Re: why the shift from isakmpd.conf?
On 11 dec 2006, at 07.14, nuffnough wrote: Hi... I have recently started using OpenBSD, and one of the things that I liked most about it was the ease I got my VPN tunnels working with isakmpd. I've learnt in the past few weeks that the use of isakmpd is being deprecated in favour of ipsec. Rather, using ipsec.conf is recommended over isakmpd.conf. What were the reasons that led to this decision..? Some people seem to find isakmpd.conf a bit complex. :) How long will I still be able to use isakmpd? ipsecctl is a frontend to isakmpd, it does not replace the functionality. isakmpd is still doing all IKE processing. Typically you create an ipsec.conf file, which ipsecctl parses, output is isakmpd.conf style data that is fed to isakmpd via the command fifo (see isakmpd(8)). What are the advantages that ipsec has over isakmpd? Assuming you mean ipsecctl and not IPsec, it makes IKE configuration easier. I.e. one does not have to be an IPsec/IKE expert to setup a VPN. Will I still be able to configure custom policies when the defaults aren't appropriate? Yes. Atleast I've heard nothing about actually disabling isakmpd reading isakmpd.conf. Also, combinations are possible. You can change (some of) isakmpd's defaults by tweaking them in isakmpd.conf, then use ipsec.conf to do the actual (or additional) tunnel setup. Note that ipsecctl has some defaults and settings of it's own that may override your defaults (the last thing to be specified applies). /H
Re: VPN Howto
On Sun, Dec 10, 2006 at 11:00:01AM +0900, Mathieu Sauve-Frankel wrote: So whereas Linux has both a Security Policy Database and a Security Association Database in the kernel, I believe (and someone please correct me if I'm wrong) that OpenBSD kernel has only an SAD. You put your policy into ipsecctl, which passes it onto isakmpd, and isakmpd negotiates keys and sticks them in the SAD. You're wrong. Look at src/sys/netinet/ip_spd.c. You can manipulate the spd by using static flow esp rules and using the type keyword. flow esp from 192.168.0.0/24 to 192.168.1.0/24 peer 192.168.0.2 type require Thank you; that section in ipsecctl(8) makes more sense to me now. 'permit' and 'deny' are obvious. The manpage isn't clear on the others, but as far as I can tell from ip_spd.c they mean something like this: 'require' - if we have an SAD entry then use it. If not, drop the packet but ask the key management daemon to set up an SA. 'dontacq' - if we have an SAD entry then use it. If not, drop the packet. 'acquire' - if we have an SAD entry then use it. If not, accept the packet in the clear but ask the key management daemon to set up an SA. 'use' - if we have an SAD entry then use it. If not, accept the packet in the clear. Still, being able to use pf as well is a big bonus, as it lets you have a simple anti-spoofing policy such as traffic with source 10/8 must originate from an internal interface or enc0 which is often sufficient. Thanks again, Brian.
Re: Moving from tcsh to pdksh: how to recall partially typed in command? (ESC-p)
On 12/10/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Sun, 10 Dec 2006, Alexander Farber wrote: Hello Martin and others, On 12/6/06, Martin Hedenfalk [EMAIL PROTECTED] wrote: On 12/2/06, Alexander Farber [EMAIL PROTECTED] wrote: IMHO it would be better, if ESC-p and ESC-n wouldn't cycle but would stop at the last matching command - same as in tcsh. Because otherwise a user might go through several useless cycles until (s)he reliazes that the needed command isn't there I've put an updated patch up on http://bzero.se/patches/ksh-history-v2.patch. thanks for your new patch (sorry, I didn't have time to test it during the week). Now it almost works - I enter bind '^XA'=history-search-backward bind '^XB'=history-search-forward and then enter few letters and can use the up- and down-arrows - and they work and do not cycle after the last match (which is good IMHO). However there are still 2 differences to tcsh: 1) ESC-p and ESC-n aren't bound by default (maybe it's ok for ksh?) A version 3 of the patch binds these keys by default: http://bzero.se/patches/ksh-history-v3.patch 2) When I type few letters, like ls and then use the up-key to search for matching commands, and then see that my command isn't there - then I press the down-key several times to get back to the 3 letters that I have entered initially (ls ). In tcsh I can get back to the ls , but in your new ksh I'm stuck with the last matched command (like ls /tmp - which I don't want), and have to press CTRL-c I see. Fixing this seems to add a bit more complexity, and this issue doesn't annoy me enough to warrant adding that complexity. FWIW, it is consistent with bash. Regards Alex I found one other problem: if the match equals the string typed in, the match is never found. $ foo $ bar $ fooESC-P does beep. This happens only when foo is the possible match. If there's a foorbar with a higher history number, that is found, and next the foo is found. I would say that this is the correct behaviour in this case, because there are no other consecutive unique matches to be found. /martin
Re: why the shift from isakmpd.conf?
nuffnough [EMAIL PROTECTED] wrote: I have recently started using OpenBSD, and one of the things that I liked most about it was the ease I got my VPN tunnels working with isakmpd. I've learnt in the past few weeks that the use of isakmpd is being deprecated in favour of ipsec. What were the reasons that led to this decision..? Its recommended for most common uses, because its alot simpler and easier for those common uses. How long will I still be able to use isakmpd? You still do use it, ipsecctl just parses your ipsec.conf and tells isakmpd what to do. Its not a replacement for isakmpd, just for isakmpd.conf. Will I still be able to configure custom policies when the defaults aren't appropriate? Yes. Adam
Microsoft Volume Licensing Acknowledgement (KMM8004423I3516L0KM)
Your message addressed to [EMAIL PROTECTED] has been received. If you are an MSDN Administrator and would like assistance using our online, self-help resources, please visit http://msdn.microsoft.com/subscriptions/administration/. If your message is of an urgent nature please feel free to call us at 1-866-230-0560 in the United States and Canada. Our hours of operation are 5:00 a.m. to 5:00 p.m. USA-PST, Monday through Friday. Please reference message # 3390799 for any additional support on this query.
[error on lenovo x60 ac4]apm: connect error
hi [EMAIL PROTECTED] i installed openbsd -current on my lenovo x60 ac4, when it boot, i got a message: apm: connect error ---[snip]--- boot i googled, and found this message: http://www.sigmasoft.com/~openbsd/archives/html/openbsd-misc/2005-10/msg00846.html hardware problem? can it be resolved by kernel recompiled? thanks all :) Bibby
Re: problem to chroot ftp users
Hi, thanks for your answer, but I still have no luck. I have the same problem on two servers, OpenBSD 4.0 and 3.9. And I do it on both ... ... but differently: ftpd_flags=-DllUS Their HOME is where I want to chroot them Their shell is /usr/bin/passwd (to change the passwd and prevent ssh) Their username is in /etc/ftpchroot So I tried to setup the ftpd standalone, without the inetd, but with same result as before, result see below. # finger ftp_user Login: ftp_user Name: Directory: /home/ftp_user Shell: /bin/ksh On since Mon Dec 11 11:39 (CET) on ftp8556 (messages off) from somehost.test.de No Mail. No Plan. # grep ftp_user /etc/ftpusers # grep ftp_user /etc/ftpchroot ftp_user # ps ax | grep ftpd 3534 ?? Is 0:00.00 /usr/libexec/ftpd -DllUS above a session to the OpenBSD 3.9 host, but the same happens on the 4.0 host too. The last is a binary switch for chroot / non-chroot (if I wanted). Test is straightforward: ftp and pwd which gives either $HOME or '/'. The latter is of cause chroot. ftp [EMAIL PROTECTED] Connected to ftp.test.de. 220 ftp.test.de FTP server (Version 6.6/OpenBSD) ready. 331 Password required for ftp_vh. Password: 230- OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 230 User ftp_user logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp pwd 257 /home/ftp_user is current directory. ftp cd .. 250 CWD command successful. Does this help ? unfortunately not, and I have no clue, what is wrong in my setup. I think I must have done the same stupid error twice on both hosts, but I don't know where, any more ideas? kind regards Sebastian
Re: problem to chroot ftp users
[EMAIL PROTECTED] wrote: On Fri, 08 Dec 2006 12:24:48 +0100, Sebastian Reitenbach [EMAIL PROTECTED] wrote: I thought that, after reading ftpd(8), and therefore I have the user in /etc/ftpchroot. I have the same problem on two servers, OpenBSD 4.0 and 3.9. I think I misunderstand you. Are you saying that you have users in /etc/ftpchroot and they're still not chrooted after logging in? Did you restart ftpd? Assuming you're not running it from inetd of course. yes exactly, their usernames are listed in etc/ftpchroot, but after restarting ftp or inetd, they are still not chrooted. see my other answer to Uwe, with a longer output. in my eyes, I have done all to chroot them, but obviously I must have missed sth. kind regards Sebastian
setting locale on terminal
Hi, from my recent emails you have probably guessed that I am jumping from a debian system (have been GNU/Linux user for about ten years) into the -wonderful- world of o'bsd (4.0) on an i386. I am using for that the man pages, the absolute o'bsd book (which is strangely nice to read, i would have never thought anything like that of an informatics book) and the unofficial faqs. I am almost done with the migration and very happy. I still have to understand _correctly_ pf, of course. However there's something that annoys me a lot: locale In my zshrc I have set export LC_NUMERIC=C export LC_ALL=ca_ES.ISO8859-1 export LC_CTYPE=ca_ES.ISO8859-1 This worked perfectly on the debian system My mother tongue is Catalan and I would like my system to be set up to that language. It seems that for instance date is not behaving the way I would like (it's in English) and also perl is complaining all the time: - melanos| perl -v perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = ca_ES.ISO8859-1, LC_NUMERIC = C, LC_CTYPE = ca_ES.ISO8859-1, LANG = ca_ES.ISO8859-1 are supported and installed on your system. perl: warning: Falling back to the standard locale (C). This is perl, v5.8.8 built for i386-openbsd - This is very annoying because a number of things a written in perl; e.g. pkg_add, etc If I have a look at /usr/share/locale I find melanos| ls /usr/share/locale | grep ca ca_ES.ISO8859-1 ca_ES.ISO8859-15 I.e. they *exist* Now; on a debian system I'd do the following: dpkg-reconfigure localeconf and then als root set-language-env -E, or something similar What should I do in o'bsd? Any hint? The gnome X enviroment recognizes my /etc/profile though, which is set to export LANG=ca_ES.ISO8859-15 All X programmes are in Catalan... But I need the terminal in Catalan! I have thousands of scripts which I'd have to modify because the output of things like date are now different... Thanks, Pau
Re: problem to chroot ftp users
On Mon, 11 Dec 2006, Sebastian Reitenbach wrote: [EMAIL PROTECTED] wrote: On Fri, 08 Dec 2006 12:24:48 +0100, Sebastian Reitenbach [EMAIL PROTECTED] wrote: I thought that, after reading ftpd(8), and therefore I have the user in /etc/ftpchroot. I have the same problem on two servers, OpenBSD 4.0 and 3.9. I think I misunderstand you. Are you saying that you have users in /etc/ftpchroot and they're still not chrooted after logging in? Did you restart ftpd? Assuming you're not running it from inetd of course. yes exactly, their usernames are listed in etc/ftpchroot, but after restarting ftp or inetd, they are still not chrooted. see my other answer to Uwe, with a longer output. in my eyes, I have done all to chroot them, but obviously I must have missed sth. kind regards Sebastian Hmm, look for some funny chars, missing newlines or spurious whitespace in ftpchroot: vis -tl /etc/ftpchroot If that doesn't help, I can only suggest to add some debug code around the handling of the dochroot variable in ftpd.c -Otto
OpenBSD in the news in germany
hi dudettes dudes, just wanted to tell that in the next issue (January 2007; will be available from Dec 14th) of the german magazine iX [0] there's an article on the release of OpenBSD 4.0. It covers new features in OpenBSD 4.0 as well as some ethical issues wrt blobs. [0] -- http://www.heise.de/ix/ -- Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED] What are you gonna do? Release the dogs?! Or the bees?! Or dogs with bees in their mouth so that when they bark they shoot bees at you? (Homer J. Simpson)
Re: problem to chroot ftp users
On Mon, 11 Dec 2006 11:57:53 +0100, Sebastian Reitenbach wrote: thanks for your answer, but I still have no luck. # ps ax | grep ftpd 3534 ?? Is 0:00.00 /usr/libexec/ftpd -DllUS /usr/libexec/ftpd -DllUS checks. I don't say what you do is wrong; I don't even call it stupid; and I still do it differently: $ cat /etc/ftpchroot | grep uwe uwe chpass uwe gives: Home directory: /var/www/users/uwe Shell: /usr/bin/passwd and results in: $ ftp [...] 331 Password required for uwe. Password: 230 User uwe logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp pwd 257 / is current directory. When the user is commented out in /etc/ftpchroot, it looks like this: $ cat /etc/ftpchroot | grep uwe #uwe $ ftp [...] 331 Password required for uwe. Password: 230 User uwe logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp pwd 257 /var/www/users/uwe is current directory. [The huge majority of my users are ftp-only, some have a local logon. I wrote a script that moves the users from here to there and there to here; one item is adding/comment/uncomment their userid in /etc/ftpchroot.] $ head /etc/ftpchroot # $OpenBSD: ftpchroot,v 1.3 1996/07/18 12:12:47 deraadt Exp $ # # list of users (one per line) given ftp access to a chrooted area. # read by ftpd(8). I have no clue if this accepts a group as well ? Just try to add a demo user and make it work for him. Uwe
Re: Moving from tcsh to pdksh: how to recall partially typed in command? (ESC-p)
On Mon, 11 Dec 2006, Martin Hedenfalk wrote: if the match equals the string typed in, the match is never found. $ foo $ bar $ fooESC-P does beep. This happens only when foo is the possible match. If there's a foorbar with a higher history number, that is found, and next the foo is found. I would say that this is the correct behaviour in this case, because there are no other consecutive unique matches to be found. Yeah, I guess you are right, although it feels strange. It would be nice if there was a way to distinguish beteen no matches at all and no further unique matches. -Otto
how to get new port versions when following 4.0-patch
Hello List, I installed 4.0-RELEASE on my server, and am consequently following the -patch flavor of the ports tree, which contains clamav 0.88.5. Freshclam tells me every four hours: WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 9, recommended = 10 as Marc Balmer has pointed out, 0.88.6 is available in the -current tree. Is there any supported way of getting 0.88.6 via ports? Or are people running production systems installed from -RELEASE versions never supposed to benefit from newer port versions? thanks, Robert Urban
Re: how to get new port versions when following 4.0-patch
On Mon, Dec 11, 2006 at 01:12:15PM +0100, Robert Urban wrote:
Is there any supported way of getting 0.88.6 via ports?
If you're following the -stable branch, you will receive security
(and, as of late, some feature) updates to your ports tree. If you
want/need a feature that isn't backported to -stable but is in
-current, you have to do the (unsupported) backporting yourself.
Or are people running production systems installed from -RELEASE
versions never supposed to benefit from newer port versions?
You get the new ports when you update your system to the next
release.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
pf firewall dropping packets?
Hi All, Just got an issue with a pf firewall dropping packets. Well it *appears* to be dropping packets, but I don't think it really is. The sypmtoms are, if I run 'mtr' to www.google.co.uk I get: Hostname Last 42 pings 1. bristol-office-gw.netsig . 2. 213.133.67.242 ....?...????? 3. fa0-0-4.bris1.as8553.net 4. so-0-2-1.lon1.as8553.net . 5. 195.66.224.125 . 6. 216.239.43.120 . 7. 72.14.233.81 . 8. 216.239.43.34. 9. nf-in-f147.google.com. Scale: .:2 ms 1:5 ms 2:8 ms 3:15 ms a:33 ms b:50 ms c:80 ms The pf firewall is the 2nd hop (213.133.67.242) running OpenBSD 3.9/ i386 with pair of onboard intel gigabit NICS (em). So it *looks* like the firewall is dropping packets destined to it, but not through it. I looked closer, and it looks like mtr judges the connectivity of each hop by making sure if gets a ttl exceeded message back. If I ping 213.133.67.242 directly, or ping 213.133.67.245 which is the carp0 address then it works fine. So I guess the question is, under what circumstances would OpenBSD start dropping ICMP ttl exceeded messages back to the sender? Currently the firewall seems to be doing 2-4000 pps. Any ideas? -Matt -- Matt Hamilton [EMAIL PROTECTED] Netsight Internet Solutions, Ltd.Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Design | Zope/Plone Development Consulting | Co-location | Hosting
Re: apache and mysql5.022 on openBSD
Thanks for the info. Minh --- Robert [EMAIL PROTECTED] wrote: K H A I wrote: Dear Friends, I have problem running php script with querry and mysql. under openbsd4.0 php sqlqurery.php works fine. but when i run over web browser, it does not recognise the hostname which return mysql_error() function. unknown hostname xx.yyy.zzz How do i tackle this issue? for openbsd the config file for apache under /var/www/conf/httpd.conf and by default mysql is under /var/mysql and the socket is /var/run/mysql/myqsl.sock I have change for my.conf to reflect the new socket connection to /var/www/run/mysql/mysql.sock and the problems still exists. Any info is greatly appreciated. Minh. I'll leave the mysql-user jokes to someone else. You should do your homework first, before crying for help on the ml! Check mailinglist-archives, man pages, faq... google and even the apache or mysql-docs would have helped you! You know your problem... Apache cannot resolve hostnames. How does dns resolving work on a unix-like operating system? (simple version...) - look at /etc/resolv.conf - man resolv.conf first line usualy is: lookup file bind - what file? /etc/hosts - man hosts - bind? that points to the nameserver line in /etc/resolv.conf - there is a nameserver some ip line in /etc/resolv.conf? usualy there is So your system has all this? But why doesn't it work? It works for other stuff. Whats different? Oy! Apache is chrooted in /var/www by default. - man chroot Where does Apache look for the resolv.conf? Right! /etc/resolv.conf *the register making its sound repeatedly* (or not) By now you have read the chroot manpage and/or by looking at the faq know that for the chrooted apache / is /var/www and when it looks for /etc/resolv.conf it actualy tries the files /var/www/etc/resolv.conf ... Feel educated! (If you are guessing, the educative part was: Do your homework first! ) -Robert [Sorry list, but perhaps such an explenation will be found easier in the futur by uneducated searches. ;)] If you are still reading, short copy'n'pastable version: sudo mkdir -p /var/www/etc sudo cp /etc/resolv.conf /var/www/etc/ sudo cp /etc/resolv.conf /var/www/etc/ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index
Re: problem to chroot ftp users
Hi, Hmm, look for some funny chars, missing newlines or spurious whitespace in ftpchroot: vis -tl /etc/ftpchroot Thanks for the hint, I have done that, but everything looks good, tried with an empty newline at the end, and with the last user at the last line, but without a differernce, no chroot. If that doesn't help, I can only suggest to add some debug code around the handling of the dochroot variable in ftpd.c well, I'll go and do that. kind regards Sebastian
php and ldap
having installed php and phpldapadmin the later tells me that my php configuration appears to be missing ldap support. To httpd.conf I have added AddType application/x-httpd-php .php I did: cd /var/www/htdocs ln -s ../phpldapadmin-0.9.7 phpldapadmin then mkdir /var/www/tmp chown www:daemon /var/www/tmp chmod 1755 /var/www/tmp and # /usr/local/sbin/phpxs -a ldap of course I have changed my /var/www/phpldapadmin-0.9.7/config.php according to my needs. Did I forget anything? Thanks for help Harry
Re: ahem... skype on o'bsd
the proof ;) http://www.aei.mpg.de/~pau/skype.png I don't have any contacts under that nickname; therefore the list is empty... Anyway... I would like to employ something like ekiga instead but I see that there is not a package for it and I didn't find it in the ports tree... Cheers, Pau 2006/12/11, Vim Visual [EMAIL PROTECTED]: Hi Matt, yes, I can sign-in and I can see all my contacts etc. However, I get an skype has experienced a database error; and I am afraid the solution is to run the programme as root, which I don't like at all. I am looking for a solution... Maybe the groups file Anyway I cannot check it out because I am having some trouble with the micro configuration in my o'bsd crashbox... and I do not have much time to play around with these things. In any case you can try yourself. Download the static binary and then use linux emulation with the following libraries: ld-linux.so.2 libGL.so.1 libICE.so.6 libSM.so.6 libX11.so.6 libXau.so.6 libXcursor.so.1 libXext.so.6 libXfixes.so.3 libXft.so.2 libXmu.so.6 libXrandr.so.2 libXrender.so.1 libXt.so.6 libXxf86vm.so.1 libasound.so.2 libc.so.6 libdl.so.2 libdrm.so.2 libexpat.so.0 libexpat.so.1 libfontconfig.so.1 libfreetype.so.6 libgcc_s.so.1 libm.so.6 libpthread.so.0 librt.so.1 libstdc++.so.5 I can send you the libraries if you wish (makes 2MB) but don't want to overload the mailing list with... spam :) in any case I would like to listen to what people think of using skype on an o'bsd system. Let's make the axiom that skype is not malware/spyware etc (as they state on their page). We have to blindly trust them because it's CLOSED; they give you a binary. Now... what happens when you start a conversation over skype? Does this make your system more vulnerable? attackable? I'm just learning... thanks Pau -- Forwarded message -- From: Matt Hildebrand [EMAIL PROTECTED] Date: 11/12/2006 06:36 Subject: Re: ahem... skype on o'bsd To: [EMAIL PROTECTED] I did this too a while ago (on 3.9-release, I think), and skype would even start up, but it would crash during sign-in. Have you had more success? If so, I'm sure the list would be interested... :-) Best, -Matt On 12/10/06, Vim Visual [EMAIL PROTECTED] wrote: I know, I know... but I was just curious... I just wanted to know whether it's possible and I simply wanted to report here that I successfully installed the static binary on my o'bsd crashbox... I just had to look for the libraries good night Pau
What it this mean?
i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem?
Re: php and ldap
On 12/11/06, Dr. Harry Knitter [EMAIL PROTECTED] wrote: having installed php and phpldapadmin the later tells me that my php configuration appears to be missing ldap support. To httpd.conf I have added AddType application/x-httpd-php .php I did: cd /var/www/htdocs ln -s ../phpldapadmin-0.9.7 phpldapadmin then mkdir /var/www/tmp chown www:daemon /var/www/tmp chmod 1755 /var/www/tmp and # /usr/local/sbin/phpxs -a ldap of course I have changed my /var/www/phpldapadmin-0.9.7/config.php according to my needs. Did I forget anything? You've installed the proper php5-ldap package for your arch / version? You've restarted apache after running phpxs? DS
i810-series video BIOS + 855GM resolution
Hi, I plan to install o'bsd 4.0 on a fujitsu siemens laptop which has a screen of 1280x768 pixels. With GNU/Linux this was always a pain and I had to manually patch the VBIOS because otherwise only 1024x768 are recognised. I would like to ask around whether somebody has such a chipset and what's the workaround in o'bsd. In GNU/linux I am using all the time the patch provided by deyzarc. See: http://www.leog.net/fujp_forum/topic.asp?ARCHIVE=trueTOPIC_ID=5371 Seemingly this has been tested on FreeBSD successfully and also NetBSD. But I am uncertain regading o'bsd. Cheers, Pau
Re: ahem... skype on o'bsd
Hi, On Dec 11, 2006, at 6:15 PM, Vim Visual wrote: the proof ;) http://www.aei.mpg.de/~pau/skype.png I don't have any contacts under that nickname; therefore the list is empty... I would be careful with Skype. My father's Mandriva Linux PC was trojaned using an outdated version of Skype as entry point. Maybe you should post a systrace policy along with how to use Skype in OpenBSD ;-) regards, Tobias W.
Re: i810-series video BIOS + 855GM resolution
Vim Visual wrote: I plan to install o'bsd 4.0 on a fujitsu siemens laptop which has a screen of 1280x768 pixels. With GNU/Linux this was always a pain and I had to manually patch the VBIOS because otherwise only 1024x768 are recognised. I would like to ask around whether somebody has such a chipset and what's the workaround in o'bsd. Use the x11/915resolution port.
Re: php and ldap
Am Montag, 11. Dezember 2006 18:14 schrieb Darren Spruell: On 12/11/06, Dr. Harry Knitter [EMAIL PROTECTED] wrote: having installed php and phpldapadmin the later tells me that my php configuration appears to be missing ldap support. To httpd.conf I have added AddType application/x-httpd-php .php I did: cd /var/www/htdocs ln -s ../phpldapadmin-0.9.7 phpldapadmin then mkdir /var/www/tmp chown www:daemon /var/www/tmp chmod 1755 /var/www/tmp and # /usr/local/sbin/phpxs -a ldap of course I have changed my /var/www/phpldapadmin-0.9.7/config.php according to my needs. Did I forget anything? You've installed the proper php5-ldap package for your arch / version? yes (all from packages) You've restarted apache after running phpxs? yes Harry
Re: i810-series video BIOS + 855GM resolution
I know this 915resolution (there's also a binary package btw) but I don't like it because I very often use a external screen and when using 915resolution somehow X doesn't get the required resolution for it... in GNU/Linux... but since this is all about X and the o'bsd developers unfortunately didn't rewrite X, I guess it should be the same problem... Has anybody tested that patch? 2006/12/11, Dimitry Andric [EMAIL PROTECTED]: Vim Visual wrote: I plan to install o'bsd 4.0 on a fujitsu siemens laptop which has a screen of 1280x768 pixels. With GNU/Linux this was always a pain and I had to manually patch the VBIOS because otherwise only 1024x768 are recognised. I would like to ask around whether somebody has such a chipset and what's the workaround in o'bsd. Use the x11/915resolution port.
Re: problem to chroot ftp users
Hi, Hmm, look for some funny chars, missing newlines or spurious whitespace in ftpchroot: vis -tl /etc/ftpchroot yes, after some more fiddling, I checked again, and there were trailing whitespaces behind the user names, on both hosts. removing them, fixed the problem. I did not expected these whitespaces to be that evil. thanks a lot Sebastian
OpenBSD 4.0 seems to be very picky about USB mass storage devices
Hi * ! After upgrading my X40 from 3.9 to 4.0 I have problems mounting a specific USB stick. Running OpenBSD 3.9 I see some errors when accessing this USB stick after it is plugged in: sd1 at scsibus2 targ 1 lun 0: USB, Flash Disk, 2.00 SCSI2 0/direct removable sd1: 62MB, 62 cyl, 64 head, 32 sec, 512 bytes/sec, 127744 sec total sd1(umass1:1:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present But I can mount the stick. After upgrading to OpenBSD 4.0 the system sets the USB mass storage device to offline: umass0 at uhub3 port 3 configuration 1 interface 0 umass0: vendor 0x0204 product 0x6025, rev 2.00/1.00, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: USB, Flash Disk, 2.00 SCSI2 0/direct removable sd0: drive offline And of cause this action I am not able to access the USB stick: # disklabel sd0 disklabel: ioctl DIOCGDINFO: Input/output error Using an othe USB stick - which doesnt print the Medium Not Present on OpenBSD 3.9 - there is no problem with this stick: umass0 at uhub3 port 3 configuration 1 interface 0 umass0: TTI-WDE U20 Mobile Disk, rev 2.00/2.00, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: USB 2.0, Mobile Disk, 2.00 SCSI2 0/direct removable sd0: 125MB, 125 cyl, 64 head, 32 sec, 512 bytes/sec, 256000 sec total Is it possible to enforce a more relaxed handling of the problematic USB stick or should I just backup the data (under OpenBSD 3.9) and throw the stick away? Thanks for your help. Andreas. P.S.: OpenBSD 3.9 and 4.0 are using the GENERIC kernel. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy?
Re: php and ldap
Did I forget anything? You've installed the proper php5-ldap package for your arch / version? yes (all from packages) You've restarted apache after running phpxs? Does phpinfo show ldap support? make a script that just has ? print phpinfo(); ? and open it from a browser, If ldap support doesn't show there, try typing from command line: $ php ? print phpinfo(); ? ^d and see if ldap support shows there. If it shows up when run from CLI, but not from web browser, try a hard stop of apache and restart it. If that still doesn't do it, check /var/www/conf/php.ini for ldap support. --Bryan
802.11n or MIMO G
I need a little help from misc@ I am in search of a mPCI Device that supports MIMO. I found this device on Google http://www.sparklan.com/product_details.php?prod_id=29 however I am unclear of a north American vendor to purchase it from. Does OpenBSD have support for MIMO g or even pre draft 802.11 n? I noticed that the ral(4) manpage eludes to MIMO, but if what supported devices have MIMO? if anyone know of any others please let me know, I would like to buy a few Sam Fourman Jr.
Re: ahem... skype on o'bsd
Right: Skype is completely closed source, and the developers have admitted that the only reason it is not open source, is because the security is too weak. See http://www.theregister.co.uk/2004/06/15/voip_and_skype/page3.html and look at the bottom: Would he[Niklas Zennstrom, co-founder of Skype] make Skype open-source? No - that would make its strong 1024 bit encryption and security vulnerable: We could do it but only if we re-engineered the way it works and we don't have the time right now. This is merely security by obscurity. According to a security analysis presented at BlackHat, the code is protected with many layers of obfuscation and encryption, intended to prevent reversing. Here is relevant sections of the EULA( http://www.skype.com/company/legal/eula/): 4.1 *Utilization of Your computer.* You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between Skype Software users. So, basically, you accept the fact that Skype will use any and all resources to facilitate communication. How does anyone know that there is not a backdoor that can bes used to access any machine running Skype. On 12/11/06, Tobias Weisserth [EMAIL PROTECTED] wrote: Hi, On Dec 11, 2006, at 6:15 PM, Vim Visual wrote: the proof ;) http://www.aei.mpg.de/~pau/skype.png I don't have any contacts under that nickname; therefore the list is empty... I would be careful with Skype. My father's Mandriva Linux PC was trojaned using an outdated version of Skype as entry point. Maybe you should post a systrace policy along with how to use Skype in OpenBSD ;-) regards, Tobias W. -- If I am laughing, check your backups.
Re: i810-series video BIOS + 855GM resolution
Can you still use 11/915resolution on a device that says Driver not configured? my dmesg follows Sam Fourman Jr. OpenBSD 4.0-current (GENERIC) #1172: Sun Oct 22 20:45:57 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2506000613 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1667, 1000 MHz real mem = 526544896 (514204K) avail mem = 472330240 (461260K) using 4256 buffers containing 26451968 bytes (25832K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(e5) BIOS, date 02/17/09, BIOS32 rev. 0 @ 0xfd610, SMBIOS rev. 2.4 @ 0xdc010 (42 entries) bios0: LENOVO CAPELL VALLEY(NAPA) CRB pcibios0 at bios0: rev 2.1 @ 0xfd610/0x9f0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdee0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xe600! 0xce800/0x1000 0xdc000/0x4000! 0xe/0x1800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03: aperture at 0xd020, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 5.0), HDA version 1.0 azalia0: RIRB time out audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02 pci2 at ppb1 bus 2 wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: irq 7, address 00:18:de:2c:a8:a3 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 5 ehci0: timed out waiting for BIOS usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci3 at ppb2 bus 3 rl0 at pci3 dev 1 function 0 Realtek 8139 rev 0x10: irq 10, address 00:0f:b0:cc:44:41 rlphy0 at rl0 phy 0: RTL internal PHY cbb0 at pci3 dev 4 function 0 ENE CB-1410 CardBus rev 0x01pci_intr_map: no mapping for pin A : couldn't map interrupt Ricoh 5C832 Firewire rev 0x00 at pci3 dev 6 function 0 not configured sdhc0 at pci3 dev 6 function 1 Ricoh 5C822 SD/MMC rev 0x19: irq 5 sdmmc0 at sdhc0 Ricoh 5C843 rev 0x01 at pci3 dev 6 function 2 not configured Ricoh 5C592 Memory Stick rev 0x0a at pci3 dev 6 function 3 not configured Ricoh 5C852 xD rev 0x05 at pci3 dev 6 function 4 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HTS541080G9SA00 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GMA-4082N, HA01 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x02: irq 10 iic0 at ichiic0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pcic0 at isa0 port 0x3e0/2 iomem
Re: i810-series video BIOS + 855GM resolution
Sam Fourman Jr. wrote: Can you still use 11/915resolution on a device that says Driver not configured? ... vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03: aperture at 0xd020, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured You probably mean that pci0 dev 2 device? As far as I know, that's the second head, and there's no way at the moment to get at its video BIOS. Maybe newer versions of X.org have a workaround for this, but you'll have to wait a while before these can be tried out...
bridge with carp
Hi list,
I am testing a bridge with carp and pf. My plan has been that I am
controlling the bridge-status with ifstated.
The network looks like that:
|OpenBSD4.0|
/ \
-|cisco-switch|- -|cisco-switch|-
\ /
|OpenBSD4.0|
The machines are two Sun Fire V120.
The ifstated (started with -d -vv) destroys not the bridges as wanted:
snip --- ifstated.conf
state primary {
init {
run ifconfig carp0 advskew 10
run ifconfig carp1 advskew 10
run ifconfig bridge0 up
}
if ! $net
set-state demoted
}
state demoted {
init {
run ifconfig carp0 advskew 254
run ifconfig carp1 advskew 254
run ifconfig bridge0 destroy
}
if $net
set-state primary
}
state promoted {
init {
run ifconfig carp0 advskew 0
run ifconfig carp1 advskew 0
}
if $peer || ! $net
set-state backup
}
state backup {
init {
run ifconfig carp0 advskew 100
run ifconfig carp1 advskew 100
run ifconfig bridge0 destroy
}
snap -- ifstated.conf---
the carp-devices are cofigured as follow:
# cat /etc/hostname.carp0
inet 192.168.1.1 255.255.255.0 192.168.1.255 vhid 1 carpdev gem0 pass
intrageheim
# cat /etc/hostname.carp1
inet 192.168.3.50 255.255.255.0 192.168.3.255 vhid 2 carpdev gem1 pass
wangeheim
The networking-interfaces are configured as bridges
Sometimes one of the machines is ending in an Kernel-Panic:
ddb trace
data_access_fault(e0017b58, 30, 1067764, 0, 10, 0) at
data_access_fault+0x2c0
trapbase(0, 50, 2b12d80, 0, 0, 2) at trapbase+0x87ac
gem_rint(2b02000, ff, ff00, ff00, ff, 4cd0) at
gem_rint+0x2c8
gem_intr(2b02000, 0, e0017ec8, 0, 1067c20, 2) at gem_intr+0xec
sparc_interrupt(2b02000, 1, 80206910, 272c5c70, 1067c20, 77a10) at
sparc_interr
upt+0x20c
gem_ioctl(0, 80206910, 272c5c70, 272c5c70, 0, 0) at gem_ioctl+0x1d8
ifioctl(cc4afe0, 80206910, 272c5c70, cc1c9a0, 100a2a4, 0) at
ifioctl+0x384
sys_ioctl(0, 272c5dd0, 272c5dc0, 0, 0, 180e408) at sys_ioctl+0x10c
syscall(272c5ed0, 36, 10bae8, 10baec, 0, 0) at syscall+0x280
softtrap(3, 80206910, fffe5c90, 0, 0, 0) at softtrap+0x184
ps:
PID PPID PGRPUID S FLAGS WAIT COMMAND
* 1058 19020 1058 0 7 0x4006 ifconfig
27647 26750 27647 0 3 0x4086 ttyin ksh
19020 7773 19020 0 3 0x4086 pause ksh
26750 5255 26750 0 3 0x4084 select sshd
7773 5255 7773 0 3 0x4084 select sshd
25076 1 25076 0 3 0x40184 select sendmail
28111 1 28111 0 3 0x4086 ttyin ksh
10610 1 10610 0 30x84 select cron
5255 1 5255 0 30x84 select sshd
19645 1 19645 0 3 0x184 select inetd
20885 14264 14264 83 3 0x184 poll ntpd
14264 1 14264 0 30x84 poll ntpd
15461 1146 1146 74 3 0x184 bpfpflogd
1146 1 1146 0 30x84 netio pflogd
10786 23975 23975 73 2 0x184 syslogd
23975 1 23975 0 30x8c netio syslogd
12 0 0 0 30x100204 crypto_wa crypto
11 0 0 0 30x100204 aiodoned aiodoned
10 0 0 0 30x100204 syncer update
9 0 0 0 30x100204 cleanercleaner
8 0 0 0 30x100204 reaper reaper
7 0 0 0 30x100204 pgdaemon pagedaemon
6 0 0 0 30x100204 pftm pfpurge
5 0 0 0 30x100204 usbevt usb1
4 0 0 0 30x100204 usbtsk usbtask
3 0 0 0 30x100204 usbevt usb0
2 0 0 0 30x100204 kmallockmthread
1 0 1 0 3 0x4084 wait init
0 -1 0 0 3 0x80204 scheduler swapper
---
I think the problem is because of carp-advertisments, that are looped by
the bridges.
I tried several configurations: bridge with carp- and physical
interfaces, interfaces gem0 and gem1 with and without ip-adress. pf was
disabled during the tests.
Did i something wrong with the configuration? Or something forgotten?
regards,
Marcus
Finding missing udp packets?
I have an OpenVPN server running on OpenBSD 3.8 (x86). I've been having intermitten problems with it and reconnection problems. It's openvpn out of ports for 3.8. I have it down to right now, sporadically, the OpenVPN server thinks it is sending UDP packets (and in the logs makes note that it has) but I cannot see them leaving the external interface... What can I do to track down where this is going wrong? Is there some way to see if OpenBSD is taking this packet and then losing it? I am just not sure where to look next. I've watched it happen, and the traffic is very low, the utlization is like so: load averages: 0.40, 0.54, .60 38 processes: 37 idle, 1 on processor CPU states: 2.7% user, 0.0% nice, 3.7% system, 1.6% interrupt, 92.0% idle Memory: Real: 678M/824M act/tot Free: 684M Swap: 0K/3072M used/tot The strange part is that it works fine for a while, then suddenly starts up with this behavior... We've had this happen with clients on all different platforms (windows / mac / linux). We have an upgrade to OpenBSD 4.0 set for the first few weeks of next year... I've another 3.8 machine running this fine with no problems whatsoever... Any pointers would be great and very appreciated. I've tried the OpenVPN lists, but no help there OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 1609588736 (1571864K) avail mem = 1461350400 (1427100K) using 4278 buffers containing 80580608 bytes (78692K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(49) BIOS, date 05/19/04, BIOS32 rev. 0 @ 0xfd5b6 pcibios0 at bios0: rev 2.1 @ 0xfd520/0xae0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/352 (20 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02 ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq 5, address: 00:09:6b:7f:70:93 ppb1 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci2 at ppb1 bus 2 em1 at pci2 dev 2 function 0 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em1: The EEPROM Checksum Is Not Valid em1: Unable to initialize the hardware em2 at pci2 dev 2 function 1 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em2: The EEPROM Checksum Is Not Valid em2: Unable to initialize the hardware uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 5300ESB USB rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 11 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb2 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci3 at ppb2 bus 3 vga1 at pci3 dev 2 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) fxp0 at pci3 dev 8 function 0 Intel 82557 rev 0x0c, i82550: irq 11, address 00:0e:0c:50:d7:c4 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8482B, 1.02 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd0 at pciide0 channel 1 drive 0: Maxtor 6Y080M0 wd0: 16-sector PIO, LBA, 76324MB, 156312576 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 Intel 6300ESB SMBus rev 0x02 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0
Re: i810-series video BIOS + 855GM resolution
On Monday 11 December 2006 11:47, Dimitry Andric wrote: Sam Fourman Jr. wrote: Can you still use 11/915resolution on a device that says Driver not configured? ... vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03: aperture at 0xd020, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured You probably mean that pci0 dev 2 device? As far as I know, that's the second head, and there's no way at the moment to get at its video BIOS. Maybe newer versions of X.org have a workaround for this, but you'll have to wait a while before these can be tried out... It might be totally unrelated but I read similar regarding some Matrox multi-head cards when using the stock X.org drivers (rather than the Matrox blobs). None the less, I've got both heads working, and without xinerama. The trick was being picky about how I wrote my xorg.conf -After reading the monitor and matrox card docs to see what modes they actually support, I used gtf(1) to figure out exact settings for the modes I wanted to enable. (dmesg and xorg.conf below) Hard coding the modes with all correct timing settings *might* be a solution to the original posters' question about getting the non-typical mode working on his laptop. It worked for me. Good luck. JCR xorg.conf Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/:unscaled FontPath /usr/X11R6/lib/X11/fonts/100dpi/:unscaled FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/local/share/ghostscript/fonts/ FontPath /usr/local/lib/X11/fonts/ghostscript/ FontPath /usr/local/lib/X11/fonts/terminus/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/local/share/fonts/override/ FontPath /usr/local/share/fonts/ EndSection Section Module Load dbe Load extmod Load glx Load record Load xtrap Load freetype Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol wsmouse Option Device /dev/wsmouse Option ZAxisMapping 4 5 6 7 EndSection Section Modes Identifier WideModes # 1280x800 @ 85.00 Hz (GTF) hsync: 71.40 kHz; pclk: 123.38 MHz Mode 1280x800_85.00 DotClock123.38 HTimings1280 1368 1504 1728 Vtimings800 801 804 840 Flags -HSync +Vsync EndMode # 1600x1000 @ 85.00 Hz (GTF) hsync: 89.25 kHz; pclk: 194.21 MHz Mode 1600x1000_85.00 DotClock194.21 HTimings1600 1712 1888 2176 VTimings1000 1001 1004 1050 Flags -HSync +Vsync EndMode # 1600x1000 @ 95.00 Hz (GTF) hsync: 100.32 kHz; pclk: 219.90 MHz Mode 1600x1000_95.00 DotClock219.90 HTimings1600 1720 1896 2192 VTimings1000 1001 1004 1056 Flags -HSync +Vsync EndMode # # 1600x1000 @ 100.00 Hz (GTF) hsync: 105.90 kHz; pclk: 232.13 MHz # Mode 1600x1000_100.00 # DotClock232.13 # HTimings1600 1720 1896 2192 # VTimings1000 1001 1004 1059 # Flags -HSync +Vsync # EndMode # # 1600x1000 @ 105.00 Hz (GTF) hsync: 111.51 kHz; pclk: 246.21 MHz # Mode 1600x1000_105.00 # DotClock246.21 # HTimings1600 1728 1904 2208 # VTimings1000 1001 1004 1062 # Flags -HSync +Vsync # EndMode # 1600x1024 @ 85.00 Hz (GTF) hsync: 91.38 kHz; pclk: 198.83 MHz Mode 1600x1024_85.00 DotClock198.83 HTimings1600 1712 1888 2176 VTimings1024 1025 1028 1075 Flags -HSync +Vsync EndMode # 1600x1024 @ 90.00 Hz (GTF) hsync: 97.02 kHz; pclk: 212.67 MHz Mode 1600x1024_90.00 DotClock212.67 HTimings1600 1720 1896 2192 VTimings1024 1025 1028 1078 Flags -HSync +Vsync EndMode # 1600x1024 @ 95.00 Hz (GTF) hsync: 102.79 kHz; pclk: 225.32 MHz Mode 1600x1024_95.00 DotClock225.32 HTimings1600 1720 1896 2192 VTimings1024 1025 1028 1082
Re: bridge with carp
On 2006/12/11 21:13, Marcus Artmann wrote: I am testing a bridge with carp and pf. |OpenBSD4.0| / \ -|cisco-switch|- -|cisco-switch|- \ / |OpenBSD4.0| you don't need CARP on a bridging firewall. you can still use pfsync. you may want to mark the bridge ports STP... (-current can run RSTP and converge faster).
Re: What it this mean?
On 12/11/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote: i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem? This is not nearly enough information to even begin guessing what the problem is, except that it's something to do with Perl, and looking at http://netpointmexico.com I see that it's a webmail system written in Perl. It's probably a bug in that, potentially one that OpenBSD (if you're even running OpenBSD) exposes? Try again. -Nick
any experience with UNO-2160 Universal Network Controller?
Hi, I'm consdering a UNO-2160 Universal Network Controller as a DSL firewall/router. This is an embedded PC with a 400MHz Celeron processor, 256 or 512MB memory, and a 20-30GB disk. (It's overpowered for my purposes, but used ones seem to be pretty cheap.) Does anyone have any experience with OpenBSD on one of these boxen? The specifications at http://www.elektronik-systeme.psoft.at/Advantech/UNO2160.pdf and further ones found via google say that the network ports use a Realtek 8139 chipset, so they should be ok. thanks, ciao, -- -- Jonathan Thornburg -- remove -animal to reply [EMAIL PROTECTED] Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam
Re: Finding missing udp packets?
On 12/11/06, Bill [EMAIL PROTECTED] wrote: I have an OpenVPN server running on OpenBSD 3.8 (x86). I've been having intermitten problems with it and reconnection problems. It's openvpn out of ports for 3.8. I have it down to right now, sporadically, the OpenVPN server thinks it is sending UDP packets (and in the logs makes note that it has) but I cannot see them leaving the external interface... What can I do to track down where this is going wrong? Is there some way to see if OpenBSD is taking this packet and then losing it? You didn't say if PF is enabled, or if so what you're doing with it, but if so you might find 'pfctl -x loud' useful. Note that the output will show in your kernel logs. DS
Re: What it this mean?
On 12/11/06, Nick Guenther [EMAIL PROTECTED] wrote: On 12/11/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote: i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem? This is not nearly enough information to even begin guessing what the problem is, except that it's something to do with Perl, and looking at http://netpointmexico.com I see that it's a webmail system written in Perl. It's probably a bug in that, potentially one that OpenBSD (if you're even running OpenBSD) exposes? I suspect you are on the right track. My best guess with the complete lack of info is that /var/www/tmp is missing (ie chrooted apache). --Bryan
Re: httpd segmentation fault in 3.9
The funny thing is that i can run that phpmyadmin version on another OpenBSD 3.9 i have running somewhere else , same php version and modules, i just can't figure out what's wrong here on this one . And the link you show me shows the same error with many different versions of php and apache, so what would be a solution for this problem? Anybody else expiriencing this rare problems? Regards, Marcos Laufer - Original Message - From: Andrew Pantyukhin [EMAIL PROTECTED] To: Marcos Laufer [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Monday, November 27, 2006 7:29 AM Subject: Re: httpd segmentation fault in 3.9 On 11/26/06, Marcos Laufer [EMAIL PROTECTED] wrote: Hi there, i'm noticing crashes in httpd. I installed phpMyAdmin-2.7.0p0 from packages, configured it with http auth , and when i access it with a browser sometimes the httpd gets crashed: [Sun Nov 26 13:48:03 2006] [notice] child pid 6618 exit signal Segmentation fault (11) [Sun Nov 26 13:48:04 2006] [notice] child pid 20635 exit signal Segmentation fault (11) The OS is OpenBSD 3.9 stable, GENERIC kernel . httpd is chrooted. I downloaded an newer version of phpMyAdmin from their site (2.9.1.1) and an older one (2.6.0pl2) and that crash doesn't happen. We have the very same crash with Apache+PHP on FreeBSD and it's clearly php related. There are similar bug reports [1] everywhere. Consider it an average programming error, although it might be directly related to php.ini settings. [1] http://bugs.php.net/bug.php?id=24592
Re: diskless kernel config
I tried something similar, because I wanted to see if I could mount an NFS partition from my Soekris, running OpenBSD, but I couldn't get it to work. I also couldn't get NFS support to compile properly, so I left it snip I've had no problem getting a 4.0-current (upgraded from 3.8-current, through 3.9-current) system (Soekris NET4801-50) working in just this way. NFS kernel supplied from a CF based filesystem on one Soekris box, root and swap on a NAS device. Boxes are mounted in the neat kd85.com rack-mount case (Thanks Wim!). Kernel is built using a quick patch: --- GENERIC Thu Jun 8 12:04:42 2006 +++ GENERIC.NFS Tue Jun 13 12:13:35 2006 @@ -39,7 +39,7 @@ #optionNTFS# Experimental NTFS support # or use root on nfs swap on nfs -config bsd swap generic +config bsd root on nfs swap on nfs dmesg- OpenBSD 4.0-current (GENERIC.NFS) #0: Wed Nov 29 21:20:53 EST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.NFS cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133787648 (130652K) avail mem = 114622464 (111936K) using 1663 buffers containing 6811648 bytes (6652K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 6 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c1:4f:34 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c1:4f:35 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c1:4f:36 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered isa0 at gscpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask fbe5 netmask ffe5 ttymask ffe7 pctr: no performance counters in CPU nfs_boot: using interface sis0, with revarp bootparams nfs_boot: client_addr=ZZZ.ZZZ.ZZZ.3 nfs_boot: server_addr=ZZZ.ZZZ.ZZZ.1 hostname=soekris2.X root on ZZZ.ZZZ.ZZZ.1:/bsd-root swap on ZZZ.ZZZ.ZZZ.1:/bsd-root/swap
Software inventory management
Sudenly there is an improved desire to keep up to date on the latest security fixes at work. I've got about 50 machines that I manage. OpenBSD, FreeBSD, Linux, Solairs, and HP-UX. I am looking for recomendations for a (hopefully automed), prefereably web based tool to keep up with what versions of OS, OS patches, and ports are installed on these machines. Could anyone with experience using such a tool share their experience, both good and bad for such [ackages? -- Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
apmd resume + xlock
I've read the apmd and xlock man pages and am having trouble getting xlock to start after a resume. I created the file /etc/apm/resume and chmod 755. But for some reason, it doesn't run on resume. Permissions are root/wheel. On a weird note, when I ran sudo apmd rather then letting apmd start on boot xlock worked but it locked as root and not my logged in user. Does anyone have any suggestions on how to get xlock to start on a resume. The contents of /etc/apm/resume are: #!/bin/sh xlock -mode matrix Thanks in advance.
Newbie question - out of date script
3 questions from a newbie who would appreciate any help. Question 1) What is the proper way to check to see if my ports are updated? I've been using the out-of-date script. Question 2) I have all my port sources updated to stable but when I run the out-of-date script I find many problems: Outdated ports: graphics/cairo # png-1.2.12 - png-1.2.12p0 graphics/gdk-pixbuf # png-1.2.12 - png-1.2.12p0 graphics/gwenview # lib/qt3/qt-mt.30.0,qt3-mt-3.5p6 - lib/qt3/qt- mt.30.2,qt3-mt-3.5p8 graphics/imlib # png-1.2.12 - png-1.2.12p0 graphics/libkipi # lib/qt3/qt-mt.30.0,qt3-mt-3.5p6 - lib/qt3/qt-mt.30.2,qt3-mt-3.5p8 print/ghostscript/afpl# png-1.2.12 - png-1.2.12p0 x11/gtk+2 # png-1.2.12 - png-1.2.12p0 x11/kde/arts3 # lib/qt3/qt-mt.30.0,qt3-mt-3.5p6 - lib/qt3/qt-mt.30.2,qt3-mt-3.5p8 x11/kde/libs3 # lib/qt3/qt-mt.30.0,qt3-mt-3.5p6 - lib/qt3/qt-mt.30.2,qt3-mt-3.5p8 x11/qt3 # png-1.2.12 - png-1.2.12p0 Errors: textproc/libxml,-python Fatal: Subpackage -python does not exist. (in textproc/libxml) If I do a #pkg_info | grep png I get: png-1.2.12p0library for manipulating PNG images So I have the updated png package installed, so why are the other ports saying I need to update png? Question 3) How can I fix the python error? Again. Thanks to anyone that takes the time to explain things to me. Grand
Re: What it this mean?
On Mon, 2006-12-11 at 15:47 -0800, Bryan Irvine wrote: On 12/11/06, Nick Guenther [EMAIL PROTECTED] wrote: On 12/11/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote: i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem? This is not nearly enough information to even begin guessing what the problem is, except that it's something to do with Perl, and looking at http://netpointmexico.com I see that it's a webmail system written in Perl. It's probably a bug in that, potentially one that OpenBSD (if you're even running OpenBSD) exposes? I suspect you are on the right track. My best guess with the complete lack of info is that /var/www/tmp is missing (ie chrooted apache). --Bryan To both commentators: http://www.seas.ucla.edu/classes/mkampe/cs111.sq05/docs/bsd.html Excellent reading! Bill -- Incompetence is our watchword - John Peel
Re: diskless kernel config
On Tue, 2006-12-12 at 11:26 +1100, Craig Barraclough wrote: I tried something similar, because I wanted to see if I could mount an NFS partition from my Soekris, running OpenBSD, but I couldn't get it to work. I also couldn't get NFS support to compile properly, so I left it snip I've had no problem getting a 4.0-current (upgraded from 3.8-current, through 3.9-current) system (Soekris NET4801-50) working in just this way. I was talking about 3.8. Tried configuring GENERIC with NFS support but it failed, and I just didn't feel like going into the details at that time (unaware of the mass of details that bsd.rd / miniroot was going to throw at me;). NFS kernel supplied from a CF based filesystem on one Soekris box, root and swap on a NAS device. Boxes are mounted in the neat kd85.com rack-mount case (Thanks Wim!). Kernel is built using a quick patch: --- GENERIC Thu Jun 8 12:04:42 2006 +++ GENERIC.NFS Tue Jun 13 12:13:35 2006 @@ -39,7 +39,7 @@ #option NTFS# Experimental NTFS support # or use root on nfs swap on nfs -config bsd swap generic +config bsd root on nfs swap on nfs You're right. The motivation for dropping the DISKLESS kernel config, according to a CVS log message (if I remember it well), was indeed a line like now replaced by a single line in GENERIC. Still, mounting / on NFS doesn't seem to be considered the standard procedure it is with e.g. Debian/GNU Linux, and isn't documented extensively - in the FAQ or elsewhere. I'd be happy to do that, _if I find time_. Some day I'll try setting up the diskless environment again, if only for fun education. Maybe some nice doc will spin off of it. Bill -- Incompetence is our watchword - John Peel
