[vchkpw] conversion directions anywhere?
Hello, In trying to figure out the problem with my vpopmail setup it looks as if vpopmail (originally) was compiled with one domain per SQL table = --disable-many-domains this surely wasn't the desired result, but I can almost pin point the time of these mysql vdeliver errors to when I added a second domain that is actually getting used. so my question is, how can I redo this vpopmail setup without loosing all my mail and convert my setup to the desired setup of all domains in one SQL table = --enable-many-domains (default) I know I don't have this many users :) vdominfo -t poklib.org 2147483647 I have about ~200 users here in this setup. Thanks in advance. - Brian
[vchkpw] Upgrading vpopmail
I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3. I read the FAQ about upgrading and it seems pretty straightforward. I backup up the recommended dir's, downloaded the latest stable release, compiled with the same options I did when installing the current running version, did make, then make stripNow, the touch times on /vpop/bin/* indicate the files were replaced by the newer version's files but I'm not so sure I got the job done. All seems to be working fine though. 1. How do I know definitivley that I'm runnin the newer version? 2. qmailadmin reports the older version on it's login screen. Is this a sign the upgrade didn't take? I did the upgrade to overcome a bug I've posted about but never received a response on. The bug is that when I run 'vdeldomain', it deletes the domain fine but then the permissions on /var/qmail/control/rcpthosts gets changed to 600. Weird...so I though getting the newest release would be a good place to start. Christian
Re: [vchkpw] Upgrading vpopmail
On Friday 09 April 2004 16:16, Christian Reeves wrote: 1. How do I know definitivley that I'm runnin the newer version? # ~vpopmail/bin/vadduser -v version: 5.4.0 -- Cristiano Deana - FreeCRIS Ho iniziato a usare FreeBSD perche' m$ usava me. ed e' spiacevole crisBSD in irc su: irc.azzurra.org #freebsd-it #qmail-it
Re: [vchkpw] Upgrading vpopmail
Christian Reeves wrote: I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3. I read the FAQ about upgrading and it seems pretty straightforward. I backup up the recommended dir's, downloaded the latest stable release, compiled with the same options I did when installing the current running version, did make, then make stripNow, the touch times on /vpop/bin/* indicate the files were replaced by the newer version's files but I'm not so sure I got the job done. All seems to be working fine though. 1. How do I know definitivley that I'm runnin the newer version? 2. qmailadmin reports the older version on it's login screen. Is this a sign the upgrade didn't take? No, its a sign that you didnt recompile qmailadmin like your supposed to. I did the upgrade to overcome a bug I've posted about but never received a response on. The bug is that when I run 'vdeldomain', it deletes the domain fine but then the permissions on /var/qmail/control/rcpthosts gets changed to 600. Weird...so I though getting the newest release would be a good place to start. Christian
RE: [vchkpw] Upgrading vpopmail
Christian Reeves wrote: I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3. I read the FAQ about upgrading and it seems pretty straightforward. I backup up the recommended dir's, downloaded the latest stable release, compiled with the same options I did when installing the current running version, did make, then make stripNow, the touch times on /vpop/bin/* indicate the files were replaced by the newer version's files but I'm not so sure I got the job done. All seems to be working fine though. 1. How do I know definitivley that I'm runnin the newer version? 2. qmailadmin reports the older version on it's login screen. Is this a sign the upgrade didn't take? No, its a sign that you didnt recompile qmailadmin like your supposed to. that did it...thanks! Turns out ther bug still exists but Ill search the FAQ's before posting about that one.
RE: [vchkpw] Upgrading vpopmail
Christian Reeves wrote: I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3. I read the FAQ about upgrading and it seems pretty straightforward. I backup up the recommended dir's, downloaded the latest stable release, compiled with the same options I did when installing the current running version, did make, then make stripNow, the touch times on /vpop/bin/* indicate the files were replaced by the newer version's files but I'm not so sure I got the job done. All seems to be working fine though. 1. How do I know definitivley that I'm runnin the newer version? 2. qmailadmin reports the older version on it's login screen. Is this a sign the upgrade didn't take? No, its a sign that you didnt recompile qmailadmin like your supposed to. that did it...thanks! Turns out ther bug still exists but Ill search the FAQ's before posting about that one.
RE: [vchkpw] Upgrading vpopmail
Christian Reeves wrote: I am/was running vpopmail 5.2.1 and want to upgrade to 5.4.3. I read the FAQ about upgrading and it seems pretty straightforward. I backup up the recommended dir's, downloaded the latest stable release, compiled with the same options I did when installing the current running version, did make, then make stripNow, the touch times on /vpop/bin/* indicate the files were replaced by the newer version's files but I'm not so sure I got the job done. All seems to be working fine though. 1. How do I know definitivley that I'm runnin the newer version? 2. qmailadmin reports the older version on it's login screen. Is this a sign the upgrade didn't take? No, its a sign that you didnt recompile qmailadmin like your supposed to. that did it...thanks! Turns out ther bug still exists but Ill search the FAQ's before posting about that one.
Re: [vchkpw] Re: pw_gid flags was: OT: Radius server
Sorry for the top post...
Peter, thanks for that info. Between you and a co-worker, I've got this
figured out. It's a very cool way to set user rights; I like it.
So in case anyone is wondering, here's the magic to make gnu-radius obey
these flags. I'll use our setup as an example here.
We want to look at dialup perms using the standard vpopmail dial/no-dial
gid flags. We are using V_USER0 for roaming dial, V_USER1 for news access
(Giganews authenticates users via radius), and V_USER2 for Covad PPPoE.
In gnu-radius, there are three files to work with to have it send a
different SQL query based on where the radius auth request comes from.
First, define what's what in the huntgroups file:
# this config will tag each NAS client with a name that is recognized
# in the users file. In the users file, an additional sql conditional
# is added to discriminate between local, roaming and news access
LOCAL NAS-IP-Address = 192.168.0.2 NULL
ROAMNAS-IP-Address = 10.0.0.9 NULL
NEWSNAS-IP-Address = 10.1.1.5 NULL
COVAD NAS-IP-Address = 10.2.2.3 NULL
Then the users file. Note the decimal representations of each gid
flag in the Auth-Data field:
# also see huntgroups... Here we are using tags from huntgroups to
# assign extra Auth-Data to a request based on which nas the request
# comes from.
DEFAULT Huntgroup-Name = LOCAL,
Auth-Type = SQL,
Auth-Data = 64
Service-Type = Framed-User
DEFAULT Huntgroup-Name = ROAM,
Auth-Type = SQL,
Auth-Data = 128
Service-Type = Framed-User
DEFAULT Huntgroup-Name = NEWS,
Auth-Type = SQL,
Auth-Data = 256
Service-Type = Framed-User
DEFAULT Huntgroup-Name = COVAD,
Auth-Type = SQL,
Auth-Data = 512
Service-Type = Framed-User
Lastly, we write a appropriate SQL query in the sqlserver file to
generate a request with an AND clause that checks the gid mask based on
which NAS the request came in on:
auth_query SELECT pw_passwd \
FROM vpopmail \
WHERE pw_name='%u' \
AND pw_domain='blah.net' \
AND !(pw_gid %C{Auth-Data})
So a request from say, our local dial pool would generate a SQL query that
looks like this:
select pw_passwd from vpopmail where pw_name='chuck' and !(pw_gid 64);
If that came in from Giganews, it would look like this:
select pw_passwd from vpopmail where pw_name='chuck' and !(pw_gid 256);
Again, not totally relevant to vpopmail, but it's in the archives, so
maybe someone looking to auth other services out of vpopmail will find
this one day.
Thanks all,
Charles
On Fri, 2 Apr 2004, Peter Palmreuther wrote:
OK, an example: PW_GID is set to 44 (0x2C), that's 0x04 + 0x08 + 0x20,
means NO_WEBMAIL, NO_IMAP NO_RELAY.
To figure if the user is set to NO_DIALUP check:
PW_GID 64 (0x40 for NO_DIALUP):
4464 = 0
0x2C 0x40 = 0
Or in binary notation:
00101100
0100
==
= 0x00 == 0 decimal.
So this user has not NO_DIALUP set.
No imagine a user set to NO_DIALUP, NO_WEBMAIL and NO_RELAY:
0x04 + 0x20 + 0x40 = 0x64
4 + 32 + 64 = 100 (decimal)
PW_GID 64 (0x40 for NO_DIALUP):
10064 = 64 (decimal)
0x64 0x40 = 0x40
01100100
0100
==
0100 = 0x40 == 64 decimal.
So to see if a flag is set AND operate on PW_GID and FLAG and see if
the result is different from zero. As every flag gets a different bit
assigned this bit, and only this bit, will be set when you AND operate
and this bit was set in PW_GID's value.
In cat it is really quite easy to handle and most programming
languages should be able to bit-operate with integer values too. So
you wouldn't even have to convert PW_GID into a real bitmask, in
fact the integer already is one: just use an arbitrary calculator to
translate an arbitrary decimal value into binary representation.
No translate all the hex values for different flags into binary and
you'll see: they all have /exactly/ one bit set to 1. Not more, not
less. And this is all about how it works :-)
HTH
--
Best regards
Peter Palmreuther
Once a job is fouled up, anything done to improve it only makes it
worse.
