quotas + jail ?
Hello, I have simple question - is possible to use quotas in jail(8) environment ? I set up my system as follows: 1. this is setting in main environment cat /etc/fstab | grep VSERVERS /dev/ad3s1f /VSERVERS ufs rw,noatime,groupquota=/VSERVERS/machine1/quotagroup,userquota=/VSERVERS/machine1/quotauser 2 2 2. this is setting in jail(8) /dev/ad3s1f /ufs rw,noatime,soft-updates,groupquota=/quotagroup,userquota=/quotauser But still cannot use quotas in jail. I thought if I have access to quotagroup and quotauser files, I can simply use quotas advantages. I try [EMAIL PROTECTED] /etc/rc.d/quota restart quotaoff: /: Operation not permitted quotaoff: /: Operation not permitted Checking quotas: done. Enabling quotas:quotaon: using /quotagroup on quotaon: /: Operation not permitted quotaon: using /quotauser on quotaon: /: Operation not permitted done. It seems to be impossible ( some kernel restriction ). :-( Is there some way to allow this ? My last idea was to replicate users and groups to main system and use quotas from it - but it is not good solution if we have several hundreds users in jail(8). Thank you ! Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: quotas + jail ?
Björn König wrote: Vladimir Dvorak schrieb: I have simple question - is possible to use quotas in jail(8) environment ? [...] It seems to be impossible ( some kernel restriction ). :-( Is there some way to allow this ? My last idea was to replicate users and groups to main system and use quotas from it - but it is not good solution if we have several hundreds users in jail(8). You don't need to replicate users and groups, just use UIDs and GIDs. There is a serious disadvantage: if you set quota for a specific UID then it affects all users with the same UID in different jails and even at the host; I guess this is not what you want. If you want to restrict the space that can be consumed by a jail then you might use memory devices, i.e. # create 1 GiB file $ dd if=/dev/zero of=myjail321 count=16k bs=64k $ mdconfig -af myjail321 md321 $ mkdir /jail/myjail321 $ mount /dev/md321 /jail/myjail321 $ cd /usr/src $ make installworld DESTDIR=/jail/myjail321 and so on ... Regards Björn Thank you Björn, I thing it is possible. I will shift existing UIDs ( in jail) to higher values (5- ) and apply quotas on them. I will try to eliminate UID mixing. Thank you for your suggestion. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sk0: watchdog timeout
Bernhard Fischer wrote: If you change hardware settings, you should also maintain the same settings on both ends of the wire, i.e. at the computer *and* the ethernet switch. [SNIP] I just forced it to use 100baseTX / full-duplex which I think was used before I forced it as well. That's exactly what I ment. If you force your sk0 to 100-full do the same with your switch. If you set sk0 to auto-config -- do it with your switch. Watch your interface-counters: netstat -I sk0 -b -d -t If the hardware (cards, cabeling, plugs, ...) is ok, there shouldn't be any errors for days or even weeks! Regards, bh Hi Bernhard, thanks for your message. I suppose we all know something about networking, but this is hardware/driver related problem ( with the highest probability ). I used my server in two different environments - at home and now at serverhouse. No difference. Still getting (from time to time ): sk0: watchdog timeout sk0: link state changed to DOWN sk0: watchdog timeout sk0: link state changed to UP sk0: watchdog timeout sk0: link state changed to DOWN sk0: watchdog timeout sk0: link state changed to UP sk0: watchdog timeout sk0: link state changed to DOWN messages. But server still running. I am out of ideas how can we solve our problem and I am about to buy new network card, because this stressfull situation is not good. ;-) Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sk0: watchdog timeout
Danial Thom wrote: --- Vladimir Dvorak [EMAIL PROTECTED] wrote: Bernhard Fischer wrote: If you change hardware settings, you should also maintain the same settings on both ends of the wire, i.e. at the computer *and* the ethernet switch. [SNIP] I just forced it to use 100baseTX / full-duplex which I think was used before I forced it as well. That's exactly what I ment. If you force your sk0 to 100-full do the same with your switch. If you set sk0 to auto-config -- do it with your switch. Watch your interface-counters: netstat -I sk0 -b -d -t If the hardware (cards, cabeling, plugs, ...) is ok, there shouldn't be any errors for days or even weeks! Regards, bh Hi Bernhard, thanks for your message. I suppose we all know something about networking, but this is hardware/driver related problem ( with the highest probability ). I used my server in two different environments - at home and now at serverhouse. No difference. Still getting (from time to time ): sk0: watchdog timeout sk0: link state changed to DOWN sk0: watchdog timeout sk0: link state changed to UP sk0: watchdog timeout sk0: link state changed to DOWN sk0: watchdog timeout sk0: link state changed to UP sk0: watchdog timeout sk0: link state changed to DOWN messages. But server still running. I am out of ideas how can we solve our problem and I am about to buy new network card, because this stressfull situation is not good. ;-) Vladimir There are generally 2 cases in which you'll get a watchdog timeout message on a network card driver. 1) Your machine is in livelock (ie overrun) 2) There is a problem with the interrupts Clearly you should know if 1) was occurring. With 2), it could be a driver or hardware problem or both. DT Hi, thanks for reply. The first case ( overrun ) is impossible, the server has (for now) very low traffic ( load is 0.00 almost all the time ). The second case is right answer. ;-) I suspect driver related problem. Before FreeBSD 6.0, there were Linux Debian and I didn`t mentioned any problem. I had there for several days FreeBSD 5.4 and watchdogs appear too. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sk0: watchdog timeout
Hans Nieser wrote: Nicolas Blais wrote: On November 26, 2005 09:15 am, Hans Nieser wrote: A long, long time ago Vladimir Dvorak wrote: Hello, I have a problem with network card. From time to time kernel says sk0: watchdog timeout I just ran into the same issue. I have an ASUS A8N-SLI Deluxe in my desktop machine which runs FreeBSD 6.0+Xorg+Gnome. It has two on-board NICs, the nvidia one and a Marvel one. The nvidia was one big disaster and was giving me device timeouts so I never bothered with that one again. I have an sk0 too on one of my computer's onboard A8V-DX which will timeout once in a while too. I found a way to reduce down time by modifying my rc.conf to force 'full-duplex 100Mbps'. Now, even when it goes into a watchdog timeout, I quickly get back my link within that second. This is what my rc.conf line looks like: ifconfig_sk0=inet 192.168.1.100 media 100baseTX mediaopt full-duplex netmask 255.255.255.0 I found some other solution here: http://sources.zabbadoz.net/freebsd/if_sk.html There is recommended to use correct on-chip RAM size: 6. use correct on-chip RAM size; committed to HEAD http://lists.freebsd.org/pipermail/cvs-src/2004-November/035293.html Can some of you know how ? Thank you. Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SQUID + antivirus content filter
Hello *, I would like to secure network against themselves with proxy and antivirus solution. My prerequisities are: SQUID, CLAMAV What software would you recommend for such things ? ( I unsuccesfully tried Viralator in combination with SquidGuard. ) There are other projects like Dansguardian or squid-vscan (which is neccessary to patch squid sources and this is the last step on my production server ). Do you know some good howto, solution ? Thank you, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why my Freebsd 4.11 box keeps rebooting ?
Jian Guo wrote: Hi, My Freebsd 4.11 boxes is used as a firewall and proxy server.(ipfilter 3.4.35, squid 2.5 stable 7 is intalled on Dell Poweredge700). On 11/11/2005 and only on that day, the box keep rebooting every 20 mins to several hours. After the first reboot, I diable the proxy server and only let firewall run.( another service is sshd and no other service). After 20 mins it rebooted again, so I swithed to a backup firewall, the same configuration 4.11 only sshd ipfilter and no proxy, but different hardware. Then 30 mins later it rebooted again. Then I swithed back the original box(only firewall) and try find any log errors, but I could find nothing wrong and the system was runnig normal,no over load, no much traffic. And it kept rebooting for several times. In the everning, it remained stable, and keeps running without problems until now(for a week). I am so confused with it. I am the only one that managed the box, and I checked the login files , nobody just me. Any body has some clues about it? Thanks, Jian Name: Jian Guo Email: [EMAIL PROTECTED] Hello Jian, isn`t it electricity infrastructure problem ? Do you have stable UPS ? Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SQUID + antivirus content filter
Vladimir Dvorak wrote: Hello *, I would like to secure network against themselves with proxy and antivirus solution. My prerequisities are: SQUID, CLAMAV What software would you recommend for such things ? ( I unsuccesfully tried Viralator in combination with SquidGuard. ) There are other projects like Dansguardian or squid-vscan (which is neccessary to patch squid sources and this is the last step on my production server ). Do you know some good howto, solution ? Thank you, Vladimir I found relatively interesting solution HAVP too: http://www.server-side.de/documentation.htm Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Jail and priority
Hello all, simple question: is possible to decrease or increate priority for whole jail without making script which parses all jail processes ? Thank you, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
system lacks resources
Hello list, I have problem with loaded Postfix server. I use Postfix, Amavis, Spamassassin, Cyrus-Imap. When the server is under mail load, these messages appears in logs: (host 127.0.0.1[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025, Net::SMTP: connect: Operation not permitted (Operation not permitted) at /usr/local/sbin/amavisd line 4323, GEN4 line 839., MTA([127.0.0.1]:10025), id=63072-10 (in reply to end of DATA command)) When the load decreases, these messages are delivered. I thing this is problem related to allowed system resources. Has anyone met this problem ? How can I increase or where to tune system variables ? /etc/login.conf ? Thank you, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sk0: watchdog timeout
Nicolas Blais wrote: On November 3, 2005 06:37 pm, martinko wrote: Vladimir Dvorak wrote: Hello, I have a problem with network card. From time to time kernel says sk0: watchdog timeout It has (probably) random behavior. I use FreeBSD 5.4-RELEASE-p8, motherboard is ASUS A8V Deluxe (AMD64, Athlon64XP 3200+) and internal network card from pciconf -v -l [EMAIL PROTECTED]:10:0: class=0x02 card=0x811a1043 chip=0x432011ab rev=0x13 hdr=0x00 vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)' device = '88E8001 Gigabit 32-bit Ethernet Controller with Integrated PHY' class= network subclass = ethernet This machine should be sent to serverhouse and I am not sure, if it is ready. :-( Can anyone tell me what is the solution ? To buy another netcard ? Thank you, Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] the same chip here and i see the messages from time to time too. not sure what's the problem or if there is any at all. so far card has been working alright, or at least i haven't noticed any issues. m. Same here too: sk0: watchdog timeout sk0: watchdog timeout sk0: watchdog timeout with occasional : sk0: discard frame w/o leading ethernet header (len 10 pkt len 10) sk0: discard frame w/o leading ethernet header (len 11 pkt len 11) Network is running fine, though sometimes accessing the internet takes 2-3 seconds (as if the DNS was not responding) but then is fine. Yes, the same feeling. This error is independend on load. I downloaded tens of GB and nothing happend, but usually after boot this error occures ( I do not know if it is really error). Tonight I tested small pings on this machine from several stations in network, no watchdog timeout message. Once I mentioned 1-2 seconds networking break, when I 'dmesg' immediatelly after that, the watchdog was there. Im not sure if I can put it as production server :-(. But I will try. ;-) Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cannot jkill JAIL
Hi, cannot jkill jail. I have in /etc/rc.conf this: jail_enable=yes jail_list=firma1 jail_set_hostname_allow=NO jail_firma1_rootdir=/mnt/JAILS/10.0.0.166 jail_firma1_hostname=company1.domain.com jail_firma1_ip=10.0.0.166 jail_firma1_exec_start=/bin/sh /etc/rc jail_firma1_exec_stop=/bin/sh /etc/rc.shutdown jail_firma1_exec_devfs_enable=YES After boot process I ssh to host system and look for jail like this: [EMAIL PROTECTED] jls JID IP Address Hostname Path 1 10.0.0.166 company1.domain.com /mnt/JAILS/10.0.0.166 And the problem ? I cannot jkill this jail [EMAIL PROTECTED] jkill -r 1 jkill: couldn't connect to kernel: bad namelist - no kernbase [EMAIL PROTECTED] jkill -k 1 jkill: couldn't connect to kernel: bad namelist - no kernbase [EMAIL PROTECTED] jkill -f -k 1 jkill: couldn't connect to kernel: bad namelist - no kernbase No chance. :-( ( but as you can see, jls reports jail running and I can via SSH connect to) What I am doing wrong ? Thank you, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cannot jkill JAIL
Vladimir Dvorak wrote:
Hi,
cannot jkill jail.
I have in /etc/rc.conf this:
jail_enable=yes
jail_list=firma1
jail_set_hostname_allow=NO
jail_firma1_rootdir=/mnt/JAILS/10.0.0.166
jail_firma1_hostname=company1.domain.com
jail_firma1_ip=10.0.0.166
jail_firma1_exec_start=/bin/sh /etc/rc
jail_firma1_exec_stop=/bin/sh /etc/rc.shutdown
jail_firma1_exec_devfs_enable=YES
After boot process I ssh to host system and look for jail like this:
[EMAIL PROTECTED] jls
JID IP Address Hostname Path
1 10.0.0.166 company1.domain.com
/mnt/JAILS/10.0.0.166
And the problem ? I cannot jkill this jail
[EMAIL PROTECTED] jkill -r 1
jkill: couldn't connect to kernel: bad namelist - no kernbase
[EMAIL PROTECTED] jkill -k 1
jkill: couldn't connect to kernel: bad namelist - no kernbase
[EMAIL PROTECTED] jkill -f -k 1
jkill: couldn't connect to kernel: bad namelist - no kernbase
No chance. :-( ( but as you can see, jls reports jail running and I can
via SSH connect to)
What I am doing wrong ?
Thank you,
Vladimir
Now it is solved.
I should mount devfs into the jail also. ('mount_devfs devfs
/mnt/JAILS/10.0.0.167/dev')
Vladimir
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
sk0: watchdog timeout
Hello, I have a problem with network card. From time to time kernel says sk0: watchdog timeout It has (probably) random behavior. I use FreeBSD 5.4-RELEASE-p8, motherboard is ASUS A8V Deluxe (AMD64, Athlon64XP 3200+) and internal network card from pciconf -v -l [EMAIL PROTECTED]:10:0: class=0x02 card=0x811a1043 chip=0x432011ab rev=0x13 hdr=0x00 vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)' device = '88E8001 Gigabit 32-bit Ethernet Controller with Integrated PHY' class= network subclass = ethernet This machine should be sent to serverhouse and I am not sure, if it is ready. :-( Can anyone tell me what is the solution ? To buy another netcard ? Thank you, Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
make.conf - question
Hello, where can I found ALL parameters suited for /etc/make.conf ? For example, I wanted install some software from ports without X11, but man 5 make.conf doesn`t include WITHOUT_X11 option. Fortunatelly I found this page http://www.gsp.com/cgi-bin/man.cgi?section=5topic=make.conf and included some necessary parameters into my make.conf. Ok, I found this --- man make.conf --- The purpose of make.conf is not to run commands or perform compilation actions directly. Instead, it is included by the various makefiles in /usr/src, /usr/ports and /usr/doc which conditionalize their internal actions according to the settings found there. --- cut --- in man page, but im not sure where exactly should I look ? (OS: 5.4-RELEASE FreeBSD 5.4-RELEASE ) Thank you, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
proftpd + disable reverze UID/GID mapping
Hello *, I am using ProFTPd with MySQL authentication. Is possible to disable UID/GID mapping ? I can log into existing ftp account but when I use for example ftp command 'ls', connection is immediatedly terminated. The reason of termination is, that proftpd is trying to map UID/GID number to user/group names. In proftpd.conf I have: SQLUserInfoftp login password id + 1 as uid 1 as gid path NULL The error is obvious in SQL query ( /var/log/mysql.log ): Query SELECT login, password, id + 1 as uid, 1 as gid, path FROM ftp WHERE (id + 1 as uid = 0) LIMIT Is possible to disable this mapping ? 'PersistentPasswd off' seems doesn`t work. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: proftpd + disable reverze UID/GID mapping
Vladimir Dvorak wrote: Hello *, I am using ProFTPd with MySQL authentication. Is possible to disable UID/GID mapping ? I can log into existing ftp account but when I use for example ftp command 'ls', connection is immediatedly terminated. The reason of termination is, that proftpd is trying to map UID/GID number to user/group names. In proftpd.conf I have: SQLUserInfoftp login password id + 1 as uid 1 as gid path NULL The error is obvious in SQL query ( /var/log/mysql.log ): Query SELECT login, password, id + 1 as uid, 1 as gid, path FROM ftp WHERE (id + 1 as uid = 0) LIMIT Is possible to disable this mapping ? 'PersistentPasswd off' seems doesn`t work. Vladimir If there is directory, which has the same uid as user logged in, its ok. Problem occures when this directory has another uid - then proftpd uid/gid subsystem tries to query mysql to find out proper name to uid/gid number. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Only cyrus-imap22 or later supports virtual domains, I assume you use this version. It should be supported by default. I am using 2.1.18 version. There should be VirtualDomains supported too: (since 2.1.x) http://asg.web.cmu.edu/cyrus/download/imapd/changes.html No, I think you read it wrong: Changes to the Cyrus IMAP Server since 2.1.x meaning that these changes are since the 2.1.x branch and are supported in 2.2.0 and higher. Same document, 2.2.0: * A large number of bugs involving virtual domain support have been fixed (meaning that even if I'm wrong about it for 2.1.x, better upgrade beyond 2.2.0 to get past those bugs). I suggest you upgrade, anyway, since I don't use that version and things has changed significantly, I can't really give you the advice will work - only what works for 2.2.x. Cheers, Erik Yes, you are right. Now I am using 2.2.12 and virtdomains seem to be working. But I found another strange problem: devel:/var/run# cyradm -u [EMAIL PROTECTED] localhost IMAP Password: localhost.localdomain cm user.test ^^^ it works; user test is included into defaultdomain. But when I try: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Invalid mailbox name Cyrus is strange software, isn`t it ? :-) Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Yes, you are right. Now I am using 2.2.12 and virtdomains seem to be working. But I found another strange problem: devel:/var/run# cyradm -u [EMAIL PROTECTED] localhost IMAP Password: localhost.localdomain cm user.test ^^^ it works; user test is included into defaultdomain. But when I try: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Invalid mailbox name Cyrus is strange software, isn`t it ? :-) No, by loging in as [EMAIL PROTECTED] you get access to mailboxes under the devel domain, point is that different virtual domains can have different admins. You specify this in the imapd.conf. Try loging in just as cyrus: # cyradm -u cyrus localhost Cheers, Erik Erik, we both are about to solve the problem. ;-) Yes, you are probably right. When I cyradm -u cyrus, I have in maillog: Sep 14 09:08:37 devel imap[9491]: badlogin: localhost.localdomain [127.0.0.1] plaintext [EMAIL PROTECTED] SASL(-13): user not found: checkpass failed When I add [EMAIL PROTECTED], it will manage 'localdomain' users and I will be on the same place (probably, for now not tried). :-( Erik, how can I log as cyrus without domain ? Thank you! Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Yes, you are right. Now I am using 2.2.12 and virtdomains seem to be working. But I found another strange problem: devel:/var/run# cyradm -u [EMAIL PROTECTED] localhost IMAP Password: localhost.localdomain cm user.test ^^^ it works; user test is included into defaultdomain. But when I try: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Invalid mailbox name Cyrus is strange software, isn`t it ? :-) No, by loging in as [EMAIL PROTECTED] you get access to mailboxes under the devel domain, point is that different virtual domains can have different admins. You specify this in the imapd.conf. Try loging in just as cyrus: # cyradm -u cyrus localhost Cheers, Erik You are right. I can create localhostcm [EMAIL PROTECTED] when I has been connected as [EMAIL PROTECTED] Its not good to have admin for each domain in database ( because it will be huge; all auth and other information are stored in MySQL backend ). I need some _super-cyrus_ user, which will be able to create arbitrary mailbox with domain. Several month ago I set it up on Linux Gentoo system and there it was simple and it behaves as I required - cyrus user was able to create and delete all mailboxes what he want. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Erik, we both are about to solve the problem. ;-) Yes, you are probably right. When I cyradm -u cyrus, I have in maillog: Sep 14 09:08:37 devel imap[9491]: badlogin: localhost.localdomain [127.0.0.1] plaintext [EMAIL PROTECTED] SASL(-13): user not found: checkpass failed When I add [EMAIL PROTECTED], it will manage 'localdomain' users and I will be on the same place (probably, for now not tried). :-( Erik, how can I log as cyrus without domain ? Please post your imapd.conf (remove comments) - I posted mine yesterday. Check the content of the admins entry, does it specify domain? I think that cyradm authenticates against sasldb and not system password (or maybe falls back on system password) - this I understand - is to separate ordinary users and administrators - but can also be quite annoying. If you have added an entry to sasldb with saslpasswd2 then it could be for the devel realm. You can try to rename sasldb and see what happens, then if it doesn't work create it with new entries where you make sure not to specify realm: # saslpasswd2 cyrus Also, reading above there may be a difference between: # cyradm -u cyrus and # cyradm -u cyrus localhost Cheers, Erik config is in attachement configdirectory: /var/lib/cyrus defaultpartition: default partition-default: /var/spool/cyrus/mail-new partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: yes admins: cyrus allowanonymouslogin: no popminpoll: 1 autocreatequota: 0 umask: 077 sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_auto_transition: no tls_cert_file: /etc/cyrus-global.pem tls_key_file: /etc/cyrus-global.key tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH lmtpsocket: /var/run/cyrus/socket/lmtp idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_mech_list: PLAIN LOGIN sasl_sql_user: mysqluser sasl_sql_passwd: xyxyxy sasl_sql_database: hosting sasl_sql_hostnames: localhost sasl_sql_select: SELECT password FROM email WHERE address = '[EMAIL PROTECTED]' virtdomains: yes ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Erik, we both are about to solve the problem. ;-) Yes, you are probably right. When I cyradm -u cyrus, I have in maillog: Sep 14 09:08:37 devel imap[9491]: badlogin: localhost.localdomain [127.0.0.1] plaintext [EMAIL PROTECTED] SASL(-13): user not found: checkpass failed When I add [EMAIL PROTECTED], it will manage 'localdomain' users and I will be on the same place (probably, for now not tried). :-( Erik, how can I log as cyrus without domain ? Please post your imapd.conf (remove comments) - I posted mine yesterday. Check the content of the admins entry, does it specify domain? I think that cyradm authenticates against sasldb and not system password (or maybe falls back on system password) - this I understand - is to separate ordinary users and administrators - but can also be quite annoying. If you have added an entry to sasldb with saslpasswd2 then it could be for the devel realm. You can try to rename sasldb and see what happens, then if it doesn't work create it with new entries where you make sure not to specify realm: # saslpasswd2 cyrus Also, reading above there may be a difference between: # cyradm -u cyrus and # cyradm -u cyrus localhost Cheers, Erik Heureeka Erik! :-) Now I can log as cyrus without @localdomain - modified /etc/hosts. ;-) Thank you very much for your support!!! Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cyrus-imap + virtualdomains
Hi *, I get stucked in this problem for serveral hours and now I am out of any ideas. I add virtdomains: yes loginrealms: devel testdomain.org into imapd.conf, then I created mailbox using following commands: devel~: cyradm -u [EMAIL PROTECTED] localhost Password: localhost cm [EMAIL PROTECTED] Now, I can authenticate and work with this mailbox. But problem occurs, when I create for example localhostcm [EMAIL PROTECTED] and try to login. In maillog appears plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: cross-realm login [EMAIL PROTECTED] denied It is clear - when I put test2domain.org behind the loginrealms item, it works. My question is: is possible to allow * domains to loginrealms ( because this server will serve a lot of domains and adding domain items is not effective) ? Thank you very much! Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: I add virtdomains: yes loginrealms: devel testdomain.org into imapd.conf, then I created mailbox using following commands: devel~: cyradm -u [EMAIL PROTECTED] localhost Password: localhost cm [EMAIL PROTECTED] Now, I can authenticate and work with this mailbox. But problem occurs, when I create for example localhostcm [EMAIL PROTECTED] and try to login. In maillog appears plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: cross-realm login [EMAIL PROTECTED] denied It is clear - when I put test2domain.org behind the loginrealms item, it works. My question is: is possible to allow * domains to loginrealms ( because this server will serve a lot of domains and adding domain items is not effective) ? There are a few things that comes into mind: First, you write your login realms as devel testdomain.org - I don't see test2domain.org anywhere. Second, depending on you mail client you may have to separate login name and realm with a % instead of @. Third, the newly created mailbox may have wrong permissions - check. Finally: In my config I have only: defaultdomain: mydefaultdomain.org virtdomains: yes and no list of loginrealms. Adding a virtual domain is as simple as adding a mailbox as you did: cm [EMAIL PROTECTED] I use sasl to authenticate against the system password so myuser (@mydefaultdomain.org) and myuser%myvirtualdomain.org is the same user. Since cyrus does not deliver mail (is not an MTA) cyrus can safely assume that incoming mail matching user/domain is destined for storage in that users mailbox. For this reason I guess, there should be no need to specify realms in the config. Cheers, Erik Ok, I followed you instructions and my config looks: defaultdomain: devel virtdomains: yes Now I login as admin cyrus and try to create mailbox: devel:~# cyradm -u cyrus localhost IMAP Password: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Permission denied In maillog is nothing, what permissions I should increace ? Do you have any idea ? Thank you. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Vladimir Dvorak wrote: Erik Norgaard wrote: Vladimir Dvorak wrote: I add virtdomains: yes loginrealms: devel testdomain.org into imapd.conf, then I created mailbox using following commands: devel~: cyradm -u [EMAIL PROTECTED] localhost Password: localhost cm [EMAIL PROTECTED] Now, I can authenticate and work with this mailbox. But problem occurs, when I create for example localhostcm [EMAIL PROTECTED] and try to login. In maillog appears plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: cross-realm login [EMAIL PROTECTED] denied It is clear - when I put test2domain.org behind the loginrealms item, it works. My question is: is possible to allow * domains to loginrealms ( because this server will serve a lot of domains and adding domain items is not effective) ? There are a few things that comes into mind: First, you write your login realms as devel testdomain.org - I don't see test2domain.org anywhere. Second, depending on you mail client you may have to separate login name and realm with a % instead of @. Third, the newly created mailbox may have wrong permissions - check. Finally: In my config I have only: defaultdomain: mydefaultdomain.org virtdomains: yes and no list of loginrealms. Adding a virtual domain is as simple as adding a mailbox as you did: cm [EMAIL PROTECTED] I use sasl to authenticate against the system password so myuser (@mydefaultdomain.org) and myuser%myvirtualdomain.org is the same user. Since cyrus does not deliver mail (is not an MTA) cyrus can safely assume that incoming mail matching user/domain is destined for storage in that users mailbox. For this reason I guess, there should be no need to specify realms in the config. Cheers, Erik Ok, I followed you instructions and my config looks: defaultdomain: devel virtdomains: yes Now I login as admin cyrus and try to create mailbox: devel:~# cyradm -u cyrus localhost IMAP Password: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Permission denied In maillog is nothing, what permissions I should increace ? Do you have any idea ? Thank you. Vladimir It seems to be working but localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Permission denied localhost.localdomain cm [EMAIL PROTECTED] localhost.localdomain cm [EMAIL PROTECTED] Why I cannot create [EMAIL PROTECTED] directly ? Because of cyrus`s directory structure ? Or when I need mailbox with 'dot' : [EMAIL PROTECTED] ? Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: Ok, I followed you instructions and my config looks: defaultdomain: devel virtdomains: yes Now I login as admin cyrus and try to create mailbox: devel:~# cyradm -u cyrus localhost IMAP Password: localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Permission denied In maillog is nothing, what permissions I should increace ? Do you have any idea ? Since you don't have any working mailboxes yet, it might be wise to delete what is and start over just to avoid any hanging problems. I just tried: localhost cm [EMAIL PROTECTED] localhost lam [EMAIL PROTECTED] [EMAIL PROTECTED] lrswipcda I have no testuser (so I haven't tested login) nor a virtualdomain.org in my dns or elsewhere. Which versions do you use? Admittedly, I spent about a week getting things to work last year - now most is forgotten :-) - try to subscribe also to the cyrus list for better support. Keep up :-) Erik Thank you Erik. ;-) Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: It seems to be working but localhost.localdomain cm [EMAIL PROTECTED] createmailbox: Permission denied localhost.localdomain cm [EMAIL PROTECTED] localhost.localdomain cm [EMAIL PROTECTED] Why I cannot create [EMAIL PROTECTED] directly ? Because of cyrus`s directory structure ? Or when I need mailbox with 'dot' : [EMAIL PROTECTED] ? Try to be a bit systematic, clear up any previous mess, stop cyrus and check the file permissions on the directories, if they are ok, start cyrus again. On my server mailboxes in the default domain are stored in /var/imap/spool/user while virtial domain mail boxes are in /var/imap/spool/domain with one subdir for each domain. And here is the problem (probably ). I have no 'domain' directory. :-( It doesn`t seem that 'virtdomain: yes' has some effect. Is there need to compile cyrus-imap with virtualdomains support ? So, if you have got file permissions wrong on that directory cyrus won't create any mailboxes. After creating a mailbox use lm to see what mailboxes are created, and then lam mailbox to check the permissions. Include that in your next mail. I just looked back in the archive from the cyrus mailing list and cyrus imap does some stuff with reverse dns and if it fails strange things may occur: Aparently, cyrus-imap does a reverse lookup of the ip on the inter- face that recieves the connection. This must resolve to a host under the defaultdomain. So, adding the line '192.168.0.4 top.example.com' to /etc/hosts solved the problem. This is my imapd.conf: configdirectory: /var/imap partition-default: /var/imap/spool altnamespace: yes userprefix: common sharedprefix: shared defaultdomain: example.com virtdomains: yes allowplaintext: yes allowplainwithouttls: no admins: cyrus root defaultacl: anyone lrs sieveusehomedir: false sievedir: /var/imap/sieve sasl_pwcheck_method: saslauthd sasl_mech_list: plain tls_cert_file: /var/imap/ssl/mail.crt tls_key_file: /var/imap/ssl/mail.pem tls_ca_file: /var/imap/ssl/ca.crt lmtpsocket: /var/imap/socket/lmtp /var/imap/spool and everything under that path is: drwx-- 11 cyrus mail 512 13 Sep 12:10 spool All permissions are ok, I am sure. Its default installation. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cyrus-imap + virtualdomains
Erik Norgaard wrote: Vladimir Dvorak wrote: On my server mailboxes in the default domain are stored in /var/imap/spool/user while virtial domain mail boxes are in /var/imap/spool/domain with one subdir for each domain. And here is the problem (probably ). I have no 'domain' directory. :-( It doesn`t seem that 'virtdomain: yes' has some effect. Is there need to compile cyrus-imap with virtualdomains support ? Only cyrus-imap22 or later supports virtual domains, I assume you use this version. It should be supported by default. I am using 2.1.18 version. There should be VirtualDomains supported too: (since 2.1.x) http://asg.web.cmu.edu/cyrus/download/imapd/changes.html Take a look into the pkg-plist file for cyrus-imap22 and see what comes with it, there may be some binary that fixes the directory structure - reconstruct maybe?. Otherwise try to create the directory manually and set permissions. Cheers, Erik Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenOffice+AMD64
Hello *, does anybody know what is the status of OpenOffice for AMD64 architecture ? Is possible to install OO in some chroot lib32 environment ? Or this cause is wasting the time for now ? Thank you. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenOffice+AMD64
Mark Kane wrote: Vladimir Dvorak wrote: does anybody know what is the status of OpenOffice for AMD64 architecture ? Is possible to install OO in some chroot lib32 environment ? Or this cause is wasting the time for now ? Hi. I am not sure the status of it for AMD64, but I do know it requires Java. Unfortunately there is no Java for AMD64 yet. I found this link, but I didn't think Linux binary compatibility was possible in the amd64 version. Every time I try to install a port that requires Java such as Azureus on my FreeBSD/amd64 machine, it says something like Only for i386, and you are running amd64. http://people.freebsd.org/~tjr/linux32.html For an alternative, look at AbiWord for word processing and Gnumeric for spreadsheets. I'm sure there are others as well. -Mark Thank you Mark. OOfice are possible to build without JAVA support (make -DWITHOUT_JAVA). I use Abiword and Gnumeric instead of OO now, but there is no connectivity with OO sxw files - which I have a lot (from times when I used i386/Linux). Thank you for that link I will look at it. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wrap sshd
Osmany Guirola Cruz wrote: Hi i am trying to restrict the ssh access to my machine from a specific machine and i am using hosts.allow but does not wor for me this is my /etc/hosts.allow file sshd : capella.cigb.edu.cu : deny then i restart the sshd daemon and doe not work i still have access from this machine ... Thanks You have better to deny everything and allow several certain hosts or networks. It is much more secure schema, than have tone of records of bad guy`s hosts in your tcp-wrappers config file. But I admit, that in some cases sense of your question is relevant. But I am not sure in which cases ? :-) Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make installkernel fails instantly w/ signal 11
Keyser wrote: In an effort to get the simplest of compiled c++ programs (compiled with g++) to actually run without a segfault on my box I'm trying to update everything. So I cvsup'd src-all and ports-all. Then I did: make -j4 buildworld (which worked) make -DALWAYS_CHECK MAKE buildkernel (which also worked) However, then when I try to installkernel I get a signal 11 immediately as shown below. I've tried it in single user mode with the same result. Not sure what I'm doing wrong? I've read signal 11 is usually caused by hardware issues but it seems strange this box could build both world and kernel without any problems if that were the case. vitoc# cd /usr/src vitoc# pwd /usr/src vitoc# ls COPYRIGHT UPDATINGgnu rescue usr.bin LOCKS bin include sbinusr.sbin MAINTAINERS contrib kerberos5 secure Makefilecrypto lib share Makefile.inc1 etc libexec sys README games release tools vitoc# make -DALWAYS_CHECK_MAKE installkernel -- Making hierarchy -- cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/tmp/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/tmac PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin /usr/obj/usr/src/make.i386/make -f Makefile.inc1 hierarchy cd /usr/src/etc;/usr/obj/usr/src/make.i386/make distrib-dirs mtree -eU -f /usr/src/etc/mtree/BSD.root.dist -p / mtree -eU -f /usr/src/etc/mtree/BSD.var.dist -p /var *** Signal 11 Stop in /usr/src/etc. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. vitoc# I've literally done everything by the book but maybe I've missed something obvious to someone else? Cut and pasted from /usr/src/Makefile - - - CUT - - - # Make sure we have an up-to-date make(1). Only world and buildworld # should do this as those are the initial targets used for upgrades. # The user can define ALWAYS_CHECK_MAKE to have this check performed # for all targets. # - - - CUT - - - Try make and install kernel without -DALWAYS_CHECK_MAKE. Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: netstat problem
Nicolas Salvo wrote: Hi Maybe this is a stupid question but.. After an upgrade from 5.3 to 5.4 the output of the netstat comand doesn't show anything about tcp or the services running with tcp. Any ideas? You haven`t apparently world and kernel synchronized. In other words: build kernel and world from 5.4 and install them again. I am true if it helps. ;-) Vladimir Dvorak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix and Queues
Hi *, I have little, but not annoying problem with Postfix and queuing management. When two or more big (understand 2 MB) emails are in active queue, Postfix is trying to deliver them simultaneously. But moth ago began to apear following message in /var/log/mail : 5BCED8EFE3* 4534286 Fri Mar 25 14:25:35 [EMAIL PROTECTED] (lost connection with mailserver.domain.com [aa.bb.cc.dd] while sending message body) ^^ this message is in defer queue and wait for its time, when next try to deliver comes. During this time comes another big email from local user, which get stucked in defer queue too. The link start to have very high load of outgoing mail traffic, but all of them are unsuccesfully delivered. Well, is there any chance to reduce queue to one mail in active queue ? The system runs postfix-19991231pl08-29 - I know its very old. Thank you in advance. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and Queues
Vladimir Dvorak wrote: Hi *, I have little, but not annoying problem with Postfix and queuing management. When two or more big (understand 2 MB) emails are in active queue, Postfix is trying to deliver them simultaneously. But moth ago began to apear following message in /var/log/mail : 5BCED8EFE3* 4534286 Fri Mar 25 14:25:35 [EMAIL PROTECTED] (lost connection with mailserver.domain.com [aa.bb.cc.dd] while sending message body) ^^ this message is in defer queue and wait for its time, when next try to deliver comes. During this time comes another big email from local user, which get stucked in defer queue too. The link start to have very high load of outgoing mail traffic, but all of them are unsuccesfully delivered. Well, is there any chance to reduce queue to one mail in active queue ? The system runs postfix-19991231pl08-29 - I know its very old. Thank you in advance. I found solution. There is (in front of this mailserver) OpenBSD firewall with scrub in all. Problem appears, when this messages are targeted to Microsoft MX. MS servers badly handle with IP headers and sets Dont fragment bit, when this packet is fragmented. :-) Excerpt from man pf.conf: Some operating systems are known to generate fragmented packets with the dont-fragment bit set. If you want to avoid this problem, leave scrub in all and use scrub in no-df. If you have another solution, you are welcome! :-) Vladimir Dvorak -- * VDSOFT.ORG [EMAIL PROTECTED] * * (+420) 602 944 941 http://www.vdsoft.org * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SSH with Kerberos authentication
Hi *,
I get stucked for several hours with configuring SSH authentication via Kerberos. I tested the same configuration on Linux and there was no problem.
I suspect pam_krb5.so.
My requisities:
FreeBSD 5.3-RELEASE-p5
Kerberos comming with base system (heimdal implementation (Heimdal 0.6.1))
in /etc/krb5.conf
[libdefaults]
default_realm = ATREY
[realms]
ATREY = {
kdc = 172.16.10.1
kpasswd_server = 172.16.10.1
}
[logging]
kdc = FILE:/var/log/kdc.log
kdc = SYSLOG:DEBUG
default = SYSLOG:DEBUG:USER
[appdefaults]
kinit = {
forwardable= true
}
[kdc]
database = {
realm = ATREY
}
require-preauth = no
v4-realm= ATREY
key-file = /var/heimdal/heimdal.mkey
in /etc/pam.d/sshd have:
authsufficient pam_krb5.so try_first_pass debug
authrequiredpam_unix.so
account required pam_krb5.so debug
session optional pam_krb5.so debug
password sufficient pam_krb5.so debug
From client view :
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/dvorakv/.ssh/identity
debug1: Trying private key: /home/dvorakv/.ssh/id_rsa
debug1: Trying private key: /home/dvorakv/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
pam_krb5: pam_sm_authenticate: Kerberos 5 error
pam_krb5: pam_sm_authenticate: Kerberos 5 refuses you
At server site in /var/log/auth.log there is notning to public. :-( In
/var/log/kdc.log :
What more - debug parameter standing after pam_krb5.so doesn`t increase
verbosity of output.
Here is my configuration method:
1.kstash
Password:
2. edit /etc/krb5.conf
3. kadmin -l
kadmin init ATREY
..
4. add principals
kadmin add dvorakv
5. run kdc,kpasswd,kadmind
/etc/rc.d/{kerberos,kadmind,kpasswd} start
6. test if i can get a ticket
kinit dvorakv
password:
[EMAIL PROTECTED]:~$ kinit dvorakv
[EMAIL PROTECTED]'s Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
everything ok, but SSH and PAM! :-(
And the last remark - this server runs in jail(8) - but there shouldn`t be a
problem.
Any ideas ? Is /etc/pam.d/sshd correct ? Is there anything what I am
missing ? Is there anything special in FreeBSD besides Linux.
Thank you, Vladimir
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: inode
Gert Cuykens wrote: What is a inode ? I installed freebsd 5.3 on a 2gb harddisk and it tells me there are not enough inodes ? Aldo there is diskspace availeble ? Does it mean there are to many directories ? Can you fix this ? I suppose there is no disk space available on some partition. When this message apears ? Or, you can check it out bu df -h command. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: no route to host - urgent problem
Laszlo Zsolt Nagy wrote: Hi All! I could compile a new kernel (4.8 p27). It logs in to an ADSL line with ppp (tun0 created). But I cannot ping even myself. This is a router, the other device is connected to a local network 172.16.0/20 messiasping 127.0.0.1 ping:sendto:no route to host messiasnetstat -nr Destination Gateway Flags Refs Use NetifExpire 127.0.0.1 127.0.0.1 UH 1 3 lo0 172.16.0/20 link#2 UC 3 0 rl0 I dot see the gateway here (Flags: G) but it should work for 127.0.0.1 without it. ARP is also working, the physical connection is okay on the LAN: messiasarp 172.16.0.26 ? (172.16.0.26) at 00:50:1d:5f:18:20 on rl0 [ethernet] I also tried this: messiasroute add default 172.16.0.1 The default gateway became 172.16.0.1 UGSc rl0. Despite this: messiasping 172.16.0.26 PING 172.16.0.26 (172.16.0.26): 56 data bytes ping: sendto: No route to host named does not work either. It is started but when I start nslookup it says 'No response from server'. Is it a missing 'options' from the kernel config? The same machine was working before with the same setting but a different kernel (GENERIC). Unfortunately, I need to do this within 1 hour. Employees are coming and they will cut my neck Laci Try to turn off your firewall first. ( pfctl -d or something similar if using ipfw ) I hope this helps. Vladimir Vladimir Dvorak -- * VDSOFT.ORG [EMAIL PROTECTED] * * (+420) 602 944 941 http://www.vdsoft.org * ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: no route to host - urgent problem
Laszlo Zsolt Nagy wrote: Try to turn off your firewall first. ( pfctl -d or something similar if using ipfw ) I hope this helps. Vladimir Vladimir Dvorak I set firewall_enable=NO in /etc/rc.conf Did not work. Please also note that I did not change my configuration on this machine, I just compiled a new kernel. All the networking configuration remained the same. In theory, my firewall rules are good. I believe the problem is with the kernel since I did not change anything else. Why it says 'no route' when I added the default route? Laci What did you changed in kernel CONFIG ? One important remark - if you are in stress, reboot to old working kernel (hope that will work :-) ) and wait till evening. Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
