Re: pam ssh authentication via ldap
On 26 February 2011 20:01, Tim Dunphy bluethu...@gmail.com wrote: Hey list, I just wanted to follow up with my /usr/local/etc/ldap.conf file and nsswitch file because I thought they might be helpful in dispensing advice as to what is going on: uri ldap://LBSD2.summitnjhome.com base ou=staff,ou=Group,dc=summitnjhome,dc=com sudoers_base ou=staff,ou=Group,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw secret scope sub pam_password exop nss_base_passwd dc=summitnjhome,dc=com nss_base_shadow dc=summitnjhome,dc=com nss_base_group dc=summitnjhome,dc=com nss_base_sudo dc=summitnjhome,dc=com # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # passwd: files ldap passwd_compat: files ldap group: files ldap group_compat: nis sudoers: ldap hosts: files dns networks: files shells: files services: compat services_compat: nis protocols: files rpc: files On Sat, Feb 26, 2011 at 2:55 PM, Tim Dunphy bluethu...@gmail.com wrote: Hello List!! I have an OpenLDAP 2.4 server functioning very nicely that authenticates a network of (mostly virtual) centos 5.5 machines. But at the moment I am attempting to setup pam authentication for ssh via LDAP and having some difficulty. My /etc/pam.d/sshd file seems to be setup logically and correctly: # PAM configuration for the sshd service # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_ldap.so #auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_ldap.so #account required pam_unix.so # session #session optional pam_ssh.so session sufficient pam_ldap.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_ldap.so #password required pam_unix.so no_warn try_first_pass And if I'm reading the logs correctly LDAP is searching for and finding the account information when I am making the login attempt: Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SRCH base=dc=summitnjhome,dc=com scope=2 deref=0 filter=((objectClass=posixAccount)(uidNumber=1001 )) Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectCla ss Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: AND Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: OR Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa1 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: AND Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=26 first=106 last=137 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=106 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=106 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=1 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=1 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: activity on 1 descriptor Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: waked Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: select: listen=6 active_threads=0 tvp=NULL Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: select: listen=7 active_threads=0
Re: pam ssh authentication via ldap
On 27 February 2011 11:05, krad kra...@gmail.com wrote: On 26 February 2011 20:01, Tim Dunphy bluethu...@gmail.com wrote: Hey list, I just wanted to follow up with my /usr/local/etc/ldap.conf file and nsswitch file because I thought they might be helpful in dispensing advice as to what is going on: uri ldap://LBSD2.summitnjhome.com base ou=staff,ou=Group,dc=summitnjhome,dc=com sudoers_base ou=staff,ou=Group,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw secret scope sub pam_password exop nss_base_passwd dc=summitnjhome,dc=com nss_base_shadow dc=summitnjhome,dc=com nss_base_group dc=summitnjhome,dc=com nss_base_sudo dc=summitnjhome,dc=com # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $ # passwd: files ldap passwd_compat: files ldap group: files ldap group_compat: nis sudoers: ldap hosts: files dns networks: files shells: files services: compat services_compat: nis protocols: files rpc: files On Sat, Feb 26, 2011 at 2:55 PM, Tim Dunphy bluethu...@gmail.com wrote: Hello List!! I have an OpenLDAP 2.4 server functioning very nicely that authenticates a network of (mostly virtual) centos 5.5 machines. But at the moment I am attempting to setup pam authentication for ssh via LDAP and having some difficulty. My /etc/pam.d/sshd file seems to be setup logically and correctly: # PAM configuration for the sshd service # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_ldap.so #auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_ldap.so #account required pam_unix.so # session #session optional pam_ssh.so session sufficient pam_ldap.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_ldap.so #password required pam_unix.so no_warn try_first_pass And if I'm reading the logs correctly LDAP is searching for and finding the account information when I am making the login attempt: Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SRCH base=dc=summitnjhome,dc=com scope=2 deref=0 filter=((objectClass=posixAccount)(uidNumber=1001 )) Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectCla ss Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: AND Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: OR Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa1 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: AND Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates 0xa0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=26 first=106 last=137 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates Feb 26 19:52:54 LBSD2 slapd[54891]: EQUALITY Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=106 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=106 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=0 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_list_candidates: id=0 first=1 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: = bdb_filter_candidates: id=0 first=1 last=0 Feb 26 19:52:54 LBSD2 slapd[54891]: conn=21358 op=22122 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: activity on 1 descriptor Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: waked Feb 26 19:52:54 LBSD2 slapd[54891]: daemon: select: listen=6 active_threads=0 tvp=NULL Feb 26 19:52:54 LBSD2
using freebsd-update to update jails and their host
I have a 8.0 host system with a few jails (using ezjail) that I am gearing to update to 8.2. I have used freebsd-update a few times in the past to upgrade a system between releases, but how I would I go about using it to also upgrade a few jails made using ezjail? I would obviously need to point freebsd-update to use /basejail as root which I assume isn't too hard, but what about having it merge the new/changed /etc files in individual jails? I've also discovered the ezjail-admin install -h file:// option which installs a basejail using the host system as base, am I right in thinking I could also use this by first upgrading my host and then running this command to write the /basejail over with the updated files from the host to bring them into sync? I still don't know how I would then fix the /etc under each individual jail though. - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using freebsd-update to update jails and their host
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/27/11 08:48, Dan Naumov wrote:
I've also discovered the ezjail-admin install -h file:// option which
installs a basejail using the host system as base, am I right in thinking I
could also use this by first upgrading my host and then running this command
to write the /basejail over with the updated files from the host to bring
them into sync? I still don't know how I would then fix the /etc under each
individual jail though.
I've been using ..
ezjail-admin update -i
.. to update the binaries after a full update of the host system and
something like ..
#!/bin/sh
for JAIL in {list-your-jails-here}
do
mv /usr/src /usr/local/jails/${JAIL}/usr
JAIL_ID=`jls | grep $JAIL | awk '{ print $1 };'`
echo Updating: ${JAIL}
jexec ${JAIL_ID} mergemaster -scvi
mv /usr/local/jails/${JAIL}/usr/src /usr
done
.. to update/merge with jail-specific config data,
imb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (FreeBSD)
iEYEARECAAYFAk1qZ3IACgkQQv9rrgRC1JLqugCcCRUttSFubQnc6IJtgjR6wcjr
xioAoKllN6juSk1A7hHso7/AXP8mMZ9p
=tkVj
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using freebsd-update to update jails and their host
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Apologies .. correcting myself here ..
.. to update the binaries after a full update of the host system and
something like ..
#!/bin/sh
for JAIL in {list-your-jails-here}
do
mv /usr/src /usr/local/jails/${JAIL}/usr
JAIL_ID=`jls | grep $JAIL | awk '{ print $1 };'`
echo Updating: ${JAIL}
jexec ${JAIL_ID} mergemaster -scvi
mv /usr/local/jails/${JAIL}/usr/src /usr
done
This should, of course, be ..
#!/bin/sh
rmdir /usr/local/jails/basejail/usr/src
mv /usr/src /usr/local/jails/basejail/usr/src
for JAIL in {list-your-jails-here}
do
JAIL_ID=`jls | grep $JAIL | awk '{ print $1 };'`
echo Updating: ${JAIL}
jexec ${JAIL_ID} mergemaster -scvi
done
mv /usr/local/jails/basejail/usr/src /usr
mkdir /usr/local/jails/basejail/usr/src
imb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (FreeBSD)
iEYEARECAAYFAk1qagEACgkQQv9rrgRC1JJVdwCfWeTcTSheVvMDFDLMfZj/56he
ZUcAoLwiSObA6UmCmALfiFK/tJaVyj8+
=1pnX
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrading 7.1 to 7.3, use 7.2 as a safe step?
My upgrades were a success. I upgraded 3 machines: 1. 7.1 - 7.4 2. 8.0 - 8.1 3. 7.1 - 7.3 - 7.4 I don't use STABLE, but rather e.g. RELENG_7_4 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Webkit-gtk2 upgrade
When I attempt to upgrade Webkit-gtk2 the upgrade chokes with this message: CC WebKit/gtk/tests/Programs_unittests_testwebview-test_utils.o CCLD Programs/unittests/testwebview CC WebKit/gtk/tests/Programs_unittests_testkeyevents-testkeyevents.o CCLD Programs/unittests/testkeyevents cp ./WebKit/gtk/JSCore-1.0.gir ./ GENWebKit-1.0.gir /usr/local/share/gir-1.0/Soup-2.4.gir: Incompatible version 1.0 (supported: 1.2) gmake[1]: *** [WebKit-1.0.gir] Error 1 gmake[1]: Leaving directory `/usr/tmp/usr/ports/www/webkit-gtk2/work/webkit-1.2.7' gmake: *** [all] Error 2 *** Error code 1 Stop in /usr/ports/www/webkit-gtk2. The problem seem to be this incompatible version of /usr/local/share/gir-1.0. I'd like a heads up on how I can bring this up to the supported 1.2 version. Thanks... Rem ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update housekeeping?
On Fri 2011-02-25 17:26:52 UTC+, Neil Long (n...@cymru.com) wrote: Just noticed how large /var/db/freebsd-update has grown on a box I just upgraded from 7.3 to 7.4 (but I can't recall when I started using it). Is there a recommended approach or just rm the directory if I have no need to roll it back? Before I upgraded to 7.4-REL I used rm -rf /var/db/freebsd-update/ as my /var is only 1 GB and was running low on free space. Doing this should be no different to a fresh install where this directory is initially empty anyway. Of course if you're still wary you could make a tarball backup of that directory somewhere else before emptying it out. IIRC, freebsd-update will complain if /var/db/freebsd-update/ doesn't exist, so you may need to mkdir it after using rm -rf. Regards Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Problem upgrading from 8.1-8.2, ZFS as root filesystem
Hi, Doing a source upgrade from 8.1-8.2, all went well up to the installworld step: Reboot into single user mode: mount -u ./ zfs mount -a cd /usr/src make installworld It goes fine up to this point: (copying by hand) ===sys/boot/i386/zfsloader (install) cp zfsloader.sym zfsloader.bin cp:No such file or directory *** Error code 1 Stop in /usr/src/sys/boot/i386/zfsloader *** Error code 1 Stop in /usr/src/sys/boot/i386 Any suggestions would be *very* appreciated! Thanks, Scott -- boyva...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD Performance
Hello All: I am curious... does anyone know of a reasonably priced commodity server capable of sourcing/sinking 10 Gbps of data from/to disk via 2 x 10 GE network interfaces? Any ideas on how hard this would be to do with FreeBSD? I know of a proprietary linux-based system, but looking for open-source FreeBSD based system. Thanks, David. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem upgrading from 8.1-8.2, ZFS as root filesystem
On Sun, Feb 27, 2011 at 2:36 PM, Scott Ballantyne boyva...@gmail.comwrote: ===sys/boot/i386/zfsloader (install) cp zfsloader.sym zfsloader.bin cp:No such file or directory *** Error code 1 Stop in /usr/src/sys/boot/i386/zfsloader *** Error code 1 Stop in /usr/src/sys/boot/i386 Any suggestions would be *very* appreciated! Thanks, Scott You can follow the intructions for building the loader which I believe are in the wiki or set LOADER_ZFS_SUPPORT=YES in /etc/src.conf prior to upgrade. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem upgrading from 8.1-8.2, ZFS as root filesystem
On Sun, Feb 27, 2011 at 4:04 PM, Adam Vande More amvandem...@gmail.comwrote: On Sun, Feb 27, 2011 at 2:36 PM, Scott Ballantyne boyva...@gmail.comwrote: ===sys/boot/i386/zfsloader (install) cp zfsloader.sym zfsloader.bin cp:No such file or directory *** Error code 1 Stop in /usr/src/sys/boot/i386/zfsloader *** Error code 1 Stop in /usr/src/sys/boot/i386 Any suggestions would be *very* appreciated! Thanks, Scott You can follow the intructions for building the loader which I believe are in the wiki or set LOADER_ZFS_SUPPORT=YES in /etc/src.conf prior to upgrade. Thanks Adam, but it still comes to a screaming stop with that set. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Performance
From owner-freebsd-questi...@freebsd.org Sun Feb 27 14:54:09 2011 From: David cyber...@gmail.com Date: Sun, 27 Feb 2011 15:46:03 -0500 To: freebsd-questions@freebsd.org Subject: FreeBSD Performance Hello All: I am curious... does anyone know of a reasonably priced commodity server capable of sourcing/sinking 10 Gbps of data from/to disk via 2 x 10 GE network interfaces? Any ideas on how hard this would be to do with FreeBSD? I know of a proprietary linux-based system, but looking for open-source FreeBSD based system. A lot depends on what you need to do with the data. Do you need just the 'contents' of the network packets -- i.e. are you trying to send/recieve a single stream of data -- or do you need complete headers, augmented with timestamps, such that you can re- construct/replay what was 'seen on the wire'? Is the box 'dedicated' to receiving (or sending), and does -nothing-else- while that operation is in process? or do you need to sample the data in real-time as well? Another question is _how_long_ you need to handle the 2x10gbit/sec of data. a few seconds? a few tens of seconds? minutes? hours? If you need to 'go to disk' in real-time, you're looking at needing at least 3-4 gigabyte/sec of bandwith to disk. No commodity drives provide that kind of capacity, so you're looking at multiple drives 'in parallel' -- the logical equivalent of a 'striped' RAID array. Probably 12-16 spindles paralleled. Best handled with _hardware_ raid, directly in the disk controller, but I don't know of a commodity controller that supports enough spindles to give that bandwidth. This means one is best off doing it in the application softwre itself, rather than trusting the O/S to get it right. You're also looking at a _big_ disk array. Around 200 gigs for ONE MINUTE of data. Need 'only' an hour? That's merely 12 terabytes. The O/S is -relatively- unimportant. wry grin You need _good_ network cards, with good drivers -- preferably ones where most of the network stack can be off-loaded onto the card itself. You also need good disk controllers, ideally semi-autonomous (like SCSI), with fairly large data buffers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: qmail or postfix?
Dear Sir/Madam, Your email was unable reach the intended person that you were sending it to. For more information on our business please click on the following link: Click here for our website We look forward to your continued business in the future. Regards, Webmaster ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gcc45 wrong debug info?
Wondering if anyone has encountered this problem where gdb/gcc doesn't seem to be getting the line number info right. I compiled code in as -- gcc45 -g -W -Wall -O0 -std=c99 -D_BSD_SOURCE -DDEBUG -D__BSD_VISIBLE -DFREEBSD -c interreflect3d.c -o x86-debug/objects/interreflections/interreflect3d.o gcc45 -g -W -Wall -O0 -std=c99 -D_BSD_SOURCE -DDEBUG -D__BSD_VISIBLE -DFREEBSD interreflect_driver.c x86-debug/objects/interreflections/interreflect3d.o -o x86-debug/bin/interreflect_driver -I./ -Ix86-debug/include -Ix86-debug/../external/include -Lx86-debug/../external/lib -llapack -lf77blas -lcblas -latlas -lgfortran -- and then I go to debug. I seem to stop in my function ok, locals and such seem ok, gdb seems to handle OK, except the line number information is wrong: #0 0x0040467b in reconstruction_prune (r=0x7fffe420, intensity_threshold_min=1, intensity_threshold_max=99, jump_discontinuity_threshold=100, clustersize=5) at interreflect3d.c:296 #1 0x004013ef in main (argc=26, argv=0x7fffe620) at interreflect_driver.c:103 For #0, the correct line is 1108, not 296. #1 is correct. This incorrect line number info is giving me grief while I'm trying to step through my code. Anyone have a hunch what's going on here? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pam ssh authentication via ldap
Hello Krad and thank you for your reply!
Well it seems that I am still unable to login to this machine using an
LDAP account. I have tried applying the configurations you have
provided and the result doesn't seem to have changed just yet.
Here is my /usr/local/etc/ldap.conf file
uri ldap://LBSD2.summitnjhome.com
base dc=summitnjhome,dc=com
sudoers_base ou=staff,ou=Group,dc=summitnjhome,dc=com
binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
bindpw secret
scope sub
ssl start tls
tls_cacert /usr/local/etc/openldap/certs/LBSD2.summitnjhome.com.crt
pam_login_attribute uid
bind_timelimit 1
timelimit 1
bind_policy soft
pam_password exop
nss_base_passwd dc=summitnjhome,dc=com
nss_base_shadow dc=summitnjhome,dc=com
nss_base_group dc=summitnjhome,dc=com
nss_base_sudo dc=summitnjhome,dc=com
nss_initgroups_ignoreusers root,slapd
#ls -l /usr/local/etc/nss_ldap.conf
lrwxr-xr-x 1 root wheel 24 Feb 28 00:10
/usr/local/etc/nss_ldap.conf - /usr/local/etc/ldap.conf
#cat /usr/local/etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29
kensmith Exp $
#
passwd: cache files ldap [notfound=return]
passwd_compat: files ldap
group: cache files ldap [notfound = return]
group_compat: nis
sudoers: ldap
hosts: files dns
networks: files
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Here is my slapd.conf file:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/sudo.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/openssh-lpk_openldap.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
loglevel296
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
## TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/LBSD2.summitnjhome.com.crt
TLSCertificateKeyFile /usr/local/etc/openldap/certs/LBSD2.summitnjhome.com.key
TLSCACertificateFile /usr/local/etc/openldap/certs/gd_bundle.crt
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleloadback_hdb
# moduleloadback_ldap
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base= by * read
access to *
by read
access to attrs=userPassword by self write
by anonymous auth
access to * by self write
by dn.children=ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
write
by users read
by anonymous auth
access to * by self write
by users read
by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., access to * by * read)
#
# rootdn can always read and write EVERYTHING!
###
# BDB database definitions
###
databasebdb
suffix dc=summitnjhome,dc=com
rootdn cn=Manager,dc=summitnjhome,dc=com
rootpw {SSHA}secret
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/summitnjhome.com
# Indices to maintain
index objectClass,uid,uidNumber eq
index sudoUsereq
these are the packages I have installed
nss_ldap-1.265_4RFC 2307 NSS module
openldap-sasl-client-2.4.23 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.23 Open source LDAP server implementation
Re: gcc45 wrong debug info?
Hmm. When I compile with -gstabs -ggdb, at least addr2line and gdb can at least see the correct line info. The info below is correct except I don't know what's up with the argc thing. Ideas? Thanks. -- Breakpoint 1, main (argc=Cannot access memory at address 0x8000e41c ) at interreflect_driver.c:9 (gdb) info breakpoints Num Type Disp Enb AddressWhat 1 breakpoint keep y 0x00400fed in main at interreflect_driver.c:9 breakpoint already hit 1 time 2 breakpoint keep y 0x004013bb in main at interreflect_driver.c:103 3 breakpoint keep y 0x00401cd3 in reconstruction_load_points at interreflect3d.c:296 4 breakpoint keep y 0x00404419 in reconstruction_prune at interreflect3d.c:1107 -- On Sun, Feb 27, 2011 at 07:30:38PM -0500, Eric Dedrick wrote: Wondering if anyone has encountered this problem where gdb/gcc doesn't seem to be getting the line number info right. I compiled code in as -- gcc45 -g -W -Wall -O0 -std=c99 -D_BSD_SOURCE -DDEBUG -D__BSD_VISIBLE -DFREEBSD -c interreflect3d.c -o x86-debug/objects/interreflections/interreflect3d.o gcc45 -g -W -Wall -O0 -std=c99 -D_BSD_SOURCE -DDEBUG -D__BSD_VISIBLE -DFREEBSD interreflect_driver.c x86-debug/objects/interreflections/interreflect3d.o -o x86-debug/bin/interreflect_driver -I./ -Ix86-debug/include -Ix86-debug/../external/include -Lx86-debug/../external/lib -llapack -lf77blas -lcblas -latlas -lgfortran -- and then I go to debug. I seem to stop in my function ok, locals and such seem ok, gdb seems to handle OK, except the line number information is wrong: #0 0x0040467b in reconstruction_prune (r=0x7fffe420, intensity_threshold_min=1, intensity_threshold_max=99, jump_discontinuity_threshold=100, clustersize=5) at interreflect3d.c:296 #1 0x004013ef in main (argc=26, argv=0x7fffe620) at interreflect_driver.c:103 For #0, the correct line is 1108, not 296. #1 is correct. This incorrect line number info is giving me grief while I'm trying to step through my code. Anyone have a hunch what's going on here? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: usb portable drive (ntfs) issues
thanks. ok, that was my mistake for that mdntfs. it should be ntfs. best --- On Sat, 2/26/11, ill...@gmail.com ill...@gmail.com wrote: From: ill...@gmail.com ill...@gmail.com Subject: Re: usb portable drive (ntfs) issues To: gahn ipfr...@yahoo.com Cc: freebsd general questions freebsd-questions@freebsd.org Date: Saturday, February 26, 2011, 11:00 PM On 26 February 2011 22:23, gahn ipfr...@yahoo.com wrote: hi all gurus: for usb external drive, i followed the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html but i have some problems for mounting a portable usb external drive: 1) when i plugged in, /dev/da0s1 appears: ip@hotty:/var/log:$ ls -al /dev/da0s1 crw-r- 1 root operator 0, 108 Feb 26 22:05 /dev/da0s1 but i can't mount it: hotty# mount -t mdntfs /dev/da0s1 /mnt/mlu mount: /dev/da0s1 : Operation not supported by device I am wholly unfamiliar with mdntfs, so I'll assume you meant to type ntfs. In any case, you probably have to mount it read-only (unless you install sysutils/fusefs-ntfs) as FreeBSD does not support writing to ntfs by default. Fat32 is still the only viable solution for (nearly) full portability. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ROOT on ZFS with MBR partitions
On Sun, Feb 27, 2011 at 12:45 AM, Daniel Staal dst...@usa.net wrote: --As of February 27, 2011 12:26:04 AM +, Slawomir Wojtczak is alleged to have said: ... but none of them seems to work, after installation it hangs at boot like that: http://ompldr.org/vN2tscQ --As for the rest, it is mine. Hmm. Interesting. I'm having the same result when trying the 'root on ZFS, boot from UFS' guide here: http://wiki.freebsd.org/RootOnZFS/UFSBoot Anything interesting happening during your install? I have an error late in the process (During 'Step 3.1') with this command: Fixit# mv boot bootdir/ It gives me an error saying that /bin/cp can't found/executed. (I've been trying to work around using `bin/cp -pRP boot bootdir/`. Note the lack of the leading slash.) I had tried several of the other installs from http://wiki.freebsd.org/RootOnZFS successfully, but I don't think I'd tried the MBR install. Daniel T. Staal I had the same problem. Today, I tried using the PCBSD dvd to install FreeBSD on ZFS (with /boot on UFS). It kept giving errors just before completion. However, some comments I found while googling about that problem mentioned that the installation seemed to have completed, which seems to be the case. Both FreeBSD and FreeDOS are now installed on the same drive (in a VM, I'll try this on real h/w next). Still not sure what caused the error during installation though. Regards Gautham Ganapathy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
