Adding network & IP to hosts.deny

[Pelle Andersson]

Hi!

I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.

Let's say I want to block the network address 192.168.100.0 and/or
the IP address 192.168.135.77.

What I understand is when using hosts.deny, I stopping them totally
from using any networking services, right?

Would it be better to let the built-in firewall (/etc/rc.firewall)
to stopping them? I have the firewall activated and have changed
the port for example SSH to a higher one.

Could someone please provide me with some examples on either using
hosts.deny or the default firewall?

A big thanks in advance,
Best Regards Pelle

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Passive ports with FTPD daemon?

[robg]

Hi,

Is it possible to specify passive ports using the FTPD daemon supplied
with Freebsd?

Thanks

-- 
robg
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: host-based ssh authentication (no password) not working ... help needed

[Matthew Seaman]

On Sun, Oct 10, 2004 at 02:14:32PM -0700, Joe Schmoe wrote:
> 
> --- Matthew Seaman <[EMAIL PROTECTED]>
> wrote:
> 
> > For ssh(1) to work using key based auth, all of the
> > files in
> > ~user/.ssh on the server must have the correct
> > permissions, and the
> > host public keys for the server should be known to
> > the client machine,
> > and vice versa.
> 
> 
> No no ... I was talking about _host_ keys, not user
> keys - no user home directories should be involved at
> all.  I am simply sharing host keys so that all users
> on CLIENT can login to SERVER with no passwords ... am
> I missing something here ?

Errr... That's not recommended, but it should be possible.  They are
your systems, and you can do whatever you want with them.  The
procedure I gave about using sshd with all the debug flags turned on
should still be helpful for debugging the setup.

You'll also need

HostbasedAuthentication yes

but you should have

#RhostsRSAAuthentication no

because you don't want to be using SSH1 if you can avoid it.  Plus you
maybe want:

IgnoreRhosts yes
IgnoreUserKnowHosts yes

in your /etc/ssh/sshd_config on the server.
 
> I think my problem is that I gave the public _host_
> key of the CLIENT to the SERVER, but really I should
> give the public _host_ key of the SERVER to the CLIENt
> ... is that my problem ?

Yes, you will need to populate /etc/ssh/ssh_known_hosts on both client
and server.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpnwUAQAPYsA.pgp
Description: PGP signature

Fwd: Re: LoadPlugin Issue with JDK1.3.1 and Mozilla 1.7.2

[Bob Perry]

fyi...

-- 
I've learned that whatever hits the fan will not be evenly
distributed.

FreeBSD 4.9-RELEASE-p2 #0
--- Begin Message ---
On Sat, Oct 09, 2004 at 07:15:03PM -0400, Bob Perry wrote:
> I don't develop Java apps for FreeBSD but use the JDK ports 
> because I thought it necessary in order to view java apps 
> in the browsers (?).  I currently run FreeBSD 4.9 and experiment 
> with Mozilla 1.7.2, Firefox 0.9.3, and Galeon 1.3.17.
> 
> All three browsers have been crashing consistently and I suspect  
> that part of the problem may lie with the error message I receive 
> stating:
> 
> LoadPlugin: Failed to initialize shared library /usr/local/
> jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so [/usr/local/
> jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so: Undefined 
> symbol "_vt$16nsQueryInterface"]
> 
> I had a chance to review the archives and it appears as though 
> I should use the Java Development Kit 1.4.1.  Is this correct? 
> If so, are there any hints or secrets you might want to pass along 
> before I port the linux version in?
> 
> Since I'm not a member of the list, could you cc me?

Yes, Mozilla 1.7 broke compatibility for the plugin such that the plugin
from JDK 1.3.1 no longer works.  Try the plugin from the jdk14 port
(currently JDK 1.4.2).

-- 
Greg Lewis  Email   : [EMAIL PROTECTED]
Eyes Beyond Web : http://www.eyesbeyond.com
Information Technology  FreeBSD : [EMAIL PROTECTED]
--- End Message ---
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: printing with cups - gnome-office -solved

[Rob]

[EMAIL PROTECTED] wrote:
On Wednesday, October 6, 2004 7:44 pm
I sent this query prematurely.

#   Aloha
#   On this past Sunday(10-3-4) I posted this question to freebsd-gnome.
#   I have not received any responses. Can anyone on this list help?
#   Thanks
I am having a problem with CUPS and Gnome. I am running
Gnome 2.6.2, Gnome-Office, and Xorg all installed via ports.
I have a P4 2.6 with 1G of ram 

%uname -a
FreeBSD p4.hawaii.rr.com 5.2.1-RELEASE-p9 FreeBSD 
5.2.1-RELEASE-p9 #9: Sun Oct  3 10:25:03 HST 2004 
root at p4.hawaii.rr.com:/usr/obj/usr/src/sys/P4BSD1  i386

I recently attached a HP 890C DeskJet printer. I installed
Cups and gnome-cups-manager from ports. I am able to use the
web interface and install the printer. The test page prints
fine. I can also print a text file from gedit without trouble.
#   I can also print a test page from gnome-cups-manager
The problem is with AbiWord2, gnumeric and the pdf files. The
Print Preview screens show blank and when I click on file; print;
and then the paper tab, the "Paper size" field is not bold and
reads "no options are defined". I did define the paper in the
web setup of cups and these programs do show the 890C as the printer.
Of course, I am unable to print from these programs.
Here is a little info:
%pkg_info | grep cups
cups-1.1.20.0   The Common UNIX Printing System: Metaport to 
install comple
cups-base-1.1.20.0  The Common UNIX Printing System: headers, libs, 
& daemons
cups-lpr-1.1.20.0   The CUPS BSD and system V compatibility 
binaries (lp* comma
cups-pstoraster-7.07_1 GNU Postscript interpreter for CUPS printing 
to non-PS prin
gnome-cups-manager-0.18_1,1 Admistration tool for cups
libgnomecups-0.1.8,1 Support library for gnome cups admistration

%cat /etc/printcap
# This file was automatically generated by cupsd(8) from the
# /usr/local/etc/cups/printers.conf file.  All changes to this file
# will be lost.
HP890C|HP890C:rm=p4.hawaii.rr.com:rp=HP890C:
I have also done a "portupgrade -f libgnomeprint-\* libgnomeprintui-
\*"to no avail.
If anything else is needed I will be overjoyed to provide it.
Please CC me as I do not subscribe to this list. Thanks for your time.
Robert

I thought I had exhausted all the resources available to me but once
again I proved myself wrong. For the archives and all the newbies (me)
that have struggled with Cups. I found the simple answer here
http://www.csua.berkeley.edu/~ranga/notes/freebsd_cups.html
Specifically, I ran the following script in /usr/bin
#!/bin/sh
for i in lp* ; do mv $i $i.default ; ln -s /usr/local/bin/$i $i ; done
Or, if you ever do make buildworld & kernel stuff, put in /etc/make.conf:
  CUPS_OVERWRITE_BASE=yes
  NO_LPR=yes
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: printing with cups - gnome-office -solved

[hoe-waa]

On Wednesday, October 6, 2004 7:44 pm
I sent this query prematurely.

> 
> # Aloha
> # On this past Sunday(10-3-4) I posted this question to freebsd-gnome.
> # I have not received any responses. Can anyone on this list help?
> # Thanks
> 
> I am having a problem with CUPS and Gnome. I am running
> Gnome 2.6.2, Gnome-Office, and Xorg all installed via ports.
> 
> I have a P4 2.6 with 1G of ram 
> 
> %uname -a
> FreeBSD p4.hawaii.rr.com 5.2.1-RELEASE-p9 FreeBSD 
> 5.2.1-RELEASE-p9 #9: Sun Oct  3 10:25:03 HST 2004 
> root at p4.hawaii.rr.com:/usr/obj/usr/src/sys/P4BSD1  i386
> 
> I recently attached a HP 890C DeskJet printer. I installed
> Cups and gnome-cups-manager from ports. I am able to use the
> web interface and install the printer. The test page prints
> fine. I can also print a text file from gedit without trouble.
> 
> # I can also print a test page from gnome-cups-manager
> 
> The problem is with AbiWord2, gnumeric and the pdf files. The
> Print Preview screens show blank and when I click on file; print;
> and then the paper tab, the "Paper size" field is not bold and
> reads "no options are defined". I did define the paper in the
> web setup of cups and these programs do show the 890C as the printer.
> 
> Of course, I am unable to print from these programs.
> 
> Here is a little info:
> 
> %pkg_info | grep cups
> cups-1.1.20.0   The Common UNIX Printing System: Metaport to 
> install comple
> cups-base-1.1.20.0  The Common UNIX Printing System: headers, libs, 
> & daemons
> cups-lpr-1.1.20.0   The CUPS BSD and system V compatibility 
> binaries (lp* comma
> cups-pstoraster-7.07_1 GNU Postscript interpreter for CUPS printing 
> to non-PS prin
> gnome-cups-manager-0.18_1,1 Admistration tool for cups
> libgnomecups-0.1.8,1 Support library for gnome cups admistration
> 
> %cat /etc/printcap
> # This file was automatically generated by cupsd(8) from the
> # /usr/local/etc/cups/printers.conf file.  All changes to this file
> # will be lost.
> HP890C|HP890C:rm=p4.hawaii.rr.com:rp=HP890C:
> 
> 
> I have also done a "portupgrade -f libgnomeprint-\* libgnomeprintui-
> \*"to no avail.
> 
> If anything else is needed I will be overjoyed to provide it.
> 
> Please CC me as I do not subscribe to this list. Thanks for your time.
> 
> Robert

I thought I had exhausted all the resources available to me but once
again I proved myself wrong. For the archives and all the newbies (me)
that have struggled with Cups. I found the simple answer here

http://www.csua.berkeley.edu/~ranga/notes/freebsd_cups.html

Specifically, I ran the following script in /usr/bin

#!/bin/sh
for i in lp* ; do mv $i $i.default ; ln -s /usr/local/bin/$i $i ; done

Sorry for the noise.
Robert

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: out of i-nodes?

[K. Greenwood]

--- Rishi Chopra <[EMAIL PROTECTED]> wrote:

> -- Bill Moran <[EMAIL PROTECTED]> wrote:
> 
> > 
> > Don't wrap machine generated output, it makes your
> > email a PITA to decipher.
> 
> As long as we're on the subject of ettiquette, don't
> include your replies on top of messages like a
> dumbshmuck n00b.
> 
> Question still stands; I apologize for text wrapping
> of some email clients.


Well... that was somewhat inappropriate.  Nonetheless,
this may be of some assistance.

http://www.onlamp.com/pub/a/bsd/2001/03/07/FreeBSD_Basics.html






___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: NIS issue

[Brian McCann]

I may be misunderstanding what you are saying here, but master.passwd
on the slave servers should never get "updated" with NIS information. 
That line that goes at the end tells the authentication process to
look to NIS for further information...same goes with the line that
goes in the group file.  To test that NIS is working correctly, try
using ypcat on a client/slave server to see if it can pull the maps
from the primary server.  If that doesn't work, I may be able to shed
some other light on your problem.  (as usual, just include any error
messages)

Hope that helps,
--Brian


On Sun, 10 Oct 2004 12:55:06 -1000, William Bierman <[EMAIL PROTECTED]> wrote:
> Hello.  I have searched the archives for this, to no avail.
> 
> I am attempting to setup an NIS domain.  I have followed the steps in
> the handbook, and have succesfully setup my master and clients (I have
> no slave server, as this is a small domain).  The relevant information
> is propogated correctly to all slave servers, with the exception of
> master.passwd.  This contains very old information.
> 
> I do have * in my /etc/master.passwd file on each client machine.
> /var/yp/master.passwd is chmod 600 on the master machine
> 
> Can anyone shed some light on this issue?
> 
> Thanks,
> 
> Bill
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MBR not overwritable with dd?

[Jerry McAllister]

> 
> I tried to null out the MBR with the BETA7 fixit CD with the follwoing=20
> command:
> dd if=3D/dev/zero of=3D/dev/ad0 count=3D16
> 
> After that fdsik still showed me a valid partition tabel!
> How? Does GEOM map the beginning of the raw device?

Was it getting it from the in-memory informatino?

jerry

> 
> Thank you in advance,
> 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: vinum swap no longer working.

[Greg 'groggy' Lehey]

[Format recovered--see http://www.lemis.com/email/email-format.html]

Overlong lines.

On Sunday, 10 October 2004 at 19:23:24 +0200, Mark Frasa wrote:
> Hello,
>
> After installing FreeBSD 5.2.1, because 4.10 and even 5.1 did not
> reconized mij SATA controller, i CVS-upped and upgraded to 5.2.1-p11
> RELEASE
>
> After that I configured Vinum to mirror (RAID 1) 2 80G Maxtor SATA
> disks.
>
> The error i am getting is:
>
> swapon /dev/vinum/swap > swapon: /dev/vinum/swap: Operation not
> supported by device
>
> I have taken notice of this message:
>
> -
> [missing attribution to Greg Lehey]
>> On Sunday, 28 December 2003 at 20:00:04 -0800, Micheas Herman wrote:
>>> This may belong on current,> I upgraded to 5.2 from 5.1 and my
>>> kernel (GENERIC) now refuses to use /dev/vinum/swap as my swap
>>> device.>> # swapon /dev/vinum/swap> swapon: /dev/vinum/swap:
>>> Operation not supported by device> # Is this a 5.2 bug or do I have
>>> vinum incorrectly configured?
>>
>> This is a 5.2 bug.  It was last mentioned here a day or two ago, and
>> I'm currently chasing it.
>
> Since this is a message from the 28th of December 2003 , can anyone
> tell me when this issue will be solved?  Otherwise i have to
> consider buying PATA disks which allows me to run 4.10 again.

Vinum is being rewritten; the new one is called gvinum or geom_vinum.
It handles swap, and it should be in 5.3.

Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
See complete headers for address and phone numbers.


pgpnk3lqXPXTO.pgp
Description: PGP signature

Re: route vmnet1 host server

[Christian Hiris]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sunday 10 October 2004 18:02, Dick Hoogendijk wrote:
> I installed vmware3 on my fbsd-4.1 box. This machine has one
> ethernetcard and is a part of my local network (192.168.11.22)
>
> The situation:
>
> Server -- internet (217.122.132.217) - eth0
>  -- localnet (192.168.11.1) - eth1
>   (gw, dnsserver)
>
> fbsdbox -- localnet (192.168.11.22) - rl0
>  -- subnet2 (192.168.22.1) - vmnet1 (vmware3)
>  -- windows on vmware3 (192.168.22.201)
>
> -does vmnet1 indeed have to be configured as a different subnet?
> -is vmnet1 the gateway for the vm win machines to be installed yet.
> -how do I get the diff subnets talking to each other?

In your case /dev/vmnet1 is used for bridging (line vmnet1.Bridged = "YES" in 
your VMware config). It bridges the network traffic from the inside of your 
virtual machine (win-guest) to your physical NIC and vice versa.

win-vm <--> bridge [vmnet1/rl0] <--> rl0 (phys) <--> localnet/gateway  
 

The easiest solution is to assign a free ip-address of your localnet 
(192.168.11.nnn) to your win-guest. Try to avoid a setup of two subnets on 
one physical NIC.  
  
As /dev/vmnet1 acts as bridge it's ip-address isn't relevant. There is only 
the requirement that it's ip-address should not conflict with any already 
'in-use' ip-address on your network. So I would leave it as is (in theory a 
bridge doesn't need any ip-address - it operates on layer2).

> -did I get the ipnat rules correct?

If you decide to use a ip-address in your localnet ip-range, just duplicate 
the host-specfic rules and change the host-ip(192.168.11.22) to your 
win-guest-ip (192.168.11.nnn) in theese rules. You maybe want to do some 
extra-blocking of unwanted win-specific traffic. I only use ipfw, so I'm not 
the one that can answer your ipnat question in detail.

Cheers,
ch

- -- 
Christian Hiris <[EMAIL PROTECTED]> | OpenPGP KeyID 0x3BCA53BE 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBadHx09WjGjvKU74RAn1tAJ9YmLUTghPghwgd6K5ufw8A2O0mQACaA/Ms
yk+P4NGF86/rjgtPpTJYvng=
=kmCL
-END PGP SIGNATURE-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: NIS issue

[horio shoichi]

On Sun, 10 Oct 2004 12:55:06 -1000
William Bierman <[EMAIL PROTECTED]> wrote:
> Hello.  I have searched the archives for this, to no avail.
> 
> I am attempting to setup an NIS domain.  I have followed the steps in
> the handbook, and have succesfully setup my master and clients (I have
> no slave server, as this is a small domain).  The relevant information
> is propogated correctly to all slave servers, with the exception of
> master.passwd.  This contains very old information.
> 
> I do have * in my /etc/master.passwd file on each client machine.
> /var/yp/master.passwd is chmod 600 on the master machine
> 
> Can anyone shed some light on this issue?
> 
> Thanks,
> 
> Bill
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> 

Be hot on typo.

My case :

% sudo tail -1 /etc/ma*d
+:
% sudo tail -1 /etc/ma*d|wc -c
  11
%

As you see, nine colons are necessary after plus.



horio shoichi

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Xorg

[Jeremy Faulkner]

On Sun, 2004-10-10 at 23:09, Luís Vitório Cargnini wrote:
> Hi someone knows when X.org R6.8.1 will be available at Ports ???
> Because ports still in 6.7 release

The ports collection is still frozen pending the 5.3-RELEASE to allow
the existing ports to be tested and have packages made for them. It will
be unfrozen when the port manager says it is.

So, the best guess would be sometime after the ports collection is
unfrozen.
-- 
Jeremy Faulkner <[EMAIL PROTECTED]>


signature.asc
Description: This is a digitally signed message part

Re: Very Old Computer

[Jeremy Faulkner]

On Sun, 2004-10-10 at 17:28, Ryan Thompson wrote:
> Wayne "Thanatos" McBroom wrote to [EMAIL PROTECTED]:
> 
> > I got a hold of a Duracom 486/SX. Which FreeBSD do you think would
> > work on it? Just trying to replace the 3.11 system on it. Thanks.
> > Later.
> 
> I suppose it depends on how much RAM you have. You need more RAM to
> install FreeBSD than you do to actually run it. The release notes for
> 4.10 say this:
> 
>  1.2 Hardware Requirements
> 
>  FreeBSD for the i386 requires an 80386 or better processor. The
>  sysinstall(8) installation program requires 16MB of RAM; after
>  installation, FreeBSD itself can be run in 4-8MB of RAM with a
>  pared-down kernel. You will need at least 100MB of free hard drive
>  space for the most minimal installation; a more realistic minimum is
>  on the order of 250-350MB. See below for ways of shrinking existing
>  DOS partitions in order to install FreeBSD.
> 
>  If you are not familiar with configuring hardware for FreeBSD, you
>  should be sure to read the HARDWARE.TXT file; it contains important
>  information on what hardware is supported by FreeBSD.
> 
> If you're short on RAM, you can have great fun cabling the drive in and
> installing with another machine, and then compiling a custom kernel to
> select the appropriate CPU type and remove literally everything you
> don't need. Then, tweak your rc.conf to remove all unnecessary daemons
> (named, sendmail, usbd, and even cron, syslogd and the like, if you can
> survive without).
> 
> - Ryan

Another way to overcome the memory limit:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2967388+0+archive/2004/freebsd-questions/20040215.freebsd-questions
-- 
Jeremy Faulkner <[EMAIL PROTECTED]>


signature.asc
Description: This is a digitally signed message part

Xorg

[Luís Vitório Cargnini]

Hi someone knows when X.org R6.8.1 will be available at Ports ???
Because ports still in 6.7 release

-- 
Thanks && Regards
Luís Vitório Cargnini
Computer Science Bachelor
OpenCores Member 
EuropeSwPatentFree 


pgpJrrtfdYd96.pgp
Description: PGP signature

NIS issue

[William Bierman]

Hello.  I have searched the archives for this, to no avail.

I am attempting to setup an NIS domain.  I have followed the steps in
the handbook, and have succesfully setup my master and clients (I have
no slave server, as this is a small domain).  The relevant information
is propogated correctly to all slave servers, with the exception of
master.passwd.  This contains very old information.

I do have * in my /etc/master.passwd file on each client machine.
/var/yp/master.passwd is chmod 600 on the master machine

Can anyone shed some light on this issue?

Thanks,

Bill
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: out of i-nodes?

[Bill Moran]

Rishi Chopra <[EMAIL PROTECTED]> wrote:
> -- Bill Moran <[EMAIL PROTECTED]> wrote:
> 
> > 
> > Don't wrap machine generated output, it makes your
> > email a PITA to decipher.
> 
> As long as we're on the subject of ettiquette, don't
> include your replies on top of messages like a
> dumbshmuck n00b.
> 
> Question still stands; I apologize for text wrapping
> of some email clients.

You didn't read the entire email, and you snipped away the answer when
you replied.

I put the formatting note at the top of the message, because it wasn't
really related to the message content itself.  This could be argued in
circles as to whether it's good or bad formatting practice, but I don't
care to argue it today.  If enough people jump down my throat who
believe it's bad practice, I'll change it, but you're the first that's
complained in many years.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: out of i-nodes?

[Rishi Chopra]

-- Bill Moran <[EMAIL PROTECTED]> wrote:

> 
> Don't wrap machine generated output, it makes your
> email a PITA to decipher.

As long as we're on the subject of ettiquette, don't
include your replies on top of messages like a
dumbshmuck n00b.

Question still stands; I apologize for text wrapping
of some email clients.

=
Rishi Chopra
http://www.ocf.berkeley.edu/~rchopra

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: host-based ssh authentication (no password) not working ... help needed

[Joe Schmoe]

--- Matthew Seaman <[EMAIL PROTECTED]>
wrote:

> For ssh(1) to work using key based auth, all of the
> files in
> ~user/.ssh on the server must have the correct
> permissions, and the
> host public keys for the server should be known to
> the client machine,
> and vice versa.


No no ... I was talking about _host_ keys, not user
keys - no user home directories should be involved at
all.  I am simply sharing host keys so that all users
on CLIENT can login to SERVER with no passwords ... am
I missing something here ?

I think my problem is that I gave the public _host_
key of the CLIENT to the SERVER, but really I should
give the public _host_ key of the SERVER to the CLIENt
... is that my problem ?

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Where'd it go (restricting remote logins)

[Gene Bomgardner]

In version 4.7, there was a conf file where individual users could be 
granted or denied the ability to log in remotely. Since 5.2, I can no longer 
find the file (I don't recall its name).

Anyone know which file it was? Does the ability still exist?
Thanks
_
Check out Election 2004 for up-to-date election news, plus voter tools and 
more! http://special.msn.com/msn/election2004.armx

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: stdout/stderr/???

[Richard Lynch]

Malcolm Kay wrote:
> On Sun, 10 Oct 2004 06:53 am, Richard Lynch wrote:
>> I have a situation where NIC code printf's out stuff.
>>
>> I'd *LIKE* to collect that output.
>>
>> Under Linux, I'd use 2&>1
>
> I think (hope) you mean 2>&1

According to "man bash" both should work, though one is preferred.

Both work fine *EXCEPT* that I have to pull the plug, and the file never
gets save/written/whatever.

I am using bash, specifically so I *CAN* do re-directs, but would be happy
to use *ANY* shell if I could just get what I want.

> Can't see why it should work differently for 'ifconfig'
> unless maybe this time you have the '&' in the wrong place.
> In any case I would not expect massive amounts of output from
> ifconfig.

It works differently because the driver goes into an infinite loop, and
the file never manages to get written.  Perhaps I could reduce some kind
of buffer somewhere to force the flush() to the file?

>> I can sorta get what I want by starting X-Windows, and using a
>> terminal/shell to do the command.  Then the messages I desire to log are
>> A) suppressed from by shell (which is BAD) but B) logged into
>> /var/log/messages (which is close enough to what I want)
>
> I don't understand what you are saying here. X-windows (of itself) should
> not process the commands differently. I suspect you have some fancy
> desktop
> program with options set that interfere.

It's KDE.

I'll be damned if I know why it's re-directing stderr to /var/log/messages
and hiding it from me in the shell.

I've tried poking around in the configuration of shells, but am presented
with a dialog so confusing, with so many options, I can't even understand
what all the choices mean. :-(

All I really want is a shell just like CTRL-ALT-F#.  Except it would be
nice if shift-ctrl-c and shift-ctrl-v did copy/paste.  I have that on one
X shell on a RedHat 9 box, and it's pretty nice.  All the other copy/paste
options are cumbersome, at best, and frequently just plain won't cross
applications boundaries.  (IE, I can copy/paste from shell to shell, but
not shell to browser.   Grr)

>> Alas, the real problem comes when my driver code sends the machine into
>> an
>> infinite loop, spewing out messages so fast I can't even read them, and
>> the only way out is to forcibly power-off the laptop by removing battery
>> and power cord.
>
> What driver code? Are you trying to write your own? for what device?

I am attempting to modify /usr/src/sys/dev/bfe/if_bfe.c to work with the
Broadcom 4401-B0 in my laptop.

The existing code is known to work for the Broadcom 4401-A1.

> An infinite loop while running or compiling the driver code?
>
> If when the driver code is installed and run  then you are fiddling will
> kernel mode, and if you mess up all bets are off.

bfe has been disabled in the kernel, and the kernel has been
re-built/installed.

cd /usr/src/sys/modules/bfe/
make; make install; kldload /boot/kernel/if_bfe.ko;

"ifconfig bfe0" works fine, and prints out my error messages, and I can
capture them.

"ifconfig bfe0 192.168.2.111" generates an infinite loop spewing messages
so fast I can't even *READ* them.

Nothing but total power loss stops this.

> You have tried Cntrl-Z and Cntrl-Alt-F2 ?

Ctrl-Z I have not tried.

cntrl-alt-f2, hit repeatedly, will eventually "catch" an interrupt (or
time-slice or whatever) and get me to tty2.  But I can't seem to do
anything useful there, as keyboard input is ignored.  I could, perhaps,
manage to press a key long enough to catch an interrupt/time-slice
there...

>> Upon re-boot, the additions I would expect in /var/log/messages (or the
>> bziped older logs) do not contain the messages I need to see.
>>
>> I have also tried:
>> ktrace xxx
>>
>> Again, for the case where the machine is not in an infinite loop, it
>> works
>> real nifty;  But when I'm forced to chop power, I get nothing.
>>
>> Is there something that will:
>> A) copy (or re-direct) all output somewhere, *AND*
>> B) force it to be synchronous and unbuffered and whatever else has to
>> occur to get the file to be saved?
>>
>> Any other suggestions for how to get this process to not lock up the
>> machine? control-C ineffective
>> CTRL-ALT-F2 followed by CTRL-ALT-DELETE can sometimes get me to another
>> tty, but that tty does not accept input
>
> Are you sure?

Yes, I'm quite sure.

I can switch back to ctrl-alt-f1, but cannot log in.

I can press ctrl-alt-f2 enough times, and eventually get switched to
tty2... which is dead.

> The CTRL-ALT-F2 hopefully gets you a character mode tty with a login
> prompt.
> But you'll need to login to proceed. CTRL-ALT-DELETE at this stage should
> cause a reboot.

ctrl-alt-delete does absolutely nothing, though perhaps if I held it down
long enough to catch a time-slice (or interrupt or whatever) it *MIGHT*
re-boot.  Probably not much better than cold power loss, though, right?

-- 
Like Music?
http://l-i-e.com/artists.htm

___
[EMAIL PROTECTED]

Re: out of i-nodes?

[Bill Moran]

Don't wrap machine generated output, it makes your email a PITA to decipher.

Rishi Chopra <[EMAIL PROTECTED]> wrote:
> When attempting to build a custom kernel, I ran into
> the following error message:
> 
> /usr: create/symlink failed, no inodes free
> Assembler messages:
> FATAL: can't create buffer.o: No space left on device
> *** Error code 2
> 
> When I use 'df', I noticed something strange:
> 
> [13:29:[EMAIL PROTECTED]:/]$ df -h
> FilesystemSize   Used  Avail Capacity  Mounted on
> /dev/ad0s1a   771M36M   674M 5%/
> devfs 1.0K   1.0K 0B   100%/dev
> /dev/ad0s1e   786M   606M   118M84%/usr
> /dev/ad0s1d   193M92K   178M 0%/var
> /dev/ad4s1 78G55G23G71%/fat32/audio
> /dev/ad4s2108G50G58G47%/fat32/video
> [13:29:[EMAIL PROTECTED]:/]$ df -i
> Filesystem  1K-blocks UsedAvail Capacity iused  ifree %iused  Mounted on
> /dev/ad0s1a78951836376   689982 5% 924 1168341%   /
> devfs   110   100%   0  0  100%   /dev
> /dev/ad0s1e805366   620498   12044084%  117758  0  100%   /usr
> /dev/ad0s1d198126   92   182184 0%  16  258380%   /var
> /dev/ad4s1   81903456 58047680 2385577671%   0  0  100%   /fat32/audio
> /dev/ad4s2  113407296 52760448 6064684847%   0  0  100%   /fat32/video
> [13:29:[EMAIL PROTECTED]:/]$ 
> 
> How can I be out of inodes for my 800MB /usr
> partition?  I didn't modify anything from the standard
> minimal installation and only installed the ports
> tree, CVSUP, and /src/sys afterwards.

800M is a pretty small partition for /usr.

The ports tree eats up a LOT of inodes, out of proportion to how much data
space it uses.  Your /usr partition is pretty close to full as it is on the
data side.

If that's all the space you have, you'll probably have to re-newfs /usr with
a lower ration of bytes/inode.  You could also pick through the ports tree
and delete subtrees that you have no use for (such as the language-specific
parts for languages you don't speak).

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Kernel modules & the 5.2.1-p9 to 5.3b7 migration?

[Alan Gerber]

Joshua Tinnin wrote:
On Sunday 10 October 2004 12:47 pm, Alan Gerber <[EMAIL PROTECTED]> 
wrote:
 

I recently decided to update my 5.2.1-p9 system to the latest beta to
check out the improvements in ACPI code on my Dell Latitude D600
laptop.  So I updated sources and went through the usual
[build|install][world|kernel] procedure as described in the handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.h
tml
   

Did you rebuild your ports? If you haven't done this, you probably 
should, as GCC has been updated. While you're at it you might want to 
remove the mapping in libmap.conf and rebuild for the new library 
versions in BETA7. I'm not sure if that will solve your ACPI problems, 
but it has to be done anyway.

- jt
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
 

Yes.  I have rebuilt each of my installed ports, so in theory the 
libmap.conf mappings should be unnecessary.  The problem still persists 
after removing the mappings, so it doesn't look like that has an affect 
on the problem either way.

--
Alan Gerber
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: host-based ssh authentication (no password) not working ... helpneeded

[Marcel de Reuver]

>>>Joe Schmoe wrote:
> 
> I have machines CLIENT and SERVER.
> 
> On SERVER, I set the following options in
> /etc/ssh/sshd_config :
> 
> RhostsAuthentication  no
> RhostsRSAAuthentication   yes
> 
> Then I copied the host public key from /etc/ssh on
> CLIENT to /etc/ssh/ssh_known_hosts on SERVER - so now
> the SERVER has the CLIENTs public key.
> 
> Finally, I added the hostname of CLIENT to
> /etc/hosts.equiv on SERVER.  Then I HUPped sshd on
> SERVER.
> 
> So now I go to CLIENT and run:
> 
> ssh [EMAIL PROTECTED]
> 
> and it asks me for a password!!
> 

You have to disable PAM authentication:

--- sshd.conf: ---
...
# Change to no to disable PAM authentication
ChallengeResponseAuthentication no
...

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

out of i-nodes?

[Rishi Chopra]

When attempting to build a custom kernel, I ran into
the following error message:

/usr: create/symlink failed, no inodes free
Assembler messages:
FATAL: can't create buffer.o: No space left on device
*** Error code 2

When I use 'df', I noticed something strange:

[13:29:[EMAIL PROTECTED]:/]$ df -h
FilesystemSize   Used  Avail Capacity  Mounted on
/dev/ad0s1a   771M36M   674M 5%/
devfs 1.0K   1.0K 0B   100%/dev
/dev/ad0s1e   786M   606M   118M84%/usr
/dev/ad0s1d   193M92K   178M 0%/var
/dev/ad4s1 78G55G23G71%   
/fat32/audio
/dev/ad4s2108G50G58G47%   
/fat32/video
[13:29:[EMAIL PROTECTED]:/]$ df -i
Filesystem  1K-blocks UsedAvail Capacity iused
 ifree %iused  Mounted on
/dev/ad0s1a78951836376   689982 5% 924
1168341%   /
devfs   110   100%   0
 0  100%   /dev
/dev/ad0s1e805366   620498   12044084%  117758
 0  100%   /usr
/dev/ad0s1d198126   92   182184 0%  16
 258380%   /var
/dev/ad4s1   81903456 58047680 2385577671%   0
 0  100%   /fat32/audio
/dev/ad4s2  113407296 52760448 6064684847%   0
 0  100%   /fat32/video
[13:29:[EMAIL PROTECTED]:/]$ 

How can I be out of inodes for my 800MB /usr
partition?  I didn't modify anything from the standard
minimal installation and only installed the ports
tree, CVSUP, and /src/sys afterwards.

=
Rishi Chopra
http://www.ocf.berkeley.edu/~rchopra



__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Kernel modules & the 5.2.1-p9 to 5.3b7 migration?

[Alan Gerber]

Kris Kennaway wrote:
On Sun, Oct 10, 2004 at 03:47:30PM -0400, Alan Gerber wrote:
 

I recently decided to update my 5.2.1-p9 system to the latest beta to 
check out the improvements in ACPI code on my Dell Latitude D600 
laptop.  So I updated sources and went through the usual 
[build|install][world|kernel] procedure as described in the handbook: 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

I decided to go with the GENERIC kernel and rebuild it later with my 
specific options - everything built successfully and it looked like 
everything was going great, although I did note that I was updating much 
more in the mergemaster step than I was originally expecting.  But I 
muddled through it and it finally came time to reboot into beta-7.

When I did reboot, I got a pretty big surprise - it appears that the 
kernel can't find any of its modules.  In the "Bootstrap Loader" portion 
of the startup sequence (I *think* it is boot2 - just before you get the 
beastie screen asking you if you want to start with ACPI disabled, 
verbose mode, safe mode, etc), it appears to load the snd_emu10k1.ko and 
sound.ko modules.  I'd expect this since my system is equipped with that 
style sound card.

However, just after the beastie screen goes away to allow the boot to 
continue, I get the message "ACPI autoload failed - no such file or 
directory" as the first line of text, before any of the other 
kernel-outputted text.  A couple of other interesting messages follow.  
One tells me that kldload can't load star_saver, reporting a "No such 
file or directory" error.  I also get a message saying that /dev/mixer 
doesn't exist (and indeed it doesn't -- nor is there any sign of a sound 
device in the dmesg output).

When I execute kldstat, I get the entries I would expect back - kernel, 
snd_emu10k1.ko, sound.ko, and est.ko (of the enhanced speedstep driver 
fame - I was running it on 5.2.1).  If I try to manually load a module, 
such as the star_saver (this is the only thing I've done since loading 
acpi.ko isn't a good idea), it works.
   

Well, where are your modules?
Kris
They all exist in /boot/kernel
--
Alan Gerber
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Kernel modules & the 5.2.1-p9 to 5.3b7 migration?

[Joshua Tinnin]

On Sunday 10 October 2004 12:47 pm, Alan Gerber <[EMAIL PROTECTED]> 
wrote:
> I recently decided to update my 5.2.1-p9 system to the latest beta to
> check out the improvements in ACPI code on my Dell Latitude D600
> laptop.  So I updated sources and went through the usual
> [build|install][world|kernel] procedure as described in the handbook:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.h
>tml

Did you rebuild your ports? If you haven't done this, you probably 
should, as GCC has been updated. While you're at it you might want to 
remove the mapping in libmap.conf and rebuild for the new library 
versions in BETA7. I'm not sure if that will solve your ACPI problems, 
but it has to be done anyway.

- jt
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Kernel modules & the 5.2.1-p9 to 5.3b7 migration?

[Kris Kennaway]

On Sun, Oct 10, 2004 at 03:47:30PM -0400, Alan Gerber wrote:
> I recently decided to update my 5.2.1-p9 system to the latest beta to 
> check out the improvements in ACPI code on my Dell Latitude D600 
> laptop.  So I updated sources and went through the usual 
> [build|install][world|kernel] procedure as described in the handbook: 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
> 
> I decided to go with the GENERIC kernel and rebuild it later with my 
> specific options - everything built successfully and it looked like 
> everything was going great, although I did note that I was updating much 
> more in the mergemaster step than I was originally expecting.  But I 
> muddled through it and it finally came time to reboot into beta-7.
> 
> When I did reboot, I got a pretty big surprise - it appears that the 
> kernel can't find any of its modules.  In the "Bootstrap Loader" portion 
> of the startup sequence (I *think* it is boot2 - just before you get the 
> beastie screen asking you if you want to start with ACPI disabled, 
> verbose mode, safe mode, etc), it appears to load the snd_emu10k1.ko and 
> sound.ko modules.  I'd expect this since my system is equipped with that 
> style sound card.
> 
> However, just after the beastie screen goes away to allow the boot to 
> continue, I get the message "ACPI autoload failed - no such file or 
> directory" as the first line of text, before any of the other 
> kernel-outputted text.  A couple of other interesting messages follow.  
> One tells me that kldload can't load star_saver, reporting a "No such 
> file or directory" error.  I also get a message saying that /dev/mixer 
> doesn't exist (and indeed it doesn't -- nor is there any sign of a sound 
> device in the dmesg output).
> 
> When I execute kldstat, I get the entries I would expect back - kernel, 
> snd_emu10k1.ko, sound.ko, and est.ko (of the enhanced speedstep driver 
> fame - I was running it on 5.2.1).  If I try to manually load a module, 
> such as the star_saver (this is the only thing I've done since loading 
> acpi.ko isn't a good idea), it works.

Well, where are your modules?

Kris

pgp7ktC1OF64q.pgp
Description: PGP signature

Re: sendmail and virtualusers

[Chuck Swiger]

Noah wrote:
[ ... ]
but when I send mail to [EMAIL PROTECTED] I thought it would bounce but instead
it appears in my personal mailbox with the username user2 (user1 is a
different account).  I am even sending mail from a remote machine.
I cant figure out why it is delivered to me and also cant figure out why a
bounce is not sent to the originator.
I don't support you have LUSER_RELAY set in your .mc?
If you want to understand how and why sendmail takes a given address and 
changes it and/or decides where to deliver it, use a command like:

% echo '3,0 [EMAIL PROTECTED]' | sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter  
> canonify   input: < cswiger @ mac . com >
Canonify2  input: cswiger < @ mac . com >
Canonify2returns: cswiger < @ mac . com . >
  [ ...many lines deleted... ]
parsereturns: $# esmtp $@ mac . com . $: cswiger < @ mac . com . >
obviously using a relevant email address instead of my own.  This will 
show lookups to your virtusertable and mailertable maps, and indicates whether 
the address will be handled for local delivery-- which looks something like:

parsereturns: $# local $: cswiger
...or be handled for remote delivery to some MX via the E/SMTP mailer-- which 
is what the "$# esmtp $@ mac . com ." part above means (obviously :-), etc.

--
-Chuck
PS: You might obtain better help from a sendmail-specific list than here.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"