Re: Authenticate squid in Active Directory

[Leonardo Rodrigues]

Hummm, I wish I had seen this patch earlier. Anyway, when I need
winbind, I just edit squid's Makefile and add winbind configure
args...
As Eduardo said, why not have a winbind flavor for the squid package?

-- 
An OpenBSD user... and that's all you need to know =)

GDM-2.18.2 XFCE4.4.1 issue at OpenBSD 4.2-stable-i386

[Jon Garate]

Hello people @ misc,
I've successfully built both the -stable base system and the X system 
(xenocara) and I'm trying to setup GDM properly to combine with XFCE4. 
Right now, XFCE4 works after issuing startx command (I've configure 
.xinitrc properly apparently).
I've done some research in the net and everywhere I could but I don't 
seem to get it working through GDM login. Can anybody shed some light in 
setting up .xinitrc/.xsession or whatever files I need to get it running 
properly?


thanks in advance, jon.

Re: GDM-2.18.2 XFCE4.4.1 issue at OpenBSD 4.2-stable-i386

[Landry Breuil]

On Feb 5, 2008 9:49 AM, Jon Garate [EMAIL PROTECTED] wrote:
 Hello people @ misc,
 I've successfully built both the -stable base system and the X system
 (xenocara) and I'm trying to setup GDM properly to combine with XFCE4.
 Right now, XFCE4 works after issuing startx command (I've configure
 .xinitrc properly apparently).

with /usr/local/bin/startxfce4 i suppose ?

 I've done some research in the net and everywhere I could but I don't
 seem to get it working through GDM login. Can anybody shed some light in
 setting up .xinitrc/.xsession or whatever files I need to get it running
 properly?

See http://wiki.xfce.org/faq#starting_xfce, section 'Setting up GDM'

Landry

OT but funny

[ropers]

My apologies, I know, I'm sending WAY more OT emails than technical
ones right now, but I just **had** to share this:

http://www.osnews.com/images/comics/wtfm.jpg

brigde(4) RSTP problem or vendor bad implementation?

[Jordi Espasa Clofent]

Hi all,

I need to build a redundant FW layer; because of the present network 
structure, the FW should be bridges. No option in this point .. :'(


My idea is to get redundancy using RSTP (Rapid Spanning Tree Protocol) 
in the switches; so, the picture will be:


SWITCH 1
/  \
   /\
  /  \
FW1--pfsync--FW2
  \  /
   \/   
\  /
SWITCH2
   |
   |
MY NETWORK

* Switch[1|2] and FW[1|2] has the RSTP active.
* FW1 and FW2 using a dedicated Xover link (pfsync)

I mount a box attached to switch1 and another one attached to switch2 to 
make my tests. And I get:


	* if I don't use the FW-bridge (only a wire) the switches use perfectly 
the RSTP.
	* if I use the FW-bridge, the RSTP only works for a while (4/8 
minutes). Passing this time, RSTP dead and you get a wonderful and 
terrific loop.


I've sniffed the traffic in both bridges NICs with tcpdump(1) and it's 
clear: while the RSTP is working all it's fine. But, suddenly, RSTP 
packets doesn't appear any more and the evil loop comes. ??


The traffic generated for these tests has been a simple ping and iperf 
between boxes attached to switch1 and switch2 respectively.


I don't know any reasons for that ugly behaviour. The fact is that the 
switches works fine between them (they never suffers loops), but if you 
put the OpenBSD bridges you get the described fail. I only see three the 
options at these point:


* the bridge(4) RSTP implementation has a bug. I don't believe in this 
option.


* the switches RSTP implementation is bad. The switches are D-Link 3024.

* the bridge(4) configuration is bad.

--
Thanks,
Jordi Espasa Clofent

Re: GDM-2.18.2 XFCE4.4.1 issue at OpenBSD 4.2-stable-i386

[Landry Breuil]

On Feb 5, 2008 1:38 PM, Jon Garate [EMAIL PROTECTED] wrote:
 Jon Garate(e)k dio:

  Landry Breuil(e)k dio:
  On Feb 5, 2008 9:49 AM, Jon Garate [EMAIL PROTECTED] wrote:
 
  Hello people @ misc,
  I've successfully built both the -stable base system and the X system
  (xenocara) and I'm trying to setup GDM properly to combine with XFCE4.
  Right now, XFCE4 works after issuing startx command (I've configure
  .xinitrc properly apparently).
 
 
  with /usr/local/bin/startxfce4 i suppose ?
 
 
  I've done some research in the net and everywhere I could but I don't
  seem to get it working through GDM login. Can anybody shed some
  light in
  setting up .xinitrc/.xsession or whatever files I need to get it
  running
  properly?
 
 
  See http://wiki.xfce.org/faq#starting_xfce, section 'Setting up GDM'
 
  Landry
 
 
 
  Thanks, I already knew the startxfce4 method., which manually works.
  I've also taken a look at xfce's wiki site and tried setting
  Xfce.desktop in the folders mentioned, which didn't work.
  I also tried including Xfce.desktop in /usr/local/share/xsessions/
  (which is where gnome.desktop is located) and configured it with the
  same permissions as gnome.desktop, still no success. I also tried
  setting exec startxfce4 in both .xinitrc and .xsession files with
  proper permissions, guess what, no success. GDM keeps trying
  gnome(fail), then gnome failsafe(fail) and then xterm failsafe.
  Looks like some permissions of some file aren't correct but I just
  can't figure out. I include my Xfce.desktop file in here, just if it
  helps:
 
  [Desktop Entry]
  Encoding=UTF-8
  Name=Xfce 4.4 Session
  Comment=Xfce 4.4 Session
  Exec=/usr/local/bin/startxfce4
  Type=Application
 
  Jon
 
 
 Ok, I just found the solution. As stated in this archive post:
 http://archives.neohapsis.com/archives/openbsd/2007-11/0662.html

 If you install gdm from the package system, by default makes the file
 Xsession in /etc/X11/gdm non executable. After changing execute
 permissions (chmod +x) all the standart procedures (setting up .desktop
 files, etc...) worked just fine. Just wondering if the package system
 guys can change this up? :-)

It is already fixed in -current. I've also just added an xfce4.desktop
file to xfce4-session package, now it's provided by default.

Landry

Re: Authenticate squid in Active Directory

[Lars Noodén]

David Gwynne wrote:


pretty sure he would. it's useful.


Running squid against an authentication service is useful.  Yes.

Allowing AD near any part of your infrastructure is the opposite of 
useful and results in a net loss of productivity.  No.


LDAP+Kerberos is one tried and true option, but there are others 
nowadays.  Don't confuse AD with a useful tool or with an authentication 
service


-Lars

Re: GDM-2.18.2 XFCE4.4.1 issue at OpenBSD 4.2-stable-i386

[Jon Garate]

Jon Garate(e)k dio:

Landry Breuil(e)k dio:

On Feb 5, 2008 9:49 AM, Jon Garate [EMAIL PROTECTED] wrote:
 

Hello people @ misc,
I've successfully built both the -stable base system and the X system
(xenocara) and I'm trying to setup GDM properly to combine with XFCE4.
Right now, XFCE4 works after issuing startx command (I've configure
.xinitrc properly apparently).



with /usr/local/bin/startxfce4 i suppose ?

 

I've done some research in the net and everywhere I could but I don't
seem to get it working through GDM login. Can anybody shed some 
light in
setting up .xinitrc/.xsession or whatever files I need to get it 
running

properly?



See http://wiki.xfce.org/faq#starting_xfce, section 'Setting up GDM'

Landry


  
Thanks, I already knew the startxfce4 method., which manually works. 
I've also taken a look at xfce's wiki site and tried setting 
Xfce.desktop in the folders mentioned, which didn't work.
I also tried including Xfce.desktop in /usr/local/share/xsessions/ 
(which is where gnome.desktop is located) and configured it with the 
same permissions as gnome.desktop, still no success. I also tried 
setting exec startxfce4 in both .xinitrc and .xsession files with 
proper permissions, guess what, no success. GDM keeps trying 
gnome(fail), then gnome failsafe(fail) and then xterm failsafe.
Looks like some permissions of some file aren't correct but I just 
can't figure out. I include my Xfce.desktop file in here, just if it 
helps:


[Desktop Entry]
Encoding=UTF-8
Name=Xfce 4.4 Session
Comment=Xfce 4.4 Session
Exec=/usr/local/bin/startxfce4
Type=Application

Jon



Ok, I just found the solution. As stated in this archive post:
http://archives.neohapsis.com/archives/openbsd/2007-11/0662.html

If you install gdm from the package system, by default makes the file 
Xsession in /etc/X11/gdm non executable. After changing execute 
permissions (chmod +x) all the standart procedures (setting up .desktop 
files, etc...) worked just fine. Just wondering if the package system 
guys can change this up? :-)


Jon

Re: vmware tools

[Richard Wilson]

Marco Peereboom wrote:
 I recall seeing a post on a port for native vmware tools on openbsd.  I
 can't find that email to save my life.  Does anyone recall it that can
 send it to me?

   
Is this what you're looking for?
Date:   Wed, 12 Sep 2007 17:07:30 +0200
From:   Martin Schrvder [EMAIL PROTECTED]
To: misc@openbsd.org misc@openbsd.org



VMware is announcing the release of large portions of VMware Tools
for Linux, Solaris and FreeBSD guests under GPL and GPL-compatible
licenses. VMware is also announcing the creation of the Open Virtual
Machine Tools (open-vm-tools) project on Sourceforge.net. This will
become the home for ongoing development.

http://open-vm-tools.sourceforge.net/faq.php

Yes, it's GPL and not BSD. But maybe in the future an OBSD client
won't need FreeBSD emulation.

Best
   Martin



HTH,

Si1entDave

Re: Authenticate squid in Active Directory

[andre]

 Allowing AD near any part of your infrastructure is the opposite of
 useful and results in a net loss of productivity.  No.
 
 LDAP+Kerberos is one tried and true option, but there are others
 nowadays.  Don't confuse AD with a useful tool or with an authentication
 service


This has to be one of the most ignorant posts I've read in a while... 

-Andre

Re: Authenticate squid in Active Directory

[Lars Noodén]

[EMAIL PROTECTED] wrote:
[blather]

Obviously you've had no contact with AD or the cruftware it is infesting.

So what standards-based authentication service would you propose besides 
LDAP+Kerberos?  Hesiod?  Shibboleth?


-Lars

vmware tools

[Marco Peereboom]

I recall seeing a post on a port for native vmware tools on openbsd.  I
can't find that email to save my life.  Does anyone recall it that can
send it to me?

MyBazaar.ws - Big Carding NETWORK

[MyBazaar.ws]

 Checkout http://www.mybazaar.ws Big Carding Bazaar Vendors and Members
Lot of Tutorials.

Re: vmware tools

[Kurt Miller]

On Tuesday 05 February 2008 9:21:51 am Marco Peereboom wrote:
 I recall seeing a post on a port for native vmware tools on openbsd.  I
 can't find that email to save my life.  Does anyone recall it that can
 send it to me?

It's a bit old and crusty but here's one I did for 3.8:

http://www.intricatesoftware.com/OpenBSD/ports/3.8/vmware_tools.tgz

I no longer use vmware so I never committed it.

-Kurt

Découvrez nos offres de lancement !

[REFERENSIS]

Si cet e-mail n'apparant pas correctement, vous pouvez le consulter ici :
Voir le message

[IMAGE]

[IMAGE]

Visiter le site SYNTHES'3D

Dicouvrez Referensis.fr

Referensis. par SYNTHES'3D.
265 Chemin de la Commune
06550 La Roquette S/Siagne
FRANCE

Standard : +33 (0)4 89 75 23 96
Fax : +33 (0)8 25 27 69 50
E-mail : [EMAIL PROTECTED]

495 075 822 RCS Cannes

Referensis . est un nouvel annuaire, innovant, haut de gamme, fortement
midiatisi, de rifirencement des meilleurs prestataires pour les
entreprises.

Il a iti ricemment diveloppi et lanci lors du salon des Micro-Entreprises
2007 au Palais des Congrhs de Paris. Dij` plus de 50 entreprises se sont
inscrites en quelques jours !

Offres de Lancement ` - 50 %
Inscrivez-vous jusqu'au 15/03/2008 !

De l'inscription de base payable une fois pour une prisence permanente
` l'abonnement Premium
Il y en a pour tous les go{ts et tous les budgets !

Binificiez donc immidiatement d'une visibiliti trhs haut de gamme !
Faites exploser votre chiffre d'affaires !

En parallhle de nos activitis de service en Communication et Promotion
pour le monde du BtoB, nous avons lanci le nouveau service Referensis qui
vous permettra d'jtre dimarchi sans effort par des entreprises qui ont
des besoins en prestations de service.

5 bonnes raisons de s'inscrire aujourd'hui !

1. Referensis - Des offres de lancements ` - 50 %

Toute entreprise se doit de promouvoir son image sur Internet ! Les 5
diffirentes offres de lancement Referensis vous permettent de vous
rifirencer quelquesoit votre budget !
De l'inscription de base (seulement 25 euros HT une seule fois pour une
prisence permanente au lieu de 50 euros HT) ` l'inscription Premium
Partenaire de l'Annie, binificiez d'une visibiliti trhs haut de gamme `
la carte et faites exploser votre chiffre d'affaires !

2. Referensis - Une stratigie innovante

Le concept d'annuaire n'est pas innovant en soit ! Vous le savez... Nous
le savons ! Notre innovation riside dans notre stratigie : un mode de
promotion et de campagne marketing ilitiste.
En itant prisent sur Referensis.fr, vous vous garantissez une prisence
midiatique trhs forte. Vous serez alors en premihre ligne pour jtre
choisi par des entreprises qui ont des besoins en adiquation avec ce que
vous proposez.

3. Referensis - Une politique de qualiti pluttt que de quantiti

A la diffirence de tous les autres annuaires, nous ne souhaitons pas
inonder l'entreprise qui recherche un prestataire par des centaines de
pritendants mais pluttt lui proposer les meilleurs. C'est pourquoi nous
prifirons peu de membres mais de qualiti pluttt que beaucoup de membres
lambda. Cette politique ilitiste permet aux inscrits de Referensis d'jtre
prisentis comme les meilleurs de leurs domaines.

4. Referensis - Du haut de gamme avant tout

Sans aucune publiciti et entihrement didii aux professionnels et au monde
du BtoB, Referensis est un annuaire entihrement payant, de l'inscription
de base ` l'inscription Premium. Termini les contacts douteux et non
fiables d'un annuaire classique ! Referensis vous garantit ainsi une
qualiti de contacts et d'entreprises dont leur souhait a iti de se
diffirencier des autres.

5. Referensis - Une force marketing redoutable

S'inscrire sur Referensis, c'est choisir de mettre votre sociiti sous les
feux des projecteurs ! Referensis lance des campagnes d'e-mailing
friquentes et extrjmement importantes (entre 600 000 et 1 200 000
prospects touchis ` chaque lancement). Referensis est igalement prisenti
sur les salons professionnels (Salon des Micro Entreprises en Octobre
2007).

Rendez-vous donc immidiatement sur www.referensis.fr
pour crier un compte pour votre sociiti.
C'est rapide et votre sociiti apparant instantaniment sur Referensis !

Au plaisir de vous compter parmi nos futurs membres !



Vous pouvez visiter le site de SYNTHES'3D en cliquant ici .

Vous pouvez vous inscrire grauitement sur Referensis.fr en cliquant ici .

N'hisitez pas ` nous contacter par e-mail ou par tiliphone au +33 (0)4 89
75 23 96

Si vous ne souhaitez plus recevoir cette newsletter, disinscription.

Suivez ce lien pour vous disinscrire

CREA-PROMO.COM vous offre l'étude eMarketing de votre site commercial !

[charles-henri]

Ce courriel vous est envoyi par www.crea-promo.com - S'il ne s'affiche pas
correctement Cliquez sur ce lien
http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXB09XB00AVlxb


http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXB09XB00AVlxb

 Pour recommander ce message ` un ami, Cliquez sur
http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXBk9XB00AVlxb 

 Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978
relative ` l'informatique, aux fichiers et aux libertis, Vous
disposez d'un droit d'acchs, de rectification des donnies nominatives
vous concernant. Diclaration CNIL N0 1260916

 Si vous souhaitez difinitivement ne plus recevoir de courriel de
www.crea-promo.com : Cliquez sur
http://www.crea-promo.com/lists/lt.php?id=MEoEUgZXCU9XB00AVlxb

 

 

 



--
Powered by PHPlist, www.phplist.com --

CREA-PROMO.COM vous offre l'étude eMarketing de votre site commercial !

[charles-henri]

Ce courriel vous est envoyi par www.crea-promo.com - S'il ne s'affiche pas
correctement Cliquez sur ce lien
http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBU9XA00AVlxb


http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBU9XA00AVlxb

 Pour recommander ce message ` un ami, Cliquez sur
http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRBE9XA00AVlxb 

 Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978
relative ` l'informatique, aux fichiers et aux libertis, Vous
disposez d'un droit d'acchs, de rectification des donnies nominatives
vous concernant. Diclaration CNIL N0 1260916

 Si vous souhaitez difinitivement ne plus recevoir de courriel de
www.crea-promo.com : Cliquez sur
http://www.crea-promo.com/lists/lt.php?id=MEoEXwJRB09XA00AVlxb

 

 

 



--
Powered by PHPlist, www.phplist.com --

Fin de votre Inscription

[Charles-Henri de crea-promo.com]

   Nous sommes disoli de vous voir partir.

   Vous ne faites plus parti de notre base.

   C'est le dernier message que vous recevez de nous.   Nous vous avons
ajouti ` notre Liste noire, ce qui signifie que notre systhme ne pourra
plus vous envoyer tout autre courrier ilectronique, sans intervention
manuelle de notre administrateur.

   S'il y a une erreur dans ces informations, vous pouvez vous riabonner:
   Veuillez aller ` http://www.crea-promo.com/lists/?p=subscribe et suivez
les itapes.

   Merci

Re: WAP setup problems

[Stefan Kell]

Hi,

On Mon, 4 Feb 2008, Brian Richardson wrote:


...snip...

My dhcpd.conf is as follows:

--
shared-network LOCAL-NET {
  option domain-name example.org;
  option domain-name-servers 192.168.1.1;

  subnet 192.168.1.0 netmask 255.255.255.0 {
  option routers 192.168.1.1;
  range 192.168.1.32 192.168.1.127;
  }

  host laptop {
  hardware ethernet 00:de:ad:be:ef:00;
  fixed-address 192.168.1.10;
  }
}

shared-network WIRELESS-NET {
  option domain-name example.org;
  option domain-name-servers 192.168.1.1;

  subnet 192.168.2.0 netmask 255.255.255.0 {
  option routers 192.168.2.1;
  range 192.168.2.32 192.168.2.127;
  }

  host laptop-wireless {
  hardware ethernet 11:de:ad:be:ef:11;
  fixed-address 192.168.2.10;
  }
}
--

 snup 


Did you try using one shared-network with two different subnets? You can
find an example within man dhcpd.conf.

Regards

Stefan Kell

Re: Authenticate squid in Active Directory

[Jonathan Franks]

On Feb 5, 2008, at 10:32 AM, Lars Noodin wrote:


[EMAIL PROTECTED] wrote:
[blather]

Obviously you've had no contact with AD or the cruftware it is
infesting.

So what standards-based authentication service would you propose
besides LDAP+Kerberos?  Hesiod?  Shibboleth?

-Lars


I think Andre's point, which I happen to agree with, is that the OP
may well not have control over what authentication system is in use.
It is a sad but undeniable fact that Windows networks are ubiquitous,
and having tools to interface with them would increase usability and
provide a real alternative to proprietary closed source options.
Given the choice, I'd prefer not to use AD. Given the choice I'd
elect not to use windows at all. Sometimes that's just not an option,
and I'm not rich enough to turn down the work.

I won't argue either way for the inclusion of the patch, as I have no
real information about it, but to simply reject the idea of AD
authentication may be tempting, but it really does smack of denial.
Does AD suck major ass? Absolutely. Is it in extremely wide use by
companies who wouldn't even consider moving away from it? Absolutely.
Would it be useful to have squid authenticate to AD?  Absolutely.

Should this be included. ?  Maybe, maybe not. There are other
tools available, some work better than others. I rather like the
flexibility of Squid, and I am prepared to state that if this were
included, I'd use it.

On the other hand, I have Squid running on OpenBSD as a proxy at one
location now, and simply provide separate proxies based on AD OU's
using group policy. It's not elegant, but it works.

-Jonathan

Turning NTFS on in GENERIC kernels

[STeve Andre']

   For some time now, I've been using the NTFS code in GENERIC.  Lately
I've been subjected to an ever increasing number of Windows Sheep who
have infected themselves.  My proceedure these days is to take the disk
out of the machine and stuff it into mine, mount it and extract data
before scrubbing the mindless thing and starting over...

   From my experience NTFS read-only access to disks has been flawless.
I think the largest amount of data I've extracted has been about 70G.
Given that XP systems essentially demand NTFS, having the ability to
read it is crucial when dealing with the hapless.

   I'd like to suggest that NTFS be enabled by default in GENERIC;
I realize that it can't be in the boot media because of size, but for
general work not having to compile a non-standard kernel would be a
win for a lot of people.  Making it read-only as the default would
be the way to do it.

   If anyone has had a disaster reading NTFS data I'd like to hear it.


--STeve Andre'

Re: Turning NTFS on in GENERIC kernels

[Marco Peereboom]

Bah!  I don't want NTFS enabled by default.

On Tue, Feb 05, 2008 at 06:49:58PM -0500, STeve Andre' wrote:
For some time now, I've been using the NTFS code in GENERIC.  Lately
 I've been subjected to an ever increasing number of Windows Sheep who
 have infected themselves.  My proceedure these days is to take the disk
 out of the machine and stuff it into mine, mount it and extract data
 before scrubbing the mindless thing and starting over...
 
From my experience NTFS read-only access to disks has been flawless.
 I think the largest amount of data I've extracted has been about 70G.
 Given that XP systems essentially demand NTFS, having the ability to
 read it is crucial when dealing with the hapless.
 
I'd like to suggest that NTFS be enabled by default in GENERIC;
 I realize that it can't be in the boot media because of size, but for
 general work not having to compile a non-standard kernel would be a
 win for a lot of people.  Making it read-only as the default would
 be the way to do it.
 
If anyone has had a disaster reading NTFS data I'd like to hear it.
 
 
 --STeve Andre'

Re: Turning NTFS on in GENERIC kernels

[Edd Barrett]

Hi,

On Feb 5, 2008 11:49 PM, STeve Andre' [EMAIL PROTECTED] wrote:
I'd like to suggest that NTFS be enabled by default in GENERIC;
 I realize that it can't be in the boot media because of size, but for
 general work not having to compile a non-standard kernel would be a
 win for a lot of people.  Making it read-only as the default would
 be the way to do it.

How much bigger does the kernel get when you add this functionality?


-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: Turning NTFS on in GENERIC kernels

[Josh Grosse]

On Tue, Feb 05, 2008 at 06:49:58PM -0500, STeve Andre' wrote:
 ...If anyone has had a disaster reading NTFS data I'd like to hear it.

It's not a *disaster* but I did have a failure to copy a file fron an NTFS
partition ... just now.  On a kernel built from cvs as of last night.

It's a 5GB file, and the error occurred after about 580MB.  It produced 
a kernel message, and my cp command stopped, but that was the only impact.
My circumvention will be to pump it through the network, instead.

Error from my dmesg:

ntfs_readattr: offset too big: 595591168 (595656704)  595634176
ntfs_read: ntfs_readattr failed: 7

So NTFS may work most of the time, but I think it is still experimental.  

(This is neither a complaint nor a problem report.  Just an experience
that coincided with your posting to misc@, STeve.)

Re: Authenticate squid in Active Directory

[Brett Lymn]

On Tue, Feb 05, 2008 at 05:32:48PM +0200, Lars Nood?n wrote:
 
 Obviously you've had no contact with AD or the cruftware it is infesting.
 

Looks like you have not had much either.

 So what standards-based authentication service would you propose besides 
 LDAP+Kerberos?  Hesiod?  Shibboleth?
 

AD is based on standards.  They use LDAP+kerberos plus a bit of DNS to
allow the kerberos to locate the kerberos infrastructure automatically
- something that the non-windows world sadly lacks.  The database is
automatically replicated with tombstoning of records - again something
the non-windows world lacks.  MS may have bastardised some parts of
kerberos and DNS to get AD working but it mostly works pretty much
automatically and can scale up without requiring too much extra admin,
something I have yet to see happen in the opensource world.

I don't like AD but, big picture wise, it does have some attributes
that would be good to adopt (attributes, not implimentation).  Bagging
it without offering a solid alternative is just pointless rhetoric.
But given the domain you appear to be posting from I guess there is
already somewhat of a mindset going on anyway.

-- 
Brett Lymn
Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer.

Re: WAP setup problems

[Brian Richardson]

Stefan Kell wrote:

Did you try using one shared-network with two different subnets? You can
find an example within man dhcpd.conf.

Yes, I did, with the same effect.

Brian

compat_linux(8) has 2GB filesize limit in 4.2-stable

[Glenn Mulvaney]

I'm running a linux binary via compat_linux(8) built from 
ports/emulators/fedora in 4.2-stable.  Emulated binaries can't create or 
read files  2GB regardless of limits or login class.  Does anyone have 
advice on how to remove this limit?



-Glenn

Re: Turning NTFS on in GENERIC kernels

[STeve Andre']

On Tuesday 05 February 2008 19:19:41 Edd Barrett wrote:
 Hi,

 On Feb 5, 2008 11:49 PM, STeve Andre' [EMAIL PROTECTED] wrote:
 I'd like to suggest that NTFS be enabled by default in GENERIC;
  I realize that it can't be in the boot media because of size, but for
  general work not having to compile a non-standard kernel would be a
  win for a lot of people.  Making it read-only as the default would
  be the way to do it.

 How much bigger does the kernel get when you add this functionality?

paladin / ll bsd*
-rwxr-xr-x  1 root  wheel  6549193 Feb  1 16:10 bsd*
-rwxr-xr-x  1 root  wheel  6549193 Feb  1 16:10 bsd.mp*
-rwxr-xr-x  1 root  wheel  6549193 Jan 29 19:35 bsd.mp.last*
-rwxr-xr-x  1 root  wheel  6507939 Feb  1 16:10 bsd.ntfs*
-rw-r--r--  1 root  wheel  5075779 Oct 26 17:20 bsd.rd
-rwxr-xr-x  1 root  wheel  6504378 Feb  1 16:10 bsd.sp*
-rwxr-xr-x  1 root  wheel  6504282 Jan 29 19:35 bsd.sp.last*
-rwxr-xr-x  1 root  wheel  6507843 Jan 29 19:34 bsd.sp.ntfs.last*

Re: compat_linux(8) has 2GB filesize limit in 4.2-stable

[Philip Guenther]

On Feb 5, 2008 6:27 PM, Glenn Mulvaney [EMAIL PROTECTED] wrote:
 I'm running a linux binary via compat_linux(8) built from
 ports/emulators/fedora in 4.2-stable.  Emulated binaries can't create or
 read files  2GB regardless of limits or login class.  Does anyone have
 advice on how to remove this limit?

Can that Linux binary create and read files larger than 2GB on a
*Linux* system?  If it doesn't use 64bit capable syscalls, then
there's nothing the BSD compat layer can do about it.  As a
counter-example, a quick check shows that a 'cat' binary from RHEL AS
4 has no problems with a file over 4GB in size, but strace/ktrace show
that it uses the Linux fstat64() call, etc.

(Hmm, do the compat_linux versions of the 32bit-only syscalls return
EOVERFLOW like the Linux ones would on files 2GB?  I don't _see_ code
to check that...)


Philip Guenther

multi-disk external scsi enclosures

[Douglas A. Tutty]

I'm wondering how scsi external arrays work in OpenBSD.  This is in
relation to my low-MHz box search.  Sata drives have too fast a clock
rate so it will be scsi.

I did an eBay search and found Sun and HP arrays, then went and got the
doc pdfs.  They all talk about running software on Solaris or
HP-UX/Windws, respectivly, to configure and monitor the arrays.  

How does this work in OpenBSD?

Thanks,

Doug.

Re: multi-disk external scsi enclosures

[ropers]

On 06/02/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote:
 I'm wondering how scsi external arrays work in OpenBSD.  This is in
 relation to my low-MHz box search.  Sata drives have too fast a clock
 rate so it will be scsi.

Why not conventional IDE (aka (P)ATA)?
Isn't that much more available and better tested/supported?

regards,
--ropers

Re: Turning NTFS on in GENERIC kernels

[ropers]

On 06/02/2008, STeve Andre' [EMAIL PROTECTED] wrote:
For some time now, I've been using the NTFS code in GENERIC.  Lately
 I've been subjected to an ever increasing number of Windows Sheep who
 have infected themselves.  My proceedure these days is to take the disk
 out of the machine and stuff it into mine, mount it and extract data
 before scrubbing the mindless thing and starting over...

From my experience NTFS read-only access to disks has been flawless.
 I think the largest amount of data I've extracted has been about 70G.
 Given that XP systems essentially demand NTFS, having the ability to
 read it is crucial when dealing with the hapless.

I'd like to suggest that NTFS be enabled by default in GENERIC;
 I realize that it can't be in the boot media because of size, but for
 general work not having to compile a non-standard kernel would be a
 win for a lot of people.  Making it read-only as the default would
 be the way to do it.

If anyone has had a disaster reading NTFS data I'd like to hear it.

Apologies for my clueless question, just curious here:

Does anyone know where that NTFS support code for OpenBSD hails from?
I'm just asking because I know that on the Linux side there's NTFS-3G
( http://en.wikipedia.org/wiki/NTFS-3G ), which is stable and allows
safe NTFS reading and writing. OTOH, NTFS-3G is base on FUSE, wich
AFAIK doesn't exist for OpenBSD. NetBSD has PUFFS which according to
Wikipedia ( http://en.wikipedia.org/wiki/Filesystem_in_Userspace ) is
their FUSE-equivalent and they apparently support NTFS-3G with that.

A mature NTFS read/write ability does seem like a useful thing to me,
so I wonder where the OpenBSD NTFS code stems from ((and whether there
might be anyybody (qualified) interested in making the NTFS-3G code
work under OpenBSD)).

Thanks and kind regards,
--ropers

Re: Turning NTFS on in GENERIC kernels

[Antti Harri]

Funny thing, I haven't really *ever* used NTFS (on
any OS) but couple of days ago I wanted to transfer
file to NTFS partition and couldn't because the kernel
lacked the driver. So instead of recompiling kernel I copied it over
to USB stick also because the file was very small.

On Wed, 6 Feb 2008, ropers wrote:


Does anyone know where that NTFS support code for OpenBSD hails from?
I'm just asking because I know that on the Linux side there's NTFS-3G
( http://en.wikipedia.org/wiki/NTFS-3G ), which is stable and allows
safe NTFS reading and writing. OTOH, NTFS-3G is base on FUSE, wich
AFAIK doesn't exist for OpenBSD. NetBSD has PUFFS which according to
Wikipedia ( http://en.wikipedia.org/wiki/Filesystem_in_Userspace ) is
their FUSE-equivalent and they apparently support NTFS-3G with that.


There's also Fuse for FreeBSD: http://fuse4bsd.creo.hu/


A mature NTFS read/write ability does seem like a useful thing to me,
so I wonder where the OpenBSD NTFS code stems from ((and whether there
might be anyybody (qualified) interested in making the NTFS-3G code
work under OpenBSD)).


--
Antti Harri

Re: Authenticate squid in Active Directory

[Andre van Zyl]

 Obviously you've had no contact with AD or the cruftware it is infesting.


More than enough to call you out on the ignorant, unsubstantiated crap
you're posting. 

Please show me the proof that my customers are experiencing a net loss of
productivity because their squid boxes authenticate to AD. Or, for that
matter, the transcript of a meeting where you have convinced the management
at a company with 8000 windows clients and a couple of hundred windows
servers that they should just drop Microsoft because you think *AD* isn't
up to scratch...  
 
Obviously you've had no contact with an environment larger than your home
network. Windows networks are the majority in the corporate world as far as
end-user infrastructure goes, and they're not going anywhere anytime soon.
I, for one, have accepted the reality, and adapted.   

 So what standards-based authentication service would you propose besides
 LDAP+Kerberos?  Hesiod?  Shibboleth?
 

Well, it sounds like the OP or his cusomer has a Windows network, so how
about uh... AD??? 


-Andre

boot failed after configurating raid1

[Kasparens]

Hello!
I am configuring software raid1 mirror on openbsd 4.2
(http://www.argon18.com/raid_openbsd.html)
Everything is fine in config process,after I finished and reboot server, I
cannot log in and get error message:
init:cannot exec getty '/usr/libexec/getty' on port /dev/ttyC2
what was wrong?

I have 2 Sata 400Gb Hdd with adaptec 1210sa controler
-- 
View this message in context: 
http://www.nabble.com/boot-failed-after-configurating-raid1-tp15306177p15306177.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.