Primary group and parent dir

2007-10-30 Thread Alexey Vlasov 
Hi.

Linux:
$ id
uid=42451(u42451) gid=155(clients) groups=155(clients), 42451(u42451)

$ ls -la
drwx--x---   7u42451   www   512   29 oct 19:33 .
drwxr-x--x   254  root wheel 79872 29 oct 19:28 ..
drwx---r-x   16   u42451   clients   1024  29 oct 18:34 http

$ mkdir test
$ ls -ld test
drwxr-xr-x  2 u42451  clients  512 29 oct 19:39 test

it means that dirs are always made with primary usergroup.

FreeBSD:
Everithing the same but,
$ mkdir test
$ ls -ld test
drwxr-xr-x  2 u42451  www  512 29 oct 19:39 test
it means the group is alway inherited from parent dir.

Can I make this as in linux?
Thanks.

--
BRGDS. Alesha Vlasov.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

The problem of connection between Windows and FreeBSD when using IPSec transport.

2007-08-18 Thread Alexey Vlasov 
Hi,

On one side there's FreeBSD 6.2, ipsec-tools-0.6.7; on the other Windows
2003 Server.

If I start pinging under Windows everything works ok,

C:\Documents and Settingsping 111.111.111.2

Pinging 111.111.111.2 with 32 bytes of data:

Negotiating IP Security.
Reply from 111.111.111.2: bytes=32 time1ms TTL=63
Reply from 111.111.111.2: bytes=32 time1ms TTL=63

/var/log/racoon.log

2007-08-17 12:10:18: INFO: @(#)ipsec-tools 0.6.7
(http://ipsec-tools.sourceforge.net)
2007-08-17 12:10:18: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25
Oct 2004 (http://www.openssl.org/)
2007-08-17 12:10:18: INFO: 111.111.111.2[500] used as isakmp port
(fd=5)

2007-08-17 12:29:16: INFO: respond new phase 1 negotiation:
111.111.111.2[500]=111.111.111.1[500]
2007-08-17 12:29:16: INFO: begin Identity Protection mode.
2007-08-17 12:29:16: INFO: received broken Microsoft ID: MS NT5
ISAKMPOAKLEY
2007-08-17 12:29:16: INFO: received Vendor ID: FRAGMENTATION
2007-08-17 12:29:16: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
2007-08-17 12:29:16: INFO: ISAKMP-SA established
111.111.111.2[500]-111.111.111.1[500]
spi:ceb3ba2040683da6:f80fc5ab1e3d931e
2007-08-17 12:29:16: INFO: respond new phase 2 negotiation:
111.111.111.2[0]=111.111.111.1[0]
2007-08-17 12:29:16: INFO: IPsec-SA established: ESP/Transport
111.111.111.1[0]-111.111.111.2[0] spi=36304726(0x229f756)
2007-08-17 12:29:16: INFO: IPsec-SA established: ESP/Transport
111.111.111.2[0]-111.111.111.1[0] spi=3194585143(0xbe698037)

From FreeBSD:

# ping 111.111.111.1
PING 111.111.111.1 (111.111.111.1): 56 data bytes
64 bytes from 111.111.111.1: icmp_seq=6 ttl=127 time=0.526 ms
64 bytes from 111.111.111.1: icmp_seq=7 ttl=127 time=6.382 ms

and ping works for 2 sides.


But if I initiate ping under FreeBSD (after restart racoon daemon),

# ping 111.111.111.1
PING 111.111.111.1 (111.111.111.1): 56 data bytes
^C
--- 111.111.111.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

I see in the log the following:
2007-08-17 12:44:16: INFO: @(#)ipsec-tools 0.6.7
(http://ipsec-tools.sourceforge.net)
2007-08-17 12:44:16: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25
Oct 2004 (http://www.openssl.org/)
2007-08-17 12:44:16: INFO: 111.111.111.2[500] used as isakmp port
(fd=5)
2007-08-17 12:44:21: INFO: IPsec-SA request for 111.111.111.1 queued
due to no phase1 found.
2007-08-17 12:44:21: INFO: initiate new phase 1 negotiation:
111.111.111.2[500]=111.111.111.1[500]
2007-08-17 12:44:21: INFO: begin Identity Protection mode.
2007-08-17 12:44:21: INFO: received broken Microsoft ID: MS NT5
ISAKMPOAKLEY
2007-08-17 12:44:21: INFO: received Vendor ID: FRAGMENTATION
2007-08-17 12:44:21: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02

2007-08-17 12:44:21: INFO: ISAKMP-SA established
111.111.111.2[500]-111.111.111.1[500]
spi:94372eb384516aef:bccacea73409cfc6
2007-08-17 12:44:22: INFO: initiate new phase 2 negotiation:
111.111.111.2[0]=111.111.111.1[0]
2007-08-17 12:44:22: ERROR: unknown notify message, no phase2 handle
found.
2007-08-17 12:44:38: ERROR: 111.111.111.1 give up to get IPsec-SA due
to time up to wait.
2007-08-17 12:45:21: INFO: ISAKMP-SA expired
111.111.111.2[500]-111.111.111.1[500]
spi:94372eb384516aef:bccacea73409cfc6
2007-08-17 12:45:21: ERROR: unknown Informational exchange received.
2007-08-17 12:45:22: INFO: ISAKMP-SA deleted
111.111.111.2[500]-111.111.111.1[500]
spi:94372eb384516aef:bccacea73409cfc6

My configs:

# cat /etc/ipsec.conf
spdadd 111.111.111.2 111.111.111.1 any -P out ipsec
esp/transport//require;

spdadd 111.111.111.1 111.111.111.2 any -P in ipsec
esp/transport//require;

path pre_shared_key /usr/local/etc/racoon/psk.txt ;
log notify;

padding
{
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}

timer
{
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
phase1 30 sec;
phase2 15 sec;
}

remote anonymous
{
# exchange_mode aggressive,main;
exchange_mode main, base;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 1 min; # sec, min, hour
initial_contact on;
support_proxy on;
proposal_check obey; # obey, strict or claim

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}

sainfo anonymous
{
pfs_group 1;
lifetime time 36000 sec;
encryption_algorithm 3des,des,cast128,blowfish ;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate ;
}

What do I have to change in conf files, to make
IPSec properly work no matter from which server I initiate the
connection?
Thank you for any answers.

--
BRGDS. Alesha

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to