Amavisd-new + spam assassin tuning?
Hi all, Perhaps this is not the best place to ask this, but if so, I hope someone can quickly point me in the right direction. The situation: On my FreeBSD live box I have set up a split Sendmail RX set of daemons, such that incoming mail gets tunneled through Amavisd-new + ClamAV + SpamAssassin, and then gets delivered to the recipients on my machine (unless filtered out by the above programs). This works fine, however, I'm getting more and more spam, and it seems Spam Assassin is not filtering out a lot using its default settings. The question(s): I'd like to tune Spam Assassin such that it filters out much more spam, whilst letting (almost) all proper messages through. Thunderbird's spam controls are pretty good at filtering out spam, and I was hoping perhaps Spam Assassin can also be taught and/or configured to filter out spam very efficiently, whilst letting all (or at least almost all) of the real messages through. Can anyone tell me how to best go about this, and/or (in case this isn't the right place to ask this question) where I can best read up about achiving this? Tnx a lot in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved]
Hi again, Tnx for your further recommendations. I'll take the following actions: 1) I'll report the IP addresses to Spamcop and Spamhaus (note that indeed it appears to be virus-driven, or operated through backdoors, as the server is under constant attack, coming from a variety of IP addresses). That way, perhaps the ISPs can at least inform the responsible people that they have virus infections, and need to act upon it. 2) I may try the hosts.allow trick, but I fear that the IP addresses will be very diverse, so that may not be as full-proof as I'd like. Probably I'll make use of captcha, or something of the likes. 3) I had already tried using Apache to block any and all access to the script, but from the machine itself, but I had done so by adding an Allow from 123.456.789.10 entry (with the real life IP address, instead of localhost or 127.0.0.1). This didn't do the trick, and I can see why. I'll try this with setting this to Allow from localhost or Allow from 127.0.0.1, and will the perhaps have to change the form action handler somewhat. Either way: I should have enough information for now to properly act upon it (though I still welcome further suggestions), so thanks a lot again! :) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved]
Hiya all, Well, I promised you guys a follow-up on this, and here's what I have found out (first the situation and solution, and then two small questions) The situation: Firstly, I took some measures to figure out where the issues came from, and using Apache's server-status handler (tnx for that recommendation!), I noticed the script that caused Apache to choke up (i.e. grab an excessive amount of resources), was a PHP script that shows entries of photographic events that I organise from time to time. This didn't happen for all entries, but only for specific ones. I then wondered why, as this script never caused trouble before, and while checking the server status I did already notice that the store comments script (allowing visitor's feedback to the entries) was called very often. Too often. I checked out the sizes of the comments files (which normally are very small plain text files, of perhaps some 4Kb size at most), and lo and behold: some of them were as big as 18Mb! The main issue then becoming that when these files were parsed as text by PHP when an entry is shown, this either took a long time to complete, or in the worst case caused even a core dump to be generated by the over-excessive load on the server's resources. Next, when checking the contents of those files, it became apparent that they were completely hammered with all sorts of typical commercial spam, referring to vi*gr* websites, etc. I think this is known as forum spam (or so), but my site uses custom scripts, so someone must have found the URL, and made use of it by manually figuring out the parameters and it's functionality. The (partial) solution: For now, I have configured the webserver so, that ANY call to this store comments script is forbidden, and will simply generate a standard server error (hopefully the spammers will signal these server errors, and will stop the hack attempt), while I am looking into a better solution (e.g. by having to type additional text (anti- spam challenges) when posting a comment). But then, as mentioned above, someone went through the trouble of figuring out how to manipulate my code, and hence caused me a LOT of time being wasted, so I want to reward them for their trouble, by punishing the responsible people as much as possible. Therefore, I will go through the Apache access log to work out the IP addresses of the machines that were used for this, and I will report them to the proper anti spam authorities, such that they will be blacklisted Internet wide. If anyone knows of good places to do so (the more, the merrier), I welcome hearing about them... The questions: -Can anyone recommend me proper anti spam authorities to whom I can report the IP addresses that caused the issues on my machine? -At present, in Apache I have added: Location ~ store_comments_script.php Order deny,allow Deny from all /Location Can anyone tell me of a good way to only ever allow calls to this script coming from the proper previous script, or should this be handled from PHP itself? Perhaps this question isn't very clear, but what I'm looking for is a way to block any and all direct calls to this script, that originate from anywhere but from the photography site itself. Can anyone help me perhaps with those two thingies? Tnx once more, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi Ivan and Dan (and the lists), The size of apache processes is telling me you're using PHP or some other heavy apache module. Indeed I am (I forgot to mention this). It is PHP 4.4.6, and it is set up as an Apache module. If so, you can switch to using PHP as FastCGI responder via mod_fcgid. The benefits are that you'll get only a few number of large php-cgi processes (configurable, usually around 10), and the rest will be lighter httpd processes for serving static content. Will that not have some other downsides? I remember that previously when running PHP on the CGI, that e.g. a lot of debugging power got lost, as each and every error would simply either return a blank page, or simply an internal servor error 500 or so Is that also the case with FastCGI? BUT, if something else changed when you switched to the new apache (e.g. PHP version, your web applications), it may not be apache's fault. The PHP version got upgraded from 4.4.0 to 4.4.6 too, but none of the actual application scripts changed. BTW: At times what one sees happening is that 2 of the httpd daemons quickly go up to (each, or in turn) about 50% (or 70% if it can grab that much), then stays quite a while at that, and then goes back to a more reasonable amount. At other times, there are around 10+ httpd processes that each consume around 5% of the CPU, with a lot more of them using around 0-1% of the CPU (perhaps defunct already?). Dunno. Apache + PHP is lightning fast, but... at the expense of the CPU being pulled close to 100% all to easily... Then, regarding Dan's sendmail configuration suggestion: tnx! I just put that in place and will monitor sendmail's behaviour today, to see how it performs during heavy server load. I'll let you guys know how I get on with this... Meanwhile: I'm still open for suggestions as to how to best make Apache behave less selfishly. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi again, Hmmm, the load is very high right now, and again mail is not comming through. This time, it seems the queue runner is blocking matters. When checking /var/log/maillog, there are entries for the RX daemon having received messages, but also there is this entry: May 4 12:29:38 servername sm-msp-queue[96724]: runqueue: Skipping queue run -- load average too high Can anyone tell me in which sendmail configuration file or option this should be changed (if possible)? Note: perhaps this can be achieved by the sm-queue daemon options. In rc.conf, I have the following settings for sendmail: mta_start_script=/etc/rc.sendmail # Script to start your chosen MTA, called by /etc/rc. # Settings for /etc/rc.sendmail: #sendmail_enable=NO # Run the sendmail inbound daemon (YES/NO). sendmail_enable=YES # Run the sendmail inbound daemon (YES/NO). - (OJG: CHANGED 18-12-2004) sendmail_flags=-L sm-mta -bd -q30m# Flags to sendmail (as a server) sendmail_rx_enable=YES# Start the RX daemon sendmail_rx_flags=-C/etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp # Flags to sendmail (RX part - OJG) sendmail_tx_enable=YES# Start the TX daemon sendmail_tx_flags=-L sm-mta-tx -bd -q15m # Flags to sendmail (TX part - OJG) #sendmail_submit_enable=YES # Start a localhost-only MTA for mail submission sendmail_submit_enable=NO # Start a localhost-only MTA for mail submission - (OJG: CHANGED 18-12-2004) sendmail_submit_flags=-L sm-mta -bd -q30m - ODaemonPortOptions=Addr=localhost # Flags for localhost-only MTA sendmail_outbound_enable=YES # Dequeue stuck mail (YES/NO). #sendmail_outbound_enable=NO # Dequeue stuck mail (YES/NO). - (OJG: CHANGED 18-12-2004) sendmail_outbound_flags=-L sm-queue -q30m # Flags to sendmail (outbound only) sendmail_msp_queue_enable=YES # Dequeue stuck clientmqueue mail (YES/NO). #sendmail_msp_queue_flags=-L sm-msp-queue -Ac -q30m sendmail_msp_queue_flags=-Ac -L sm-msp-queue -q10m # Flags for sendmail_msp_queue daemon. Any ideas, anyone? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi again, This time a question from the Apache side of this issue: You'll have to correlate this with HTTP requests apache receives - maybe there's a PHP script that's unusually CPU intensive. Is there any (easy) way to do this in conjunction with specific PIDs of stressed httpd instances? Of course I can take a look at the httpd-access log file, but at present it doesn't log the PIDs (which can perhaps be changed by changing the log format), but is there an easier way to inspect (from the prompt) what a specific httpd instance is doing/ serving? Cheers! Olafo PS: This morning (and some of the other past few days as well) I took a closer look to the server loads, and it looks like during the better part of the morning the load is virtually 0%, and around midday (or slighlty before?), all of a sudden Apache starts going crazy and receives very heavy load. I wonder if this can perhaps be some DOS attack, and hence I'd like to see what each of the stressed daemon instances is doing exactly... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi, It might as well be a search engine spider. Perhaps it is... By just tailing the httpd-access.log file a few times over the past 10 minutes or so, at least I already just came across: 74.6.70.45 - - [04/May/2007:13:12:34 +0200] GET /olympus/tope/ tope_show_entry.php?event=13pic=1 HTTP/1.0 200 3209 - Mozilla/ 5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/ slurp) [...] 66.249.66.176 - - [04/May/2007:13:15:46 +0200] GET /olympus/tope/ tope_show_entry.php?pic=22event=7 HTTP/1.1 200 3792 - Mozilla/ 5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) 65.55.210.7 - - [04/May/2007:13:15:52 +0200] GET /clomid HTTP/1.0 404 345 - msnbot/1.0 (+http://search.msn.com/msnbot.htm) So, there ya go: it looks like Yahoo!, Google AND MSNsearch are battering my server pretty much all at once (though I don't see too many traces of either of them, so perhaps they're not all too hard on the machine)... Hmmm, perhaps time for a robots.txt file. Then, doing just some more tailing on the access log shows that the actual load is spread over several sites, with about 4 of the top sites being called from a variety of browsers from all sorts of IP addresses. Another assumption then becomes that perhaps as soon as the USA wakes up, the sites simply get a lot of real visitors too, hence causing a (legit) high load... Still, this is precisely why I'd like to see which scripts are causing heavy load, such that I can perhaps better tune them. Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi, Investigate the Apache server-status handler (assuming its still there in 2.2). If you also enable the ExtendedStatus output from server- status, I just enabled it like that, as well as the server-info handler. This is indeed what I was looking for, and it directly identified the culprit, being one of the (PHP) scripts I use on one of my photography sites. I don't know exactly what is going on yet (i.e. when I call the script, on some of the pictures it works fine, and on some others it seems to be blocking forever, and doesn't seem to serve anything, but rather it seems to get stuck)... I suspect the picture resizing code may be at fault... O.k., I'll check this out, and will let you guys know how I get along with it, and if indeed the script is at fault, or whether it is due to some PHP/Apache issue. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to make Apache (2.2.4) less greedy, or Sendmail less polite?
Hi, Recently I upgraded my Apache 1.3.33 webserver to Apache 2.2.4, and ever since, I noticed that it is acting in such a way that it often is VERY greedy with my server's resources. Quite often, when running top, a list that is as the one that appears at the bottom of this e-mail is shown: indeed pretty much solely httpd instances, that for extended periods of time almost continously pull the CPU to close to 100%, and that also consume a lot of the memory resources... Strangely enough, at other times the CPU load is just slightly above 0%, say 0.4% or so... Apart from the fact that it doesn't feel right to see the CPU for substantial amounts of time, almost constantly close to 100%, there is a further issue, being that sendmail rejects connections when the server load is (too) high. This is very annoying, as e-mail is also a crucial part of the server's functionality, and I don't want sendmail to reject connections, each and every time that Apache goes berserk. Now, the machine in question, is an AMD-64 machine, and it runs the AMD-64 version of FreeBSD (5.4-release) with a custom kernel. Surely, Apache can be reconfigured such that it doesn't behave so selfishly, and leaves a decent amount of resources for other stuff (such as sendmail) on the machine too. What I'm basically trying to find out is: 1-Is this normal, or can this perhaps be some (brute force) hack attempt, where something is pounding Apache heavily, trying to find/ exploit some security risk? 2-How can I inspect exactly what each httpd instance is doing (i.e. which request it is serving)? 3-How to best configure Apache 2.2.4 such that it will never use more than a specific amount of the system's resources (e.g. a CPU usage limit of 75%, and a memory limit of say 1GB)? It would be my guess that the amount of MaxClients should be lowered, but is that sufficient (note: current httpd-mpm.conf settings apper at the end of this e-mail, and indicate an amount of 150), and will that not somehow (all too) negatively affect the way Apache handles requests? 4-How to perhaps tell sendmail to be a bit more selfish, and stop it from rejecting connections for extended periods of time? (note: we all know just how much fun it can be to configure Sendmail :P so for now I've only included (a shortened version of the) RX daemon config file, and hope someone can give me a good pointer for this - or tell me where else to look). 5-When sendmail rejects (incoming) connections, does mail actually get lost, or will it (always) be handled later, when the server is less occupied? Cheers, and tnx in advance! Olafo PS: I hope anyone can give me some good ideas, and for completeness sake, I've copied some additional information that may give an insight into the issues: 1) The Sendmail rejecting connections issue: ps auxww | grep sendmail root2259 0.0 0.0 9480 668 ?? Ss 20Apr07 0:38.17 sendmail: rejecting connections on daemon MSA: load average: 59 (sendmail) smmsp 2261 0.0 0.0 13628 760 ?? S20Apr07 1:40.56 sendmail: running queue: /var/spool/mqueue-rx (sendmail) root2262 0.0 0.0 9480 704 ?? Ss 20Apr07 0:37.85 sendmail: accepting connections (sendmail) smmsp 2265 0.0 0.0 9344 608 ?? Is 20Apr07 0:01.33 sendmail: Queue [EMAIL PROTECTED]:10:00 for /var/spool/clientmqueue (sendmail) root 91503 0.0 0.0 428 320 p0 D+7:23PM 0:00.00 grep sendmail 2) top output (partial), during (apparent) heavy load: last pid: 91504; load averages: 58.76, 59.21, 60.20 up 13+07:02:40 19:24:50 163 processes: 61 running, 102 sleeping CPU states: 98.8% user, 0.0% nice, 0.4% system, 0.8% interrupt, 0.0% idle Mem: 1299M Active, 204M Inact, 289M Wired, 63M Cache, 214M Buf, 39M Free Swap: 2021M Total, 922M Used, 1099M Free, 45% Inuse, 128K In PID USERNAMEPRI NICE SIZERES STATETIME WCPU CPU COMMAND 91459 www 1240 141M 15136K RUN 0:02 5.52% 5.52% httpd 91352 www 1190 139M 12596K select 0:14 3.61% 3.61% httpd 91455 www 1240 167M 41960K RUN 0:03 3.61% 3.61% httpd 91461 www 1240 141M 15128K RUN 0:03 1.37% 1.37% httpd 91126 www 1240 158M 19520K RUN 1:46 0.83% 0.83% httpd 91139 www 1240 158M 19532K RUN 1:43 0.83% 0.83% httpd 91152 www 1240 195M 19396K RUN 1:40 0.83% 0.83% httpd 91175 www 1240 170M 44524K RUN 1:02 0.83% 0.83% httpd 90387 www 1240 170M 27548K RUN 5:19 0.78% 0.78% httpd 90529 www 1240 195M 24584K RUN 4:49 0.78% 0.78% httpd 90665 www 1240 167M 41804K RUN 3:29 0.78% 0.78% httpd 90897 www 1240 181M 23964K RUN 2:10 0.78% 0.78% httpd
Re: How to manually patch/configure/compile Apache 2.2.4's mod_autoindex module?
Hi Frank, Tnx a lot for your answers! Have a look at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports- using.html in particular: 4.5.2.1 Overriding the Default Ports Directories You basically copy the port wholesale to somewhere in your directory tree and build your new patched port with WRKDIRPREFIX set.I think. Hmmm, I read it, and though it looks somewhat promising, I wonder if that'll work... The issue is that when first patching the C file, and then just trying a make it does nothing. When doing a make clean, it will get all sources freshly again (hence undoing the patches made to the C file). From what I gather from the section you refer to, it will simply use a different working directory and/or install directory. However, wouldn't that try to simply install a newly build entire Apache 2.2.4 version next to the existing one (be it in a different directory, or not), with the difference that it is freshly built out of a different working directory (but still using the same fresh new sources)? For obvious reasons, I'm somewhat apprehensive about trying this on my live server (though I could possibly (ab)use my fallback server for it), and was kind of hoping there would be an easy way to just compile the mod_autoindex module, using the patched source... It appears I may have to fiddle around somewhat more with this, unless someone knows of a good way to achieve just that...? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to manually patch/configure/compile Apache 2.2.4's mod_autoindex module?
Hiya, I have run into a seemingly trivial, yet annoying issue. I used to use Apache 1.3.33 on my live server, and recently I upgraded to Apache 2.2.4, which apart from some hassles when upgrading the PHP4 extensions, went well. However, there is one small thingy that is different: there are exactly two directories on which I allow directory listings, and these listings are (also) called from an external W*nd*ws program that one of the users of my machine has made and has distributed. For this user, I had allowed directory listings, with fancyindexing enabled, and I thought everything would be fine, but Apache 1.3.33's mod_autoindex created listings using (uppercase) A ... /A tags, and Apache 2.2.4's version outputs (lowercase) a ... /a tags, and there ya go: the already widely distributed application solely checks for the uppercase version, and fails on the lowercase version. I had hoped that it would be easy to change this around, using some form of template, but after RTFM-ing on the mod_autoindex (and accompanying options) documents, I am pretty certain that this is not the case (or I am overlooking it). In fact, it looks like the only place where this could be changed, is the mod_autoindex.c file, under the work directory in the proper ports directory. Now, I don't mind patching the C source to accomplish this, however, compiling it neatly into a properly working module may be more of a hassle, and as a further downside, this would have to be done each and every time I would possibly want to update Apache... Is there anyone who knows a better/easier way to achieve this? If not, is there anyone who can tell me an easy method to properly compile and link the mod_autoindex module (ideally using the provided Makefile)? Tnx in advance, and cheerz, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way
Hi again, Well as mentioned yesterday, I couldn't let this one go by without at least trying to figure out the real reason, so I experimented somewhat further. The issue of ssh1 vs. ssh2 appears to already be clarified, so I won't go into it again. Yes, indeed. I myself yesterday came to realise that I had incorrectly used the term SSH1 for password authentication, whereas it's basically just a different handshake and encryption protocol. My bad. :p Then: It shouldn't. That's odd, as there's no reason to use SSH1 with FreeBSD 5.4 -- SSH2 worked just fine in 5.X. I'd investigate your puTTY installation/ config, as it sounds to be corrupt. Well, I did indeed run the daemon in debug mode, and from the traces I gather that the handshaking doesn't work properly. Towards the end of the traces, we find: debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client-server 3des-cbc hmac-sha1 none debug1: kex: server-client 3des-cbc hmac-sha1 none debug1: expecting SSH2_MSG_KEXDH_INIT debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS Connection closed by 192.168.1.103 debug1: do_cleanup debug1: do_cleanup And it never (or well, hardly ever) seems to get past that point. I then checked if perhaps I could configure anything in PuTTY regarding the handshaking or so, and found very few options there (all yielding no better luck in connecting). Then, I checked the PuTTY version, and found that it was release-0.50, whereas I read you used versions 0.58 and 0.59. D/L-ed version 0.59 and that works fine! Sooo, indeed the PuTTY installation I had was flaky. For some reason it did work fine with my FreeBSD 5.4 installation, dunno why ?!? Good, glad this one is solved and that it turned out to be such a trivial thing! Tnx for your help, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Good synchronisation strategies (especially for the users and groups)?
Hi all, I hope someone can give me some good advice regarding synchronisation strategies between two (very) different FreeBSD installations. My live server runs FreeBSD 5.4 release AMD-64, and my fallback server runs FreeBSD 6.2 release i386. The drive sizes do not match eiter, as the live machine has an U320 RAID 10 array, with an array size of 73 Gb, and the fallback machine is 'lighter' in this respect too, having only a U160 RAID 1 array with an array size of 36 Gb. I realise that at present the fallback machine has half the HDD storage space of the live server, but that's no problem (as the live server's storage space is only used for some 10% or so). Obviously, ghosting images is no option. ;) Previously I had set up (through cron) a nightly rsync strategy, (in combination with some shell scripts I wrote to directly update the DB, etc.) that took care of most of the synchronisation. Rsync was only allowed from the fallback's machines' (local) IP address, and the two machines were connected through a cross-wire cable with nothing in between. The server part of that is still configured, and the client part can be reconstructed, if necessary. However, I seem to recall (not sure, anymore though) having heard and/or read (here, perhaps?) that there are better ways to synchronise than using rsync... S, now that the time has arrived to setup a synchronisation strategy, I can either recreate an rsync strategy, or choose something else (if there are better alternatives). Also, I'd like to be able to (safely!) automatically synchronise users and groups that I may add/change/delete on the live server. Regarding the data, the machine is mainly used as a webserver, running PHP, MySQL and some other things. For me, it is totally fine if the various versions of the installed software are not exactly the same, just as long as I can at least synchronise the data itself in a viable way. Therefore, I hope someone can answer the following questions, and/or perhaps point me to some good reading material on the matter: 1) Is rsync a good way to go, or are there better ways to do this? 2) Regarding synching of user and group data: are there special ways to do this (i.e. including automatic creation of homedirectories etc.), or does one simply manually have to sync the users and groups files (and the user directories)? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way
Hi all, To cut to the chase, I 'solved' the issue, or rather, the mystery around it at least, but the 'solution' was not quite as expected. I tried both suggestions given. Firstly: It rather looks like putty is checking the server key with the older one (you mentioned you reinstalled the box). Well... Yes and no. Yes: the box was 'reinstalled', but completely cleanly, with a newer FreeBSD version (i.e. 6.2 vs. 5.3), and using a completely different IP address. Given those parameters, it's better to call it a clean install. :P Also, PuTTY never got to the stage where it infomrmed me that a new host was found and if I wanted to store the fingerprint. Instead, it directly bailed out with a message like 'Host key not found' (or something like that). try to delete the know_host entry in the register database (look for the entry start-run-regedit then look for the SshHostKeys entry and delete the old key). This should fix your pb ;) I did so anyway and it didn't seem to make a difference. I kept getting the same error. Then I tried the other suggestion: # Change to no to disable PAM authentication ChallengeResponseAuthentication no I did that (trying setting it to 'yes' as well as 'no') and this too, did not seem to make a difference. No, normally PuTTY gives me the 'host key' error some 3 times or so before properly finding any host, so I'm used to that. On the new box, I tried it easily 15 times in a row before posing the question yesterday. Today I gave it a longer pounding, and lo and behold: all of a sudden after some 30 attempts it worked! Then, I tried switching the ChallengeResponseAuthentication to the opposite value it was set at, gave it again a pouding of around 20 attempts, and again 1 succeeded. I tried reproducing my 'luck', but some 40 further attempts all yielded no score. It then dawned on me that it might be simply PuTTY that is causing the errors, and indeed, I tried Tunnelier and it works a charm (with and without PAM), and during all atempts I made, it directly logged in without any issues. Conclusion (or assumption, if you will): there seem to be some major incompatibility issues between PuTTY and FreeBSD 6.2's bundled SSH version. Of course it is easy enough to use a different client at home, it's just that when abroad and wanting to check the machine, it is handy to quickly download PuTTY.exe and have a quick check without having to install a complete program... Oh well, at least it works now, and I know the box was (and still is) configured correctly, and I have found a good work-around (i.e. using a better SSH client than PuTTY). Cheers, and thanks for baring with me, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way
Hi Bill, I'm not seeing this. I tried this with PuTTY 0.58 on a fresh FreeBSD 6.2p1 system and had no problems. So I grabbed the latest PuTTY 0.59, and that worked fine as well. [...] I haven't been following this thread, so I don't have any ideas on what your problem might be, but it's certainly not FreeBSD or puTTY's fault or I'd be seeing the same problem. The issue is that PuTTY does not fall back from its SSH2 attempt to SSH1 (with password authentication), as is what I specified in my /etc/ssh/sshd_config Is this what you tried too, or did you use SSH2 (i.e. key authentication, instead of password authentication)? In my case, SSHD is running in debug mode and the debug log clearly indicates that PuTTY only tries SSH2 and does not fall back to SSH1, whereas on my live box (FreeBSD 5.4 release AMD64, custom kernel), PuTTY does fall back to SSH1. The 'lines' to the new server are about as short as they can be, as I'm currently setting the machine up over our local network, so the only thing in between the client and server is our router, which does not mess with the SSH traffic... In short: I see no reason why the PuTTY / FreeBSD 6.2 SSH combination would _not_ be at fault (especially as other SSH clients do work fine on this box, and as PuTTY also works when connecting to other boxes). :P Contrary to what I was thinking yesterday, I don't think my configuration is at fault... In case in such a situation the password authentication does work fine for you, I'd be curious to find out the reason why it doesn't work for me (perhaps you could then also post me your sshd_config settings). As mentioned, there is an easy work around by using a different SSH client, but PuTTY is handy for quick d/l-ing when abroad, and not having administrator's rights to the machine you're on at that time. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way
Hi again, I must ammend a technically incorrect thing that I wrote previously: Is this what you tried too, or did you use SSH2 (i.e. key authentication, instead of password authentication)? Both SSH1 and SSH2 can use password authentication, so I incorrectly wrote that PuTTY does not fall back to SSH1 password authentication. This is an obfuscating statement. The issue in fact, seems to reside in some issues between PuTTY and FreeBSD 6.2's SSH when it comes down to the key negotiation (using SSH2), and it simply does not get beyond that point, and hence almost never presents me with the login prompt. Perhaps I'll give the SSHD a go with the -d option, and perhaps I'll also check if I can find PuTTY debug logs; even if it were just for the heck of not wanting to give in on this. :D Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help please: how to enable SSH password authentication under FreeBSD 6.2?
Hi guys, (Firstly: I posted this message well over an hour ago, and it does not seem to have come through, in case you recieve this twice, then I'm sorry for that :P ) Sorry to ask such a trivial question, and I'm positive it must have been treated here before, but I just can't remember how to do it exactly, and perhaps someone can give me a quick answer and spare me hours of further RTFM-ing. :P The issue: I'm (re-) installing my fall-back server, and selected FreeBSD 6.2 i386 release (generic kernel, for now) for that. Now, I want to be able to access it using SSH (PuTTY, most often) from anywhere in the world, and hence would like to enable password authentication in SSH again. Therefore, I used the same /etc/ssh/sshd_config (as listed down below, with dummy names abc, def, and ghi in the AllowUsers line) as on my live server, where this works fine. However, when I try accessing it using PuTTY, PuTTY keeps failing mentioning something like 'host key check failed'. In the debug.log file on the fallback machine, I learnt that PuTTY only tries the SSH2 protocol, and doesn't fall back to SSH1 when it notices that that fails. On the live server (FreeBSD 5.4-release AMD64, custom kernel), this works a charm, and on that machine the debug.log file does mention PuTTY (yes, the very same as used for trying to connect to the fallback machine) that PuTTY falls back to SSH1 and uses PAM for authentication... The question: I recall having had this issue before, and I *think* the resolution was to enable PAM authentication or so outside of /etc/ssh/sshd_config. I thought to recall that I either did this in rc.conf (or the defaults for that), or in the custom kernel configuration. However, I couldn't find any hints to that anymore on the live box...:( Does anyone know how to get this going properly, and what it is that I'm overlooking? Tnx in advance and cheers! Olafo PS: the used /etc/ssh/sshd_config file's contents follows here: # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20040419 #Port 22 #Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel DEBUG PrintLastLog no # Authentication: #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes AllowUsers abc def ghi RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication (via challenge-response) # and session processing. #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help please: how to enable SSH password authentication under FreeBSD 6.2?
Hi Garrett, Firstly: thanks for your reply! Just looking at your config everything appears to be fine. If you don't have PAM enabled or don't want it enabled though you should uncomment this line in your config: # Change to no to disable PAM authentication ChallengeResponseAuthentication no Hmmm, I shall try that, and I am wondering now whether PAM is or isn't enabled. I basically just installed FreeBSD, choosing the 'all' option when it asked for what to include in the installation. As for packages, I only selected cvs-without-gui, and then went ahead with the installation (I chose not to enable SSH through inetd, but I did enable it through the explicit question whether I wanted or not to do so). Now... Does this method perhaps not enable PAM yet? As for the previous installation: I clearly recall having had a similar (or the very same) issue too, but I just don't remember how I ended up solving it (this was over 1,5 years ago, and I didn't take notes :o ). Come to think of it, I'm not certain anymore now whether this problem (and it's solution) surfaced when first configuring SSHD (as I think was the case), or when setting up rsync synchronisation between the two machines. Key question here: if the above steps do not already implicitly enable PAM, how can I do so myself? Is this done in the kernel, by changing the config and recompiling and installing it, or can this done somehow through rc.conf (or by enabling/installing/configuring it otherwise)? Then regarding your further questions: 1) Did you restart your daemon? Yes, by doing a kill -s HUP sshd pid (not by doing an /etc/rc.d/sshd restart or so). I did check the SSHD process id afterwards, and indeed that was restarted. 2) Are you using the ssh available in the base system or ports? The base system one. I did already update the ports tree (with the ports-supfile set to all ports), but I haven't rebuilt sshd. Do you think this could make the difference? Thanks again, I hope this further information (and questions) helps for determining the cause... Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help please: how to enable SSH password authentication under FreeBSD 6.2?
Hi guys, Sorry to ask such a trivial question, and I'm positive it must have been treated here before, but I just can't remember how to do it exactly, and perhaps someone can give me a quick answer and spare me hours of further RTFM-ing. :P The issue: I'm (re-) installing my fall-back server, and selected FreeBSD 6.2 i386 release (generic kernel, for now) for that. Now, I want to be able to access it using SSH (PuTTY, most often) from anywhere in the world, and hence would like to enable password authentication in SSH again. Therefore, I used the same /etc/ssh/sshd_config (as listed down below, with dummy names abc, def, and ghi in the AllowUsers line) as on my live server, where this works fine. However, when I try accessing it using PuTTY, PuTTY keeps failing mentioning something like 'host key check failed'. In the debug.log file on the fallback machine, I learnt that PuTTY only tries the SSH2 protocol, and doesn't fall back to SSH1 when it notices that that fails. On the live server (FreeBSD 5.4-release AMD64, custom kernel), this works a charm, and on that machine the debug.log file does mention PuTTY (yes, the very same as used for trying to connect to the fallback machine) that PuTTY falls back to SSH1 and uses PAM for authentication... The question: I recall having had this issue before, and I *think* the resolution was to enable PAM authentication or so outside of /etc/ssh/sshd_config. I thought to recall that I either did this in rc.conf (or the defaults for that), or in the custom kernel configuration. However, I couldn't find any hints to that anymore on the live box...:( Does anyone know how to get this going properly, and what it is that I'm overlooking? Tnx in advance and cheers! Olafo PS: the used /etc/ssh/sshd_config file's contents follows here: # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20040419 #Port 22 #Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel DEBUG PrintLastLog no # Authentication: #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes AllowUsers abc def ghi RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication (via challenge-response) # and session processing. #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help please: how to enable SSH password authentication under FreeBSD 6.2?
Hi guys, Sorry to ask such a trivial question, and I'm positive it must have been treated here before, but I just can't remember how to do it exactly, and perhaps someone can give me a quick answer and spare me hours of further RTFM-ing. :P The issue: I'm (re-) installing my fall-back server, and selected FreeBSD 6.2 i386 release (generic kernel, for now) for that. Now, I want to be able to access it using SSH (PuTTY, most often) from anywhere in the world, and hence would like to enable password authentication in SSH again. Therefore, I used the same /etc/ssh/sshd_config (as listed down below, with dummy names abc, def, and ghi in the AllowUsers line) as on my live server, where this works fine. However, when I try accessing it using PuTTY, PuTTY keeps failing mentioning something like 'host key check failed'. In the debug.log file on the fallback machine, I learnt that PuTTY only tries the SSH2 protocol, and doesn't fall back to SSH1 when it notices that that fails. On the live server (FreeBSD 5.4-release AMD64, custom kernel), this works a charm, and on that machine the debug.log file does mention PuTTY (yes, the very same as used for trying to connect to the fallback machine) that PuTTY falls back to SSH1 and uses PAM for authentication... The question: I recall having had this issue before, and I *think* the resolution was to enable PAM authentication or so outside of /etc/ssh/sshd_config. I thought to recall that I either did this in rc.conf (or the defaults for that), or in the custom kernel configuration. However, I couldn't find any hints to that anymore on the live box...:( Does anyone know how to get this going properly, and what it is that I'm overlooking? Tnx in advance and cheers! Olafo PS: the used /etc/ssh/sshd_config file's contents follows here: # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20040419 #Port 22 #Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO LogLevel DEBUG PrintLastLog no # Authentication: #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes AllowUsers abc def ghi RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication (via challenge-response) # and session processing. #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to remotely check an Adaptec 2100S RAID array status under FreeBSD 5.2.1?
Hi Chad, there is a freebsd program that can be used to report on and manage your raid on a 2100s. Google frebsd and adaptec 2100s Thanks a lot! So indeed this is done by installing some programs for it, and they do exist for FreeBSD as well. :) Alrighty, tnx a lot, when rebuilding the RAID array I may also make use of the situation to upgrade to FBSD 6 (as 5.2.1 is somewhat dated now, and I've been wanting to give FBSD 6 a go for a while now), so something good comes out of it after all. ;) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to remotely check an Adaptec 2100S RAID array status under FreeBSD 5.2.1?
Hi all, I hope someone can answer the following question for me (which may be trivial). In my fall-back server I use an Adaptec 2100S SCSI RAID controller, with two (identical) drives attached to it. This morning I recieved the dreaded phonecall (from the server farm) that that machine is emitting a loud beep,which I remember to be the RAID controller's alarm in case a drive has failed. Now, the above is clear and all, and I will replace the broken drive asap, so no question there. However, I am about to go on a 3 week holiday to South America, and as I'll then be on an entirely different continent, I was wondering if there are any ways to remotely check the status of hardware RAID arrays. :D In this case I tried dmesg (and checking the /var/log/messages file) and I couldn't find a single error message from the RAID controller (which can be deemed 'desirable' behaviour, as one of the two drives still works fine). Are there any software tools for FreeBSD that can be used to check this remotely from an SSH terminal (no X), or better yet, is there support in FreeBSD itself for checking the status of hardware RAID arrays? Tnx in advance, and cheers! Olafo PS: I am wondering about the same question for the 3ware 9600 SATA RAID controller too. It would be great to be able to monitor that remotely as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How can I increase the shell's (or specific application's) memory limit?
Hi, I've got a question which is probably pretty easy to answer: how can I assign more memory to a PHP script running in a shell and/or in a browser. Some more background info: I'm building a PHP script that has to retrieve pretty large sets of data from a remote MySQL database, then process it, and store the results to a local database. The issue: The script (surprise, surprise) quickly runs out of memory. Now, I have already tried to increase the memory limit in php.ini (followed by an Apache restart, of course), but even when setting the limit to something high like 384MB or so, the script still bails out with a memory limit error when retrieving as little as some 50MB of data... Now, of course I could rewrite my PHP script such that it will retrieve smaller batches of data, but being a programmer I'm lazy, and I'd rather simply assign more memory to the script (actually, it's not only due to laziness, but also due to the fact that the script has to agregate data etc., and I'd rather have it do that in 1 run for a variety of reasons). It seems to me like setting the memory limit in php.ini above a value of 64MB (or so) doesn't seem to have any effect anymore. My assumption then is that the memory limit is somehow enforced elsewhere (the shell perhaps, and/or Apache?). Can anyone tell me how to adjust this such that I can successfully assign say 384MB of memory to PHP scripts ran both from browsers (i.e. through Apache 2.2 and mod_php) as from the commandline? Tnx in advance, and cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How can I increase the shell's (or specific application's) memory limit?
Hi Daniel, Generally, I think it's bad programming practice to retrieve such big datasets if it is possible to do otherwise. I definitely agree that it is bad practice, and in that respect I'm inclined towards doing batch loading as you suggest too. However, there's some data agregation I'll have to take into account, and as it involves testing for the presence of specific tables of a merge table set, I'd have to rewrite part of that logic. All doable, of course, and no big issue either, but it would be a lot faster for me if I could simply increase the memory limit Still, I very much hear you, and I know that what you suggest _is_ the proper approach, so I may end up doing that too. ;) Also: there is another perhaps more elegant (read: robust) way, being a hybrid solution between the PHP script and using mysqldump. I can then use PHP for working out the batches, and retrieve the batches using a (set of) commandline mysqldump call(s). The generated batches can then directly be dumped into the proper merge tables. The only catch is that I directly left join data in into the merge tables, so I'd have to first do a blunt dump of the lhs of the data, then of the rhs(es) (both to temp tables) and then afterwards left join them into the eventual merge tables. This is the main reason why I hadn't chosen this solution, as at present I can combine all of these steps in one query...:/ If someone knows a clean way to increase the memory limit, I'd be happy to hear about it. If not, I'll do some rewrite... Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help! Apache 2.2 gives segmentation fault errors with PHP. - Solved! :)
Hi all, Yesterday I had trouble when configuring Apache 2.2 with PHP 4.4.2, which caused Apache to crash (segmentation fault) when calling various PHP functions. The hint to the answer resided in the /var/log/httpd-error.log file: And the /var/log/httpd-error.log file mentions the following (at the end): [...] PHP Warning: Function registration failed - duplicate name - bzopen in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - bzread in Unknown on line 0 [...] ..many more similar messages... This obviously hinted at these functions (i.e php4-extensions) somehow being doubly present and called. Issuing a 'pkg_info | grep php' command was most illustrative, and showed over a screen full of output like this: mod_php4-4.4.2_1,1 PHP Apache Module php4-bcmath-4.4.2_1 The bcmath shared extension for php php4-bz2-4.3.10 The bz2 shared extension for php php4-bz2-4.4.2_1The bz2 shared extension for php php4-calendar-4.4.2_1 The calendar shared extension for php php4-crack-4.4.2_1 The crack shared extension for php php4-ctype-4.4.2_1 The ctype shared extension for php php4-dio-4.4.2_1The dio shared extension for php php4-domxml-4.4.2_1 The domxml shared extension for php php4-exif-4.4.2_1 The exif shared extension for php php4-extensions-1.0 A meta-port to install PHP extensions php4-gd-4.3.10 The gd shared extension for php php4-gd-4.4.2_1 The gd shared extension for php [...more lines where those came from...] Tadh!! there we go: indeed several extensions were somehow not removed properly when a previous upgrade to PHP 4.4.2 (from v4.3.10) was performed! As to the reason for this, go figure, I always install from the ports by doing a 'make' 'make deinstall' 'make reinstall' sequence when upgrading... Anyway, manually removing all PHP extensions using the various individual 'make deinstall' sequences (and bluntly pkg_delete for pear). Then, I cleanly redid the process for installing mod_php4 and the extensions, and now all is working fine! Tnx for thinking along with me, and beware of this potential pitfall! :) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help! Apache 2.2 gives segmentation fault errors with PHP.
Hi guys, Alright, after having been stuck with this for an hour or two now, I'm going to call upon your infinite wisdom regarding the following: On a FreeBSD 5.2.1-RELEASE #0 (so says dmesg) machine, I'm trying to set-up Subversion, Trac and our regular PHP4 and MySQL stuff. The main issue is that Apache 2.2 blows up (with a segmentation fault) when calling various PHP scripts, which I think is due to a dodgy way of having set-up PHP4 under Apache. This message works towards the issue, providing relevant(?) details, as I type along: Here we go: Previously the machine was running Apache 1.3.34 and that went just swell with PHP and all, but apparently for Subversion and/or Trac, Apache 2 is desired such that it can be used with WebDav. No problem so far. I made sure the ports tree was up to date and then from the ports I built (always via a 'make' 'make install' sequence, and where necessary removing earlier versions as the process went along) Apache 2.2, and Subversion. Upon configuring Apache 2.2 for PHP, however, I'm now running into trouble. In order to make PHP4 work under Apache 2.2 I built /usr/ports/www/mod_php4 and installed it. Then I added the following to Apache's httpd.conf file: [...] LoadModule php4_modulelibexec/apache22/libphp4.so [...] IfModule mime_module [...] AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps Also, some other stuff was tweaked in httpd.conf (though very mildly), like enabling SSL etc. Now, upon starting Apache, using 'apachectl start' the following warning is printed twice: [Wed Feb 15 15:12:41 2006] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter And the /var/log/httpd-error.log file mentions the following (at the end): [...] [Wed Feb 15 15:12:38 2006] [notice] caught SIGTERM, shutting down [Wed Feb 15 15:12:41 2006] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Feb 15 15:12:41 2006] [warn] RSA server certificate CommonName (CN) `Olaf Greve' does NOT match server name!? [Wed Feb 15 15:12:42 2006] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Feb 15 15:12:42 2006] [warn] RSA server certificate CommonName (CN) `Olaf Greve' does NOT match server name!? PHP Warning: Function registration failed - duplicate name - bzopen in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - bzread in Unknown on line 0 [...] ..many more similar messages... [...] PHP Warning: Function registration failed - duplicate name - ob_gzhandler in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - zlib_get_coding_type in Unknown on line 0 PHP Warning: zlib: Unable to register functions, unable to load in Unknown on line 0 [Wed Feb 15 15:12:42 2006] [notice] Digest: generating secret for digest authentication ... [Wed Feb 15 15:12:42 2006] [notice] Digest: done [Wed Feb 15 15:12:43 2006] [notice] Apache/2.2.0 (FreeBSD) mod_ssl/2.2.0 OpenSSL/0.9.7c DAV/2 PHP/4.4.2 configured -- resuming normal operations So it starts, but it seems pretty much all PHP extensions are doubly declared! When calling phpinfo, the modules do show up as expected, but as soon as one tries to use e.g. the 'header()' function in PHP (or quite a few other PHP functions for that matter), nothing seems to happen in the browser, and the /var/log/httpd-error.log file mentions the following: [...] [Wed Feb 15 15:19:29 2006] [notice] child pid 27728 exit signal Segmentation fault (11) And a similar message is written to /var/log/messages, being: [...] Feb 15 15:19:28 aceshuttle kernel: pid 27728 (httpd), uid 80: exited on signal 11 I suspect something went wrong in the way I try to use PHP. Basically, I first removed the installed /usr/ports/lang/php4 port, then built and installed the /usr/ports/www/mod_php4 port, and then added various php4-extensions, using the /usr/ports/lang/php4-extensions port (I suspect the extensions to cause the problem). Does anyone know what could be going on and/or how to properly set up PHP 4 under Apache 2.2? Tnx a lot in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Memory limit issue (malloc) for PHP script under Apache
Hi all, A colleague of mine has run into a weird issue, for which we hope someone knows a solution (or otherwise: if someone knows there's no (easy) solution, that's also good to know. The issue: when running a script that will consume a large amount of memory (under FreeBSD 5.2.1-release i386, with custom kernel, with Apache 1.3.34_2, PHP 4.4.1 as mod_php4); Apache seems to deschedule the script in question as soon as it starts to consume over more or less 512MB of memory; the machine has 1GB of memory, and at the moment of running the script the rest of the machine is pretty much idle. The returned error in httpd-error.log is: httpd in malloc(): error: allocation failed We tried fiddling around with the php.ini and httpd.conf files, after Googling and trying stuff like RlimitMem (which apparently only seems to have effect for the CGI version of PHP and not the Mod version), but all to no avail. The script that needs to be run will not be that easy to rewrite such that it'll use less memory; so we're hoping there's an easy trick to allow Apache to use more memory (say 900 MB). Does anyone know how to achieve this? Note: I'm aware that it would be better to tune the script, but as this is a one time brute force script; a quick work-around would be nice. :) Tnx in advance, and cheers! Olafo PS: the command limit -h shows a datasize limit of 524000 bytes; this seems to be the limit that applies to Apache as well. Yet, changing to the csh and trying to set it to unlimited doesn't do any magic either and still doesn't supercede the above limit (unless I missed something)... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Memory limit issue (malloc) for PHP script under Apache - solved!
Hi guys, Well, my colleague has done some more RTFM-ing and Googling, and he found the following solution: Put kern.maxdsiz=1073741824 in /boot/loader.conf (see the example in /boot/defaults/loader.conf), and then reboot. That way a new kernel compilation was not required. Tnx for thinking with me! Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to properly set-up an SSH tunnel on FreeBSD for automatic backups
Hi, I'm trying to set-up an SSH tunnel between two FreeBSD machines, over a direct cross-wire connection between the two, and I'm having issues in doing so. The question(s) I have is/are probably not FreeBSD specific, but still I hope someone can answer it/them... The situation: I have two servers (one live, and one staging/fall-back server), and between the two of those I have set-up a local network. The live machine is 192.168.1.1 and the fall-back machine is 192.168.1.2. Now, I have already figured out how to synch the files using rsync, and in order to automatically down-synch the live MySQL database to the fall-back machine at specific times a day, I want to be able to run (from the live server) a script that performs commands like this one: ssh 192.168.1.2 mysqladmin -f drop $database The followed approach: In order to be able to run this as root from a cron job, without having to type a password, I tried doing the following (which can be found all over the Internet). -On 192.168.1.2: as root generate a (passphrase-less) public RSA key (i.e. ssh-keygen -t rsa), and in /etc/ssh/sshd_config add a line like AllowUsers [EMAIL PROTECTED] olaf -On 192.168.1.2 I created the file ~/.ssh/authorized_keys and added the public key of 192.168.168.2 to it The problem: Even after doing a kill -s HUP sshd pid on both machines, I still cannot SSH without being asked for a password. :( Surely this must be something in my SSHD configuration on 192.168.1.2 (or at least so I think). The question(s): -Does anyone know how to properly achieve this, without opening up the fall-back machine to the outside world (it is OK if it's open to 192.168.1.1)? -Does anyone see anything wrong in the below (partially) listed sshd_config options? Additional info: I fiddled around somewhat with /etc/ssh/sshd_config on 192.168.168.2, and I tried various combinations of allowing disallowing the below (all to no avail): PermitRootLogin yes AllowUsers [EMAIL PROTECTED] olaf RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys Are these the only options that should be manipulated for this, and if so, how? Or should I also change some of the below (or other) sshd-config settings? #StrictModes yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no Thanks in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to properly set-up an SSH tunnel on FreeBSD for automatic backups
Hi all, Thanks for the replies! I also received several very helpful off-list replies, and they caused me to opt for my plan B, which is simply a 'rendez vous' type pull-mechanism. I already had a nightly cron job set up on the live server that neatly dumps the MySQL DB instances to a convenient directory. Also, I already had set up Rsync such that it only ever allows connections from my fall-back machine (I use this for the nightly file syncing), so I just decided to add an additional DB import script which is scheduled well after the DB dumping on the live machine takes place. Those dumps are now picked up using rsync (called from the fall-back machine) and they are then simply locally processed and worked into my DB. The main reason for deciding for this mechanism after all is that for two normal users I want (and need!) to have SSH access enabled from all over the world, using a client like PuTTY, using password authentication, yet opening up SSH in anyway for root is for me a no-no (I see too many SSH hack attempts in my daily security reports in order to feel comfortable with that ;) ). O.k., at the expense of having a perhaps slightly less elegant DB syncing mechanism I have opted for the above and I just tested it and it works fine...:) Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to clear an improperly unreferenced file in multi-user mode?
Hi, When doing some maintenance on my fall-back server I ran into something weird. When running df it turned out /var was for 90% full. I then manually deleted some files (as root over SSH), amongst which the 'maillog' logfiles in /var/log, I also killed sendmail (as it was generating the big log files, and at present I don't need to run it on that machine), and just to be sure I created a new 'maillog file of 0 length. So far so good, but after removing the maillog files and performing another df call, the available size had not quite dropped as much as expected and as should. DU reports the proper amount of disk usage, so I performed an fsck. On /var it shows: 239511 files, 2365547 used, 4942027 free (37155 frags, 613109 blocks, 0.5% fragmentation) ** /dev/da0s1d (NO WRITE) ** Last Mounted on /var ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts UNREF FILE I=48134 OWNER=root MODE=100640 SIZE=322792549 MTIME=Nov 3 13:46 2005 CLEAR? no Now, of course one way to get rid of that big sucker is to boot the machine in single user mode and run fsck again, however, the box is nowhere near me and I cannot go down to the city where the machine is anytime soon (besides: this is far from an urgent issue). So, I was wondering about a thing: rather than doing a remote reboot and hope that fsck will clear it up in the booting process (if it does that at all, that is), I was wondering if there's a way to fix this when running in multi user mode. Does anyone know how (if possible) to achieve this, or do I have to reboot the machine in single user mode after all? Tnx and cheers, Olafo PS: Will it perhaps be possible to manually unmount /var, then fsck -y it, and then remount it, or will that cause the machine to lock me out (or perform other undesired behaviour)? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having Some Trouble with Java on FreeBSD
Hi, O.k., people please correct me if I'm wrong but... I've been having a small amount of trouble with running Java on FreeBSD (version 5.4 for amd64) and I was hoping that someone would be kind enough to help me out. I manually installed the linux version of Java. Which seemed to work alright [...] So... Then I went through the documentation for FreeBSD some more and decided to start over by reinstalling the Linux Java using: cd /usr/ports/java/linux-sun-jdk15 make install clean But now I get the following error: linux-sun-jdk-1.5.0.01,2 does not run (core dumps: Bad System Call). Note that previously I manually installed it by simply downloading the Linux version on another computer, transfering it over to the computer, and executing the file. I *think* I've heard/read that the AMD64 version of FreeBSD doesn't feature 'Linux compatibility'. Perhaps that's where your issues come from. No idea why a binary distribution of a Linux version would have worked, but perhaps that was just coincidence?!? Either way, please don't come down too hard on me if I'm way off base here; as the above is purely based on hearsay and my own speculation... Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Weird SSH problem... Any ideas?!?
Hi again, Erik Norgaard wrote: I think you can use mtree to get permissions right if they for some reason have been changed. This might be a good one to check... I'm not familiar with it yet, but does this check all permissions and ownerships and corrects errors/mismatches where possible? Another effect I would suspect you see - that is normal users see - is that files' owner and group appears as numbers not the corresponding names. One interesting thing here is whether both user and group are numbers or only users. Try as normal user to 'ls -l /home' or something. Now the plot thickens... When doing this as the user abcdef which has UID 1026 I get the following results: -Stuff owned by root - root:wheel -Stuff owned by abcdef - 1026:www When doing this as my normal user that is in the wheel group I get the same results, but when I do it as root I get the correct results: -Stuff owned by root - root:wheel -Stuff owned by abcdef - abcdef:www When doing some more investigative work, I made the following observations: Consider the following (properly modified for anonymity) parts of /etc/passwd: Ava:*:1001:1001:User :/home/Ava:/bin/sh abcdef:*:1026:1002:User :/home/abcdef:/bin/sh Idem for /etc/group: www:*:80: nogroup:*:65533: nobody:*:65534: mysql:*:88: Ava:*:1001: wwwuser:*:1002:Ava,olafo Now, when logging in as user abcdef (either using SSH or 'login' from the shell as you suggested), for some users the above scenario happens, where e.g. the stuff owned by abcdef appears as: 1026:www Then, when checking stuff owned by Ava, it shows up as being owned by Ava:wheel !!! Also, when trying to perform on e.g. a file called a.bcd (owned by 1026:www): chown abcdef a.bcd - error message: Invalid argument chown 1026 a.bcd - success chown Avalanche a.bcd - error message: Operation not permitted Sounds like the problem only occurs for some users... I'm completely puzzled now... Does anyone see anything dodgy in my /etc/passwd and/or /etc/group definitions??? Any solutions?? Also: over here the weekend is almost beginning and in some 1.5 hours from now I cannot read out this account until next Monday, so after I leave work today I'll be incomunicado, but as of next Monday I can reply to the messages again. Cheers! Olafo PS: David Kirchner mentioned the permissions on / and /etc should be 755. I checked this and they both are correct. Permissions on /etc/passwd and /etc/group are root:wheel 644, and /etc/spwd.db /etc/master.passwd are root:wheel 600. All fine... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Weird SSH problem... - Solved! :)
Hi Erik (and others), # cd /etc # pwd_mkdb master.passwd # pwd_mkdb -p master.passwd I made copies of /etc/passwd and /etc/master.passwd, then I ran the two commands above and now it all seems to work fine!!! The abcdef user is now properly identified again. :) Tnx a lot A great way to start the weekend! :) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Weird SSH problem... Any ideas?!?
Hi, Yesterday it has been brought to my attention that SSH access is not working well on my new server. The background: I have set-up a new server (FreeBSD 5.4-Release AMD/64) and I migrated the user accounts from my old server (FreeBSD 5.2.1-Release i386). Now, I was under the assumption everything was working fine, as I myself have no issues in SSH-ing as unprivileged user to the machine (note: my unprivileged account is featured in the wheel group, which may be of importance!). However, when a regular user who resides in a regular group tries to SSH to the machine, after entering the correct password the connection is immediately dropped, and the following error (note: the below lines contain dummy names and IP addresses) is shown in /var/log/auth.log: Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam for abcdef from 123.45.67.89 port 35335 ssh2 Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot find account for uid 1234 I have done some Googling on it, and there are quite a few hits when searching for this particular error message. The errors seem to be happening on all sorts of Unixes, yet as my machines are FreeBSD ones, I'm asking here. I have unfortunately not been able to find a solution using Google, but I did find some pointers as to the cause. They are: -This seems to happen when SSH cannot retrieve the last login date and time for a user. Can this somehow implicitly or explicitly be flushed? -This does not happen when su - ing to the user's account from the box itself. -This may not happen to users that are allowed to become root (i.e. are in the wheel group). -This error doesn't seem to be particular to one Unix type, or to one specific OpenSSH version. I tried resetting the user's password, and I also tried blasting their homedirectoy away and recreating a fresh one with pw usermod abcdef -m, but all to no avail. Possibly it would help to add the user account to the wheel group, but I'm reluctant to do so for obvious reasons. Does anyone know how to resolve this? Cheers and tnx in advance! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Weird SSH problem... Any ideas?!?
Hi, Some things to try, in sshd_config set: PrintLastLog=no LogLevel=DEBUG Tnx a lot, this did the trick!!! I first tried it without the PrintLastLog no command, and with a proper AllowUsers line and that still didn't allow the login over SSH. Then, adding that PrintLastLog no line (and again restarting SSHD) indeed did the trick! I do notice something weird though, which I also noticed from a warning Amavisd-new has given me: for some reason unpriviliged users do not seem to see their login name, but rather only their UID, when performing a whoami call?!? For my account that's in the wheel group and for the root account whoami properly returns the right name, but other users only see their UID. Any ideas why that can be, and if that can be fixed as well? try toggling with AllowGroups and AllowUsers this is good for security also as you can deny system users or groups login and restrict users to login only from specific hosts, see the manpage for more options. No luck, but I was going to do this anyway, so that addition has been made too now. Also try: lastlog user that cannot login Hmmm, there is no binary called 'lastlog' on my system. There is /usr/sbin/lastlogin though, so I'm assuming that is the one you referred too? Well, when calling that function with the user name, or the matching ID, it results in the following: lastlogin 1026 lastlogin: user '1026' not found However, when calling the same stuff (using the user names) as root, I do see entries perfectly well... -This does not happen when su - ing to the user's account from the box itself. Note, there is a differens between su'ing and logging in. Can you login? Dunno. My machine is located at a server farm and at present I cannot physically step behind it to do a console login, so I have to rely on SSH for logging in. Alright, so the issue in itself has been resolved, but I would like to see this whoami issue (if indeed it is an issue) fixed. Anyone any ideas on that one? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Weird SSH problem... Any ideas?!?
Hi, Well, it all seems to be a question of granting users access to the right file. Have you checked permissions on /etc/passwd and /etc/pwd.db ? These are both 644, owned by root:wheel. These should be world readable while /etc/master.passwd and /etc/spwd.db should not. These are both 600, owned by root:wheel. Sounds like both have their permissions set-up just fine. Nonetheless I suspect something went wrong when migrating these files from my previous FreeBSD 5.2.1-release i386 machine, to my new FreeBSD 5.4-release amd64 machine... Basically, I just copied those four files (plus the group file) across, and then rebuild the user's directory of the user that was having the login issues... Non privileged processes access the former to convert UID to user name. That certainly makes sense. Hmm, I wonder what could be amiss?? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Has anyone ordered these FreeBSD case badges?
Hi, A while ago I ran across a site that offers very cool FreeBSD (and other) case badges. Yesterday I decided to order a badge, but to no avail. :( when trying to do so, I got the following error: ERROR Invalid Vendor ID: error Please use the Return link, and try again. If this problem persists, contact the administrator of the Web site where you are shopping. I then tried contacting them from their contact page, and that only resulted in yet another .cgi error. Finally, I simply sent an e-mail to [EMAIL PROTECTED], and they didn't meet their promised reply deadline of maximally 12 hours. Hmm! :((( Now, I *LOVE* those FreeBSD daemon case badges and I wanted to order a batch of 25 ones with custom text. Furthermore, on the site they advertise with free shipping in October 2005. Does anyone have any experience with ordering from this place? Their site works really crappy (i.e. half of it doesn't work at all :( ), so I'm a bit hestitant to placing an order. Also, when taking the prices into account I think I'll order a batch of 25 badges with custom text, which I think I'll make out to be FreeBSD inside. Now, at present I only have a direct 'need' for maximally 5 case badges or so. Would there perhaps be some others on the list who would be interested in some of those badges with that text? Finally: in case placing an order from the above site will not work out, does anyone know of any other good place to order such beastie case badges? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Has anyone ordered these FreeBSD case badges?
Hi, Finally: in case placing an order from the above site will not work out, does anyone know of any other good place to order such beastie case badges? I've had pretty good experiences with http://www.scotgold.com/ Tnx! Fortunately, these ones were better priced and had a wider range of variety as well! I decided to order 10 of each colour (i.e. black, white, matte silver and matte gold), as well as 5 refrigerator magnets. I ordered the 'neutral' BSD ones, i.e. the ones with the big beastie and no text (I liked those better than the ones with text). If anyone has an interest in some of them, please let me know as I certainly do not think I'll have 40 servers anytime soon, so perhaps if someone wants a small quantity we can do each other a favour! :) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Proper SSH set-up
Hi all, I have some probably straightforward questions regarding SSH, and I couldn't find the answers to all of them using Google, so I hope someone can provide me with them. :) The situation: Last week I added a second (fall-back) server next to my life server, and I want to automate down-syncing from the life server to the fall-back machine. Both machines have an outside world connection via one NIC, and both are connected to one another directly via a cross-wire, on a second NIC, on a local 192.168.1.x net. The files get synced using rsync (over the 192.168.1.x net, of course), and I also have prepared a script for dumping the MySQL tables on the live server, and pushing them into the fall-back server over an SSH tunnel (again: on the 192.168.1.x net). My questions mainly concern this last step, as well as general SSH set-up questions. The questions: 1-Which key types are better/preferred: RSA or DSA? 2-If I generate an RSA or DSA key on my fall-back server without a pass-phrase, and allow root access from the life server only (by stating something like AllowUsers [EMAIL PROTECTED] in sshd_config on the fall-back machine), will that somehow compromise the general SSH security of the fall-back machine (as no pass-phrase is then used), for outside world connections? 3-I'm considering enforcing very strict SSH access. Will adding a line to sshd_config like: AllowUsers [EMAIL PROTECTED] olaf eric force SSH to ONLY allow those three users (and no other ones), with root only allowed from 192.168.1.1, and the other two users from anywhere in the world? 4-If I add an RSA/DSA key of the life server only to the authorized_keys files on the fall-back server, will SSH still allow me to connect to it using e.g. the user olaf with password authentication from anywhere in the world, or will that one then be locked out until I add the key of each and every machine I need access from to the authorized_keys file? Thanks in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Why is my DVD /dev/cd0 instead of /dev/acd0 after recompiling kernel?!?
Hi, Well, yesterday the inevitable finally happened: I lost my 'custom-kernel-compilation' virginity. :) Indeed, when trying to burn a DVD using growisofs I quickly found out (tnx Google!) that I had to add the atapicam device to the kernel. This was done based on what I read here: http://www.freebsdforums.org/forums/showthread.php?t=152goto=nextnewest http://lists.freebsd.org/pipermail/freebsd-questions/2003-November/026484.html Now, similarly to what is described in those threads, on my box the DVD is now also solely accessible through /dev/cd0 instead of /dev/acd0 (what it previously was). Does anyone have any idea why this is? Also: I just changed the entry for this device to cd0 in /etc/fstab such that the command mount /cdrom works again. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to properly set-up multiple NICs?
Hi, I have a short and surely straightforward question: I want to set-up two NICs on two of my FBSD 5.x servers. Each server will have a dedicated NIC for all outside world traffic, and between the two machines I want to set-up a 192.168.1.x local network via a cross-wire cable, dedicated to local syncing of both machines. I am assuming the proper way to do this is to simply (using sysinstall) configure one NIC with the real live IP address, gateway, mask setting etc., hooked up to the outside world, and the other one with a 192.168.1.x IP address, directly connected to the other machine's similarly (though with a different IP address, of course) configured 192.168.1.y IP address over a cross-wire. Correct, or am I missing something? Also: when not using sysinstall: is /etc/rc.conf the only location where such settings need to be made, or are there other files as well that need to be manipulated for multiple NICs? Note: Normally I would simply test this myself and make it work, but tomorrow I'll have to add my new second server to the production environment and my current live machine is one of the two machines that need to be reconfigured. As I'll have preciously little time allocated for the installation, I want to get as much anticipated in advance as possible... Cheers, and tnx for any and all replies! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving down from amd64 to i386 ??
Hi, We are having troubles with MySQL 4.1 on a amd64 (it's crashing randomly with Seg fault, signal 11. gdb bt says: Cannot access memory at address 0x8000). We have got information saying this is a 64bit related issue and should be fixed by using the i386 version instead of amd64 (this is an Intel Xeon). Just an observation, but that address translates to 2^47 = 140,737,488,355,328 which sounds to me like a very high address... Now, I'm not certain if FBSD uses memory mapped I/O with numbers this high (granted, 64 bits allows for 2^64 addressable memory positions...), but if that is indeed the case, if push really comes to shove you could try figuring out just what is being accessed at that position (RAM? HD?). Once you know that, you could check if perhaps that part is broken. Errors like these do sound to me somewhat like a memory error when accessing that particular address (does it also mention other addresses?), but then, I'm no expert, so maybe somethig entirely different is going on. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to properly set-up multiple NICs?
Hi, Tnx for the reply! I don't think you've missed anything. Good! That's what I also thought, but I just wanted to be sure. :) In /etc/rc.conf you can add something like: ifconfig_rl0=inet 192.168.17.1 netmask 0xff00 ifconfig_lo0_alias0=inet 172.17.0.1 netmask 0x ifconfig_vge0=dhcp ...to give you the general idea. It's enough to bring the NICs up and running, but then consider DNS and other issues that provide for a networking environment. Yes, the main entry, i.e., the one for the outside world is set-up like this: ifconfig_rl0=inet 123.45.67.89 netmask 255.255.255.0 defaultrouter=123.45.67.1 hostname=abcdef.nl My other two NICs are identified as re0 and sk0. When setting up one of them, say re0, for the local network I guess I only have to add an entry to /etc/rc.conf like: ifconfig_re0=inet 192.168.1.1 netmask 255.255.255.254 (note: the above gives a very restrictive netmask, as I'll only need the addresses 192.168.1.1 and 192.168.1.2). Would the above be correct, or should there also be an additional defaultrouter entry, next to the one for the outside traffic (e.g. defaultrouter=192.168.1.1)? This wouldn't really make sense to me, as I guess that one would then become 'the' defaultrouter for all traffic (be it local or outside world)... Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to properly mount a DVD-R/W drive and how to use it from the command line?
Hi, This'll surely be a really novice question, but I'd like to get it right in one go, and RTFM-ing using Google somehow didn't produce uniform enough results for my likings. :) The situation: I just installed FreeBSD 5.4-Release AMD64 on my new machine (though the question is most likely not specific to the AMD64 version, I guess), and upon installation time the machine had a DVD-ROM / CD-RW drive. Yesterday I received a new drive, being a DVD-RW drive, and I replaced the previous one with the new one. O.k., no problem so far, and the BIOS seems to properly identify the drive. When booting the machine, the drive is -I think- identified as DVDW as /dev/acd0, and the mountpoint it (re!)uses is /cdrom. Now, this is where the issue lies. When putting a CD-ROM in the drive, and trying to access it through the /cdrom mountpoint I get an empty directory listing (not correct) and when manually trying to do the following: mount /dev/acd0 /cdrom I get the error (on all CD-ROMs): mount: /dev/acd0 on /cdrom: incorrect super block Now, the entry in /etc/fstab for this device is set to: /dev/acd0 /cdrom cd9660 ro,noauto 0 0 Which is fine for a CD-ROM drive. However: what should the proper settings be for a DVD-RW drive? Surely at least the 'ro' flag is incorrect, but is that all? Also: are there other locations where I should tell FBSD (and if so: how) about the presence of the new drive? Finally: I do not intent to run X on the machine, as it'll be a webserver only (well, incl. DB stuff etc.), and the drive is intended for being used to make remote back-ups on DVD-RW (yes: someone will physically swap the DVDs when necessary ;) ). What I'd like to know is what the easiest/best ways are to do so from the command-line. Does anyone have some scripts for this? Or perhaps some pointers to a good (preferrably free) program or tutorial? As always: thanks in advance for your time, and your answers. :) Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to properly mount a DVD-R/W drive and how to use it from the command line?
Hi all, Thanks for the excellent replies regarding this! Regarding the mounting: indeed I do have a proper /etc/fstab, so I'll use mount /cdrom then. Tnx for explaining about the need to mount it in ISO-9660 format, and that the 'ro' flag is correct after all. :) So, the remaining thing then is how to set-up a proper strategy for letting cron do automatic back-ups to DVD. Regarding that, most is clear now; a few additional questions/observations: I also do backups on DVD+RW, but this is a more 'tricky' job if it is done the automated way. One possible way is to use 'growisofs' (found in ports/sysutils/dvd+rw-tools). But this tool needs 'root' or some workarounds when used via 'sudo' (you can not use growisofs via sudo the direct way!). Running it as root is no issue. The machine is mine, so I can configure whatever I like as root. By now growisofs has been mentioned a few times, so it seems like that (either running from cron, or manually) is the best way to go then! S, if I understand it correctly, growisofs may be either itself able to create ISO images and burn those, or if not, just use ISO images created by mkisofs. Then, mainly out of curiosity: at present the size of the back-ups is less than 2GB, though the low cost of DVD-Rs doesn't create a need for it, it would be cool if I could burn 2 back-ups on 1 DVD. Are there any easy options for that as well, or would it be better (read: a heck of a lot easier) to simply not bother with that, and just burn one back-up per DVD, and just close the session (hence losing the additional amount of free space)? Hope this helped a little bit. There are sophisticated ways of doing backups via DVD-+RW/DVD-+R with shell scripts, so use the search function of the mailing lists. Definitely, thanks a lot! I now know where to start looking and how to go about it. I hope to be able to get the rest going myself by doing some RTFMing in man, my back-log of messages from the FBSD lists, and/or Google. :) Finally, regarding the cross-posts: I did that as the machine runs the AMD64 version (hence inclusion of the AMD64 specific list), but the question also seemed (at least partially) general enough to be asked on the regular FBSD list. I'm sorry if by doing so I went against some written or unwritten list etiquete, and if so, after this message I shall make sure not to do so again. :P Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to best set-up a small local 'sync' network next to the live network?
Hi, At present I'm in the last stages of configuring my new (primary) web server. As soon as I'm done with it, I want to place the machine at the server farm, connect it to the present live server, take the later one off-line for an hour or so, hook it up via local network to the new primary server, rsync the necessary files, and update the MySQL DB. Once that's done, I'll simply swap the external (i.e. world) IP addresses of both machines, and then the new primary server should be pretty much up and running. Now, what I'd like to do, is: make the current live server a fall-back machine (connected to the outside world, but normally never mapped via DNS entries, unless the primary server goes down, and I assign the IP address of the live machine to the fall-back machine). What I'd like to do as a strategy is the following: Primary server: - Runs FreeBSD 5.4-Release AMD64 - Connected to outside world via NIC 1 @ a real IP address; say 123.45.67.89, publicly available as webserver incl. DNS mappings, etc. - Connected via a cross-wire cable to fall-back machine via NIC 2 ; using address 192.168.1.1 Fall-back server: - Runs FreeBSD 5.2.1-Release i386 - Connected to outside world via NIC 1 @ a real IP address; say 123.45.67.88, privately available by IP address only (mainly for SSH access, serves as fall-back and staging machine) - Connected via a cross-wire cable to primary server machine via NIC 2 ; using address 192.168.1.2 Now, the machines are (obviously) not the same hardware wise, nor OS wise. I may (or may not) decide to install FreeBSD 5.4-release i386 on the fall-back server, or I may just leave that as is. The things I'm wondering about are the following: -How can I best set-up such a dual network configuration, such that one network will not interfere with the other? -Can I somehow 'force' the machines to automatically interpret anything in the 192.168.1.x range to be local, and hence automatically use NIC 2, instead of using the NIC 1 adapter (which handles my outside world traffic)? -Is it sufficient to set-up the Rsync daemon on the primary machine to only allow connections from 192.168.1.2, and to run as root, such that I can easily use the cross-wire as a kind of direct tunnel to perform the syncing? -What is the nicest MySQL replication mechanism? Presently I use a mechanism that dumps the MySQL DB instances, and will then push them over an SSH tunnel to the fall-back machine, directly loading them into the MySQL DB on that machine. Is MySQL's master-slave syncing perhaps a better choice? Cheers, and thank in advance for any and all replies! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Which MySQL version best to use and with/without linux threads?
Hi all, Thanks a lot for your answers! I see that MySQL v5 is not mature enough for my likings to risk the gamble already, and presently I have no need for triggers and stored procedures (though they can be very handy, of course). Regarding version 4.0.x versus 4.1.x: the same applies as for v5: I do not yet have a direct need for v4.1's additional features, so I think for now I'll simply stick with 4.0.26, and I will not bother compiling linuxthreads into it. Tnx again! Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Which MySQL version best to use and with/without linux threads?
Hi, I've got a MySQL 4.0.16 DB running with several DB instances in it. So far, so good, but I'm looking for a bit of advice. I've got a few small questions: Firstly: is it (for a webserver) better to compile MySQL with linux-threads or without? I seem to recall having read that Linux uses a better threading mechanism, and that MySQL really benefits from this... What do you all think? Then, I'm currently configuring a second beast, ee, server. :) Being an AMD-64 19 server, running FreeBSD 5.4-Release AMD64. On it, I instinctively installed the latest MySQL 4.0.x version (being 4.0.26) and it works flawlessly with the data from my current production machine. Still so far, so good. :) However... I was wondering what the advantages (and potential disadvantages!) may be of using a newer line of the MySQL DB. Can anyone tell me what the advantages/pitfalls may be of using v4.1.x or even v5, over using 4.0.x ? A year or two ago I installed a 4.1.x version and there were some issues then with using the passwords, coming from a 3.23.x or 4.0.x one. I don't remember the details, but it had something to do with that... Any advice is more than welcome, as this is the moment for me to make this sort of decicion, and I'd like to do so based on real user's experiences...:) Thank you kindly in advance, and with kind regards, Olaf Greve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DVD burners and the Adaptec 2200S RAID controller...
Hi, Tnx again for your answer! Most of what you need is already in the GENERIC kernel. The rest is a available as modules. IIRC, you have to load the cam.ko module. Just use the ATAPI DVD burner via CAM. AFAICT it's very stable. I haven't burnt a coaster yet. An SCSI DVD burner is bound to be more expensive. Tnx, I'll go for an ATAPI IDE DVD burner then. Sounds like a good option and less troublesome than using a SCSI one. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DVD burners and the Adaptec 2200S RAID controller...
Hi Roland, First off: tnx for your reply! I haven't tried burning DVDs with the ATA driver. The manual page for growisofs says that you should use SCSI devices on OpenBSD and NetBSD, but it doesn't mention FreeBSD. Hmmm, one would guess FreeBSD not to be very different in that respect. Speed is not really a concern for me, but potential data corruption is. I just read something about someone having had issues with an ATA DVD drive, due to digital line-noise on the regular low cost 40-pin ATA cable. Using an 80-pin one apparently solved it. Makes sense. I will use an Adaptec 2200S U320 RAID controller for the harddrives, so perhaps an ATA interface would be easier to configure indepenently of another SCSI device (then again: maybe not). Any advice in that respect? I don't think having CAM in the kernel will make it more difficult. If possible, I'll try to use the generic kernel. AFAIK that covers the 2200S. What I'm wondering about is the following: would it be possible to use the 2200S as a regular controller for a SCSI DVD rewriter, in combination with it running 4 drives in RAID 10 mode? The controller has two U320 channels and allows up to 30 devices to be connected to it. However, I'm not certain that is assuming RAID only set-ups or whether that also allows regular SCSI devices to be attached to it... Does anyone have any experience using such a combination? More generally: does anyone have any experiences in using the 2200S under FreeBSD? Typically enough on Adaptec's site FreeBSD is not mentioned in the list of supported OSes (surprise, surprise...). However, on FreeBSD's list(s) of supported hardware it is mentioned (besides: I currently use the 2100S successfully under FreeBSD 5.2.1, whereas Adaptec's list only mentions the 4.11 version). Can someone perhaps let me know what most closely matches such an interface? The growisofs program from the dvd+rw-tools package is the program that does the actual burning. This is probably what you want. Things like k3b and gcombust et al are just front-ends. Tnx! I'll make sure to do some RTFM-ing on those tools then. Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DVD burners and the Adaptec 2200S RAID controller...
Hi, [...] 2200S. What I'm wondering about is the following: would it be possible to use the 2200S as a regular controller for a SCSI DVD rewriter, in combination with it running 4 drives in RAID 10 mode? The controller has two U320 channels and allows up to 30 devices to be connected to it. However, I'm not certain that is assuming RAID only set-ups or whether that also allows regular SCSI devices to be attached to it... Don't do this. Leave only hard disks on the RAID array card. Most RAID cards only want disk drives on the busses anyway. Tnx, I feared as much...:( Either way: I personally like that separation as well. I have another good Adaptec SCSI controller, but I think it's a bit a pity to 'sacrifice' that just for a DVD burner (it's currently installed in a machine I have specifically set-up as MySQL database stress tester). :P Hmmm, I wonder what good ATA options there are... Otherwise, I guess I'll simply have to add another SCSI controller. Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Compatible DVD burners for AMD-64 version of FreeBSD 5.4?
Hi, Thanks for your replies! Ronald wrote: Over the years Plextor CD and DVD rewriters have served me well. That's why I chose a PX-712A for my amd64 system. It works flawlessly with cdrecord and growisofs via the CAM SCSI subsystem. Tnx! I'll take a look at that one. Actually you mention something interesting: I hadn't checked out the interface type. Do you know if DVD rewriters would typically be SCSI or ATA? I will use an Adaptec 2200S U320 RAID controller for the harddrives, so perhaps an ATA interface would be easier to configure indepenently of another SCSI device (then again: maybe not). Any advice in that respect? Tony wrote: My understanding is that any burner will show up and give you a block device, rather it's the authoring software that has the burden to recognize the burner for what it really is, and make full use of it. That said, what authoring software are you intending to use? I've had lots of luck in the past using K3B. Are you going old sk00l and using mkisofs? ;) It'll be the first time I'll be using a DVD burner under FreeBSD, so I still do not know which software best to use. The intended use for it is to have my (cron scheduled) back-up script write the back-up to DVD periodically (as well as being able to do this manually). I do not intend to put KDE/Gnome on the machine, so as far as I'm concerned no fancy interfaces are required. In fact: I'd rather have a text based interface, e.g. like sysinstall. Can someone perhaps let me know what most closely matches such an interface? Tnx and cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Compatible DVD burners for AMD-64 version of FreeBSD 5.4?
Hi, Within a few weeks I will be aquiring a new server, and it will most likely feature a 64-bit AMD processor. One of the (hardware-wise) things I need to solve before being able to actually get it, is which DVD burner (for back-ups, etc.) I can best install in it. From the FreeBSD 5.4 AMD-64 hardware compatibility list, I seem to gather the following drive may be a good candidate: Logitec LDR-H443U2 DVD-RAM/-R/+R/-RW/+RW drive Does anyone have any experience with this particular combination and/or can anyone perhaps recommend me some other good alternatives for the AMD-64 version of FreeBSD 5.4? Thanks in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Shared object libintl.so.5 not found error wheninstallinglogrotate port - how to solve this?
Hi, Firstly, thanks for your reply! No, you have the right version of gettext but you didn't address the problem. I feared as much...:( Soo, the question then winds down to how to resolve this. Can anyone tell me how I can fix this problem? Well, you have a mix bag set of references to gettext. Ports you haven't rebuilt are still refering to the old library. The interface changed between .so.5 and .so.6 and you have to rebuild everything that uses libintl. Hmmm, to be honest, I'm not certain how I can best fix this. It is my live server which is up 24/7, and of which I'd rather not break anything just to get logrotate going I considered trying to install it as a package using sysinstall, but that complains that the fbsd 5.2.1 distribution cannot be found on the FTP servers anymore. Ideally, I'd like to (re)build the logrotate port such that it will work. I guess that does involve doing what you say: rebuilding everything that depends on the conflicting library. However, I do not know exactly how to do this. Can anyone perhaps tell me how I can find out which ports depend on this library, and how I can correctly update the lot such that it will all work, and such that I can install the logrotate port correctly? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Shared object libintl.so.5 not found error when installinglogrotate port - how to solve this?
Hi all, I have run into a weird issue, which for some reason doesn't want to get resolved. I am using FreeBSD 5.2.1 Release i386, and my ports tree is recent (via /usr/local/bin/cvsup -g -L 2 /root/ports-supfile). However, when trying to install the logrotate port (i.e. version logrotate-3.7_3 - located in /usr/ports/sysutils/logrotate/), I keep getting the following error: ** millennics# make install === Building for logrotate-3.7_3 /libexec/ld-elf.so.1: Shared object libintl.so.5 not found *** Error code 1 Stop in /usr/ports/sysutils/logrotate. ** Now, I tried perform a 'make clean' and a 'make depend' as well, but all to no avail. Searching on the Internet suggests that this is due to 'gettext'. So, I tried reinstalling that as well, but still, no luck. The installed gettext packages are: ** millennics# pkg_info | grep gette gettext-0.14.1 GNU gettext package p5-gettext-1.03 Message handling functions ** I guess this is basically o.k., right?!? Soo, the question then winds down to how to resolve this. Can anyone tell me how I can fix this problem? Cheers! Olafo PS: down below I've copied the last part of the 'make reinstall' output of gettext, as well as the output of the subsequent 'make install' output of logrotate... ** mkdir -p -- . /usr/local/share/doc/gettext/examples install -o root -g wheel -m 444 installpaths /usr/local/share/doc/gettext/examples/installpaths cd /usr/ports/devel/gettext/work/gettext-0.14.1/gettext-runtime/man make uninstall-html for file in gettext.1.html ngettext.1.html envsubst.1.html gettext.3.html ngettext.3.html textdomain.3.html bindtextdomain.3.html bind_textdomain_codeset.3.html; do rm -f /usr/local/share/doc/gettext/$file; done cd /usr/ports/devel/gettext/work/gettext-0.14.1/gettext-tools/man make uninstall-html for file in msgcmp.1.html msgfmt.1.html msgmerge.1.html msgunfmt.1.html xgettext.1.html msgattrib.1.html msgcat.1.html msgcomm.1.html msgconv.1.html msgen.1.html msgexec.1.html msgfilter.1.html msggrep.1.html msginit.1.html msguniq.1.html gettextize.1.html autopoint.1.html; do rm -f /usr/local/share/doc/gettext/$file; done install-info --quiet /usr/local/info/autosprintf.info /usr/local/info/dir install-info --quiet /usr/local/info/gettext.info /usr/local/info/dir === Compressing manual pages for gettext-0.14.1 === Running ldconfig /sbin/ldconfig -m /usr/local/lib === Registering installation for gettext-0.14.1 millennics# cd /usr/ports/sysutils/logrotate/ millennics# make install === Building for logrotate-3.7_3 /libexec/ld-elf.so.1: Shared object libintl.so.5 not found *** Error code 1 Stop in /usr/ports/sysutils/logrotate. ** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Native POSIX threads + Java under FreeBSD 5.3 release i386
Dear Dan, Thanks for your answer! A follow-up: Why would they require an OS-specific threads library, instead of simply requiring Posix threads? I can tell you right now that Solaris doesn't support NPTL, just the same way Linux doesn't support Solaris's thread library :) Interesting. The people who wrote the software told me that they used to have a version that worked well with the Linux 2.4 kernel threads version. Then, they said they had improved their software, and that it's based around the threading system as it is present in the Linux 2.6 kernel. They did indeed mention that we require Posix threads, so I guess they mean to say that we require Posix threads (rather than relying on a Linux 2.6 kernel perse). If you have limited time, I'd say just use either Solaris 10 or Linux. If you have problems on FreeBSD, they won't help you. Yes, I just called the client, and he strongly recommended simply looking for a Debian-9 or SuSe-9 system. I think I'll simply try that... I'm looking somewhat into the support for NPTL under FreeBSD 5.3 release i386, and I have come across the following URL: http://www.unobvious.com/bsd/freebsd-threads.html From this, it sounds like the LinuxThreads (i.e. /usr/ports/devel/linuxthreads) should do the trick. That page is 2 years old, and even says right in the middle, before comparing libc_r and linuxthreads: WARNING: The rest of this document does not describe thread support in FreeBSD 5.x . You have been warned. :) I think I didn't express myself the way I meant to (sorry for that). Basically what I meant to write was that from the document I gathered that the /usr/ports/devel/linuxthreads port is what should be used. But indeed upon re-reading my own text, it suggests that I had gathered from the document that that would work under versions 5.x as well (which was not what I meant to imply). Anyway, your following answer basically answers what I wanted to know: Can anyone tell me something about the following: 1) Does the linuxthreads library provide 100% NPTL support, as under Linux? Linuxthreads is the Linux 2.4 and below threads package. NPTL is the name for the threads implementation in Linux 2.6 kernels. As far as I know, linuxthreads and NPTL are relatively ABI-compatible. From this, I gather the linuxthreads port will not give me the threading system as used in the Linux 2.6 kernel then... O.k., I think I know enough for now: I'll first try having a go at Red Hat or SuSe then Thanks again, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Native POSIX threads + Java under FreeBSD 5.3 release i386
Hi all, As is typical, I have once again been given very limited time to get something running, and there are some interesting things to figure about about it. :) In brief, the application is a distributed one, loosely based on some CORBA concepts, though differently (fortunately!). The supported programming languages are C/C++/Java/Ada, of which Java will probably be the one we would like to use. Now, the issue is (or may be), that the recommended (and only tested) platforms are Solaris and Linux (particularly Red Hat and SuSe - kernel versions 9). The apparent reason for this, is that the platform requires the NPTL (Native Posix Threads Library). I'm looking somewhat into the support for NPTL under FreeBSD 5.3 release i386, and I have come across the following URL: http://www.unobvious.com/bsd/freebsd-threads.html From this, it sounds like the LinuxThreads (i.e. /usr/ports/devel/linuxthreads) should do the trick. However, I have no experience with these threads and I wonder whether it is a good idea to try to get the platform working under FreeBSD (my favourite Unix), or whether it may be better to install Red Hat or SuSe this once. :) Can anyone tell me something about the following: 1) Does the linuxthreads library provide 100% NPTL support, as under Linux? 2) Does usage of the library incur a kernel recompilation, or will all scripts of the platform have to be changed such that the linuxthreads library is linked in? 3) A different question: what is the best JDK 1.4.x port to install, and does one of those perhaps have support for NPTL? I hope anyone can help me out a bit with this, even if it only is about whether to make the best choice between figuring out how to get this platform going under FreeBSD (being the Unix with which most experience I have), or whether to try to go Linux and have a -perhaps- more straightforward installation of the platform (at the expense of not knowing the particular intricacies of those Linuxes). Help/opinions are very much appreciated. :) Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD basic tool differences with Red Hat Enterprise 3
Hi all, Today over here a rather fancy server was delivered on which in little time I have to set-up several packages, such that the machine becomes a web server for an intranet application. Now... Though basically most Unixes are heavily similar, I unfortunately find myself with very little time to get into the specifics on Red Hat. I will quickly start doing some RTFM-ing, but I'm hoping anyone on this list has some experience with this particular Unix, and can perhaps give me some quick pointers on the following (and later perhaps on some other things as well): -What is the tool that more or less does the same as FreeBSDs sysinstall? -Where does one configure the network adapter settings? -How does one add packages? -Probably most important: AFAIK Red Hat is not typically the first choice for a web server (as opposed to FreeBSD and Debian). Is anyonw aware of potential security risks/issues that Red Hat Enterprise might suffer from? Thanks a lot in advance, and if any replies to this are deemed inappropriate for the FreeBSD list, can you please reply to my private e-mail address? Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to transparently set-up two differently configured network interfaces?
Hi all, I find myself with little time to find a neat solution for the following situation: We have a Shuttle on which fbsd 5.2.1 is installed. Now, the machine used to have just one network interface, of which I'd simply switch the settings when the machine needs to be used for demo purposes, rather than running in our local network. So, I just installed a second network interface, and I'd like the machine to become smart enough to do the following: -Boot, check if rl0 has a cable attached to it, and if so, use that as active network interface, with fixed settings (gateway, nameserver, and IPv4 address all set to 192.168.1.1). -if rl0 does not have a cable attached to it, use DHCP on interface rl1 and use that. Sounds relatively straightforward. So I set the settings of the rl0 and rl1 network interfaces (via sysinstall) to reflect just that. However, when doing so, the gateways seem to get shared, and just get set to 192.168.1.1. Can anyone point me to the proper means of setting this up properly? Normally I would RTFM regarding dhclient.conf and such, but unfortunately I find myself with very little time available for spending on it, so I hope someone can give me a quick pointer in the right direction... Cheerz! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
libintl.so.5 issue when installing logrotate
Hi, I ran into a rather funny issue (fbsd 5.3-release, i386). I have an updated ports tree (that is: twice per week cron updates it using cvsup). Now, I tried installing /usr/ports/sysutils/logrotate (make install) O.k., it failed, mentioning that it required gettext version 0.13 or higher. No problem, just install that, right? O.k., so I installed /usr/ports/devel/gettext (make deinstall, make reinstall) All fine so far (it installef version 0.14.1). Then I tried again to make install the /usr/ports/sysutils/logrotate and again it failed, this time the error is: [...] === Building for logrotate-3.7_3 /libexec/ld-elf.so.1: Shared object libintl.so.5 not found Hmmm, no what can that be? A quick look-up on Google shows: http://tomster.org/geek/freebsdcookbook/tidbits/gettextupgrade Nice, a chicken and the egg problem: logrotate requires gettext 0.13 or higher, but when installing that, apparently out goes a required library! Duh! The same page mentions the following: The solution is to force the upgrade of the already currently installed version of gettext (by using the -f option) and doing the upgrade recursively (by using the -r option). I guess this means doing a pkg_add -f -r gettextpkg as opposed to make install-ing the port, right? Now, before doing this (and possibly messing up the installation by doing a force install), has anyone already done this, and is this really the best solution? Tnx and cheerz, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Blacklisting IPs
Hi, It's best to report them and it's not hard to do it. There are automated tools that will do it. I would be very interested in setting up such a tool on my server as well. My passwords are not easy to guess, and root is not allowed to login anyways, and changes are extremely slim that someone will guess the one and only username/password combination that is actually allowed to SSH and to su -. Nonetheless, I find it annoying that some kids with nothing better to do download these stupid brute force tools in order to call themselves hackers. Duh! Therefore, I could well do without having 22,000 lines of failed attempts in my securityy logs (though as of late they haven't been that long), and I wouldn't mind reporting the critters to their ISPs. Does anyone have a good suggestion for such a tool? It would be cool if the tool could spot such brute force attempts, and when it sees e.g. more than 5 failed attempts from the same IP within say 5 minutes of time, it would blacklist the IP, and would automatically report the crack attempt to the ISP of the critters. Anyone? Cheerz! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem when SSH-ing to FreeBSD 5.3 using PuTTY?
Hi, Alright, last Friday I promised to let you guys know what the outcome was of the issue where PuTTY wouldn't connect to FreeBSD 5.3. And the winner is...: Look in /etc/ssh/sshd_conf for the setting PasswordAuthentication I think the default changed from yes to no. HExren Indeed. By default there's a line: #PasswordAuthentication no Changing that in: PasswordAuthentication yes And then performing a: kill -s HUP sshdpid Does the trick! Tnx and cheerz, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sil 3114 RAID controller issues with FreeBSD 5.3 Release AMD-64 - and Promise RAID controllers???
Hi, Last Friday I ranted: In this case, time IS money, so that's why I'm trying to convince my client to better spend that money (and my time) on simply buying a supported hardware RAID controller, which really is a win-win situation for both my client and myself. However, somehow I've not yet been able to drive that argument home, so who knows...:/ Well, eureka, I did it! :) That is... I managed to convince the client to go hardware RAID. ;) They have a preference for the following controller: Promise FAST Trak S150TX4 But.. As far as I gather from the supported hardware list (fbsd 5.3, amd-64) at: http://www.freebsd.org/releases/5.3R/hardware-amd64.html#DISK It looks like this controller is not supported. :( To further compound matters, checking the docs on the controller suggests that, again, this is basically a software RAID solution (no CPU, no on-board memory, and a 66MHz PCI 2.2 32-bit interface): nice to complement their otherwise blazingly fast 64-bit AMD machine, duh! :((( Oh well, again I made a very strong suggestion to buy the Adaptec 2200s U320 SCSI RAID controller, but we'll see... :) Meanwhile, does anyone know of a good hardware SATA RAID controller capable of supporting RAID 10, and which is properly supported by FreeBSD 5.3 (amd64)? Any experiences? Any do's and dont's? Tnx cheerz! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem when SSH-ing to FreeBSD 5.3 using PuTTY?
Hi all, On two distinct machines (both running FreeBSD 5.3 release, one is the AMD-64 version, the other is the i386 version) I am experiencing problems when trying to SSH to the machine using PuTTY. PuTTY shows the login prompt just fine, but when entering the proper username/password (yes, I am positive I typed it correctly -multiple times, in fact- :) ). Yet, for some reason this combination does not seem to get accepted. Does anyone know the reason for this (note: I am not starting the SSH daemon from inetd)? Is there perhaps some (new) setting that changed between 5.2.1 and 5.3 that causes this, or am I doing something else terribly wrong? :) Thanks in advance for any answers, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sil 3114 RAID controller issues with FreeBSD 5.3 Release AMD-64
Hi, A client of mine asked me to install their AMD-64 machine as a MySQL database server. Totally against my strong suggestion to use a proper SCSI hardware RAID 10 solution (or at least a hardware SATA RAID solution), they insist on using the internal Sil 3114 software RAID controller in RAID 1 mode. Now, this 'cost reduction' from them backfires, as FreeBSD 5.3 Release AMD-64 does not properly recognise this controller. First, it locks up when booting with ACPI enabled (easily fixable by either disabling ACPI in the BIOS, or by booting without ACPI), then the bootstrap loader first seemingly does recognise the RAID 1 array (at least it states something to the effect of Drive C from BIOS..., but when the installation CD-ROM has booted, lo and behold! It does not see both drives as an array, but as separate drives! I looked around a bit on the Internet, and seemingly this issue started to occur around mid june last year with FreeBSD 5.3 versions for these type of Silicon RAID controllers. Now, of course I am still trying to get my client to do it properly and forget this el-cheapo RAID solution and simply buy a hardware RAID controller, but if I can't succeed in convincing them, I'd really like to enable the RAID array of this controller after all. Does anyone know how this can be achieved? Is it possible to patch the device driver once FreeBSD is installed, and somehow get FreeBSD to build the RAID array? Thanks in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem when SSH-ing to FreeBSD 5.3 using PuTTY?
Hi Jon, You did not state the version of Putty you are using. Hmmm, good one. I just checked and it is version 0.50. Try the latest version, (release 0.56) I beleive. There was a problem in earlier versions of Putty with keyboard-interactive method of authentication. I'll give that a shot. It's quite interesting that it would work with fbsd 5.2.1 (and earlier) and not with fbsd 5.3, but it might indeed be the culprit. Either way: after the weekend I shall let you guys know what the culprit was. :) Cheerz and 'ave a good weekend! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sil 3114 RAID controller issues with FreeBSD 5.3 Release AMD-64
Hi Erik, Thanks for your answer! I don't think FreeBSD supports the SiI 3114 as a RAID controller, but only as a normal controller. All the RAID stuff for that controller is done in software anyway, but FreeBSD needs to know what format the BIOS uses for a RAID setup, and it doesn't. Indeed that is what I also fear, hence my reluctance at having to spend much time trying to figure out a way to enable this controller for RAID purposes, whereas it is an -IMO- bad choice anyway to use this for their RAID strategy. :((( I guess you could set up a pure software RAID-1 solution using vinum, but not having done that myself I can't say for sure. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/vinum-vinum.html for information on how to use and setup vinum. Yes, that would probably be another option. Again it would have the same downside though: I've never done this before, so I'll have to spend time getting that going. In this case, time IS money, so that's why I'm trying to convince my client to better spend that money (and my time) on simply buying a supported hardware RAID controller, which really is a win-win situation for both my client and myself. However, somehow I've not yet been able to drive that argument home, so who knows...:/ Oh well, enough of this rant - surely someday they'll see the light. Until then, I'll just continue to scream in the desert. ;) Cheerz! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Properly installing PHP4 extensions under Apache 1.3.x
Hi, A while ago the topic was raised about how to properly install PHP 4.3.8+ versions with their required extensions, under Apache 1.3.x. I'm doing so just now, but I seem to be missing one step, as the extensions do not seem to get picked up. Here's what I did: 1) Update the ports tree using CVSup 2) Build the /usr/ports/lang/php4 port (= 4.3.10 - make install) 3) Build the /usr/ports/lang/php4-extensions port 4) Build several extensions I need (GD, MySQL, session), again, I did do a make install 5) Restart Apache Double checking the installation shows: pkg_info | grep php php4-4.3.10 PHP Scripting Language (Apache Module and CLI) php4-gd-4.3.10 The gd shared extension for php php4-mysql-4.3.10 The mysql shared extension for php php4-session-4.3.10 The session shared extension for php O.k., so that goes alright. Yet, I do not see any of these extensions getting picked up, and I wonder on the one hand what I am missing exactly, and on the other hand what the easiest (or best) way is to fix this. Can anyone tell me something more about the following: 1) How do I get these extensions to be picked up (using the configure tool in the php4 ports? adding entries to Apache's httpd.conf file? something else?) 2) Is this really the easiest way to go? It seems to be somewhat cumbersome to have to install all extensions this way. When building the php4-extensions port I was prompted for which extensions I wanted to install. I was hoping some form of master Makefile would result from that, allowing me to install the previously selected extensions all in one go, rather than having to install each one of them manually. Thanks a lot in advance, and cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Properly installing PHP4 extensions under Apache 1.3.x
Hi again, Alright, I just found the missing step: I used to have an existing php.ini file in which the extension_dir directive was not disabled. Commenting that directive does the trick. :) So the correct procedure should then be: 1) Update the ports tree using CVSup 2) Build the /usr/ports/lang/php4 port (= 4.3.10 - make install) 3) Build the /usr/ports/lang/php4-extensions port 4) Build several extensions I need (GD, MySQL, session), again, I did do a make install 5) Comment out the extension_dir directive in php.ini 6) Restart Apache Cheers! Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MySQL cluster on FreeBSD AMD-64 ?
Hi guys, A few days ago I asked for experiences you all might have with optimising MySQL for large DB applications under FreeBSD. Well, the plot thickens, and hardware and OS-wise I think I now am well on my way of finding a very promising solution. The idea is to use FreeBSD 5.3 AMD-64, using MySQL cluster. Has anybody already done this? If so, could they perhaps let me know their experiences and/or any potential pitfalls (either on-list or off-list)? Thanks heaps in advance, and 'ave a great weekend! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to distribute MySQL over various machines (or otherwise up its performance)?
Hi, I have been asked to assist in a most interesting challenge: getting rid of a Win2K server (running MySQL) on which MySQL takes up around 100% of the CPU. :) I have near total freedom in suggesting a replacement architecture (within some reasonable finacial limits, of course), and I am considering suggesting a solution that involves one or more FreeBSD MySQL DB servers, in order to speed up the database performance. Now, there are various strategies that spring to mind, and I was hoping someone could perhaps tell me some more about this from personal experience or hearsay. Regardless of what the eventual suggestion will be, first I'll tune the current DB by assigning a proper DB scheme and by properly using indexes. I've got a gut feeling that these guys set up the DB without paying proper attention to that (in this case probably due to a lack of experience with this), so hopefully a lot can already be gained by doing so. Nonetheless: for setting up a more robust and fast DB server (or server cluster?) I'd like to take matters a step further, by using a fast hardware set-up as well (note: in any and all proposed architecture, I'll propose to use plenty of memory). Now, here comes the bit with which I do not have any experience, so I'm hoping perhaps someone can help me getting started on the proper path. The following is what I'm considering as potential steps: -The guys for whom this will be done mentioned having acquired 64-bit motherboards (I do not yet know the exact type), they do not mind installing multiple processors on it. Question: which FreeBSD version can best be used in order to optimally make use of a 64-bit and/or multi processor architecture? -RAID: for performance and security matters, I _think_ a RAID 10 architecture would be a very good choice. By using a proper U320 SCSI hardware set-up, running in RAID 10 mode, I think much can be gained. Cost is somewhat of an issue, but not all too much. I'm considering the Adaptec 2200S RAID controller, with 15K U320 drives (like the Maxtor 15K 36 GB drives or so). Questions: does it really make sense to use U320 (and 15K instead of 10K) instead of U160? I'm not certain what the speed is of the PCI slots that are present on the motherboards that are to be used, but am I right that if it's the normal speed (being 133MHz), that virtually nothing is gained by using U320 over U160 (as U160 would then already be faster than the bus speed anyway)? Also: does anyone have an insight in actual DB performance gain by using striping? RAID 0 is not an option, it'll have to be fault tolerant. I'm somewhat suspicious of RAID 50 and the likes, hence the idea of using RAID 10... -Using multiple machines. Questions: is there something like a 'MySQL load balancer'? Is this a good idea at all, or will a fast machine (e.g. dual processor) + enough memory (1GB? 2GB?) + a fast hardware RAID 10 set-up already be more than sufficient to do the job? I realise this is a long mail, so sorry for that. :) I hope someone can give me some good pointers and/or other general information for how to best handle this... Thanks in advance, and cheerz! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: php4-cli or mod_php4
Hi, i want to install apache+php+mysql. If i install mod_php i cannot install php4-extension (mysql, etc ...). If i try to install php4-cli and extensions apache doesn't know how to handle .php files . What's the they to go to make apache work with mysql and php ? fBSD is 5.3. Well, up until fBSD 5.2.1 when installing PHP4 and Apache 1.3 using sysinstall, matters would all automatically be swell. Then, the other day I installed fBSD 5.3 on a client's machine, then I did the same trick by installing Apache 1.3, PHP4 + extensions and I tested the combination. A simple 'hello world' script worked a charm, but then I put the actual application on the machine, and all sorts of things would not work! It seems that as of fBSD 5.3, the version that is installed when using sysinstall has a lot less compile options enabled than it used to do previously, one of which being the MySQL support. Here's what I did to solve the issue: 1) Install Apache 1.3, PHP4 (MOD + CLI), PHP4 extensions. 2) Make sure this combination can successfully execute a simple 'hello world' example. 3) Figure out PHP's compilation options (this can be done e.g. using PHPinfo). 4) If possible, compare these options to those of a system on which everything works as it should (I was lucky enough to be able to do so, but perhaps you do not have access to such a system). No write down the compilation options that you're missing in your installation (e.g. something like --enable-mysql, etc.). 5) Go to the proper ports directory, which I think (if memory serves me right here) is something like /ports/lang/php4. Check the Makefile structure, in the beginning of that file you can see PHP's compilation options. 6) Add the missing options to this file. Perform a 'make remove' (to first uninstall PHP4), then perform a 'make all' followed by a 'make install' (I think these were the steps). 7) Restart apache using 'apachectl restart' and check the compilation options again. If you did this process correctly, PHP should work fine now. Note: enabling PHP4 from the Apache httpd.conf file is not that difficult. If your 'hello world' example fails to run, and you can't figure out which configuration options to set in Apache's httpd.conf file, and/or in PHP's php.ini file, please let me know. I've done this several times now, so I can probably help you out with it... Cheerz! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: php4-cli or mod_php4
Hi, Correct solution would be to install mod_php4 first and then install all the necessary extensions via separate ports. For instance, to get MySQL support in PHP you would install /usr/ports/databases/php4-mysql. This way of installing extensions via ports was introduced when PHP 4.3.8 came out (and was mentioned in /usr/ports/UPDATING). I C. I wonder why they did this... Oh well, never mind. It's good to know at least that there's no need to fully recompile everything the way I did it (live and learn). A quick question: did you happen to try this with GD2 as well? I want to install the latest version 2.0.28 (IIRC) and I haven't yet gotten around to doing so. I was wondering if GD2 can also be added flawlessly like this, or whether GD2 does require a recompilation. Anyway, if you don't know off-hand, it matters not. In that case I shall simply RTFM for the proper installation procedure... Cheers! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Qpopper errors
Hi, So, anybody don't know what is this? :( My guess... *everybody* doesn't know what this is (although some might know what Qpopper is). Part of your message is missing? :))) Indeed the question could be slightly more specific. :) Part of it can be answered though: Qpopper is a POP3 server. I use it too (v4.0) under FreeBSD 5.2.1 Release i386 and I have no issues with it. I call it from /etc/inetd.conf as follows: pop3stream tcp nowait root/usr/local/libexec/qpopper qpopper To install Qpopper I _think_ I simply used sysinstall and installed it as a package. If this wasn't the case, I simply compiled the port and installed it. Does that answer the question? If not, then please let me know, perhaps I can help to solve further questions... Cheers, Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating packages list (using cvsup?)
Hi all, I was wondering about a thingy. Whenever I use sysinstall to add a package, the list seems to be constantly the same (i.e. often outdated), whereas more recent versions should be available of several of the packages. Of course I can manually d/l the packages and if necessary compile them and install them, but I have also heard of the possibility of using cvsup to automatically update the packages tree. Now, I have installed cvsup, and I quickly browsed over the man pages (I have to admit that I have not yet been able to spend much time on this), but I was wondering if this is really the best way to go. Sure, it does automatically update collections, etc., but is this really the handiest tool out there for this particular task? If not, can anyone please name me an alternative (approach)? If it is, OTOH, can anyone please give me some quick pointers for setting this up correctly, and/or point me to a page where this process is explained. Thanks in advance, and cheers! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Updating packages list (using cvsup?)
Hi Thomas (and others), First off: thanks a lot for your answer, this is indeed what I was looking for... Then some specifics: Packages are pre-compiled so there is little ability to configure them, should you need to. Although I still know many people who prefer using packages. I find them handy at times, but indeed some of them are hopelessly outdated (like Clamd)...:) Do not use sysinstall to accomplish this. Also, there is no need to 'download or update' your 'packages'. Simply follow the below command to install the current package. I know. I didn't express myself correctly: what I meant to say was to update the tree of 'packages', but then, as you stated, what I actually should have been referring to is the tree of 'ports'. :P Below is a config to install cvsup and run it to update your ports collection. Remember though, ports are not precompiled and you will actually need to move into the /usr/ports/whatever_port/whatever_program dir to install them. Yes, that's fine thanks! So the below should do the trick. # pkg_add -r cvsup-without-gui # cp /usr/share/examples/cvsup/ports-supfile /root/ports-supfile // change 'changethis' to cvsup2, cvsup3, etc. # ee /root/ports-supfile // REBOOT SERVER # shutdown -r now // Run CVsup to make ports current. (will take approx. 1 hour over broadband) # cvsup -g -L 2 /root/ports-supfile Cool. Sounds easy enough. So I guess if I were to schedule the 'cvsup -g -L 2 /root/ports-supfile' command using cron, a weekly task should do. Also there is a wealth of information in the FreeBSD handbook and I would consider giving that a read. Thanks, indeed I have printed that (for the 5.1 version, but that should be o.k.) and I shall check that out as well... Cheers! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with creating home directories when creating users using pw under 5.2.1 Release i386
Hi guys, I'm new to this list, so I hope I'm not flogging a dead horse here, but after an upgrade from 5.1 Release to 5.2.1 Release (i386) I encountered a weird thing: when being root, and creating users using the pw command as follows: pw useradd testusr -g testgrp -s /bin/sh No home directory gets created (whereas a home directory was properly created when doing this under 5.1 Release). Then, when I try to fix this afterwards by doing: pw usermod testusr -d /usr/home/testusr I get the message: pw: WARNING: home `/usr/home/testusr' does not exist This, in itself, is already weird, of course. Manually creating the directory /usr/home/testusr and then trying the pw command doesn't work either (neither when the directory is owned by root, nor when it's owned by testusr:testgrp) ?!? More bizarrely so, when adding a user using sysinstall, it all works fine. Go figure...?!? Does anyone have any ideas? Cheers! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Problem with creating home directories when creating usersusing pw under 5.2.1 Release i386
Hi, Give pw the -m option to instruct it to mkdir the home directory. Tnx! That works a charm! No idea how I could have missed that one, guess I'd better RTFM somewhat better than I did...:P Cheers! Olafo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]