76 These are methods that avoid sending plain text passwords over the network.
84 - Requires modifications to stock Samba distribution
85 - Requires additional infrastructure beyond Samba
86 - All are primarily internal projects that people did for their employers, support may be minimal to nonexistent.
88 ### <a name="kSAMBA"></a> kSAMBA
90 kSamba is used for AFS translation in University of Michigan Campus sites. It also allows Windows workstations to authenticate and connect to UNIX SMB (Server Message Block) servers via a Kerberos out-of-band negotiation. This allows users to connect without entering a SMB password. A version of Samba 2.0.6 modified to support AFS and Kerberos is implemented on the server side.
92 <table border="1" cellpadding="0" cellspacing="0">
95 <td><a href="http://rsug.itd.umich.edu/software/ksamba.html" target="_top">http://rsug.itd.umich.edu/software/ksamba.html</a></td>
99 <td><a href="mailto:ifs.via.samba@umich.edu">ifs.via.samba@umich.edu</a></td>
105 - Very good security. Plain text passwords are not required to be sent over the network or kept on the Samba server.
106 - Has been in active use by a good number of clients for several years.
107 - Looks like it might have an interface to manipulate AFS permissions - see <http://lists.samba.org/pipermail/samba/1997-November/033982.html>
111 - Seems to be pretty specific to UMich's site - unclear if anyone else is using it.
112 - Requires each Windows client to install some software
113 - Windows client software doesn't seem to be open source
114 - Windows client software won't install on Windows 2000 or XP
115 - Looks like it may be tied to a specific Kerberos implementation
116 - Must run Samba 2.0.6 or do some porting to newer version
118 ### <a name="SMBKlog"></a> SMBKlog
120 SMBKlog uses out-of-band authentication over SSL. The server sends the client an RSA public key - the client encrypts the password with the public key and sends it to the server, which then decrypts it. There is an email explaining it at <http://samba.cadcamlab.org/lists/samba-technical/Jul2001/00363.html> .
122 <table border="1" cellpadding="0" cellspacing="0">
125 <td><a href="http://www22.brinkster.com/jvrobert" target="_top">http://www22.brinkster.com/jvrobert</a></td>
129 <td> Jason Robertson <a href="mailto:jason.v.robertson@intel.com">jason.v.robertson@intel.com</a></td>
135 - Password not sent over network in plain text
136 - Not specific to any particular Kerberos/AFS implementation [ Transarc/OpenAFS OK ]
137 - Uses [[OpenSSL]] so probably relatively easy to write new Windows clients
138 - Successfully used at Intel to comply with corporate security requirements
142 - Password exists in plain text form on Samba server, at least in memory, for some period of time (Samba server decrypts password to plaintext form and uses that to get AFS tokens)
143 - Requires each Windows client to install some software
144 - Windows client software dies on Windows 2000 and XP [ May be fixed in current version ]
145 - Must run specific Samba version or do some porting to newer version [ Should be straightforward ]
146 - Not under heavy active development.
150 - Frank Cameron (<cameron@ctc.com>) updated Jason's smbklog patches to work with Samba 2.2.7
151 - [samba-2.2.7-afstoken.patch](http://www.dementia.org/twiki//view/samba-2.2.7-afstoken.patch): Updated smbklog patch for Samba 2.2.7
152 - Also available is a patch to compile Samba 2.2.7 on [[RedHat]] 8
153 - [samba-2.2.7\_afstoken.spec](http://www.dementia.org/twiki//view/samba-2.2.7_afstoken.spec): Spec file to build Samba 2.2.7 w/ SMBKlog on RH 8
155 ### <a name="FOKSTRAUT"></a> FOKSTRAUT
157 **Fokstraut and Samba - Dealing with Authentication and Performance Issues On A Large Scale Samba Service**
159 Robert Beck & Steve Holstead, _University of Alberta_
163 At the University of Alberta, we have approximately 55,000 user id's using central services authenticated by Kerberos. We use AFS for central file service. We use Samba to provide Windows compatible access to much of our central file service. Samba contains a number of useful features for Microsoft Windows compatibility, including a kludge to deal with the problem of Windows sending an all uppercase version of a user's password. We observed that when Windows connects to a share, it frequently attempts many incorrect passwords repeatedly before trying the correct one. This created a very heavy authentication load on our central Samba service when users would connect every morning and authenticate. We observed this load and noticed that most of our problems were caused by repeated attempts to authenticate, and the high cost of checking these attempts.
165 To help reduce the load due to authentication, we implemented FOKSTRAUT, a set of modifications to Samba to cache recent password failures and successes in a DBM database built by the Samba server as it runs. By caching the recent failures we avoid expensive re-checks of the (many) other passwords Windows likes to send us. We also cache the correct case of the real password, and by doing so we avoid the expensive overhead of "cracking" an all uppercase password When Windows decides to send one. We also use FOKSTRAUT to cache the NT and LanMan password hashes of a users password once we see a successful authentication. This then allows us to use the newer Windows NT password hash after the user has connected once, without having to centrally convert and maintain a large SMB password file, and while maintaining the ability of our server to access services such as AFS which can not be authenticated against using the Windows password hash alone. Performance on our service has been drastically improved since the implementation of FOKSTRAUT.
167 <table border="1" cellpadding="0" cellspacing="0">
170 <td colspan="2"><a href="http://www.usenix.org/events/lisa2000/full_papers/beck/beck_html/" target="_top">http://www.usenix.org/events/lisa2000/full_papers/beck/beck_html/</a></td>
174 <td><a href="http://www.ualberta.ca/~sholstea/patches.tar" target="_top">http://www.ualberta.ca/~sholstea/patches.tar</a></td>
175 <td> Patches against Samba 2.2.4 </td>
179 <td colspan="2"> Steve Holstead <a href="mailto:Steve.Holstead@ualberta.ca">Steve.Holstead@ualberta.ca</a></td>
183 <td colspan="2"> Robert Beck <a href="mailto:beck@bofh.ucs.ualberta.ca">beck@bofh.ucs.ualberta.ca</a> or <a href="mailto:beck@obtuse.com">beck@obtuse.com</a></td>
189 - Password not sent over network in plain text
190 - In use for several years with a large number of clients
191 - Has advantages other than secure AFS login
192 - Seems to be under active development
193 - Support for automatic reauthentication before token lifetime ends recently added
194 - Requires no changes to Windows Clients. This is a unique feature of this method.
195 - Everything is under BSD style license terms
199 - Requires some out-of-band secure infrastructure for users to change their passwords.
200 - Authors mention using a simple script on a login server in which a user can make an SMB connect and authenticate themselves. Unsure of the security of this solution.
201 - Another possibility would be a web application behind an SSL server running on the same host as the Samba server.
202 - Passwords must be stored in cleartext on the Samba server.
204 ## <a name="New: More secure options"></a> New: More secure options
206 ### <a name="Samba 3 built-in AFS support"></a> Samba 3 built-in AFS support
208 It looks like Samba 3.0.4 has built-in AFS support (perhaps only for the Kerberos 4 kaserver on GNU/Linux with [[OpenAFS]] however). The relevant configure option looks like:
210 --with-fake-kaserver Include AFS fake-kaserver support (default=no)
214 - <http://www.samba.org/samba/docs/man/smb.conf.5.html#AFSSHARE>
215 - <news://news.gmane.org:119/E19sNzf-0002uv-00@intern.SerNet.DE>
216 - <http://www.dragoninc.on.ca/mail-archives/samba-technical/2003-10/0339.html>
217 - [http://marc.theaimsgroup.com/?l=samba&m=108238783519493&w=2](http://marc.theaimsgroup.com/?l=samba&m=108238783519493&w=2)
218 - [http://marc.theaimsgroup.com/?l=samba&m=108119099330691&w=2](http://marc.theaimsgroup.com/?l=samba&m=108119099330691&w=2)
219 - <http://lists.samba.org/archive/samba/2004-April/084693.html>
221 Also based on <http://us4.samba.org/samba/ftp/pre/WHATSNEW-3-0-5pre1.txt> it looks like Samba 3.0.5 will have support to display and set AFS acls via the NT security editor.
223 Here are some relevant comments from the Samba 3.0.4 code (author's homepage is at <http://www.sernet.de/vl/> ):
227 This routine takes a radical approach completely bypassing the
228 Kerberos idea of security and using AFS simply as an intelligent
229 file backend. Samba has persuaded itself somehow that the user is
230 actually correctly identified and then we create a ticket that the
231 AFS server hopefully accepts using its KeyFile that the admin has
232 kindly stored to our secrets.tdb.
234 Thanks to the book "Network Security -- PRIVATE Communication in a
235 PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner
236 Kerberos 4 tickets are not really hard to construct.
238 For the comments "Alice" is the User to be auth'ed, and "Bob" is the
242 ./source/lib/afs_settoken.c:
244 Put an AFS token into the Kernel so that it can authenticate against
245 the AFS server. This assumes correct local uid settings.
247 This is currently highly Linux and OpenAFS-specific. The correct API
248 call for this would be ktc_SetToken. But to do that we would have to
249 import a REALLY big bunch of libraries which I would currently like
253 ### <a name="kimpersonate"></a> kimpersonate
255 The major problem when exporting the AFS filespace read-write to SMB (Windows fileshareing) using Samba is the transfer of the user token to the smb-server. The simple may is to use clear-text password between the Windows client and the samba-server, and then to get tokens for the user with this password. This solution is clearly not acceptable for security aware AFS administrators.
257 On solution is to use \`kimpersonate' + store afs key on fileserver. To obtain the kimersonate code contact "Love H�rnquist-�strand" < lha () stacken ! kth ! se >
259 Here are some references to this technique:
261 - <https://lists.openafs.org/pipermail/openafs-info/2003-July/010026.html>
262 - <http://www.mail-archive.com/openafs-info@openafs.org/msg08471.html>
263 - <http://openbsd.mirrors.pair.com/src/usr.sbin/afs/src/doc/arla.info>
264 - <http://www.it.kth.se/~aep/licentiate/PB-lanman2001.pdf>
266 Here is the kimpersonate **README**:
271 kimpersonate takes a keytab/srvtab/AFS KeyFile and impersonates
272 kerberos credental case for a user. See manpage for documentation.
274 Very useful when using with samba.
276 Using kimpersonate with SAMBA
277 =============================
281 root preexec = /usr/samba/bin/su-user-login '%u'
283 Also see the su-user-login file, note that this file contains hacks
284 that parses the %u for samba 3.0-alpha22 something using domain
285 logins. Check that is matches your usage.
287 You need to make sure that somehow the samba does a afs setpag call
288 before calling afslog/aklog. See the patch
289 samba-setpag-patch-linux-and-freebsd above.
291 Here is a text rendition the kimpersonate-1.0 **man page**:
293 KERBEROS(SECTION) LOCAL KERBEROS(SECTION)
296 kimpersonate - impersonate a user when there exist a srvtab, keyfile or
300 kimpersonate [-s string | --server=string] [-c string | --client=string]
301 [-k string | --keytab=string] [-4 | --krb4] [-5 | --krb5]
302 [-e integer | --expire-time=integer] [-a string |
303 --client-address=string] [-t string | --enc-type=string] [-f
304 string | --ticket-flags=string] [--verbose] [--version]
308 The kimpersonate program create a "fake" ticket using the service-key of
309 the service, the service key can be read from a Kerberos 5 keytab, AFS
310 KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab.
313 -s string, --server=string
314 name of server principal
316 -c string, --client=string
317 name of client principal
319 -k string, --keytab=string
323 create a kerberos 4 ticket
326 create a kerberos 5 ticket
328 -e integer, --expire-time=integer
329 lifetime of ticket in seconds
331 -a string, --client-address=string
334 -t string, --enc-type=string
337 -f string, --ticket-flags=string
338 ticket flags for krb5 ticket
349 Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when avalible
350 and the the -k is used with appropriate prefix.
353 kimpersonate can be used in samba root preexec option or for debugging.
354 kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 --no-
355 krb4 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hum-
356 mel.e.kth.se if there exist a keytab entry for it in /etc/krb5.keytab
358 kimpersonate -k krb4:/etc/srvtab -s host/hummel.e.kth.se@E.KTH.SE -c
359 lha@E.KTH.SE --no-krb5 -4 will create a Kerberos 4 ticket for
360 lha@E.KTH.SE for the host hummel.e.kth.se if there exist a srvtab entry
361 for it in /etc/srvtab Note the Kerberos 5 syntax of the server.
367 Love H�rnquist-�strand < lha () stacken ! kth ! se >
369 Heimdal July 30, 2000 Heimdal
371 ## <a name="Random Links"></a> Random Links
373 2002-05 discussion on samba-technical: [http://marc.theaimsgroup.com/?l=samba-technical&m=102214554108308&w=2](http://marc.theaimsgroup.com/?l=samba-technical&m=102214554108308&w=2)
375 ## <a name="Attachments"></a> Attachments
377 [[DraGona]] [[DraGonb]] [[DraGonc]] [[DraGond]] [[DraGone]] [[DraGonf]] [[DraGong]] [[DraGonh]] [[DraGoni]] [[DraGonj]] [[DraGonk]] [[DraGonl]] [[DraGonm]] [[DraGonn]] [[DraGono]] [[DraGonp]] [[DraGonq]] [[DraGonr]] [[DraGons]] [[DraGont]] [[DraGonu]] [[DraGonv]] [[DraGonw]] [[DraGonx]] [[DraGony]] [[DraGonz]] [[DraGonaa]]
379 [网站推广](http://www.51dragon.com) [arm](http://1.51dragon.com) [光端机](http://guangduanji.51dragon.com) [数字光端机](http://guangduanji.51dragon.com/shuzi.htm) [视频光端机](http://guangduanji.51dragon.com/shipin.htm) [数字视频光端机](http://guangduanji.51dragon.com/szsp.htm) [监控视频光端机](http://guangduanji.51dragon.com/jiankong.htm) [广播级数字视频光端机](http://guangduanji.51dragon.com/guangbo.htm) [网络视频全套解决方案](http://guangduanji.51dragon.com/wangluo.htm) [arm](http://1.51dragon.com) [arm培训](http://2.51dragon.com) [安防](http://3.51dragon.com) [安防器材](http://3.51dragon.com/a.htm) [笔记本](http://4.51dragon.com) [笔记本电脑](http://5.51dragon.com) [变速机](http://6.51dragon.com) [标签](http://7.51dragon.com) [标签打印机](http://8.51dragon.com) [不孕不育](http://9.51dragon.com) [不孕不育治疗](http://9.51dragon.com/a.htm) [餐饮](http://10.51dragon.com) [餐饮管理](http://10.51dragon.com/a.htm) [叉车](http://11.51dragon.com) [磁性材料](http://12.51dragon.com) [刺绣](http://13.51dragon.com) [仓储](http://14.51dragon.com) [仓储设备](http://15.51dragon.com) [充电器](http://16.51dragon.com) [手机充电器](http://16.51dragon.com) [出国](http://17.51dragon.com) [除湿机](http://18.51dragon.com) [工业除湿机](http://18.51dragon.com/a.htm) [创业](http://19.51dragon.com) [创业项目](http://19.51dragon.com/a.htm) [床上用品](http://20.51dragon.com) [家居用品](http://20.51dragon.com/e.htm) [婴儿用品](http://20.51dragon.com/a.htm) [情趣用品](http://20.51dragon.com/b.htm) [宠物用品](http://20.51dragon.com/c.htm) [儿童用品](http://20.51dragon.com/d.htm) [单片机](http://21.51dragon.com) [打印机](http://22.51dragon.com) [灯具](http://23.51dragon.com) [电源](http://24.51dragon.com) [开关电源](http://25.51dragon.com) [ups电源](http://26.51dragon.com) [变频电源](http://27.51dragon.com) [稳压电源](http://28.51dragon.com) [电机](http://29.51dragon.com) [步进电机](http://30.51dragon.com) [微型电机](http://31.51dragon.com) [电梯](http://32.51dragon.com) [电子政务](http://33.51dragon.com) [雕塑](http://34.51dragon.com) [雕刻机](http://35.51dragon.com) [激光雕刻机](http://36.51dragon.com) [电脑雕刻机](http://36.51dragon.com/a.htm) [数控雕刻机](http://36.51dragon.com/b.htm) [橡胶版雕刻机](http://36.51dragon.com/c.htm) [木工雕刻机](http://36.51dragon.com/d.htm) [短信群发](http://37.51dragon.com) [对讲机](http://38.51dragon.com) [无线对讲机](http://38.51dragon.com/a.htm) [erp](http://39.51dragon.com) [erp软件](http://40.51dragon.com) [耳机](http://41.51dragon.com) [无线耳机](http://41.51dragon.com/a.htm) [耳聋](http://42.51dragon.com) [阀](http://43.51dragon.com) [阀门](http://44.51dragon.com) [球阀](http://44.51dragon.com/a.htm) [法律咨询](http://45.51dragon.com) [翻译](http://46.51dragon.com) [翻译公司 ](http://47.51dragon.com) [北京翻译](http://48.51dragon.com) [纺织机械](http://49.51dragon.com) [服装](http://50.51dragon.com) [服务器](http://51.51dragon.com) [gprs](http://52.51dragon.com) [gps](http://53.51dragon.com) [车载gps](http://54.51dragon.com) [防盗GPS](http://55.51dragon.com) [干燥](http://56.51dragon.com) [干燥机](http://57.51dragon.com) [干燥设备](http://58.51dragon.com) [干洗](http://59.51dragon.com) [干洗设备](http://60.51dragon.com) [钢结构](http://61.51dragon.com) [钢铁](http://62.51dragon.com) [钢材](http://63.51dragon.com) [工控](http://64.51dragon.com) [工控机](http://65.51dragon.com) [公寓](http://66.51dragon.com) [管理咨询](http://67.51dragon.com) [管理培训](http://68.51dragon.com) [项目管理](http://69.51dragon.com) [管理顾问](http://70.51dragon.com) [光触媒](http://71.51dragon.com) [尖锐湿疣](http://72.51dragon.com) [广告](http://73.51dragon.com) [广告策划](http://74.51dragon.com) [广告设计](http://75.51dragon.com) [耗材](http://76.51dragon.com) [办公耗材](http://77.51dragon.com) [化工原料](http://78.51dragon.com) [化工设备](http://79.51dragon.com) [滑雪](http://80.51dragon.com) [滑雪场](http://81.51dragon.com) [化妆品](http://82.51dragon.com) [换热器](http://83.51dragon.com) [板式换热器](http://83.51dragon.com/a.htm) [波纹管换热器](http://83.51dragon.com/b.htm) [螺旋板换热器](http://83.51dragon.com/c.htm) [列管换热器](http://83.51dragon.com/d.htm) [热管换热器](http://83.51dragon.com/e.htm) [舒瑞普板式换热器](http://83.51dragon.com/f.htm) [石墨换热器](http://83.51dragon.com/g.htm) [盘管换热器](http://83.51dragon.com/h.htm) [半导体换热器](http://83.51dragon.com/i.htm) [婚庆](http://84.51dragon.com) [婚庆公司](http://85.51dragon.com) [货运](http://86.51dragon.com) [货运公司](http://87.51dragon.com) [货架](http://88.51dragon.com) [仓储货架](http://89.51dragon.com) [物流仓储货架](http://89.51dragon.com/a.htm) [立体仓储](http://89.51dragon.com/b.htm) [移动货架](http://89.51dragon.com/c.htm) [角钢货架](http://89.51dragon.com/d.htm) [集团电话](http://90.51dragon.com) [集团电话交换机](http://90.51dragon.com/a.htm) [机柜](http://91.51dragon.com) [机床](http://92.51dragon.com) [机箱](http://93.51dragon.com) [机票](http://94.51dragon.com) [打折机票](http://95.51dragon.com) [特价机票](http://96.51dragon.com) [国际机票](http://97.51dragon.com) [订机票](http://98.51dragon.com) [机票价格](http://99.51dragon.com) [飞机票](http://100.51dragon.com) [继电器](http://101.51dragon.com) [固态继电器](http://102.51dragon.com) [时间继电器](http://102.51dragon.com/a.htm) [热继电器](http://102.51dragon.com/b.htm) [中间继电器](http://102.51dragon.com/c.htm) [小型继电器](http://102.51dragon.com/d.htm) [接地继电器](http://102.51dragon.com/e.htm) [汽车继电器](http://102.51dragon.com/f.htm) [交流继电器](http://102.51dragon.com/g.htm) [加盟](http://103.51dragon.com) [加盟店](http://104.51dragon.com) [连锁加盟](http://105.51dragon.com) [家具](http://106.51dragon.com) [办公家具](http://107.51dragon.com) [驾校](http://108.51dragon.com) [北京驾校](http://108.51dragon.com/a.htm) [家政](http://109.51dragon.com) [家政服务](http://110.51dragon.com) [减肥](http://111.51dragon.com) [监控](http://112.51dragon.com) [闭路监控](http://113.51dragon.com) [远程监控](http://114.51dragon.com) [监控设备](http://115.51dragon.com) [交友](http://116.51dragon.com) [交换机](http://117.51dragon.com) [程控交换机](http://118.51dragon.com) [电话交换机](http://119.51dragon.com) [网络交换机](http://120.51dragon.com) [建材](http://121.51dragon.com) [新型建材](http://122.51dragon.com) [酒店](http://123.51dragon.com) [酒店预定](http://124.51dragon.com) [酒店预订](http://125.51dragon.com) [KVM](http://126.51dragon.com) [切换器](http://127.51dragon.com) [矩阵切换器](http://128.51dragon.com) [考勤机](http://129.51dragon.com) [指纹](http://130.51dragon.com) [指纹考勤机](http://131.51dragon.com) [巡更](http://132.51dragon.com) [电子巡更](http://132.51dragon.com/a.htm) [空压机](http://133.51dragon.com) [螺杆式空压机](http://133.51dragon.com/a.htm) [阿特拉斯空压机](http://133.51dragon.com/b.htm) [活塞式空压机](http://133.51dragon.com/c.htm) [螺杆空压机](http://133.51dragon.com/d.htm) [空压机配件](http://133.51dragon.com/e.htm) [移动式空压机](http://133.51dragon.com/f.htm) [单螺杆空压机](http://133.51dragon.com/g.htm) [进口空压机](http://133.51dragon.com/h.htm) [礼品](http://134.51dragon.com) [工艺品](http://135.51dragon.com) [纪念品](http://136.51dragon.com) [礼品公司](http://137.51dragon.com) [猎头](http://138.51dragon.com) [猎头公司](http://139.51dragon.com) [留学](http://140.51dragon.com) [法国留学](http://141.51dragon.com) [英国留学](http://142.51dragon.com) [德国留学](http://143.51dragon.com) [美国留学](http://144.51dragon.com) [出国留学](http://145.51dragon.com) [留学签证](http://146.51dragon.com) [隆胸](http://147.51dragon.com) [路由器](http://148.51dragon.com) [旅行社](http://149.51dragon.com) [律师](http://150.51dragon.com) [律师事务所](http://151.51dragon.com) [mba](http://152.51dragon.com) [emba](http://153.51dragon.com) [美容](http://154.51dragon.com) [整形美容](http://155.51dragon.com) [门禁](http://156.51dragon.com) [一卡通](http://157.51dragon.com) [停车场](http://158.51dragon.com) [门禁系统](http://159.51dragon.com) [指纹门禁](http://159.51dragon.com/a.htm) [门禁系统](http://159.51dragon.com/b.htm) [门禁考勤](http://159.51dragon.com/c.htm) [门禁管理系统](http://159.51dragon.com/e.htm) [门禁卡](http://159.51dragon.com/f.htm) [酒店门禁](http://159.51dragon.com/g.htm) [电子门禁](http://159.51dragon.com/h.htm) [门禁设备](http://159.51dragon.com/i.htm) [门禁软件](http://159.51dragon.com/j.htm) [模具](http://160.51dragon.com) [五金模具](http://160.51dragon.com/a.htm) [塑料模具](http://161.51dragon.com) [排队机](http://162.51dragon.com) [票务](http://163.51dragon.com) [培训](http://164.51dragon.com) [IT培训](http://165.51dragon.com) [计算机培训](http://166.51dragon.com) [软件培训](http://167.51dragon.com) [汽车](http://168.51dragon.com) [汽车美容](http://169.51dragon.com) [汽车配件](http://170.51dragon.com) [二手车](http://171.51dragon.com) [汽车养护](http://172.51dragon.com) [汽车租赁](http://173.51dragon.com) [起名](http://174.51dragon.com) [签证](http://175.51dragon.com) [求职](http://176.51dragon.com) [招聘](http://177.51dragon.com) [热水器](http://178.51dragon.com) [太阳能热水器](http://178.51dragon.com/a.htm) [人力资源](http://179.51dragon.com) [人力资源管理](http://179.51dragon.com/a.htm) [润滑油](http://180.51dragon.com) [商标](http://181.51dragon.com) [商标注册](http://182.51dragon.com) [首饰](http://183.51dragon.com) [设计](http://184.51dragon.com) [包装设计](http://185.51dragon.com) [平面设计](http://186.51dragon.com) [摄像机](http://187.51dragon.com) [数码摄像机](http://188.51dragon.com) [石材](http://189.51dragon.com) [石材养护](http://189.51dragon.com/a.htm) [视频会议](http://190.51dragon.com) [视频会议设备](http://191.51dragon.com) [视频会议系统](http://192.51dragon.com) [数据修复](http://193.51dragon.com) [水处理](http://194.51dragon.com) [水处理设备](http://195.51dragon.com) [水泵](http://196.51dragon.com) [真空泵](http://197.51dragon.com) [电力真空泵](http://197.51dragon.com/a.htm) [速记](http://198.51dragon.com) [速记培训](http://199.51dragon.com) [塑料](http://200.51dragon.com) [塑料机械](http://201.51dragon.com) [手表](http://202.51dragon.com) [瑞士手表](http://202.51dragon.com/a.htm) [卡西欧手表](http://202.51dragon.com/b.htm) [浪琴手表](http://202.51dragon.com/c.htm) [手表报价](http://202.51dragon.com/d.htm) [手表品牌](http://202.51dragon.com/e.htm) [男士手表](http://202.51dragon.com/f.htm) [女士手表](http://202.51dragon.com/g.htm) [情侣手表](http://202.51dragon.com/h.htm) [劳力士手表](http://202.51dragon.com/i.htm) [时尚手表](http://202.51dragon.com/j.htm) [陶瓷](http://203.51dragon.com) [陶瓷雕塑](http://203.51dragon.com/a.htm) [压电陶瓷](http://203.51dragon.com/b.htm) [陶瓷制品](http://203.51dragon.com/c.htm) [陶瓷膜](http://203.51dragon.com/e.htm) [条码](http://204.51dragon.com) [条码打印机](http://205.51dragon.com) [投影机](http://206.51dragon.com) [投影机维修](http://206.51dragon.com/a.htm) [大屏幕](http://207.51dragon.com) [投资](http://208.51dragon.com) [投资项目](http://209.51dragon.com) [涂料](http://210.51dragon.com) [团购](http://211.51dragon.com) [汽车团购](http://211.51dragon.com/a.htm) [无忧团购](http://211.51dragon.com/b.htm) [团购网](http://211.51dragon.com/c.htm) [北京团购](http://211.51dragon.com/d.htm) [建材团购](http://211.51dragon.com/e.htm) [家具团购](http://211.51dragon.com/f.htm) [年货团购](http://211.51dragon.com/g.htm) [团购服务](http://211.51dragon.com/h.htm) [服装团购](http://211.51dragon.com/i.htm) [托盘](http://212.51dragon.com) [VOD](http://213.51dragon.com) [VOIP](http://214.51dragon.com) [挖掘机](http://215.51dragon.com) [二手挖掘机](http://215.51dragon.com/a.htm) [挖掘机配件](http://215.51dragon.com/b.htm) [网络挖掘机](http://215.51dragon.com/c.htm) [挖掘机械](http://215.51dragon.com/d.htm) [挖掘机修理](http://215.51dragon.com/e.htm) [物流](http://216.51dragon.com) [玩具](http://217.51dragon.com) [儿童玩具](http://217.51dragon.com/a.htm) [鲜花](http://218.51dragon.com) [北京鲜花](http://218.51dragon.com/a.htm) [鲜花速递](http://219.51dragon.com) [北京鲜花速递](http://219.51dragon.com/a.htm) [显示器](http://220.51dragon.com) [显示器维修](http://221.51dragon.com/) [小提琴](http://222.51dragon.com) [小尾羊](http://223.51dragon.com) [相机](http://224.51dragon.com) [帖纸相机](http://224.51dragon.com/a.htm) [数码相机](http://224.51dragon.com/b.htm) [虚拟主机](http://225.51dragon.com) [北京虚拟主机](http://225.51dragon.com/a.htm) [空间租用](http://226.51dragon.com) [虚拟主机提供商](http://226.51dragon.com/a.htm) [虚拟主机租用](http://226.51dragon.com/b.htm) [域名虚拟主机](http://226.51dragon.com/c.htm) [虚拟主机空间](http://226.51dragon.com/d.htm) [雅思](http://227.51dragon.com) [雅思考试](http://227.51dragon.com/a.htm) [雅思报名](http://227.51dragon.com/b.htm) [液压](http://228.51dragon.com) [液压机](http://228.51dragon.com/a.htm) [液压设备](http://228.51dragon.com/b.htm) [液压件](http://228.51dragon.com/c.htm) [移民](http://229.51dragon.com) [加拿大移民](http://229.51dragon.com/a.htm) [新加坡移民](http://229.51dragon.com/b.htm) [音响](http://230.51dragon.com) [音箱](http://231.51dragon.com) [印刷机械](http://232.51dragon.com) [印刷设备](http://233.51dragon.com) [印刷机](http://234.51dragon.com) [英语培训](http://235.51dragon.com) [外语培训](http://236.51dragon.com) [法语培训](http://237.51dragon.com) [饮水机](http://238.51dragon.com) [元器件](http://239.51dragon.com) [电子元器件](http://240.51dragon.com) [油漆](http://241.51dragon.com) [展览](http://242.51dragon.com) [展览展示](http://243.51dragon.com) [整形](http://244.51dragon.com) [整形手术](http://245.51dragon.com) [制药机械](http://246.51dragon.com) [招商](http://247.51dragon.com) [药品招商](http://248.51dragon.com) [医药招商](http://249.51dragon.com) [知识产权](http://250.51dragon.com) [智能家居](http://251.51dragon.com) [轴承](http://252.51dragon.com) [微型轴承](http://252.51dragon.com/a.htm) [珠宝](http://253.51dragon.com) [注册公司](http://254.51dragon.com) [公司注册](http://255.51dragon.com) [装饰](http://256.51dragon.com) [装饰设计](http://257.51dragon.com) [装修](http://258.51dragon.com) [家庭装修](http://258.51dragon.com/a.htm) [室内装修](http://258.51dragon.com/b.htm) [家居装修](http://258.51dragon.com/c.htm) [房屋装修](http://258.51dragon.com/d.htm) [装饰装修](http://258.51dragon.com/e.htm) [装修公司](http://258.51dragon.com/f.htm) [装修设计](http://258.51dragon.com/g.htm) [厨房装修](http://258.51dragon.com/h.htm) [居室装修](http://258.51dragon.com/i.htm) [住宅装修](http://258.51dragon.com/j.htm) [住房装修](http://258.51dragon.com/k.htm) [租房](http://259.51dragon.com) [北京租房](http://260.51dragon.com) [二手房](http://260.51dragon.com/a.htm) [旅游](http://261.51dragon.com) [云南旅游](http://262.51dragon.com) [海南旅游](http://263.51dragon.com) [三亚](http://264.51dragon.com) [三亚旅游](http://265.51dragon.com) [四川旅游](http://266.51dragon.com) [张家界](http://267.51dragon.com) [张家界旅游](http://268.51dragon.com) [旅游景点](http://269.51dragon.com) [香港旅游](http://270.51dragon.com) [桂林旅游](http://271.51dragon.com) [桂林](http://272.51dragon.com) [猎头](http://273.51dragon.com) [猎头公司](http://274.51dragon.com) [OA](http://275.51dragon.com) [办公自动化](http://276.51dragon.com) [九寨沟](http://277.51dragon.com) [九寨沟旅游](http://278.51dragon.com) [欧洲旅游](http://279.51dragon.com) [三峡](http://280.51dragon.com) [三峡旅游](http://281.51dragon.com) [调查](http://282.51dragon.com) [侦探](http://283.51dragon.com) [私人侦探](http://284.51dragon.com) [私家侦探](http://285.51dragon.com) [调查公司](http://286.51dragon.com) [市场调查](http://287.51dragon.com) [泵](http://288.51dragon.com) [水泵](http://289.51dragon.com) [真空泵](http://290.51dragon.com) [mcse](http://291.51dragon.com) [ccnp](http://292.51dragon.com) [ccna](http://293.51dragon.com) [专利](http://294.51dragon.com) [smt](http://295.51dragon.com) [房地产](http://296.51dragon.com) [橡胶](http://297.51dragon.com) [糖尿病](http://298.51dragon.com) [白癜风](http://299.51dragon.com) [氢氧化铝](http://300.51dragon.com) [氢氧化镁](http://300.51dragon.com/a.htm) [水镁石](http://300.51dragon.com/b.htm) [萤石](http://300.51dragon.com/c.htm) [制氮机](http://301.51dragon.com) [发电机](http://302.51dragon.com) [发电机组](http://303.51dragon.com) [IBM笔记本](http://304.51dragon.com) [索尼笔记本](http://305.51dragon.com) [流量计](http://306.51dragon.com) [光触媒](http://307.51dragon.com) [DELL笔记本](http://308.51dragon.com) [流媒体](http://309.51dragon.com) [流媒体编码卡](http://310.51dragon.com) [多屏卡](http://311.51dragon.com) [视频墙](http://312.51dragon.com) [切换台](http://313.51dragon.com) [转换盒](http://314.51dragon.com) [视频采集卡](http://315.51dragon.com) [视频卡](http://316.51dragon.com) [特技切换台](http://317.51dragon.com) [数模转换器](http://318.51dragon.com) [大屏幕控制器](http://319.51dragon.com) [包装机械](http://320.51dragon.com) [包装机](http://321.51dragon.com) [液晶电视](http://322.51dragon.com) [等离子电视](http://323.51dragon.com) [液晶显示器](http://324.51dragon.com) [等离子显示器](http://325.51dragon.com) [IBM显示器](http://326.51dragon.com) [IBM工作站](http://327.51dragon.com) [SONY显示器](http://328.51dragon.com) [显示设备](http://329.51dragon.com) [乙肝](http://yigan.51dragon.com) [肝病](http://ganbing.51dragon.com) [肝炎](http://ganyan.51dragon.com) [物流认证](http://wuliurenzheng.51dragon.com) [物流培训](http://wuliupeixun.51dragon.com)
git://git.openafs.org / openafs-wiki.git / blob