LDAP issues on 5.21
Hi, I've got a server running 5.21. Last build/install world was about 6 weeks ago. Last 'portupgrade -a -R -r' was yesterday. I'm been struggling to get Samba 3.05 installed and playing nicely via LDAP. I think I've finally managed to get everything working properly as far as Samba is concerned, however I have one problem and one question. My problem is that users who *only* exist in the LDAP database can't seem to SSH into the box. Also, not only must users exist in /etc/passwd to successfully SSH into the box but the order in while "files" and "ldap" are listed in /etc/nsswitch.conf makes a difference, too. "Files" must be placed before "ldap" in /etc/nsswitch.conf for users to successfully SSH into the box. I don't understand why this is since the test account in question has the same information in both LDAP and /etc/passwd (and the same password, etc). Other services such as POP3 and SMTP work just fine with users only in LDAP. I suspect it's my /etc/pam.d/sshd configuration. That file looks like this: # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth authsufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass debug authrequiredpam_nologin.so no_warn authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authrequiredpam_unix.so no_warn try_first_pass # account account requiredpam_login_access.so account requiredpam_unix.so # session session requiredpam_permit.so # password passwordrequiredpam_unix.so no_warn try_first_pass Does anyone see anything in this file that would cause the behavior I'm experiencing? Lastly, my final general question is about FreeBSD's implementation of /etc/nsswitch.conf. I don't see support for shadow passwords. Should a FreeBSD box's /etc/nsswitch.conf file make any type of reference to shadow passwords? TIA, --Sean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Please help - URGENT - disk/fsck problems!--SOLVED!
> I'm in need of urgent help. I have a production 4.9-RELEASE > server. I track STABLE, last cvsup/make world was about two > months ago. After powering on after an extended power outage > (was given advanced notice by electric company and I shut the > server down before the outage occurred), the server hung with > disk problems and suggested I run fsck. I ran fsck and came > up with thousands of errors. I re-ran fsck and came up with > less. I repeated this process for what seems like a hundred > times. No matter what I do, though, I still have errors that > fsck seems unable to repair. HELP!! Well, seeing as that I didn't get a single response to my URGENT plea for help, and noting that necessity is the mother of all invention, I managed to solve this problem myself (48 hours after the fact with users screaming at me for 6 of them). I'm repling to my own post in the hopes it'll be archived and help some poor SOB like myself should they encounter the same problem. I don't know if it was the *right* way to solve the problem, or even if there were alternative ways. This method did work, though. It resulted in some data loss, but I was illing to live with that since I have good tape backups to restore from. Here's how I fixed my problem. After RTFM on fsck (man fsck) for the 4,341st time, I noticed under the "see also" section a utility called fsdb, the FFS debugging/editing tool. While messing with inodes and such as always scared the hell out of me, I figured I had nothing to loose at this point. I went back to my fsck output and noted that certain errors seemed to never go away, like this one: INCORRECT BLOCK COUNT I=447212 (5280 should be 4064) I assumed that the "I" above was an Inode number. I fired up fsdb with the disk slice in question as a paramenter, like this: fsdb /dev/da0s1g This gave me a "fsdb >" prompt. >From there I issued the command: clri i-number (e.g., clri 447212). This apparently nukes the Inode number given to it. I did this for all the Inode numbers that continually re-appeared after numerous fsck's. I typed "quit" (or was it "exit"?) to leave fsdb and then re-ran fsck. Problem sovled. Restored from tape (love AMANDA!) and I was good-to-go! Hopes this helps somebody... Thanks, --Sean Noonan * No employee or agent is authorized to conclude any binding agreement on behalf of Watkins Contracting, L.P., with another party by email without express written confirmation by an Officer of the company. In addition, any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Watkins Contracting, L.P. Employees of Watkins Contracting, L.P., are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
SOLVED! : Please help - URGENT - disk/fsck problems!
> I'm in need of urgent help. I have a production 4.9-RELEASE > server. I track STABLE, last cvsup/make world was about two > months ago. After powering on after an extended power outage > (was given advanced notice by electric company and I shut the > server down before the outage occurred), the server hung with > disk problems and suggested I run fsck. I ran fsck and came > up with thousands of errors. I re-ran fsck and came up with > less. I repeated this process for what seems like a hundred > times. No matter what I do, though, I still have errors that > fsck seems unable to repair. HELP!! Well, seeing as that I didn't get a single response to my URGENT plea for help, and noting that necessity is the mother of all invention, I managed to solve this problem myself (48 hours after the fact with users screaming at me for 6 of them). I'm repling to my own post in the hopes it'll be archived and help some poor SOB like myself should they encounter the same problem. I don't know if it was the *right* way to solve the problem, or even if there were alternative ways. This method did work, though. It resulted in some data loss, but I was illing to live with that since I have good tape backups to restore from. Here's how I fixed my problem. After RTFM on fsck (man fsck) for the 4,341st time, I noticed under the "see also" section a utility called fsdb, the FFS debugging/editing tool. While messing with inodes and such as always scared the hell out of me, I figured I had nothing to loose at this point. I went back to my fsck output and noted that certain errors seemed to never go away, like this one: INCORRECT BLOCK COUNT I=447212 (5280 should be 4064) I assumed that the "I" above was an Inode number. I fired up fsdb with the disk slice in question as a paramenter, like this: fsdb /dev/da0s1g This gave me a "fsdb >" prompt. >From there I issued the command: clri i-number (e.g., clri 447212). This apparently nukes the Inode number given to it. I did this for all the Inode numbers that continually re-appeared after numerous fsck's. I typed "quit" (or was it "exit"?) to leave fsdb and then re-ran fsck. Problem sovled. Restored from tape (love AMANDA!) and I was good-to-go! Hopes this helps somebody... Thanks, --Sean Noonan * No employee or agent is authorized to conclude any binding agreement on behalf of Watkins Contracting, L.P., with another party by email without express written confirmation by an Officer of the company. In addition, any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Watkins Contracting, L.P. Employees of Watkins Contracting, L.P., are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Please help - URGENT - disk/fsck problems!
I'm in need of urgent help. I have a production 4.9-RELEASE server. I track STABLE, last cvsup/make world was about two months ago. After powering on after an extended power outage (was given advanced notice by electric company and I shut the server down before the outage occurred), the server hung with disk problems and suggested I run fsck. I ran fsck and came up with thousands of errors. I re-ran fsck and came up with less. I repeated this process for what seems like a hundred times. No matter what I do, though, I still have errors that fsck seems unable to repair. HELP!! What are my options? Is there any way to repair the file system? How, exactly? I backup every night with AMANDA to a DLT drive. Would restoring from tape also restore the errors to the file system? I'm desperate, if any one could assist I'd be very grateful! TIA, --Sean Noonan P.S. - Here's the output from fsck (yes, I realize the volume is mounted in this output and therefore the filesystem is read-only): bash-2.05b# fsck ** /dev/da0s1a (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 2004 files, 38340 used, 90659 free (307 frags, 11294 blocks, 0.2% fragmentation) ** /dev/da0s1f (NO WRITE) ** Last Mounted on /tmp ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 10301 files, 26910 used, 231121 free (169 frags, 28869 blocks, 0.1% fragmentation) ** /dev/da0s1g (NO WRITE) ** Last Mounted on /usr ** Phase 1 - Check Blocks and Sizes INCORRECT BLOCK COUNT I=447212 (5280 should be 4064) CORRECT? no ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts LINK COUNT FILE I=648323 OWNER=man MODE=0 SIZE=0 MTIME=Feb 16 13:35 2004 COUNT 0 SHOULD BE -1 ADJUST? no ** Phase 5 - Check Cyl groups FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? no SUMMARY INFORMATION BAD SALVAGE? no BLK(S) MISSING IN BIT MAPS SALVAGE? no ALLOCATED FRAG 890704 MARKED FREE ALLOCATED FRAG 890705 MARKED FREE . . . ALLOCATED FRAG 4937333 MARKED FREE ALLOCATED FRAG 4937334 MARKED FREE ALLOCATED FRAG 4937335 MARKED FREE 253019 files, 2151531 used, 3184970 free (57794 frags, 390897 blocks, 1.1% fragmentation) ** /dev/da0s1e (NO WRITE) ** Last Mounted on /var ** Phase 1 - Check Blocks and Sizes INCORRECT BLOCK COUNT I=151455 (6912 should be 640) CORRECT? no INCORRECT BLOCK COUNT I=151456 (95008 should be 225856) CORRECT? no ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? no SUMMARY INFORMATION BAD SALVAGE? no ALLOCATED FRAG 646592 MARKED FREE ALLOCATED FRAG 646593 MARKED FREE ALLOCATED FRAG 646594 MARKED FREE . . . ALLOCATED FRAG 679445 MARKED FREE ALLOCATED FRAG 679446 MARKED FREE ALLOCATED FRAG 679447 MARKED FREE BLK(S) MISSING IN BIT MAPS SALVAGE? no 1760 files, 98086 used, 1997709 free (1317 frags, 249549 blocks, 0.1% fragmentation) bash-2.05b# ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Perplexing, inconsistent POP3 problem
Greetings list, I have client that I've installed 4.9-RELEASE for. I'm tracking stable (last cvsup/build world/install world/mergemaster was about two weeks ago). I have a very weird, inconsistent problem that's driving me and the client nuts. Users use Outlook 2000 for email client. My first POP3 server installed was qpopper v4.0.5. Occasionally, users' Outlook task progress bar would not increment. After a minute or two the client would "timeout" and present an error message to the user stating that it couldn't communicate with the POP3 server. Looking at /var/log/messages, I'd see that the users' experience coincided with log messages such as: Jan 9 12:37:32 freebee qpopper[33490]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 Jan 9 12:40:32 freebee qpopper[33506]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 Jan 9 12:43:11 freebee qpopper[33517]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 Jan 9 12:43:53 freebee qpopper[33519]: someuser at g1f-wks-02.somedomain.com (192.168.12.102): -ERR POP EOF or I/O Error <-- LOOK HERE Jan 9 12:43:53 freebee qpopper[33519]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 Jan 9 12:43:56 freebee qpopper[33520]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 Jan 9 12:44:03 freebee qpopper[33521]: Stats: someuser 0 0 0 0 g1f-wks-02.somedomain.com 192.168.12.102 I figured there must be something wrong with qpopper, so I tried cucipop. Same error from the users' point of view. Looking at /var/log/maillog, I now see entries like: Jan 9 08:54:20 freebee cucipop[25008]: someuser 192.168.12.102 0, 0 (0), 0 (0) Jan 9 09:10:02 freebee cucipop[25116]: someuser 192.168.12.102 1, 0 (0), 0 (0) Jan 9 09:11:02 freebee cucipop[25120]: someuser 192.168.12.102 1, 0 (0), 0 (0) Jan 9 09:13:02 freebee cucipop[25126]: lost someuser 192.168.12.102 60, 0 (0), 0 (0) <-- LOOK HERE Jan 9 09:18:02 freebee cucipop[25159]: someuser 192.168.12.102 0, 0 (0), 0 (0) Jan 9 09:25:03 freebee cucipop[28179]: someuser 192.168.12.102 1, 0 (0), 0 (0) Jan 9 09:28:03 freebee cucipop[28266]: someuser 192.168.12.102 0, 0 (0), 0 (0) Surely both POP3 servers don't have something wrong with them, so I decided to switch email client from Outlook to Outlook Express. Same problem. Then I tried to avoid M$ altogether and tried Eudora 6.0.1, but Eurdora seems to blow up on every machine I've tried it on. Googling for help, I saw a couple of issues relating to FreeBSD's TCP extensions. I used sysctl and turned them off, but alas it makes no difference. All other apps work fine. Mail server is in-house. I've never seen anything like this before. Any suggestions??? TIA, Sean Noonan * No employee or agent is authorized to conclude any binding agreement on behalf of Watkins Contracting, L.P., with another party by email without express written confirmation by an Officer of the company. In addition, any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Watkins Contracting, L.P. Employees of Watkins Contracting, L.P., are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: NAT and PPPoE problems
> Hi, > From my casual observation your rc.conf has a spelling error in it, you > have gatway_enable="yes" should of course be gateway_enable="yes". Sorry > if you had picked it up earlier. Doh! That fixed it. Thanks! I knew it had to be something simple like that, and I even quadruple checked rc.conf for typos, but was concentrating on the ppp-specific lines since pinging both the internal AND external interfaces worked (so I figured that the "gateway" portion of the mix was working...) Thanks again! -Sean * No employee or agent is authorized to conclude any binding agreement on behalf of Watkins Contracting, L.P., with another party by email without express written confirmation by an Officer of the company. In addition, any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Watkins Contracting, L.P. Employees of Watkins Conracting, L.P., are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: NAT and PPPoE problems
> Here are the docs i used when using ADSL w/ PPPoE and NAT w/ IPFW > there are 2 writeups here ...first is PPPoE (im assuming you already know > how to compile your kerel ?) 2nd is Duel Home host ...and how to setup > NAT. Hi Brent, About the only differences I see in your config vs. mine is that you've compiled NETGRAPH support directly into the kernel (but it's my understanding that this was no longer explicitly needed), and you manually configure the ed1 interface in rc.conf. I also notice that you specify NOT to use ARP (-arp) when you config the interface, which I don't specify (and the default is to use ARP). I'll try making the kernel change and the interface config change and see if makes a difference. The second doc is basically exactly what I used to do when I used plain-old Ethernet. However, as the doc states, "If the outside interface is ... a PPP-over-Ethernet (PPPoE) DSL connection, use ppp(8)'s NAT facility instead", which is what I'm trying to do ;-) NAT over plain-old Ethernet works just fine for me. Thanks again, Sean. * No employee or agent is authorized to conclude any binding agreement on behalf of Watkins Contracting, L.P., with another party by email without express written confirmation by an Officer of the company. In addition, any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Watkins Contracting, L.P. Employees of Watkins Conracting, L.P., are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT and PPPoE problems
Hi Folks, I've used NAT with FreeBSD for years now, but recently had to change my ISP. My new ISP, SBC, uses PPPoE (yuck). I've finally got PPPoE working, but am having a heck of a time getting NAT to work with it. I'm tracking STABLE and cvsup'd, etc, about two weeks ago to 4.9-PRERELEASE. Here's my config: /etc/ppp/ppp.conf: default: # PPP over Ethernet set log phase tun command set device PPPoE:dc0 set mru 1492 set mtu 1492 set ctsrts off set cd off set redial 0 0 set dial set login # set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 set ifaddr 67.116.219.246/0 67.116.219.254/0 add default HISADDR# Add a (sticky) default route enable lqr enable dns SBC: set authname [EMAIL PROTECTED] set authkey mypassword /etc/rc.conf: ez_ipupdate_enable="YES" firewall_enable="YES" firewall_type="open" firewall_logging="YES" gatway_enable="YES" gif_interfaces="gif0" # gifconfig_gif0="67.112.141.75 67.52.144.191" hostname="sean-noonan.kicks-ass.net" ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0" ipsec_enable="YES" kern_securelevel_enable="NO" linux_enable="YES" lpd_endable="YES" moused_enable="YES" moused_flags="-3" moused_type="auto" named_enable="NO" #natd_enable="YES" #natd_interface="dc0" network_interfaces="xl0 dc0 gif0 tun0 lo0" nfs_reserved_port_only="YES" nfs_server_enable="YES" nisdomainname="NO" ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="SBC" saver="logo" sendmail_enable="YES" sshd_enable="YES" syslogd_enable="YES" tcp_extensions="YES" xntpd_enable="YES" output of ifconfig -a: xl0: flags=8843 mtu 1500 inet 192.168.6.1 netmask 0xff00 broadcast 192.168.6.255 inet6 fe80::2a0:24ff:fed8:4738%xl0 prefixlen 64 scopeid 0x1 ether 00:a0:24:d8:47:38 media: Ethernet autoselect (100baseTX ) status: active dc0: flags=8843 mtu 1500 inet6 fe80::204:5aff:fe45:5aa8%dc0 prefixlen 64 scopeid 0x2 ether 00:04:5a:45:5a:a8 media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 tun0: flags=8051 mtu 1492 inet 67.121.201.208 --> 67.121.203.254 netmask 0x Opened by PID 57 output of netstat -rn: Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default67.121.203.254 UGSc4 30 tun0 67.121.203.254 67.121.201.208 UH 50 tun0 127.0.0.1 127.0.0.1 UH 00lo0 192.168.6 link#1 UC 10xl0 192.168.6.200:0c:76:51:77:7e UHLW00xl0 1079 The RFC1918 PC is using 192.168.6.2 for its IP address and 192.168.6.1 for its default gateway. The RFC1918 PC can successfully ping the gateway's internal and external interfaces, but nothing beyond. Adding an ipfw rule like: ipfw add 1 allow log ip from any to any shows ping traffic betwen the inside interface of the gateway and the RFC1918 PC, but nothing else. I've tried several ways of involking NAT, including via the ppp.conf file, via the command-line, and via rc.conf (the current flavor). None seem to work. Anybody have an ideas on how to proceed?? TIA, --Sean Noonan. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"