Re: How do we like our base kerberos? Will it flee soon?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 12 Nov 2010, Leon Meßner wrote: On Thu, Nov 11, 2010 at 04:22:57PM +0100, Joerg Pulz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 10 Nov 2010, Leon Meßner wrote: Hi, What i didn't try: - Use the port. please take a look at ports/152030 and the patches i mentioned in the PR. With applied ports/152030 and the world patch applied, you should be able to build a world fully against the security/heimdal port by simply specifying WITH_KERBEROS_PORT=1 in /etc/src.conf and HEIMDAL_HOME=prefix (normally /usr/local) in /etc/make.conf. You should specify WITHOUT_KERBEROS=1 in /etc/src.conf to avoid mess and confusion with two different heimdal version installed. Don't forget to install the security/heimdal port first. Comments are welcome. Did exactly as told and everything worked fine. Im currently in the process of rebuilding gssapi dependent software. Will tell if it fixed my issue. Hi, good to hear that everything went fine for you. If you're using 8.x you should remove some of the leftover kerberos/gssapi libraries by yourself as the ObsoleteFiles list is still incomplete in 8.x and 'make delete-old delete-old-libs' will not remove everything. E.g. in /usr/lib and /usr/lib32 libasn1* libgssapi* libhdb* libheimntlm* libhx509* libkadm5* libkafs5* libkrb5* in /usr/libexec kcm If you're using CURRENT then everything is removed by 'make delete-old delete-old-libs'. Btw. If you're using security/cyrus-sasl2 with GSSAPI please take a look at PR/152071. If you're using databases/postgresql*-server, net/freeradius(2) or security/openssh-portable please take a look at PR/152029. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (FreeBSD) iD8DBQFM3XNoSPOsGF+KA+MRAovlAKC/2aDRz2mydpO8wz+Cgzt79W8WaQCgmmI3 gGWX7HXD4KoUSFrfgaHj3OI= =eFIp -END PGP SIGNATURE-___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How do we like our base kerberos? Will it flee soon?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 10 Nov 2010, Leon Meßner wrote: Hi, I'm looking for workarounds for this crappy situation which currently prevents FreeBSD8 from working together with libgssapi (see kern/147454) and multiple threads on -questions. What i tried: - Use old RELENG_8 and RELENG_8_1 sources where Benjamin's patch still applied. (Can't build world then). - Modify /usr/bin/krb5-config to include -lgssapi_spnego -lgssapi_krb5 at the right place (works on some machines). What i didn't try: - Use the port. How are you handling this situation. Does anyone know a cvs tag= and date= combination which lets you build world with Benjamin's patch (tried RELENG_8 and _8_1 from 24.6 and 19.7 and now)? Actually a complete base kerberos would be much appreciated. Hi, please take a look at ports/152030 and the patches i mentioned in the PR. With applied ports/152030 and the world patch applied, you should be able to build a world fully against the security/heimdal port by simply specifying WITH_KERBEROS_PORT=1 in /etc/src.conf and HEIMDAL_HOME=prefix (normally /usr/local) in /etc/make.conf. You should specify WITHOUT_KERBEROS=1 in /etc/src.conf to avoid mess and confusion with two different heimdal version installed. Don't forget to install the security/heimdal port first. Comments are welcome. I will send out a CFT/RFC as soon as the PR is committed. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (FreeBSD) iD8DBQFM3ApTSPOsGF+KA+MRApnEAJ9G5xQ0dAaEX3a1gDweFdu13aPlCACfd5w8 XzalkEA6/BAsZ0ahtCrIop8= =1dPp -END PGP SIGNATURE-___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: print the PKGNAME of a port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 16 Oct 2009, Matthias Apitz wrote: Hello, For the ports in /usr/ports is there a way to print the resulting PKGNAME of a given port, like: # cd /usr/ports/x11/kde3 # make name kde-3.5.10_2 # Try the following: # cd /usr/ports/x11/kde3 # make -V PKGNAME kde-3.5.10_2 # also read the manpage of make(1) for detailed information of the -V option. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (FreeBSD) iD8DBQFK2IR8SPOsGF+KA+MRAtgRAJ9roqjLIe0tRKOwf13CEd0xUtihBACgtqIr tvWxZBTXUE7mE73k/fCv/rU= =hARq -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fujitsu Siemens Promergy RX100S4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 17 Mar 2009, Andrea Venturoli wrote: Anyone tried 7.1/amd64 on this? I have two SATA disks configured for mirroring in the BIOS; I see the two disks separately as ad devices, but no RAID device: I'd expect an ar0 or something. Is this card not supported? I've two of these here, both running 7.0 one as i386 and one as amd64. The amd64 box uses the onboard RAID. Here are the relevant dmesg parts: - atapci0: Intel ICH7 UDMA100 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37 6,0x3420-0x342f at device 31.1 on pci0 ata0: ATA channel 0 on atapci0 ata0: [ITHREAD] ata1: ATA channel 1 on atapci0 ata1: [ITHREAD] atapci1: Intel AHCI controller port 0x3440-0x3447,0x3434-0x3437,0x3438-0x343f, 0x3430-0x3433,0x3400-0x341f mem 0xfd000400-0xfd0007ff irq 19 at device 31.2 on p ci0 atapci1: [ITHREAD] atapci1: AHCI Version 01.10 controller with 4 ports detected ata2: ATA channel 0 on atapci1 ata2: [ITHREAD] ata3: ATA channel 1 on atapci1 ata3: [ITHREAD] ata4: ATA channel 2 on atapci1 ata4: port not implemented ata4: [ITHREAD] ata5: ATA channel 3 on atapci1 ata5: port not implemented ata5: [ITHREAD] acd0: CDRW HL-DT-STCD-RW/DVD DRIVE GCC-4244N/1.00 at ata0-master UDMA33 ad4: 238475MB WDC WD2500JS-55NCB1 10.02E01 at ata2-master SATA300 ad6: 238475MB WDC WD2500JS-55NCB1 10.02E01 at ata3-master SATA300 ar0: 238475MB Intel MatrixRAID RAID1 status: READY ar0: disk0 READY (master) using ad4 at ata2-master ar0: disk1 READY (mirror) using ad6 at ata3-master - If i remeber correctly, you have to enable the RAID option in the BIOS to configure the two disk as array, afterwards you must enter the BIOS again and switch to AHCI. As the ataraid driver detects the array by reading the metadata on the disks it should detect the array. I'm not 100 percent sure but i think this is the way i did it. pciconf -lv show the following for the atapci device (again there is AHCI mentioned in the output): - atap...@pci0:0:31:1:class=0x01018a card=0x10a51734 chip=0x27df8086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82801G (ICH7 Family) Ultra ATA Storage Controller' class = mass storage subclass = ATA atap...@pci0:0:31:2:class=0x010601 card=0x10a51734 chip=0x27c18086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82801GB I/O Controller Hub SATA cc=AHCI' class = mass storage - The second box (running i386) is using geom_mirror and running fine. I would definitely vote for the geom_mirror way! kind regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) iD8DBQFJv/kkSPOsGF+KA+MRAlM8AKDP/wc5839XQIzQN6dnFVScAnn+4wCfS5ZA p2H8lnmtJp+R6VkvwS2LOJY= =y1Nz -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nss_ldap and openldap on the same server.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 13 Mar 2007, Gerhard Schmidt wrote: On Tue, Mar 13, 2007 at 12:07:15AM +0100, Pietro Cerutti wrote: On 3/12/07, Gerhard Schmidt [EMAIL PROTECTED] wrote: Hi, Hello, As I see it, nss asks all sources even if the frist one allready knows the answer. Is there a way to change this. man nsswitch.conf(5) Look for Status codes and Actions Doesn't work. Tried the follwing nsswitch.conf group: files [success=return] ldap hosts: files dns networks: files passwd: files [success=return] ldap shells: files This doesn't change the delay. And the nss_ldap timeout is still reported. This is not supprising because the manpage states [success=return] is default. Seams there is a bug somewhere. AFAICT, there is no bug. The behavior is completely correct as a look into the openldap code turns out. When starting up slapd, it tries to switch the credentials to the user and group specified, normally ldap:ldap. Therefor it uses getpwuid(3), getpwnam(3), getgrgid(3) and getgrnam(3) functions. If lookup for the user and group specified is okay, it then calls getuid(3) and initgroups(3). Reading initgroups(3) turns out the following: The initgroups() function uses the getgrouplist(3) function to calculate the group access list for the user specified in name. Reading getgrouplist(3) turns out the following: The getgrouplist() function reads through the group file and calculates the group access list for the user specified in name. [...] The getgrouplist() function uses the routines based on getgrent(3). Reading getgrent(3) turns out the following: The getgrent() function sequentially reads the group database and is intended for programs that wish to step through the complete list of groups. [...] The getgrent() and getgrent_r() functions make no attempt to suppress duplicate information if multiple sources are specified in nsswitch.conf(5). So after following the way through all man pages, it turns out that the behavior is fully correct as a lookup is done to find out all groups to which the specified slapd user belongs to. This includes lookups using nss_ldap when ldap is configured as source for groups in nsswitch.conf. As a side note, a short look into the bind and cron source turns out that these, and probably others too, also use the initgroups(3) function. HTH, Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFF9lwFSPOsGF+KA+MRAnI+AJ0Qu0Zr9IHHLrDL60boB3mauzMPkwCfQ3Lx Zq0odiQpNiLwC3CSDkXuepU= =S+3e -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix with OpenLDAP 2.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Apr 2006, Per olof Ljungmark wrote: openldap-server-2.3.21 How can I make postfix build with this version of OpenLDAP? It wants 2.2... Thanks Have a try with WANT_OPENLDAP_VER=23 instead of WITH_OPENLDAP_VER=2.3.21 Thank you, that worked fine! Now I have the same issue with php5-extensions that also wants the 2.2.7 ldap libraries from openldap22. I cant find a switch here unfortunately. It's the same thing as for postfix. WANT_OPENLDAP_VER=23 is your friend. The OpenLDAP version decision is made by Mk/bsd.port.mk if the port uses USE_OPENLDAP=yes like it is in lang/php5/Makefile.ext which is actually the dependency handler of lang/php5-extensions. The default OpenLDAP version is set by Mk/bsd.port.mk and currently it is WANT_OPENLDAP_VER?=22 . I'm currently investigating how many ports will break when we change the system wide default of WANT_OPENLDAP_VER from 22 to 23. If anything runs fine, we will probably have 23 as default soon. You should add WANT_OPENLDAP_VER=23 to your /etc/make.conf to get rid of this problem, otherwise you will hit the same problem again for every OpenLDAP dependent port. Regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEURDpSPOsGF+KA+MRAlBwAJ9C4CvPzf+VMxA9CuumtggCggUX8gCfXVPZ BxuvdENnUCPHDqkJEXMAcmQ= =o7Jq -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2.2 port with OpenLDAP 2.3.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 24 Apr 2006, Robert Fitzpatrick wrote: Trying to install Apache 2.2 via the ports collection and get this make error where the port is trying to install OpenLDAP 2.2 and conflicting with my already installed v2.3... esmtp# make === apache-2.2.0_7 depends on executable: python - found === apache-2.2.0_7 depends on file: /usr/local/bin/perl5.8.7 - found === apache-2.2.0_7 depends on file: /usr/local/bin/autoconf259 - found === apache-2.2.0_7 depends on file: /usr/local/bin/libtool - found === apache-2.2.0_7 depends on shared library: expat.6 - found === apache-2.2.0_7 depends on shared library: ldap-2.2.7 - not found ===Verifying install for ldap-2.2.7 in /usr/ports/net/openldap22-client === Installing for openldap-client-2.2.30 === openldap-client-2.2.30 conflicts with installed package(s): openldap-sasl-client-2.3.20 I have on another server Apache 2.0 running with LDAP 2.3, but the LDAP package has been upgraded since Apache was installed. Can someone suggest what is necessary to get Apache 2.2 to install with OpenLDAP 2.3.x? Looks from the Makefile that WITH_LDAP triggers the support, I also have WITH_OPENLDAP_VER=23 in the /etc/make.conf file, but no help getting Apache to look at my v2.3.x. Try WANT_OPENLDAP_VER=23 in /etc/make.conf . This is handled by Mk/bsd.port.mk and there is no WITH_OPENLDAP_VER. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFETQ1vSPOsGF+KA+MRAr18AJ0URkSjk7O4FETWW8eMv/eDW2MMigCfeq8D WGQ0A8UkRI9orjSuGWMQT+w= =MlLO -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LDAP schema problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 24 Apr 2006, Erik Norgaard wrote: Hi: I am writing here because OpenLDAP doesn't seem to have a list for user questions. I am building an address book, suffix dc=domain, dc=tld. I have two problems: a) To get attributes such as mail I use the inetOrgPerson object class. Further, since my contacts are personal contacts and not business I wanted to use the residentialPerson object class to get postal address attributes. It seems that the only difference from the organizationalPerson object class is that l is required parameter, but, I get this error: ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute for this entry: dn: cn=First Lastname, ou=people, dc=domain, dc=tld objectClass: top objectClass: residentialPerson objectClass: inetOrgPerson cn: First Lastname sn: Lastname l: somewhere While if I change residentialPerson to organizationalPerson, I get no error. I have found that I can add the residentialPerson if I remove inetOrgPerson objectClass. What causes the conflict? b) In their infinite wisdom, those who defined the person and derivative object classes did not add country to the list of possible attributes. Adding this object class to the otherwise working entry: dn: cn=First Lastname, ou=people, dc=domain, dc=tld objectClass: top objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: country cn: First Lastname sn: Lastname l: somewhere c: XX I again get the error: ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute I'd prefer not to go through the pain of defining my own schema from scratch, obtain OID etc just for adding such a basic attribute, what is the recommended patch? Erik, please try this: dn: cn=First Lastname, ou=people, dc=domain, dc=tld objectClass: top objectClass: person objectClass: inetOrgPerson cn: First Lastname givenName: First sn: Lastname postalAddress: some_address postalCode: 12345 street: some_street st: some_state telephoneNumber: 01232234 mobile: 0042750 facsimileTelephoneNumber: 12470512 pager: 38979 homePhone: 07520326 homePostalAddress: some_address mail: [EMAIL PROTECTED] Do you need more? regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFETRa4SPOsGF+KA+MRAoXxAKC+r750qoLesN3Oojff8GgOK9sqJQCgvxai XFJ6wJB6fsleewvHZuVDMNg= =V+Yj -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I can't spell my own name in UTF-8, base 64 encoded
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 23 Apr 2006, Erik Nørgaard wrote: Hi: So, I finally decided to get OpenLDAP set up to serve an address book independent of where I am and on what computer. The problem is that unless an attribute value is ascii, values have to be in UTF-8 and base64 encoded(?), as I could understand from googling. But, I can't even spell my own name in that encoding! So question is: How do I most easily populate my directory? Is there a tool that can convert an iso-8859-1 ldif to utf-8+base64 ldif? Will ldap queries also have to be encoded UTF-8+base64 as well? Have I misunderstood the bit about base64, that this is only required for binary data such as jpeg images? All documentation I have found tells how easy it is to get data out in UTF-8 ldif, but I really need to get the data in there first. Erik, you can convert the LDIF file with the following command iconv -f ISO8859-1 -t UTF-8 filename The only thing you need is converters/libiconv from ports. The base64 encoding is done by the OpenLDAP tools itself. Hth. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFES8tYSPOsGF+KA+MRAs91AKC/4BNM0nIpwbRtWvONkzNbn5EW9wCePUi8 WNlYPWwTJQBPQLB2K+2H7Hw= =KRuH -END PGP SIGNATURE-___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
bsd.port.mk broken since last commit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, i recently found out, that the OPENLDAP part of ports/Mk/bsd.port.mk is broken since the last commit. I think it was only by accident, because the commit message says: - - Update the OpenLDAP default version. [8] Unfortunately, not the default version of OpenLDAP was changes but the OpenLDAP shared library version was bumped. I think the commit should change WANT_OPENLDAP_VER?= 22 to WANT_OPENLDAP_VER?= 23 and not LIB_DEPENDS+= ldap-2.3.1:${PORTSDIR}/net/openldap23${_OPENLDAP_FLAVOUR}-client to LIB_DEPENDS+= ldap-2.3.2:${PORTSDIR}/net/openldap23${_OPENLDAP_FLAVOUR}-client Can someone please take a look at this and fix it. Thanks a lot Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD84fnSPOsGF+KA+MRAgMdAKCqi1W5D2Jr4pVnxx6FFw6+L8Mk8wCfWBEZ vBn6XZrMqZ3GmY0HsEGi1oc= =Nz6o -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ICH7 + RAID = AHCI trouble
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, i recently bought a new server with an Intel ICH7 chipset and embedded LSI Raid. I set the SATA mode in the BIOS to RAID. After that, i was able to configure a RAID1 array using the Controllers BIOS. Unfortunately, FreeBSD isn't seeing any of the installed HDs. I tried to change the BIOS settings for SATA in the BIOS to all available methods (RIAD, AHCI, NATIVE) with no success. The only setting that makes FreeBSD able to see the HDs is COMPATIBLE, but i loose the PATA channel if i use it, which is definitely not what i want. I tried the above with 6.0-RELEASE and RELENG_6 from Thu Feb 2 18:32:06 CET 2006. I took a closer look into the RELENG_6 ata(4) code and found the following line in ata-chipset.c : { ATA_I82801GB_R1, 0, AHCI, 0x00, ATA_SA300, ICH7 } After i changed this line to : { ATA_I82801GB_R1, 0,0, 0x00, ATA_SA300, ICH7 } i was able to detect the two HDs AND the configured RAID1 array. I could use fdisk(8) and bsdlabel(8) to set up the disk and can finally use it. Unfortunately, i can only use two disk, as all other channels do NOT appaer in FreeBSD, i think this is related to my change in the source, as previously all channels where available, but without HDs. I would really like to use the other channels too. One problem could be the RAID or AHCI enabled - detection code in ata_chipset.c (rev 1.126.2.8 in RELENG_6) below line 1660, but i'm not sure. Is there any chance we can track this down to make it working in a general way, without the need to change the sources everytime i've cvsupped my source tree? I'm glad to help wherever i can to solve this issue. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD5ynDSPOsGF+KA+MRAl4VAJ4nkUwNEhQxM1z1F/GN2akikL/18gCfXMtO 78X0bSZ1QLCNdy4BIc2RW68= =T1rd -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-sasl-2 with ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Nov 2005, Ilias Sachpazidis wrote: Hi, I am trying to install cyrus-sasl-2 with LDAP support. Unsuccessfully so far. The unix box is 5.4-RELEASE FreeBSD. Under FreeBSD port I installed cyrus-sasl2-saslauthd package. Strating the deamon, I get: mail # saslauthd -a ldap -c -t 30 saslauthd[86426] :set_auth_mech : unknown authentication mechanism: ldap I suppose that saslauthd has not been compiled with LDAP support, has it? Has anyone already installed saslauthd with ldap on FreeBSD? The schema I would like to have (application)--- (saslauthd) - (LDAP). As far as i can tell, this packages contains saslauthd without LDAP support. You should pkg_delete(1) the cyrus-sasl2-saslauthd package you've installed and build this by yourself out of the ports-tree. The following command, executed in /usr/ports/security/cyrus-sasl2-saslauthd should give you an LDAP enabled saslauthd: 'make WITH_OPENLDAP=1 install clean'. If you need a a specific version of OpenLDAP, eg. openldap-2.2.xx, then you should additionally specify WANT_OPENLDAP_VER=22. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDitOXSPOsGF+KA+MRAmG7AKCzjIkHoETjrV+5Ghtm20tM4czYeACfeEo/ ZG0do28ofJbubMq9RDP3KSE= =FmuB -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP and mails on freebsd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 6 Aug 2005, fire67 wrote: Hello , i'm on freebsd 5.4 and i use openldap-server-2.2.27 but i have a problem whith that : # ldapadd -x -D cn=admin, dc=linux-win, dc=org -W -f linux-win.ldif Enter LDAP Password: adding new entry o=france,dc=linux-win,dc=org ldap_add: No such object (32) My slapd.conf is : include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/authldap.schema pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args access to * by dn=cn=admin,dc=linux-win,dc=org write by * none databasebdb suffix dc=linux-win,dc=org rootdn cn=admin,dc=linux-win,dc=org rootpw *** directory /var/db/openldap-data index objectClass eq My linux-win.ldif is : dn:o=france,dc=linux-win,dc=org o: france objectClass: top objectClass: organization objectClass: CourierDomainAlias virtualdomain: mail.linux-win.org virtualdomainuser: mail.linux-win.org/ dn:cn=admin,o=france,dc=masociete,dc=com cn: admin mail: [EMAIL PROTECTED] maildrop: [EMAIL PROTECTED] sn: Administrations objectClass: top objectClass: inetOrgPerson objectClass: CourierMailAlias dn:cn=flob2009,o=france,dc=linux-win,dc=org cn: flob2009 gidNumber: 0 mail: [EMAIL PROTECTED] sn: Florian uidNumber: 0 mailbox: mail.linux-win.org/flob2009/ objectClass: top objectClass: inetOrgPerson objectClass: CourierMailAccount userPassword: {CRYPT}Qigb3vRISRuSo homeDirectory: /home/vmail/ dn:cn=support,o=france,dc=linux-win.org,dc=org cn: support gidNumber: 0 mail: [EMAIL PROTECTED] sn: Support uidNumber: 0 mailbox: mail.linux-win.org/support/ objectClass: top objectClass: inetOrgPerson objectClass: CourierMailAccount userPassword: {CRYPT}ie11d2640RGJQ homeDirectory: /home/vmail/ I don't understand why it says no such object. did you create an object for your configured suffix before trying to add any other objects? if not, the error message is completely right. try to add the following with ldapadd: dn: dc=linux-win,dc=org objectClass: dcObject objectClass: organization dc: linux-win o: My Organization After that, you should be able to create your entries as long as they belong to the suffix you configured in your slapd.conf. So please take a deeper look at your file, as some of the entries belong to other suffixes! good luck Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC9ffnSPOsGF+KA+MRAu7/AKDOXoJlPgShSGTKimd588TecFfYaQCbBQ7F e6oNcS3/225Tfdp0EFZTNtg= =pniz -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LDAP/nss_ldap adduser script
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 Aug 2005, [EMAIL PROTECTED] wrote: On Wed, Jul 27, 2005 at 10:39:14AM +0100, [EMAIL PROTECTED] wrote: I've had a look at the adduser script and it should be straight forward enough to tailer to this purpose, and I can't see any difficulties in writing them - check /etc/ldap.conf for the location of the users groups, pops the details into an ldif and runs it through the ldap I'm not sure that such utilities exist, because each environment is very different. On my systems, I'm planning to write own scripts for creating, deleting users, etc. I will be much easier than adaption someone's scripts for own purpose. Each to their own, but most of the stuff is fairly generic. I've written the scripts to read the ldap settings from the relevent files (the admin user, and the user group context). client. The one thing I am not sure about is getting the next available uid number, but I'm sure the answer will become apparent. From my point of view the easiest solution is some directory with files, a name of each file is equal to UID of user. A script should find non- existent file with name from UID_min to UID_max and create it. As an optimization it possible to keep list of unused numbers (in file). Yuch! And what happens if the information gets out of sync. I've come up with a solution, which was much easier than I had thought - user_base=`awk '/nss_base_passwd/ {print $2}' /etc/ldap.conf | cut -f1 -d?` get_next_uid() { lastuid=`ldapsearch -LLL -b $user_base objectclass=posixAccount |\ awk '/uidNumber/ {print $2}' | sort | tail -n1` if [ -z $lastuid ]; then uid=$startuid else uid=`expr $lastuid + 1` fi } it pulls out all the uids already assigned, sorts them, takes the last one, and adds one on (or sets it to startuid if none found). It might fall over if huge numbers of users are in there, but should work for most. So before I get into the meat of this, I wanted to check if anyone has any suggestions or comments. How do you export user home directories? Thats another task - I'm just interested in easily adding and removing users easily. If you are interested, I can send you the full scripts - they are pretty sparse and general, so should be easy to adapt. Hi so, why all this scripting?? you could simply use the following line to get the next free uid (as long as the system is configured to use LDAP accounts) pw usernext | cut -f1 -d: the 'cut' is necessary as 'pw usernext' reports the next free uid:gid in combination (is this a bug??) pw groupnext reports only the next free gid regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC72X8SPOsGF+KA+MRAquVAKCv3jjm4V8INAEuHbAEY2kGk0heYgCfSYaX yhF36rOl+da279CW6IsGAco= =czue -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba without Cups ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 26 Jul 2005, Graham Bentley wrote: I just want file sharing, not printing. pkg_add -r samba3 also pulls in cups then my smb log complains ... [2005/07/26 00:31:17, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused (I havent enabled cups daemon) but insists ; Global parameter load printers found in service section! even thought I have printers = no in my smb.conf ??? Anyone know how to stop Samba trying to pal up with cups ? Hi, tha package build defaults to build with cups printing support. so if you use the package, you will always get cups installed as a dependency. if you want to entirely remove this dependency you have to build this port from source.and you need to run make config in the ports directory and should deslect the CUPS option. setting load printers = no in smb.conf should prevent samba from acquiring any printers at all and you should not see the error message. As far as i remember, there is NO printers = no option for smb.conf. You should run testparm(1) to verify the options used in your smb.conf file. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC5fFoSPOsGF+KA+MRAsmmAJ4thkbwb7AKjgeXIlds+otzPmCDcgCcCQs1 t5RnGpxL5gRVGHXh2F5gmeE= =G2bT -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading from Samba 2 to Samba 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 May 2005, Roger Merritt wrote: I've just become aware that samba.org is no longer supporting Samba 2 (which has served me well for so long) and I should upgrade to Samba 3, which is now the stable version. I don't find any warnings about it in /usr/ports/UPDATING. Does anyone have any gotchas I should be aware of? Hi, you should definitely take a look into the official Samba-3 HOWTO. http://us3.samba.org/samba/docs/Samba-HOWTO-Collection.pdf there is a separate part about migration and updating. you should also read about the Account Information Databases in part-III/chapter 10, as this is importand to reuse your old smbpasswd or passdb.tdb file. good luck ;-) Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCitbiSPOsGF+KA+MRAhAqAJoCVyfh4ncLnS9S5ZK7/qgXSr8CYwCdF8Iw fr/opIoZLDrtZ6tjUWRKdtI= =67og -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP 2.2.25 and FreeBSD 5.3 - group names and gid's
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 25 Apr 2005, Don Brearley wrote: Hello, I am having some problems with OpenLDAP 2.2.25 and FreeBSD 5.3. I can currently authenticate against my ldap db, and utilities like id and chown work with no problem. The problem is gid to group name mapping. In my ldif files, I can have a uid entry and a uidNumber entry. It would look something like this: uid: testuser uidNumber: 2001 and that works. I cannot have a group entry of the same. gid: testgroup gidNumber: 2001 OpenLDAP would complain that it couldn't read this file properly.. not until the gid:testgroup entry was removed. When I attempt to use an app like chown I have to specify the actual gid number, eg: chown -R testuser:2001 /home/testuser I was wondering if anyone had found a way to have it so that you could just enter it by name, and not by number. eg: chown -R testuser:testgroup /home/testuser Obviously I would have to add a gid entry in my schema file, but I am left wondering why this isn't already in there.. I dont want to spend a few hours trying to re-invent the wheel when there is already a reason for it to not be in there. Any help or light on this situation is deeply appreciated. If you need more information, please let me know and I shall provide it. Hi, i have authentication against OpenLDAP running a long time now and did not experience such a thing. I have splittet the user and group informations in two separate tree's. An example user and the group entry look like this: - --- the user uid=testuser,ou=People,dc=domain,dc=tld objectClass: top objectClass: posixAccount uidNumber: 2001 gecos: Test User loginShell: /bin/tcsh uid: testuser cn: Test User gidNumber: 2001 homeDirectory: /home/testuser userPassword: some_password - --- the group dn: cn=testgroup,ou=Group,dc=domain,dc=tld objectClass: posixGroup objectClass: top cn: testgroup userPassword: * gidNumber: 2001 description: Local Unix group if you configure nss_ldap to the following you will be able to chown(8) with names instead of numbers and id(1) should give you names for the groups too. - --- nss_ldap.conf nss_base_passwd ou=People,dc=domain,dc=tld?one nss_base_group ou=Group,dc=domain,dc=tld?one if i understand your comments right, you have tried to add an gid attribute to the user account with objectClass posixAccount, but this will not work. only the numeric gidNumber is allowed for this objectClass. it behaves like flat unix passwd(5) and group(5) files where the numeric gidNumber is stored in passwd(5) and this number is resolved using the group(5) file. please think about it ;-) and try the things above Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCbTOrSPOsGF+KA+MRAioiAJ4oSK/EupIQphRIneHcbWSHJ6YcHgCgx1wf EHGs1oXINk95wgKc0IKW75A= =lneJ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Prevent DHCP from changing resolv.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 22 Apr 2005, Fabian Anklam wrote: Hi All, I have a minor problem regarding my network configuration, specifically that the external interface on my router gets it's IP via DHCP from the ISP, so in rc.conf ifconfig_xl0=DHCP is set. This leads to the single entry in resolv.conf that I want to be there, namely nameserver 127.0.0.1 being replaced with my ISP's nameservers, which in return makes resolving of LAN IPs or even localhost via the installed BIND difficult for the machine. I don't want dhclient to change the resolv.conf. I checked the man pages for resolv.conf, rc.conf and dhclient but couldn't find anything there relating to my problem. Hi, the file you need to modify is /etc/dhclient.conf. for parameters see dhclient.conf(5) normally this file is empty, but you can insert global or per interface require lines for informations the DHCP server has to submit to the client that the IP is acceptable. you can also insert global or per interface lines for informations you want to get from the DHCP server if available but you don't care if the DHCP server gives you nothing on these options and the IP address is accepted. hope that helps joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCaMs2SPOsGF+KA+MRAqq4AJ95xhwr4lCKylNi1R2mfBgvtHMkoQCgojT1 SefND9ihSVSrSCKq+0n6wFs= =3VLp -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: squid + antivirus plugin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 19 Apr 2005, Vyacheslav Druzhinin wrote: Hello freebsd-questions, I have a problem to scan all http proxy traffic for a viruses. Does exist some open source antivirus plugin for squid? I have been checked the ports collection and I can't find any solution. Hi, you should take a look at squid-vscan http://www.openantivirus.org/projects.php SquidFilter http://sites.inka.de/~bigred/devel/squid-filter.html I haven't tried any of these patchsets and they are not up to date with the current squid versions. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCZSEaSPOsGF+KA+MRAscxAJ46PhokJuKIOKaDL9nbmvzv96sEbACfS8Du kWGDkojrxb56FxbiXnQU4yw= =L2Jl -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: isc-dhcp3-server port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Apr 2005, Tom Frontera wrote: I'm having a problem when making this port: === Building for isc-dhcp3-server-3.0.2_7 Making all in common cc -O -pipe -D_PATH_DHCPD_CONF=\/usr/local/etc/dhcpd.conf\ -D_PATH_DHCPD_DB=\/var/db/dhcpd.leases\ -D_PATH_DHCPD_PID=\/var/run/dhcpd.pid\ -D_PATH_DHCRELAY_PID=\/var/run/dhcrelay.pid\ -D_PATH_DHCLIENT_CONF=\/usr/local/etc/dhclient.conf\ -D_PATH_DHCLIENT_SCRIPT=\/usr/local/sbin/dhclient-script\ -D_PATH_DHCLIENT_DB=\/var/db/dhclient.leases\ -D_PATH_DHCLIENT_PID=\/var/run/dhclient.pid\ -Dwarn=dhcp_warn -DNOMINUM -DPARANOIA -DJAIL -I/usr/local/include -DUSE_SSL -I/usr/include -I/usr/ports/net/isc-dhcp3-server/work/dhcp-3.0.2 -I/usr/ports/net/isc-dhcp3-server/work/dhcp-3.0.2/includes -O -Wall -Wno-unused -Werror -c icmp.c In file included from icmp.c:42: /usr/include/netinet/ip.h:156: syntax error before `n_long' /usr/include/netinet/ip.h:159: syntax error before `n_long' In file included from icmp.c:43: /usr/include/netinet/ip_icmp.h:64: syntax error before `n_short' /usr/include/netinet/ip_icmp.h:71: syntax error before `n_short' /usr/include/netinet/ip_icmp.h:93: syntax error before `n_time' icmp.c: In function `icmp_echorequest': icmp.c:169: structure has no member named `icd_seq' icmp.c:174: structure has no member named `icd_id' cc1: warnings being treated as errors icmp.c: In function `icmp_echoreply': icmp.c:247: warning: implicit declaration of function `IP_HL' *** Error code 1 Stop in /usr/ports/net/isc-dhcp3-server/work/dhcp-3.0.2/work.freebsd/common. *** Error code 1 Stop in /usr/ports/net/isc-dhcp3-server/work/dhcp-3.0.2/work.freebsd. *** Error code 1 Stop in /usr/ports/net/isc-dhcp3-server/work/dhcp-3.0.2. *** Error code 1 Stop in /usr/ports/net/isc-dhcp3-server. Does anyone know how to fix this syntax error? Hi, i haven't seen this while i upgraded the port to 3.0.2 on my systems. could you please provide some additional information e.g. which FreeBSD version ... thanks Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCXWuzSPOsGF+KA+MRAn15AJ99I17O+2TQn3BZQfnE+FEFqdptEACfSxDG GDiNaqWiaGOUQDDxIQH9Fes= =vE7G -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: isc-dhcp3-server port - [ScanMail certified]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Apr 2005, Tom Frontera wrote: FreeBSD 4.11-RELEASE and I updated the ports, but that didn't help. [snip] Hi, here is a quick fix and a short description. FIX: please run 'make config' again and DESELECT the DHCP_LDAP_SSL OPTION. Description: the isc-dhcp3-server port comes with it's own version of the ip.h and ip_icmp.h files. these can be found, once the ports source is extracted, in work/dhcp-3.0.2/includes/netinet/. the use of the DHCP_LDAP_SSL and OPENSSL_BASE OPTION add's an additional -I/usr/include to let the compiler find the right OpenSSL includes, which causes the problem on your system as your compiler is using the FreeBSD version of netinet/ip.h and netinet/ip_icmp.h located in /usr/inlcude instead of the port ones. there is no problem on my various 5.x system so i think it is a special thing with the gcc version in your 4.11 system. unfortunately i have no 4.x system running but i will try to find a suitable machine to check this for myself and to provide a better solution to fix this problem. please let me know if it builds now on your system. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCXXVjSPOsGF+KA+MRAmRpAKCV0OX625nCkT0q8WzxFwMOj+AL3gCfbCfJ nMuMk27nTXA87IJf1x9l7NM= =J8rL -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help Samba3 seems broke for me...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Mar 2005 [EMAIL PROTECTED] wrote: Hiya folks, Like a goof I didn't ask portupgrade to back up my beautiful Samba3.0.5 and when I went to Samba3.0.11 everything in Samba went to pot, IMO. The only upside is that in my ports/distfiles is a nifty file named samba-3.0.5.tar.gz. The question I have is how can I build from that 3.0.5 tar file? Help is greatly appreciated :) Hi, first, you could check out an earlier version of the ports tree. Thu Jul 22 14:38:05 2004 UTC was the exact time, the 3.0.5 went into ports. But!! why don't you tell us, what exactly is not working or bad with samba-3.0.11? it would be much better to fix the bug's or solve the problems you are expiriencing instead of going back to an old version and getting back all the bad bugs which are fixed in 3.0.11. awaiting your detailed problem report for 3.0.11 Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCMcPSSPOsGF+KA+MRAonYAKCwfBdf/1//nZBsZIwcWEvAwIYwKQCgvHJR TOHnQJUf+m49r9qeLjzB/x0= =kNb8 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help Samba3 seems broke for me...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Mar 2005 [EMAIL PROTECTED] wrote: -- Original message -- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Mar 2005 [EMAIL PROTECTED] wrote: Hiya folks, Like a goof I didn't ask portupgrade to back up my beautiful Samba3.0.5 and when I went to Samba3.0.11 everything in Samba went to pot, IMO. The only upside is that in my ports/distfiles is a nifty file named samba-3.0.5.tar.gz. The question I have is how can I build from that 3.0.5 tar file? Help is greatly appreciated :) Hi, first, you could check out an earlier version of the ports tree. Thu Jul 22 14:38:05 2004 UTC was the exact time, the 3.0.5 went into ports. But!! why don't you tell us, what exactly is not working or bad with samba-3.0.11? it would be much better to fix the bug's or solve the problems you are expiriencing instead of going back to an old version and getting back all the bad bugs which are fixed in 3.0.11. awaiting your detailed problem report for 3.0.11 Joerg Joerg, I'll have to compile it. When I get that done I'll list what ever issue(s) I am having. Since I have two machines, and I was thinking the second one was being tempermental that's when I decided to take the first computer and also put 3.0.11 on and had the same problem (I'll list the problem(s) I'm having when I get it finished and set up as per http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2464512 ) While I'm compiling 3.0.11 on one system, what would I need to do to get 3.0.5 back on the other? I found portdowngrade but I've never used cvs before and tried going through the tutorials but they seem rather cryptic, or perhaps lacking because a few years back I remember them being a bit more user friendly ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/anoncvs.html ) Thanks for your assistance. okay, a very short description... as i'am in germany i use the german CVS mirror. prompt touch ~/.cvspass prompt cd /usr/ports/net prompt rm -r samba3 prompt cvs -d :pserver:[EMAIL PROTECTED]:/home/ncvs login - -- Now the you are asked for a password, please type: anoncvs prompt cvs -d :pserver:[EMAIL PROTECTED]:/home/ncvs co \ - -DThu Jul 22 14:38:05 2004 UTC samba3 thats all. now the samba3 port is at version 3.0.5 and you should be able to build and install it. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCMc7FSPOsGF+KA+MRAqqTAJ9XnUv3bodESSk8NnvBOq3nEbGQPACgu8b0 Bxw023YVB3smFht6/66KXGM= =CAwv -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help Samba3 seems broke for me...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Mar 2005 [EMAIL PROTECTED] wrote: stripped-down I am following the How To from this URL: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2464512 Here are some things that I've noticed: Group names appear all lower-case: getent missing, I am pretty sure that it can be found in Fedora Core 3 and also SuSe. The thing has always been missing in FreeBSD and the Samba3 docs may need updating. Created a usermap file but it doesn't appear to honor it: username map = /usr/local/etc/username.map FreeBSDUserName=WindowsUserName Inside mapped username directory on FreeBSD by way of XP browsing access is denied in creating anything. Inside mapped user's directory on FreeBSD via XP and when deleting something it goes away but then a refresh on XP window and the item returns. No access denied message is thrown. I don't know if I did it or Samba did it but in the /etc/passwd there are user names within the range of idmap uid/gid (This is on Samba 3.0.5) but on the Samba 3.0.11 no user names have been changed (they sill have the FreeBSD assigned Ids). idmap uid = 15000-2 idmap gid = 15000-2 in passwd; nagios:*:15035:15030::0:0:Nagios pseudo-user:/var/spool/nagios:/nonexistent Separator has changed from a '+' to a '\' (Wish somebody would stop doing that, heck on a SuSe Machine, it once was an 'm' that one baffled me.) Unless of course I'm thinking of something else, but still why did it go from TEL+ to TEL\? Samba 3.0.5 wbinfo -g reports: TEL+Exchange Domain Servers Samba 3.0.11 wbinfo -g reports: TEL\exchange domain servers Oh, and most importantly... Thanks for helping with that CVS thing. Worked great. My working system allows me to do the things I do while the 3.0.11 just drives me nutso. I'm thinking of trying 3.0.5 on the other system to see if it is behaving. But not just yet. uname -a reports (holding off upgrading the world for the moment): FreeBSD oracle.internal.qualmax.net 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Here's my smb.conf (System is acting as a domain member) for 3.0.11 [global] workgroup = INTERNAL netbios name = ORACLE server string = %h server (Samba %v) security = DOMAIN username map = /usr/local/etc/username.map load printers = yes printcap name = cups printing = cups show add printer wizard = No idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes use sendfile = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes hi, here are some short notes for the points you mentioned. - - getent missing there is no Fedora or SuSE like getent in FreeBSD! but you can use pw(8) to show all available users - --- prompt pw usershow -a - --- if you think the samba documentation needs updating in this section, please report it to the samba team. - - winbind separator change from + to \ there is an smb.conf(5) option to change it back to + the smb.conf(5) manpage says: - --- Please note that setting this parameter to + causes problems with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. - --- if it was sometimes an m on SuSE system, it was due to modifications made by the SuSE people. neither the samba team nor FreeBSD has anything to do with it. - - username map option you should carefully read the smb.conf(5) manpage as there where some changes around samba-3.0.8 in this area. you should also read the Release Notes for samba-3.0.8 for clarification. - - nagios account the account with this uid comes from installing the net-mgmt/nagios port the uid is automatically generated, but you can simply change it and chown(8) all files and diretories belonging to the old uid to the new one. - - file deletion using the WinXP box i will not try to analyze this until you have taken the above comments into account. Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCMgnXSPOsGF+KA+MRAqCOAJ4xWHqPLcVMEyF9lAnNtAbf1PUv5gCglmoZ JEIWU/2t3ZRJCMt67fcF/oc= =npDI -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Feb 2005, Bob Hall wrote: On Mon, Feb 28, 2005 at 11:56:49AM +0100, Florian Hengstberger wrote: Disabled by default? Sorry, but I've never specified any ldap options in my smb.conf but the server always tries to authentificate the users with an ldap server. With or without LDAP compiled in, Samba shouldn't be asking for LDAP unless you specified it in smb.conf. Look in smb.conf and post the passdb backend setting. I played with LDAP for a while, so I have ; passdb backend = ldapsam The semicolon makes the line inactive. My installation uses tdbsam by default. Hi, this is completely true for net/samba3. but as he's using net/samba which is currently samba-2.2.12 this is wrong. in the samba-2.2.xx series the ldapsam backend is a compile time option, so you can either have tdbsam OR smbpasswd OR ldapsam. this behavior was changed when switching over to samba-3.x where one can specify a different passdb backend in the smb.conf file if it was built. this offers the possibility to build a passdb backend chain. anyway, please make sure that the /etc/make.conf ! not smb.conf file contains NO WITH_LDAP=yes line and recompile net/samba WITHOUT specifying WITH_LDAP=yes on the command line. the resulting smbd should not be linked against libldap or liblber. if it is still linked against these two lib's there must be something wrong in the port. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIzJOSPOsGF+KA+MRAsrHAKCg1l5J0840dWvvBvnRe+RDQjMwgwCeKUSa NyLHxI2FXw2hypJjKAs0EHc= =iIUf -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 27 Feb 2005, Florian Hengstberger wrote: Hi list! I'm still using 5.2.1 and samba from /usr/ports/net/samba. Is there a way to disable ldap, it seems that it is compiled into the binary. Do i have to recompile (which switch?) or is there a simpler way. Hi, after a quick look in the Makefile for net/samba it seems that LDAP support is disabled by default. it can be enabled at compile time by specifying WITH_LDAP=yes. so, if you recompile net/samba without specifying WITH_LDAP on the command line or in /etc/make.conf, you should get a binary without LDAP support. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIsUfSPOsGF+KA+MRAmRBAJwNK6kyKtniLe8ctZyvYvXBQB7knwCeOTn1 9XR2th3Qf7eqWoSZ4mIFexs= =NMF3 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba schema?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 19 Feb 2005, Jason wrote: running the openldap 2.2 server from ports.. on a 5.3-STABLE box. whered it go? monsterjam# pwd /usr/local/etc/openldap/schema monsterjam# ls README dyngroup.schema misc.schema.default corba.schemadyngroup.schema.default nis.schema corba.schema.defaultinetorgperson.schema nis.schema.default core.schema inetorgperson.schema.defaultopenldap.schema core.schema.default java.schema openldap.schema.default cosine.schema java.schema.default cosine.schema.default misc.schema monsterjam# looking for /usr/local/etc/openldap/schema/samba.schema I dont see a separate option on the openldap server makefile in the ports for it either.. Hi, the samba.schema file is NOT part of the OpenLDAP distribution and is NOT maintained by the OpenLDAP developers. The samba.schema is part of the samba-3.x.x distributions and is maintained by the Samba development team. After you've installed the net/samba3 port you should find the schema file in: /usr/local/share/examples/samba/LDAP/samba.schema To make slapd using this file, you have to add an appropriate include line in the slapd.conf file. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCF2rKSPOsGF+KA+MRAiCAAKCHUntbXOj9j/DKz3pRtcAGZUvSvACfaR0g VkefOWWP5uVsuX+y+U4k3yA= =ivmz -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: realplayer-10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Jan 2005, Skylar Thompson wrote: On Wed, Jan 26, 2005 at 08:45:01PM -0800, Gary Kline wrote: People, Does anybody know why I'm getting this err output from the FBSD mozilla? pd 12:05 zen [1353] LoadPlugin: failed to initialize shared library /usr/local/lib/linux-mozilla/plugins/nphelix.so [Shared object libstdc++.so.5 not found, required by nphelix.so] locate nphelix.so /usr/X11R6/lib/browser_plugins/nphelix.so /usr/local/lib/linux-mozilla/plugins/nphelix.so I don't run linux-mozilla on my laptop; I *have* installed the linuxpluginwrapper port. Do you have the linux_base package installed? You'll need that for libstdc++.so.5, which is the library that you're missing. if you have installed the linuxpluginwrapper port, you should have seen a message generated by the port, how to setup your /etc/libmap.conf file to get the different plugins working with a native FreeBSD browser. you should take a look at the examples in the /usr/local/share/examples/linuxpluginwrapper/ directory. they contain a section for the realplayer-10 plugin. after adding the necessary lines to your /etc/libmap.conf and restarting mozilla, the shouldn't appear and about:plugins should show the plugin. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB+gU0SPOsGF+KA+MRAmV5AKDONtDpIOs68G8eLwAFqRoNSN7mnwCePkcR fGYUiAjXsMnpHzCN9yewffU= =pHTJ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CyrusIMAPd, SquirrelMail, and sendmail troubles...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Jan 2005, Eric F Crist wrote: Hello list. I've got a whole slew of issues I'm hoping you can help me resolve. I followed the instructions at http://www.soe.ucsc.edu/~venkat/tutorial1.html to install cyrusimapd. Everything seemed just fine. I tried to install SquirrelMail, which installed fine, but I cannot log in. Here's what I want to do: 1) I want to use the regular user accounts and passwords for email. 2) I would like to be able to access each account through either pop3s, imap, or squirrelmail Hi, after a quick look on the website you mentioned, i saw no point where 'saslauthd' gets installed. my first dumb question: did you install it? if you have installed security/cyrus-sasl2-saslauthd, you should have '/usr/local/sbin/testsaslauthd'. please use this tool to check for the correct operation of 'saslauthd'. the website also mentioned that you have to set 'sasl_saslauthd_flags=-a sasldb' in /etc/rc.conf, but if you want to authenticate against system accounts, this setting is completely wrong. you should either set 'sasl_saslauthd_flags=-a pam' (this is the default) or 'sasl_saslauthd_flags=-a getpwent' to authenticate against system accounts. i never tried the pam and getpwent variants as i use ldap to authenticate. hope this helps a litlle bit. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB521oSPOsGF+KA+MRAvywAJwLG5fSY5FcDtdKELG73fvCoVUUqgCgudb9 bUHoM1SxIC84Pdyn7Pdcqtg= =JlCj -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named exits on SIGHUP?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2 Jan 2005, Matthias Buelow wrote: Hi folks, when I kill -HUP named on 5.3 (BIND 9), it exits, instead of reloading, as stated in the manpage. Is this normal? I think it's rather impractical, since it prevents proper log rotation through newsyslog.conf (when using file logging in named.conf). It doesn't seem to matter if it's running chrooted or not. i noticed the same behavior. it did not exit if named is running in foreground, started with -f. it's also impractical as '/etc/rc.d/named' is using the HUP signal for the reload command which causes the process to exit silently. the named(8) manpage says in the SIGNAL section: [snip] In routine operation, signals should not be used to control the name- server; rndc(8) should be used instead. [snip] i tried 'rndc reload' and it's working and did not cause the named process to exit. maybe '/etc/rc.d/named' should be changed to use this as reload command. i have not looked deeper into this because my spare time is currently very limited. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB2CenSPOsGF+KA+MRAuu2AJ9cS1wJIhYw3SyhqQyjVy5EP5e1YACglMWt dMpKdIEqWEVjAB6CF7BoVbw= =4lP4 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgraded to Xorg 6.8.1 and some icons broke in Window Maker 0.91.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2 Jan 2005, Tabor Kelly wrote: Hello, I just upgraded from Xorg 6.7.0 (where everything worked fine) to Xorg 6.8.1 and my clip icon along with a few others have a black background. Here is a screenshot: http://tabor.taborandtashell.net/images/outfile.jpg Is anybody else having this trouble with Xorg 6.8.1? Everything else works fine. Of note: I have an Intel i810 video chipset and Xorg 6.8.1 broke the driver for it, but I set NoAccel in my xorg.conf file and that was supposed to take care of it (now X at least starts). Does anyone think this could be related to my specific hardware? Note2: This is on an ia32 laptop running FreeBSD 5.3R. i got the same problem here. it seems to be a problem with the proper display of TIFF icons. Workaround: change all TIFF icons to the XPM equivalent. maybe someone with deeper windowmaker knowledge can help to find a real solution. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB2PHJSPOsGF+KA+MRAnvfAKDHsUEM9MibU+zQ++1KTcy9bupxaACeNjkH X4niuWRIUSJ/J50RYSNmliw= =hoHy -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: php5.0.3_1 doesn't run after update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 20 Dec 2004, bob wrote: ... portupgrade -v php5 PHP Warning: PHP Startup: Unable to load dynamic library /usr/local/lib/php/20041030/session.so In /usr/local/lib/php I have: drwxr-xr-x 2 root wheel 1536 Dec 20 13:58 20040412 hi, i don't know what was going wrong during your update, but if you take a closer look at the above lines you will see the cause of your problem. the directory which contains the extensions is different to the one you have configured in php.ini. try to set extension_dir = /usr/local/lib/php/20040412 in php.ini and try again. yesterday, i made a fresh php5 install and my extensions are in /usr/local/lib/php/20041030. don't know why this is not the case for you after upgrading from a previous version. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBx8neSPOsGF+KA+MRAlTCAJ9JVamtc+12JkzctqnPRzaNd/kEvACgyvTl pRH9IbVOD8i9oCI1QVYxZjI= =4riC -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: D-Link DWL-610 on freebsd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 16 Dec 2004, CityCat wrote: Hello All! I would like to know if a D-Link DWL-610 work on freebsd. I'va searched [previous line truncated] Hi, i've this card working here with FreeBSD-5.3. you should read the ndis(4) and ndiscvt(8) manpages. see also the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html here are two additional links as an example step by step guide. http://www.xl0.org/FreeBSD/ndis.txt http://imil.net/docs/FreeBSD-5.2.1+Project-Evil.txt Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBwoAgSPOsGF+KA+MRAsG+AKCsk47iHPzpn7vj057TgULj9tjrIACgvFex wtcPnoxu6RhB54LhAbDB0zo= =Igjb -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCP and 2 subnets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 12 Dec 2004, goose bla wrote: hello, I have router with inet and allias. 10.1.0.0/24 10.2.0.0/24. i want allot to pc(client) their IP by their MAC adress. but it's going only with one subnet. i can allot IP only to one subnet. [stripped] Hi, don't know if i got you roght, but here are my thoughts. if you want to serve more than one ip network over one physical wire you have to define a shared network. here is an example. (remeber, host declarations have to be inside! the subnet they belong to) shared-network MYNETWORK { subnet 10.1.0.0 netmask 255.255.255.0 { range 10.1.0.31 10.1.0.60; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option domain-name bla.org; option domain-name-servers 222.222.222.22; option routers 10.1.0.1; host pc1 { hardware ethernet 00:33:11:22:bb:94; fixed-address 10.1.0.10; } } subnet2 10.2.0.0 netmask 255.255.255.0 { range 10.2.0.31 10.2.0.60; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option domain-name bla.org; option domain-name-servers 222.222.222.22; option routers 10.2.0.1; host pc2 { hardware ethernet 00:44:44:22:bb:94; fixed-address 10.2.0.10; } } } as far as i can tell, this setups work here for me. i don't know the exact behavior of dhcpd if you declare dynamic ranges in more than one ip subnet. i've only one dynamic range in one! subnet. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBvT7fSPOsGF+KA+MRAntAAKCVOy85a1hGnjzJPPZZrBHEszQ+kACcCT7x d/2WSZOBLILhENRRV3BnJqc= =v6L+ -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and FS Primergy TX150 S2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 10 Dec 2004, martin hudec wrote: Hello, I am considering to buy some servers Fujitsu Siemens Primergy TX150 S2 and I am interested if anyone has experience with these servers. It is single P4 3GHz, 1GB RAM, 2x160GB SATA disks and Promise FastTrak S150 TX4 controller. I want to use 5.3-STABLE there. I am mainly interested in that SATA RAID controller, if it is well supported, or if you can recommend me anything better. Hi, i have such a system. It was running previous FreeBSD-5.x versions and is now running FreeBSD 5.3-RELEASE-p2. There were no problems to get everything working. The SATA controller works out of GENERIC. some lines out of dmesg(8) CPU: Intel(R) Pentium(R) 4 CPU 2.66GHz (2665.40-MHz 686-class CPU) em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 ahd0: Adaptec AIC7901A Ultra320 SCSI adapter atapci0: Promise PDC20319 SATA150 controller atapci1: ServerWorks CSB6 UDMA100 controller ad4: 76319MB Maxtor 6Y080M0/YAR51EW0 [155061/16/63] at ata2-master SATA150 ad6: 76319MB Maxtor 6Y080M0/YAR51EW0 [155061/16/63] at ata3-master SATA150 ar0: 76293MB ATA RAID1 array [9726/255/63] status: READY subdisks: disk0 READY on ad4 at ata2-master disk1 READY on ad6 at ata3-master as you can see, i have only 2.66GHz and 80GB HD's. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBuW2QSPOsGF+KA+MRAo0SAJ9mw5nJndyoeDsZQ0zCk3J3+AXIQgCeJDF3 wwBVE6ZnL9izuKHJKVdfXww= =AYAT -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba w/ ACL support and FreeBSD 4.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 18 Oct 2004, h0444lp6 wrote: Dear list, Compiling Samba 2.2.8a_2 on FreeBSD 4.10 I saw the option to enable ACL support for samba. But Using Samba claims: --with-acl-support Includes support for Windows NT/2000/XP access control lists (ACLs). For this to work, you need to have POSIX ACL support in the host operating system. See Chapter 8 for details. Is it possible to use samba w/ acl on FreeBSD 4.10? Do I have to add kernel options or so? from ${PORTSDIR}/net/samba/Makefile: .if defined(WITH_ACL_SUPPORT) .if ${OSVERSION} 500018 BROKEN= ACL support requires a recent FreeBSD 5.0-CURRENT .else CONFIGURE_ARGS+=--with-acl-support .endif .endif regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBc67cSPOsGF+KA+MRAhuuAJ4iH3sk747eT3yDkl/1BdqmZFFOZwCguAxH 7PgQ0dkyPMuoYz1XKB96bD0= =w30C -END PGP SIGNATURE-___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up pam_ldap nss_ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2 Sep 2004, Curtis Vaughan wrote: On 5.3-Beta I have installed pam_ldap and nss_ldap. Then I edited the following files: /usr/local/etc/ldap.conf /etc/nsswitch.conf files within /etc/pam.d particularly /etc/pam.d/ldap and ./sshd and ./su /usr/local/etc/nss_ldap.conf I think that's it. I can provide each of those files if necessary. Nonetheless authentication for users not local to this system is not occurring (which would normally occur for me under Linux). I have tried authenticating the following ways: 1) through ssh; 2) through su. I have noticed, however, that the way I do this under Linux is not the same as for FreeBSD. So, it's quite possible that I have left something out. Anyhow, I would appreciate any input into what needs to be configured to get this to work. i have a FreeBSD-5.2.1 system that provides ssh logins based on LDAP accounts via nss_ldap and pam_ldap. it works perfectly. /etc/nsswitch.conf - --- passwd: files [NOTFOUND=continue] ldap group: files [NOTFOUND=continue] ldap shells: files hosts: files dns - --- /etc/pam.d/sshd - --- # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.sono_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.sono_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass debug auth required pam_unix.sono_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account sufficient /usr/local/lib/pam_ldap.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.sono_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so use_authok password required pam_unix.sono_warn try_first_pass - --- /usr/local/etc/nss_ldap.conf (without TLS stuff) - --- host ldap1.example.com ldap2.example.com base dc=example,dc=com ldap_version 3 port 389 scope sub timelimit 30 bind_timelimit 30 bind_policy hard idle_timelimit 3600 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid pam_password clear pam_password exop nss_base_passwd ou=People,dc=example,dc=com?one nss_base_group ou=Group,dc=example,dc=com?one # debug testing #logdir /var/log #debug 9 - --- i use the same configuration for pam_ldap and nss_ldap, so create a symlink to /usr/local/etc/nss_ldap.conf for /usr/local/etc/ldap.conf or make an exact copy. all other entries in nss_ldap are commented out for me. Don't forget to change dc=example,dc=com and ldap1.example.com ldap2.example.com to your values. there is no need for a .secret file for pam_ldap or nss_ldap. to be clear, if you set a rootbinddn or binddn which has the right to read the userPassword attribute, a getpwent(3) call would return all password hashes which is surely not what you want. the better way is to let nss_ldap only return the account information without the password and let pam_ldap try to bind as the users dn with the submitted password. another point is, that the whole pam_ldap stuff can be skipped if you use a binddn or rootbinddn with nss_ldap and this dn is allowed to read the userPassword attribute as the password is available to pam_unix and makes authentication possible. but remember the risk that someone is able to use getpwent(3) to get all password hashes that are stored in LDAP. if it's still not working for you, uncomment the logdir and debug line in nss_ldap.conf and, if not symlinked, in ldap.conf too. after trying a new login you will find a file ldap.PID in the directory specified as logdir. the whole LDAP lookup and LDAP bind phase is written to this file so one can analyze whats working or not. feel free to ask again if you still have problems. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBN3Z1SPOsGF+KA+MRAiqCAKDBJnLfyxzvDznyFqK0y5Nc7zreaQCgo2Tq EA/iC/hSxEjtrBwnaBoIXAU= =GlqU -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Possibly OpenLDAP problems (was Re: Why all my applicationgiving me core dumped error?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 30 Mar 2004, Kirk Strauser wrote: At 2004-03-30T09:45:11Z, Suhaimi Jamalludin [EMAIL PROTECTED] writes: I got some question regarding FreeBSD. Today I just install FreeBSD 5.2-RELEASE from CD. Then I cvsup port-all tag=. to the current one and complete the portupgrade -arR for update. I want to setup LDAP+SAMBA3. Then I install all the required ports. Then After I install samba-devel. my system going crazy it give me all these core dumped error. A few people have been reporting problems with programs that link against OpenLDAP after a recent upgrade. I had a cascade of failures until I temporarily removed the ldap entries from /etc/nsswitch.conf. If your portupgrade -arR upgraded OpenLDAP, then you may be bitten by the same bug. For an example, see: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/64932 I'm currently gathering information to submit more detailed debugging information. Hi, i had the same problems here. the problem came up after an upgrade from OpenLDAP-2.2.6 to OpenLDAP-2.2.7 the problem is line 205 in net/openldap22-server/Makefile LIBS+= ${PTHREAD_LIBS} the libraries are expicitly linked against c_r which breaks everything. this change was introduced to fix threading problems on CURRENT system as the CVS log says. i can not check if it works on CURRENT but it definitly breaks the STABLE systems. solution: remove line 205 in net/openldap22-server/Makefile and recompile/reinstall the port and it will work. maybe the maintainer can say something more about the porblems on CURRENT. regards Joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAanEjSPOsGF+KA+MRAk/UAKDQ3wDGcrxIw1uEQWKLEq0KP2LNIQCcDpsD AA04oIWzjo6MuAJXc2kHfg4= =VO/E -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up samba as PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Feb 2004, BUTTERWORTH,THADDAEUS (HP-Boise,ex1) wrote: Hello all, I'm needing to set up my machine as a PDC. When I go to add users using the smbpasswd -a username command I get the following error. Does anyone have any suggestions on how to fix this error? fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb you have to set the password for ldap admin dn first. try 'smbpasswd -w password' the password is then stored in the secrets.tdb file. this is necessary to make samba able to connect as a user with write permissions to the LDAP server. otherwise, as your current situation shows, it is not possible to change any information in the LDAP tree. Joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAM+RASPOsGF+KA+MRAr7nAJ9gaH22T4117dO/2elK03+Iaz8bagCgqmyS AVLcsy1vlZY27zwHNiPAZ28= =ZI1c -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Samba and ADS Support PLEASE...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 23 Oct 2003, Matt Edwards wrote: Date: Thu, 23 Oct 2003 18:47:55 -0600 From: Matt Edwards [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Samba and ADS Support PLEASE... Is it necessary to modify the Makefile of the samba-devel port on FreeBSD in order to build the package with ADS support? I am not very familiar with the syntax of a Makefile, but I can not seem to find anything in the FreeBSD 5.1 samba-devel Makefile that talks of OpenLDAP, a requirement to ADS support. If it is necessary could some one help me out with this? I have tried several times with still ADS support will not compile in. Also the /usr/include/gssapi.h file must be removed before any make (even the just plain make) on samba completes. I have tried it about 3 times with 3 fresh installs of FreeBSD 5.1 and a cvsup. I think there is something wrong with the samba port but I am too inexperienced to know for sure. Has anyone else had this problem? i had this problem to. i've made some changes to the Makefile and added some more knobs. i've send my changes to the port maintainer. for anyone else who wants to use my modified version i've attached these files. Makefile replaces the original samba-devel/Makefile pkg-plist replaces the original samba-devel/pkg-plist patch-Makefile.in make wrepld buildable samba-devel/files/patch-Makefile.in i will rewrite the whole Makefile and the pkg-plist again to get rid of the user-definable path stuff. regards Joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/mMKMSPOsGF+KA+MRAkQ+AKC7a07oyDkNwFopgDI4Nuw2TSCd0wCgh8LP Ieg+szTkWYyTb9vBV6Od92g= =H9Uc -END PGP SIGNATURE-# New ports collection makefile for:samba # Date created: 11th Feb 1995 # Whom: gpalmer # # $FreeBSD: ports/net/samba-devel/Makefile,v 1.96 2003/10/10 21:24:14 obraun Exp $ # PORTNAME= samba PORTVERSION=3.0.0 PORTEPOCH= 1 CATEGORIES= net MASTER_SITES= http://us3.samba.org/samba/ftp/%SUBDIR%/ MASTER_SITE_SUBDIR= . rc #DISTNAME= ${PORTNAME}-${PORTVERSION:S/.r/rc/} MAINTAINER= [EMAIL PROTECTED] COMMENT=A free SMB and CIFS client and server for UNIX USE_BZIP2=YES .if !defined(WITHOUT_CUPS) WITH_CUPS= yes .endif .if defined(WITH_CUPS) LIB_DEPENDS=cups.2:${PORTSDIR}/print/cups-base CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib .endif # directories VARDIR= /var SAMBA_SPOOL=${VARDIR}/spool/samba SAMBA_LOGDIR= ${VARDIR}/log SAMBA_PRIVATE= ${PREFIX}/private SAMBA_CONFDIR= ${PREFIX}/etc # sample files STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/samba.sh.sample SAMPLE_CONFIG= ${SAMBA_CONFDIR}/smb.conf.default DOCSDIR=${PREFIX}/share/doc/samba NO_LATEST_LINK= yes USE_AUTOCONF= yes WANT_AUTOCONF_VER= 253 CONFIGURE_ARGS= --libdir=${SAMBA_CONFDIR} \ --localstatedir=${VARDIR} --with-swatdir=${PREFIX}/share/swat \ --with-sambabook=${PREFIX}/share/swat/using_samba \ --with-lockdir=${VARDIR}/lock --with-privatedir=${SAMBA_PRIVATE} \ --exec-prefix=${PREFIX} --with-pam --without-manpages-langs \ --with-piddir=${VARDIR}/run --with-logfilebase=${SAMBA_LOGDIR} \ --with-configdir=${SAMBA_CONFDIR} .include bsd.port.pre.mk .if defined(WITH_WREPLD) ALL_TARGET+=all bin/wrepld PLIST_SUB= HAVE_WREPLD= .else PLIST_SUB= HAVE_WREPLD=@comment .endif .if defined(WITH_LDAP_COMPAT) .ifndef(WITH_LDAP) LIB_DEPENDS+= ldap.2:${PORTSDIR}/net/openldap20-client CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib .endif CONFIGURE_ARGS+=--with-ldapsam .endif .if defined(WITH_LDAP) .ifndef(WITH_LDAP_COMPAT) LIB_DEPENDS+= ldap.2:${PORTSDIR}/net/openldap20-client CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib .endif CONFIGURE_ARGS+=--with-ldap .endif .if defined(WITH_LDAP) defined(WITH_LDAP_COMPAT) LIB_DEPENDS+= ldap.2:${PORTSDIR}/net/openldap20-client CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ LDFLAGS=-L${LOCALBASE}/lib .endif .if defined(WITH_ADS) .ifndef(KRB5_HOME) BROKEN= Needs KRB5_HOME=/path/to/Kerberos5_prefix .endif .ifndef(WITH_LDAP) !defined(WITH_LDAP_COMPAT) BROKEN= Needs WITH_LDAP=yes or WITH_LDAP_COMPAT=yes .endif CONFIGURE_ARGS+=--with-ads .endif .if defined(WITH_SYSLOG) CONFIGURE_ARGS+=--with-syslog .endif .if defined(WITH_QUOTAS) CONFIGURE_ARGS+=--with-quotas .endif .if defined(WITH_SYS_QUOTAS) CONFIGURE_ARGS+=--with-sys-quotas .endif .if defined(WITH_UTMP) CONFIGURE_ARGS+=--with-utmp .endif .if defined(WITH_MSDFS) CONFIGURE_ARGS+=--with-msdfs .endif .if defined(WITH_WINBIND) CONFIGURE_ARGS+=--with-winbind .endif .if
Re: Samba and ADS Support PLEASE...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 24 Oct 2003, Matt Edwards wrote: Date: Fri, 24 Oct 2003 11:31:05 -0600 From: Matt Edwards [EMAIL PROTECTED] To: Alexander Kühn [EMAIL PROTECTED] Cc: Joerg Pulz [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Samba and ADS Support PLEASE... Ok here is what I have done thus far: 1) After I recieved Joerg's files and installed them I moved the gssapi.org file back to it's original location: /usr/include/gssapi.h 2) ran make clean twice in /usr/ports/samba-devel directory 3) I did not build krb5 with ldap so I went back to /usr/ports/security/krb5/ and ran: make deinstall, then I ran make clean twice followed by: make WITH_LDAP=yes then after a succesfull build I ran: make WITH_LDAP=yes install 4) I went back to /usr/ports/net/samba-devel and ran: make KRB5_HOME=/usr/local WITH_ADS=yes WITH_LDAP=yes 5) I have verified that the file /usr/lib/libkrb5.so exists So far the make does not complete it still stops in the location here: checking for memory keytab support...yes configure: error: libkrb5 is needed for Active Directory Support (report problem instructions) *** Error Code 1 Stop in /usr/ports/net/samba-devel I am totally open to trying anything at all to get this to work. Please let me know if I can make any other changes. I can also post my config.log file if that may help. Matt, sorry, but i've never tried to compile samba-devel with krb5 from the ports tree. i only use the heimdal stuff from plain FreeBSD-5.1 and i specified KRB5_HOME=/usr configure is running great and make too. joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/mWl5SPOsGF+KA+MRAtBeAJ43VSKRUBFTWzOI0RN+sd2Q2tSz+ACgqFkz kG9eINDfgIOArvkj+Rm+4x4= =n8cM -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]