Vpn between OpenBSD and a mac

[openbsd]

Hi, i tried the software IPSECURITAS, it doesn't work for me, perhaps i ve
a problem with my /etc/ipsec.conf file.
Can you please take a look on my ipsec.conf file ?

I tried it with an other third software : VPN tracker, it works, but i
can't access ressources like servers... a problem with pf.conf file ?
(I can ping hosts, but no ressource like vnc or rdp)

Here my files :

ipsec.conf :
##
ike dynamic from any to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes psk ITisAfake

pf.conf :

int=rl1
server=192.168.6.2
set skip on lo
set skip on enc0
set block-policy drop
nat on egress - egress
block log all

#VPN
pass in on egress proto udp from any to egress port 500
pass in on egress proto udp from any to egress port 4500
pass in on egress proto esp from any to egress

pass inet proto icmp all icmp-type {echoreq unreach}

#FW OUT
pass out on egress proto tcp from egress 
pass out on egress proto udp from egress


pass in on $int proto tcp from $int:network to any port \
{ 80 443 110 }
pass in on $int proto udp from $int:network to any port 53
pass in on $int proto tcp from $int:network to smtp.orange.fr \
port 25


Thank's.

Re: Printing schemas

[J.C. Roberts]

On Sat, 24 Apr 2010 17:56:14 -0500 Ed Ahlsen-Girard eagir...@cox.net
wrote:

 On Sat, 24 Apr 2010 16:19:23 -0500
 Todd Alan Smith tas-misc-open...@puesnada.us wrote:
 
  On Sat, Apr 24, 2010 at 3:47 PM, Ed Ahlsen-Girard eagir...@cox.net
  wrote:
   I'm looking specifically ay how to print to a USB printer that is
   hanging off an XP box.
  
  Then why didn't you mention that in your first post?
 
 Because I wanted the more general information.

Printing is one of those Black Magic topics where the people who know
it think it's easy, and the people who don't know it cower in fear. In
your case, you've got four options:

1.) If supported by the printer, attach the printer to the network.
2.) Use a print sever device to attach the USB/parallel printer to
your network.
3.) Use windows file/printer sharing and samba to access it.
4.) Use LPR Service on windows, but be cautious about pass-through
http://support.microsoft.com/kb/150930

There's also a the fifth option of attaching the printer directly to
your UNIX box (parallel, serial, or USB), but that was outside of your
request, and often requires packages to get non-postscript printers
working correctly.

The first option above is usually the easiest, particularly if the
printer understands postscript. The first two requirements for
purchasing a printer should be supporting postscript, and having a
network connection. Unfortunately, most consumer-level printers do not
have these options. 

If you have consumer-level junk, then an option is a cheap print
server device. These typically have an RJ-45 (either 10Mbit or
10/100Mbit) along with one or more parallel, serial and USB ports. It's
a nice answer if you don't want a workstation running all the time and
they typically provide LPD and ms-windows shares.

The third option is use a workstation running windows along with
windows print/file sharing. On the unix side, use samba to access the
share. You may or may not need additional packages depending on the
printer itself.

The last option is using the microsoft LPD Service but you need to be
cautious about how it is configured. At times, windows makes the wrong
decision and actually prints the raw postscript text out. It really
depends on how the LPD client is sending data to the LPD Service, and
some LPD clients are not very standards compliant.


Considering all the strange consumer-level devices out there, and all
the vendor provided crapware they often require to run correctly, the
topic is difficult to cover beyond the basics above. You might need
packages like CUPS, apsfilter, enscript, ghostscript, and others to get
consumer-level printers working correctly regardless of how they are
connected. --Avoiding this nonsense is why network and postscript
support in the printer is *REALLY* desirable.

Lastly, if you want to use a windows client system with a networked
LPD-only printer (e.g. no windows shares), configuring windows is
entirely anti-intuitive. You have to select local printer then add
port and then fill in the details, even though the printer is not
local by any stretch of the imagination.

jcr

-- 
The OpenBSD Journal - http://www.undeadly.org

OpenBSD as L2TP client

[Paolo Supino]

Hi

  A client asked me to setup a low cost router to connect to the Internet.
His current Internet connection requires his router to connect to the ISP
using L2TP protocol. I've looked through the archives and ports tree for a
similar posting, but found none...
Is anyone using  OpenBSD as an L2TP client to connect to the Inernet (or
knows a solution)?



--
TIA
Paolo

Re: Premature end of archive

[J.C. Roberts]

On Thu, 22 Apr 2010 17:56:48 +0700 sonjaya sonj...@gmail.com wrote:

 Length: 1516336 (1.4M), 1139856 (1.1M) remaining
 
 24% [
 ] 376,480 38.8K/s   in 9.6s
 
 2010-04-22 17:53:34 (38.1 KB/s) - Data connection: Connection reset by
 peer; Control connection closed.
 Retrying.
 
 
 then i check in sonicwall
 
 12  UTC 04/22/2010 10:52:56.032 Alert Security Services Gateway
 Anti-Virus Alert: Mytob.Crypter (Worm) blocked 78.41.115.130, 51671,
 X3 192.168.xxx.10, 13305, X5
 
 ha ha so the trouble maker is sonicwall 

Signature based detection has always been flawed, and worse, as the
volume of malware increases, so does the number of illegal byte
sequences. The result is obvious; more and more stuff will be blocked
due to false positives.

Using encryption (ssh, scp, ssl) is a way around this problem, and if
it does happen when using encryption, then just change to using a
different cypher (resulting in a different byte sequence).

jcr

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: Printing schemas

[Otto Moerbeek]

On Sat, Apr 24, 2010 at 06:04:38PM -0500, Ed Ahlsen-Girard wrote:

 Subject:Re: Printing schemas
 On 2010-04-24 21:16:48 bofh goodb0fh () gmail ! com wrote:
 
  Actually, scratch that, shouldn't you read the faq and/or use google?
 
 The FAQ has nothing to say about printer setup, and certainly makes no
 recommendations.  The Google-hit articles that address printing are
 fairly old and/or written by people who don't appear to be close to the
 OpenBSD or any BSD.  I wanted to know what the developers do.

In more detail, I have a postscript printer attached with usb to my
home server running lpd. My home server is a landisk device running
some services I'd like to have always on. It's power consumption is
about 3W, less than your typical gigabit ethernet card. 

It perfectly serves my printing needs. I try to avoid any printer that
needs special drivers.

-Otto

 
 I've already setup lpd on the XP box, but there's certainly more to it
 than that.  The more to it is what I'm looking for.
 
 -- 
 
 Edward Ahlsen-Girard
 Ft Walton Beach, FL

unreferenced files from MySQL.

[Andreas Gerdd]

Hello.
I noticed some unreferenced files from MySQL in my daily output mail;
However, i don't have anything in /tmp or /var/tmp to check/fix the
problem with fsck.

Does this mean i lost some data from the database(s)?

How may i fix or remove the reported bad files?

Here's the output:

OpenBSD 4.6-stable (GENERIC.MP) #2: Mon Apr 19 08:20:01 PDT 2010
r...@test.domain.com:/usr/src/sys/arch/i386/compile/GENERIC.MP

 1:32AM  up 14:57, 0 users, load averages: 0.99, 0.47, 0.24

Backing up root=/dev/rwd0a to /dev/rwd0d:
33129+1 records in
33129+1 records out
271393792 bytes transferred in 13.506 secs (20093240 bytes/sec)
** /dev/rwd0d
** Last Mounted on /
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% fragmentation)

MARK FILE SYSTEM CLEAN? yes


* FILE SYSTEM WAS MODIFIED *

Checking subsystem status:

disks:
Filesystem  1K-blocks  Used Avail Capacity  Mounted on
/dev/wd0a  25966212930611737452%/
/dev/wd0i  519646 6493658 0%/tmp
/dev/wd0e15486368   3657428  1105462225%/usr
/dev/wd0f36116632138044  34172758 0%/var
/dev/wd0h10323146 11208   9795782 0%/var/vmail
/dev/wd0g   170281220150524 161616636 0%/var/www

Last dump(s) done (Dump '' file systems):

mail:
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
E083791EB7  880 Sat Apr 24 10:26:31  i...@mydomain.com
 (connect to 42.22.192.55 [42.22.192.55]:10024:
Invalid argument)
 testm...@yahoo.com

-- 1 Kbytes in 1 Request.

network:
NameMtu   Network Address  Ipkts IerrsOpkts Oerrs Colls
lo0 33200 Link   30718 030718 0 0
lo0 33200 127/8   127.0.0.130718 030718 0 0
lo0 33200 ::1/128 ::1  30718 030718 0 0
lo0 33200 fe80::%lo0/64 fe80::1%lo0  30718 030718
   0 0
bge01500  Link  00:19:b9:f9:0d:9560140 441720 0 0
bge01500  69.197.4.202/26 69.197.4.202 60140 4
41720 0 0
bge01500  fe80::%bge0/64 fe80::219:b9ff:fef9:d95%bge060140
441720
 0 0
bge01500  72.20.55.89/29 72.20.55.89  60140 441720
0 0
bge01500  72.20.55.90/29 72.20.55.90  60140 441720
0 0
bge01500  72.20.55.91/29 72.20.55.91  60140 441720
0 0
bge01500  72.20.55.92/29 72.20.55.92  60140 441720
0 0
bge01500  72.20.55.93/29 72.20.55.93  60140 441720
0 0
bge01500  72.20.55.94/29 72.20.55.94  60140 441720
0 0
bge1*   1500  Link  00:19:b9:f9:0d:960 00 0 0
enc0*   1536  Link   0 00 0 0
pflog0  33200 Link   0 00 0 0

Checking filesystems:
** /dev/rwd0a (NO WRITE)
** Last Mounted on /
** Root file system
2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% fragmentation)
** /dev/rwd0i (NO WRITE)
** Last Mounted on /tmp
UNREF FILE I=3  OWNER=_mysql MODE=100600
SIZE=0 MTIME=Apr 24 10:36 2010
CLEAR? no

UNREF FILE I=4  OWNER=_mysql MODE=100600
SIZE=0 MTIME=Apr 24 10:36 2010
CLEAR? no

UNREF FILE I=5  OWNER=_mysql MODE=100600
SIZE=0 MTIME=Apr 24 10:36 2010
CLEAR? no

UNREF FILE I=6  OWNER=_mysql MODE=100600
SIZE=0 MTIME=Apr 24 10:36 2010
CLEAR? no

UNREF FILE I=7  OWNER=_mysql MODE=100600
SIZE=0 MTIME=Apr 24 10:36 2010
CLEAR? no

8 files, 3 used, 259820 free (20 frags, 32475 blocks, 0.0% fragmentation)
** /dev/rwd0e (NO WRITE)
** Last Mounted on /usr
314304 files, 1828714 used, 5914470 free (62566 frags, 731488 blocks, 0.8%
fragmentation)
** /dev/rwd0f (NO WRITE)
** Last Mounted on /var
1117 files, 69019 used, 17989297 free (505 frags, 2248599 blocks, 0.0%
fragmentation)
** /dev/rwd0h (NO WRITE)
** Last Mounted on /var/vmail
133 files, 5604 used, 5155969 free (193 frags, 644472 blocks, 0.0%
fragmentation)
** /dev/rwd0g (NO WRITE)
** Last Mounted on /var/www
5502 files, 75262 used, 85065348 free (244 frags, 10633138 blocks,
0.0% fragmentation)

Thanks.

Re: unreferenced files from MySQL.

[Tony Abernethy]

Andreas Gerdd wrote:

 Hello.
 I noticed some unreferenced files from MySQL in my daily output mail;
 However, i don't have anything in /tmp or /var/tmp to check/fix the
 problem with fsck.

 Does this mean i lost some data from the database(s)?

 How may i fix or remove the reported bad files?


Short answer: Ignore them. They are remnants of TEMPORARY tables
which are supposed to vanish when connection is dropped.


 Here's the output:

 OpenBSD 4.6-stable (GENERIC.MP) #2: Mon Apr 19 08:20:01 PDT 2010
 r...@test.domain.com:/usr/src/sys/arch/i386/compile/GENERIC.MP

  1:32AM  up 14:57, 0 users, load averages: 0.99, 0.47, 0.24

 Backing up root=/dev/rwd0a to /dev/rwd0d:
 33129+1 records in
 33129+1 records out
 271393792 bytes transferred in 13.506 secs (20093240 bytes/sec)
 ** /dev/rwd0d
 ** Last Mounted on /
 ** Phase 1 - Check Blocks and Sizes
 ** Phase 2 - Check Pathnames
 ** Phase 3 - Check Connectivity
 ** Phase 4 - Check Reference Counts
 ** Phase 5 - Check Cyl groups
 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3%
 fragmentation)

 MARK FILE SYSTEM CLEAN? yes


 * FILE SYSTEM WAS MODIFIED *

 Checking subsystem status:

 disks:
 Filesystem  1K-blocks  Used Avail Capacity  Mounted on
 /dev/wd0a  25966212930611737452%/
 /dev/wd0i  519646 6493658 0%/tmp
 /dev/wd0e15486368   3657428  1105462225%/usr
 /dev/wd0f36116632138044  34172758 0%/var
 /dev/wd0h10323146 11208   9795782 0%/var/vmail
 /dev/wd0g   170281220150524 161616636 0%/var/www

 Last dump(s) done (Dump '' file systems):

 mail:
 -Queue ID- --Size-- Arrival Time -Sender/Recipient---
 E083791EB7  880 Sat Apr 24 10:26:31  i...@mydomain.com
  (connect to 42.22.192.55 [42.22.192.55]:10024:
 Invalid argument)
  testm...@yahoo.com

 -- 1 Kbytes in 1 Request.

 network:
 NameMtu   Network Address  Ipkts IerrsOpkts
 Oerrs Colls
 lo0 33200 Link   30718 030718
 0 0
 lo0 33200 127/8   127.0.0.130718 030718
 0 0
 lo0 33200 ::1/128 ::1  30718 030718
 0 0
 lo0 33200 fe80::%lo0/64 fe80::1%lo0  30718 030718
0 0
 bge01500  Link  00:19:b9:f9:0d:9560140 441720
 0 0
 bge01500  69.197.4.202/26 69.197.4.202 60140 4
 41720 0 0
 bge01500  fe80::%bge0/64 fe80::219:b9ff:fef9:d95%bge060140
 441720
  0 0
 bge01500  72.20.55.89/29 72.20.55.89  60140 441720
 0 0
 bge01500  72.20.55.90/29 72.20.55.90  60140 441720
 0 0
 bge01500  72.20.55.91/29 72.20.55.91  60140 441720
 0 0
 bge01500  72.20.55.92/29 72.20.55.92  60140 441720
 0 0
 bge01500  72.20.55.93/29 72.20.55.93  60140 441720
 0 0
 bge01500  72.20.55.94/29 72.20.55.94  60140 441720
 0 0
 bge1*   1500  Link  00:19:b9:f9:0d:960 00
 0 0
 enc0*   1536  Link   0 00
 0 0
 pflog0  33200 Link   0 00
 0 0

 Checking filesystems:
 ** /dev/rwd0a (NO WRITE)
 ** Last Mounted on /
 ** Root file system
 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3%
 fragmentation)
 ** /dev/rwd0i (NO WRITE)
 ** Last Mounted on /tmp
 UNREF FILE I=3  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no

 UNREF FILE I=4  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no

 UNREF FILE I=5  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no

 UNREF FILE I=6  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no

 UNREF FILE I=7  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no

 8 files, 3 used, 259820 free (20 frags, 32475 blocks, 0.0%
 fragmentation)
 ** /dev/rwd0e (NO WRITE)
 ** Last Mounted on /usr
 314304 files, 1828714 used, 5914470 free (62566 frags, 731488 blocks,
 0.8%
 fragmentation)
 ** /dev/rwd0f (NO WRITE)
 ** Last Mounted on /var
 1117 files, 69019 used, 17989297 free (505 frags, 2248599 blocks, 0.0%
 fragmentation)
 ** /dev/rwd0h (NO WRITE)
 ** Last Mounted on /var/vmail
 133 files, 5604 used, 5155969 free (193 frags, 644472 blocks, 0.0%
 fragmentation)
 ** /dev/rwd0g (NO WRITE)
 ** Last Mounted on /var/www
 5502 files, 75262 used, 85065348 free (244 frags, 10633138 blocks,
 0.0% fragmentation)

 Thanks.

MySQL (at least the one I've got running -current) keeps
Files for ISAM tables in /var/mysql and
files for TEMPORARY (ISAM) tables in /var like so:
# ls -l /tmp/#sql*
-rw-rw  1 _mysql  wheel 0 Apr 25 06:02 /tmp/#sql7dd3_7_2.MYD
-rw-rw  1 _mysql  wheel  1024 Apr 25 06:02 /tmp/#sql7dd3_7_2.MYI
-rw-rw  1 _mysql  wheel  

How to refresh a map when using ypldap?

[Vijay Sankar]

When using ypldap, if I

cd /var/yp
make

I am not able to regenerate the YP maps and can't figure out what I am 
doing wrong. Here is what I get


# cd /var/yp
# make
=== foretell
couldn't find /etc/ethers
updated netid
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
.
.
YP server for domain foretell not responding, still trying
YP server for domain foretell not responding, still trying

Rebooting seems to regenerate the maps. I am saying that because if I 
add a user to the LDAP database and do a getent passwd I do not see it 
listed. If I reboot the test system and do a getent passwd, I see the 
user I added to LDAP before the reboot.


I tried yppoll as follows:

# yppoll -d foretell -h 127.0.0.1 passwd
yp_order: clnt_call: RPC: Procedure unavailable
No such map passwd. Reason: Can't communicate with ypbind

But ypbind is running and pf is off.

# rpcinfo -p
   program vers proto   port
102   tcp111  portmapper
102   udp111  portmapper
142   udp806  ypserv
142   tcp   1009  ypserv
172   udp874  ypbind
172   tcp727  ypbind

Are commands like yptest usable when ypldap is used instead of ypserv? 
What else can I use to figure out where I have made a mistake?


I am unsure as to where to look for this type of information. When I try 
it, I get the following:


# yptest
Test 1: yp_match localhost hosts.byname
yp error: No such map in server's domain

Test 2: yp_first
yp error: No such map in server's domain

Test 3: yp_next

Test 4: yp_master
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result

Any clues or help will be much appreciated.

Thanks very much,

Vijay

--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

Is this a case of paranoia?

[Danny]

Shane,

What I have found with our company's installation of Webmarshall is that you can
, for example, go to linux.box.sk and surf around for about 5 mins, then all of
a sudden it gets blocked.

I don't think that Webmarshall is THAT clever to figure out that you are on a
site that contains unauthorized content. I think that there is an overpaid,
underworked, MCSE on the Webmarshall server looking for something he can use as
proof that they still need his expertise ...

Danny

 I hope it is just your employer blocking OpenBSD and Marshal has not
 added it to their list!

Re: unreferenced files from MySQL.

[Otto Moerbeek]

On Sun, Apr 25, 2010 at 01:21:52PM +0300, Andreas Gerdd wrote:

 Hello.
 I noticed some unreferenced files from MySQL in my daily output mail;
 However, i don't have anything in /tmp or /var/tmp to check/fix the
 problem with fsck.
 
 Does this mean i lost some data from the database(s)?
 
 How may i fix or remove the reported bad files?

With patience. Running fsck on a mounted filesystem is very likely to
show the problems you mentioned.

The files will be cleaned up after the last process having a
reference to it exits, when softdep (if used) feels so.

-Otto

 
 Here's the output:
 
 OpenBSD 4.6-stable (GENERIC.MP) #2: Mon Apr 19 08:20:01 PDT 2010
 r...@test.domain.com:/usr/src/sys/arch/i386/compile/GENERIC.MP
 
  1:32AM  up 14:57, 0 users, load averages: 0.99, 0.47, 0.24
 
 Backing up root=/dev/rwd0a to /dev/rwd0d:
 33129+1 records in
 33129+1 records out
 271393792 bytes transferred in 13.506 secs (20093240 bytes/sec)
 ** /dev/rwd0d
 ** Last Mounted on /
 ** Phase 1 - Check Blocks and Sizes
 ** Phase 2 - Check Pathnames
 ** Phase 3 - Check Connectivity
 ** Phase 4 - Check Reference Counts
 ** Phase 5 - Check Cyl groups
 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% 
 fragmentation)
 
 MARK FILE SYSTEM CLEAN? yes
 
 
 * FILE SYSTEM WAS MODIFIED *
 
 Checking subsystem status:
 
 disks:
 Filesystem  1K-blocks  Used Avail Capacity  Mounted on
 /dev/wd0a  25966212930611737452%/
 /dev/wd0i  519646 6493658 0%/tmp
 /dev/wd0e15486368   3657428  1105462225%/usr
 /dev/wd0f36116632138044  34172758 0%/var
 /dev/wd0h10323146 11208   9795782 0%/var/vmail
 /dev/wd0g   170281220150524 161616636 0%/var/www
 
 Last dump(s) done (Dump '' file systems):
 
 mail:
 -Queue ID- --Size-- Arrival Time -Sender/Recipient---
 E083791EB7  880 Sat Apr 24 10:26:31  i...@mydomain.com
  (connect to 42.22.192.55 [42.22.192.55]:10024:
 Invalid argument)
  testm...@yahoo.com
 
 -- 1 Kbytes in 1 Request.
 
 network:
 NameMtu   Network Address  Ipkts IerrsOpkts Oerrs 
 Colls
 lo0 33200 Link   30718 030718 0  0
 lo0 33200 127/8   127.0.0.130718 030718 0  0
 lo0 33200 ::1/128 ::1  30718 030718 0  0
 lo0 33200 fe80::%lo0/64 fe80::1%lo0  30718 030718
0 0
 bge01500  Link  00:19:b9:f9:0d:9560140 441720 0  0
 bge01500  69.197.4.202/26 69.197.4.202 60140 4
 41720 0 0
 bge01500  fe80::%bge0/64 fe80::219:b9ff:fef9:d95%bge060140
 441720
  0 0
 bge01500  72.20.55.89/29 72.20.55.89  60140 441720
 0 0
 bge01500  72.20.55.90/29 72.20.55.90  60140 441720
 0 0
 bge01500  72.20.55.91/29 72.20.55.91  60140 441720
 0 0
 bge01500  72.20.55.92/29 72.20.55.92  60140 441720
 0 0
 bge01500  72.20.55.93/29 72.20.55.93  60140 441720
 0 0
 bge01500  72.20.55.94/29 72.20.55.94  60140 441720
 0 0
 bge1*   1500  Link  00:19:b9:f9:0d:960 00 0  0
 enc0*   1536  Link   0 00 0  0
 pflog0  33200 Link   0 00 0  0
 
 Checking filesystems:
 ** /dev/rwd0a (NO WRITE)
 ** Last Mounted on /
 ** Root file system
 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% 
 fragmentation)
 ** /dev/rwd0i (NO WRITE)
 ** Last Mounted on /tmp
 UNREF FILE I=3  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no
 
 UNREF FILE I=4  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no
 
 UNREF FILE I=5  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no
 
 UNREF FILE I=6  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no
 
 UNREF FILE I=7  OWNER=_mysql MODE=100600
 SIZE=0 MTIME=Apr 24 10:36 2010
 CLEAR? no
 
 8 files, 3 used, 259820 free (20 frags, 32475 blocks, 0.0% fragmentation)
 ** /dev/rwd0e (NO WRITE)
 ** Last Mounted on /usr
 314304 files, 1828714 used, 5914470 free (62566 frags, 731488 blocks, 0.8%
 fragmentation)
 ** /dev/rwd0f (NO WRITE)
 ** Last Mounted on /var
 1117 files, 69019 used, 17989297 free (505 frags, 2248599 blocks, 0.0%
 fragmentation)
 ** /dev/rwd0h (NO WRITE)
 ** Last Mounted on /var/vmail
 133 files, 5604 used, 5155969 free (193 frags, 644472 blocks, 0.0%
 fragmentation)
 ** /dev/rwd0g (NO WRITE)
 ** Last Mounted on /var/www
 5502 files, 75262 used, 85065348 free (244 frags, 10633138 blocks,
 0.0% fragmentation)
 
 Thanks.

Re: How to refresh a map when using ypldap?

[Vijay Sankar]

Vijay Sankar wrote:

When using ypldap, if I

cd /var/yp
make

I am not able to regenerate the YP maps and can't figure out what I am 
doing wrong. Here is what I get


# cd /var/yp
# make
=== foretell
couldn't find /etc/ethers
updated netid
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
.
.
YP server for domain foretell not responding, still trying
YP server for domain foretell not responding, still trying

Rebooting seems to regenerate the maps. I am saying that because if I 
add a user to the LDAP database and do a getent passwd I do not see it 
listed. If I reboot the test system and do a getent passwd, I see the 
user I added to LDAP before the reboot.


I tried yppoll as follows:

# yppoll -d foretell -h 127.0.0.1 passwd
yp_order: clnt_call: RPC: Procedure unavailable
No such map passwd. Reason: Can't communicate with ypbind

But ypbind is running and pf is off.

# rpcinfo -p
   program vers proto   port
102   tcp111  portmapper
102   udp111  portmapper
142   udp806  ypserv
142   tcp   1009  ypserv
172   udp874  ypbind
172   tcp727  ypbind

Are commands like yptest usable when ypldap is used instead of ypserv? 
What else can I use to figure out where I have made a mistake?


I am unsure as to where to look for this type of information. When I try 
it, I get the following:


# yptest
Test 1: yp_match localhost hosts.byname
yp error: No such map in server's domain

Test 2: yp_first
yp error: No such map in server's domain

Test 3: yp_next

Test 4: yp_master
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result
yp_master: clnt_call: RPC: Can't decode result

Any clues or help will be much appreciated.

Thanks very much,

Vijay



Also wanted to mention that killing ypldap and ypbind and then 
restarting them manually also allows me to see the new user. Avoids a 
reboot but I am still wondering whether that is the correct way to 
regenerate the maps.


Thanks for any suggestions.

--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

uvm_mapent_alloc: out of static map entries

[Alastair Johnson]

Last week I setup an 4.6 i386 OpenBSD server. The hardware is Dell Poweredge
1850 with 2GB RAM. Its fully updated 4.6 stable.

In only a few days it has twice hung with the error on screen:

uvm_mapent_alloc: out of static map entries

I have looked on the web and found various OpenBSD maillist archive
references to this but the impression is that this was fixed ages ago. The
server should be a very lightly used mail relay running exim, ssh and
nothing much else.

I certainly dont want to randomly push buttons:
http://kerneltrap.org/mailarchive/openbsd-misc/2008/5/16/1842014

but 2 years ago this seemed under control:
http://kerneltrap.org/mailarchive/openbsd-misc/2008/5/16/1841134

But it's not really alarming, unless it continues to print that
continuously.

Its not doing it continuously - just once and then hang.

Below is dmesg output. Please let me know if i can provide any more useful
information.

Many thanks,

Alastair Johnson



[r...@relayb..com /etc]# dmesg
OpenBSD 4.6-stable (GENERIC) #0: Thu Apr 22 22:41:04 BST 2010
r...@relayb:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR
real mem  = 2146795520 (2047MB)
avail mem = 2067058688 (1971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/09/06, BIOS32 rev. 0 @ 0xffe90,
SMBIOS rev. 2.3 @ 0xf9920 (87 entries)
bios0: vendor Dell Computer Corporation version A05 date 01/09/2006
bios0: Dell Computer Corporation PowerEdge 1850
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR HPET MCFG
acpi0: wakeup devices PCI0(S5) PALO(S5) PBLO(S5) VPR0(S5) PBHI(S5) VPR1(S5)
PICH(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0: apid 3 pa 0xfec8, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
ioapic2 at mainbus0: apid 4 pa 0xfec83000, version 20, 24 pins
ioapic2: misconfigured as apic 0, remapped to apid 4
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PALO)
acpiprt2 at acpi0: bus 2 (DOBA)
acpiprt3 at acpi0: bus 3 (DOBB)
acpiprt4 at acpi0: bus 4 (PBLO)
acpiprt5 at acpi0: bus 8 (VPR0)
acpiprt6 at acpi0: bus 5 (PBHI)
acpiprt7 at acpi0: bus 6 (PXB1)
acpiprt8 at acpi0: bus 7 (PXB2)
acpiprt9 at acpi0: bus 9 (PICH)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x800 0xcc800/0x1000
0xcd800/0x2200 0xd/0x600 0xec000/0x4000!
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel E7520 Host rev 0x09
ppb0 at pci0 dev 2 function 0 Intel E7520 PCIE rev 0x09
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 Intel IOP332 PCIE-PCIX rev 0x06
pci2 at ppb1 bus 2
ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: apic 3 int 14
(irq 7)
ami0: Dell 16c, 32b, FW 521X, BIOS vH430, 256MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 70010MB, 512 bytes/sec, 143380480 sec total
scsibus1 at ami0: 16 targets
safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2 3/processor
fixed
ppb2 at pci1 dev 0 function 2 Intel IOP332 PCIE-PCIX rev 0x06
pci3 at ppb2 bus 3
skc0 at pci3 dev 11 function 0 3Com 3c940 rev 0x10, Yukon (0x1): apic 3
int 5 (irq 3)
sk0 at skc0 port A: address 00:0a:5e:1b:01:6f
eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 3
ppb3 at pci0 dev 4 function 0 Intel E7520 PCIE rev 0x09
pci4 at ppb3 bus 4
ppb4 at pci0 dev 5 function 0 Intel E7520 PCIE rev 0x09
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci6 at ppb5 bus 6
em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic 4
int 0 (irq 11), address 00:13:72:52:09:16
ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci7 at ppb6 bus 7
em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic 4
int 1 (irq 3), address 00:13:72:52:09:17
ppb7 at pci0 dev 6 function 0 Intel E7520 PCIE rev 0x09
pci8 at ppb7 bus 8
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int
16 (irq 11)
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int
19 (irq 10)
uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 int
18 (irq 7)
ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 2 int
23 (irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb8 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2
pci9 at ppb8 bus 9
Dell DRAC 4 rev 0x00 at pci9 

Re: Is this a case of paranoia?

[Brad Tilley]

On Sun, 25 Apr 2010 17:48 +0200, Danny dannydeb...@gmail.com wrote:
 Shane,
 
 What I have found with our company's installation of Webmarshall is that
 you can
 , for example, go to linux.box.sk and surf around for about 5 mins, then
 all of
 a sudden it gets blocked.

95% of what these devices trigger on are false-positives. Anyone who has
ever dealt with them for any length of time should know that. The trick
is tuning them and white-listing stuff to make them more useful. Bottom
line... there is nothing malicious about openbsd.org websites. Your
network security device has yet another false-positive. 

Most people I know don't put these things in block mode precisely for
these reasons. 

Brad
 
 I don't think that Webmarshall is THAT clever to figure out that you are
 on a
 site that contains unauthorized content. I think that there is an
 overpaid,
 underworked, MCSE on the Webmarshall server looking for something he can
 use as
 proof that they still need his expertise ...
 
 Danny
 
  I hope it is just your employer blocking OpenBSD and Marshal has not
  added it to their list!

asking for donation: laptop mostly out of commission

[Marc Espie]

My current development machine is failing... the fan turns on and off
in haphazard ways... today, it took me 3/4h to turn it back on, after
roughly 30 FAN FAILURE bios messages.

Out of warranty, I disassembled it (easy for thinkpads), found nothing
obvious, and put it back together (obviously no change).

Next time I reboot it, I have no idea whether it will come back.

It makes little sense to have it repaired:
- would cost a lot, and things will predictably fail again in a little while;
my experience being that, when a machine part fails, usually the rest is going
to die soon anyways;
- this laptop's gfx card is annoying anyways (nvidia), and prevents me
from working on some stuff (like ogle tweaks and audio changes, since the
gfx speed is so bad I can't do anything that involves synchronized audio/video)

So, I'm asking for donations. Antoine conveniently has a paypal account
(and lives in the same city I do), so this should be reasonably easy.
(Antoine, can you post details).

A donated laptop would help, but not that much. This is the primary machine
I use to hack on large stuff. It definitely needs to be MP, otherwise make
and dpb3 won't go forward, and it has to be ~2GHz or more, otherwise, I won't
be able to keep hacking on qt4 and the likes...

If you like the new changes in pkg_add or the ports tree, and want to say
thank you, you can do that in a very concrete way ;-)

Thanks for your attention.

-- 
Marc

Re: asking for donation: laptop mostly out of commission

[Antoine Jacoutot]

On Sun, 25 Apr 2010, Marc Espie wrote:
...
 So, I'm asking for donations. Antoine conveniently has a paypal account
 (and lives in the same city I do), so this should be reasonably easy.
 (Antoine, can you post details).

Anyone interested in donating money for espie@'s laptop can make 
a paypal donation to ajacou...@bsdfrog.org.

I will post a reply as soon as the needed amount is reached (Marc is 
looking for a vendor right now to have the exact price).
If any money is left, it'll be send as a donation to OpenBSD.

Thanks for him!

-- 
Antoine

Re: asking for donation: laptop mostly out of commission

[Marc Espie]

On Sun, Apr 25, 2010 at 07:32:14PM +0200, Antoine Jacoutot wrote:
 I will post a reply as soon as the needed amount is reached (Marc is 
 looking for a vendor right now to have the exact price).
 If any money is left, it'll be send as a donation to OpenBSD.

The exact price might be a bit complicated, between vendors that don't have
it in stock, and model variations.

By a quick hunt, the kind of laptop I'm looking for is probably around
800 EUR, give or take a few, assuming they have it in stock.

I'm currently looking at thinkpad R500 models, assuming I find one 
with correct gfx support, and a vendor that has it near Paris.

Other suggestions are welcome (preferably in private, dont want to spam
misc@ too heavily), especially as to which models are reasonably supported,
available, and at a reasonable price...

Re: asking for donation: laptop mostly out of commission

[Jasper Valentijn]

2010/4/25 Antoine Jacoutot ajacou...@bsdfrog.org:
 On Sun, 25 Apr 2010, Marc Espie wrote:
 ...
 So, I'm asking for donations. Antoine conveniently has a paypal account
 (and lives in the same city I do), so this should be reasonably easy.
 (Antoine, can you post details).

 Anyone interested in donating money for espie@'s laptop can make
 a paypal donation to ajacou...@bsdfrog.org.


Sent 20 euros.

Happy hacking!!

--
We spend the first twelve months of our children's lives teaching
them to walk and talk and the next twelve telling them to sit down and
shut up.

Re: How to refresh a map when using ypldap?

[Ingo Schwarze]

Hi Vijay,

Vijay Sankar wrote on Sun, Apr 25, 2010 at 09:31:14AM -0500:

 When using ypldap, if I

 cd /var/yp
 make

Executing Makefile.yp(8) will generate YP maps from static files.
There is no way how that could fetch information from LDAP.
So i do not think you want to update your maps in this way
when using ypldap(8).

 I am not able to regenerate the YP maps and can't figure out what
 I am doing wrong. Here is what I get
 
 # cd /var/yp
 # make
 === foretell
 couldn't find /etc/ethers

Again, here you see that your command is trying to build maps
from files in /etc.  Is that what you want?

 updated netid
 yp_master: clnt_call: RPC: Can't decode result

Judging from /usr/src/usr.sbin/ypserv/ypinit/Makefile.yp,
the command being executed here is probably

  /usr/sbin/yppush -d foretell netid.byname

Judging from /usr/src/usr.sbin/ypserv/yppush/yppush.c,
that program is trying to call

  yp_master(Domain, ypmap, master);

In case of ypldap(8), the call yp_master(3) doesn't appear to
make much sense.  After all, logically, there is no YP master
server, instead, the LDAP server is kind of a master.  So i guess
Pierre-Yves did not implement support for that call in ypldap(8) -
though i did not explicitely check the source.

Besides, yppush(8) does not make much sense in the ypldap(8)
context.  You want to pull from LDAP, not manually push some map
onto the server.

 Rebooting seems to regenerate the maps.

Of course, because the ypldap(8) server restarts, so it can't
help loading new maps from LDAP.

 I tried yppoll as follows:

 # yppoll -d foretell -h 127.0.0.1 passwd
 yp_order: clnt_call: RPC: Procedure unavailable

Looks like ypldap(8) does not implement yp_order(3) - again,
i did not check the source.  Perhaps it doesn't make much sense.
Are you sure LDAP has a concept of YP version numbers in the
first place?  Otherwise, it can't tell you...

 No such map passwd. Reason: Can't communicate with ypbind
 But ypbind is running and pf is off.

Oh well, don't get me started on RPC and YP error messages.
Frankly, that's not the best part of error messages in OpenBSD.
Last year, i did tiny bits of cleanup near the edges of that
heap of *, but unfortunately, it is a large heap and probably
won't be cleaned up fully this decade.
The problem is that the the very design of SUN RPC error messages
is questionable at best, but changing it today is not easy.
You don't want to break interfaces without a good reason.

Basically, YPERR_YPBIND (see /usr/src/lib/libc/yp/yperr_string.c)
can happen when...  something went wrong.  So the second message
you are seeing is less important than the first one.

 Are commands like yptest usable when ypldap is used instead of
 ypserv?

Oh, unlike ypldap(8), yptest(8) is not rocket science.
It is just a straightforward hack to issue a few YP client calls.
When you have an uncommon setup, typically part of it will work
and part of it won't.  Count ypldap(8) as one particular example
of an uncommon YP setup.

 # yptest
[...]
 Test 4: yp_master
 yp_master: clnt_call: RPC: Can't decode result

Here you see again that yp_master(3) doesn't appear to be supported
by ypldap(8).

 Also wanted to mention that killing ypldap and ypbind and then
 restarting them manually also allows me to see the new user.

Sure, restarting ypldap(8) will certainly reload the maps from LDAP,
how else could the new daemon get at them?

Restarting ypbind(8) almost certainly has nothing to do with it.

According to the ypldap.conf(5) manual, you can specify in the
configuration file how often ypldap(8) shall pull the directory
from LDAP.  The relevant function for pulling the maps appears
to be client_configure() in /usr/src/usr.sbin/ypldap/ldapclient.c.
My impression is that it is only called on startup and then
periodically, and you can't trigger it manually.
In /usr/src/usr.sbin/ypldap/ypldap.c, SIGHUP appears to be
ignored, even though comments indicate there were plans to
implement it.

Thus, i guess your options are
 - wait for the next periodic update
 - or kill and restart ypldap(8) in case you are impatient

Oh, and in case Pierre-Yves speaks up, listen to him, not to me.  ;-)

Yours,
  Ingo

e-shop.gr: Nova και Forthnet μαζί με 40e το μήνα και 70e δώρο!

[members]

Episjeuhe_te tgm die}humsg http://www.e-shop.gr/newsletter/mail-100423.html
cia ma de_te tir pqosvoq]r lar



TGKEVYMIJES PAQACCEKIES 9:00-20:00 STO  211
5000500

Oi til]r isw}oum ap| 24/04/10 l]wqi 10/05/10, ]yr enamtk^seyr tym
apohel\tym jai l|mo cia ta l]kg tou e-shop.gr

Am h]kete ma diacqave_te ap| tg
k_sta emgl]qysgr tou e-shop.gr, paqajako}le apamt^ste sto paq|m le
t_tko(subject) tou lgm}lat|r sar: DIACQAVG.

Re: OpenBSD as L2TP client

[Jona Joachim]

On 2010-04-25, Paolo Supino paolo.sup...@gmail.com wrote:
 Hi

   A client asked me to setup a low cost router to connect to the Internet.
 His current Internet connection requires his router to connect to the ISP
 using L2TP protocol. I've looked through the archives and ports tree for a
 similar posting, but found none...
 Is anyone using  OpenBSD as an L2TP client to connect to the Inernet (or
 knows a solution)?

I haven't tried this but the npppd daemon which is in CURRENT and will be in 4.7
supports L2TP. I don't know of another way to do L2TP op OpenBSD.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Texas Tea (Testing)

[J.C. Roberts]

This is a story about a man named Jeb, a poor mountaineer barely kept
his family fed, and then one day when he was shootin' at some food, when
up from the ground came a'bublin crude... Black Gold. Texas Tea.

Actually, this is a story about what *should* happen when a developer
asks you to redo something you've already done. 

Of course, the above quote is from the Beverly Hillbillies since making
fun of Texans is one of the favorite pastimes of Californians. ;)

I'm certainly not an expert when it comes to testing or debugging in a
UNIX environment, but you don't have to be an expert to help. With all
the recent posts about users looking for a place to start helping and
learning, testing is a great place to get rolling. The following is a
long read with complete (overly verbose) details, so fetch a fresh cup
of coffee and get comfortable. It's may not be the right or best
way to do things, but it's what I did.

Though the snapshot info and steps used to set up the system were
posted to the intel testing thread on tech@ or set to oga@ directly, 
marco@ asked me to make sure I got it right. Here's an excerpt of the
of the exchange:

marco jcr are you dead sure you got all the bits and pieces 
   for that intel driver thing?
jcr marco: After cvs update, I built the kernel, then built 
 xenocara, and finally built the new driver.
jcr If there were any missing bits after that, then I'm not 
 even aware of them.
marco well you kind of forgot to make build
marco and more importantly make includes
marco would you mind retrying?
marco i'll give you the exact commands
jcr sure
marco first you go to /usr/obj
marco rm -rf *
marco cd ../xobj
marco rm -rf *
marco that gives you a clean slate
marco update both /usr/src and /usr/xenocara to -current
marco then cd /usr/src
marco make -j4 obj  make -j4 depend  make -j4 includes  
   make -j4 tags  make -j4 build
marco btw all this as root
marco once that completes cd ../xenocara
marco make bootstrap  make -j8 obj  make -j 4 build
marco once that completes build a kernel with the GEM_INTELDRM 
   thing enabled 
marco and make install that
marco reboot and test
marco this is more than one hour on my laptop that is fast
marco easily 4 hours on something slow
jcr will do. I'll start on it now.

Though I had probably done things right the first time, eliminating the
possibility that one unknowing got it wrong is sometimes required.

I had installed the then recent April 15 snapshot, then followed oga@'s
instructions, updated src and xenocara, built the kernel with GEM
support, built xenocara, and then finally built the new intel driver. 

Of course, the changes on current.html had been followed to date.
http://www.openbsd.org/faq/current.html

As far as *I* knew, everything was perfect.

Of course, what I supposedly know could always be wrong. It isn't that
I lack the skill to do things correctly and thoroughly, instead it's
just that mistakes happen to everyone. It's far better to spend the time
to validate a bug by rebuilding the test setup than it is to have one of
more developers wasting their time chasing shadows.

I usually build without X running (less resources in use and less task
switching).  Since I've seen two unprovoked crashes with the new intel
driver building from a normal terminal (without X) is how I'm doing all
of the following. Ahhh the joys of a dedicated test/build box.

Before starting on rebuilding everything to make sure it was done right,
backup the existing files so I can recreate the error as it exists now.
Though it was only the 24th when I started this redo, there have been
plenty of commits since the April 15 snapshot and April 17th xenocra cvs
update. If one of the changes fixed the issue, being able to recreate
the issue might be the only way to figure out what change made the
difference.  The April 15th snap and GEN enabled kernel used are already
saved, so I just need to keep a copy of the current /usr/X11R6 directory
which includes the new intel driver I built.

# cd /usr
# mkdir X11R6-old
# cp -R X11R6/* X11R5-old/.

Show the relevant configuration:
# cat /etc/mk.conf
XENOCARA_RERUN_AUTOCONF=Yes
SUDO=/usr/bin/sudo
ACCEPT_JRL_LICENSE=Yes
CHECK_LIB_DEPENDS=Yes
# echo MALLOC_OPTIONS

# ls /etc/malloc.conf
ls: /etc/malloc.conf: No such file or directory
# grep nosuidcoredump /etc/sysctl.conf
kern.nosuidcoredump=2 # 2=Put suid coredumps in /var/crash
# grep allowaperture /etc/sysctl.conf
machdep.allowaperture=2   # see xf86(4)
# alias mean
alias mean='sudo nice -n -16'
#

Clean out object cruft:
# rm -fr /usr/obj/*
# rm -fr /usr/xobj/*

Deleting the xenocara tree and restoring from an archive of a fresh
update is the easiest way to avoid the dumbfuckery of gnu autotools.
This is particularly true if you have XENOCARA_RERUN_AUTOCONF set in
your /etc/mk.conf since it results in tons and tons of files being
modified which results 

Re: How to refresh a map when using ypldap?

[Vijay Sankar]

Ingo Schwarze wrote:

Hi Vijay,

Vijay Sankar wrote on Sun, Apr 25, 2010 at 09:31:14AM -0500:


When using ypldap, if I

cd /var/yp
make


Executing Makefile.yp(8) will generate YP maps from static files.
There is no way how that could fetch information from LDAP.
So i do not think you want to update your maps in this way
when using ypldap(8).


I am not able to regenerate the YP maps and can't figure out what
I am doing wrong. Here is what I get

# cd /var/yp
# make
=== foretell
couldn't find /etc/ethers


Again, here you see that your command is trying to build maps
from files in /etc.  Is that what you want?


updated netid
yp_master: clnt_call: RPC: Can't decode result


Judging from /usr/src/usr.sbin/ypserv/ypinit/Makefile.yp,
the command being executed here is probably

  /usr/sbin/yppush -d foretell netid.byname

Judging from /usr/src/usr.sbin/ypserv/yppush/yppush.c,
that program is trying to call

  yp_master(Domain, ypmap, master);

In case of ypldap(8), the call yp_master(3) doesn't appear to
make much sense.  After all, logically, there is no YP master
server, instead, the LDAP server is kind of a master.  So i guess
Pierre-Yves did not implement support for that call in ypldap(8) -
though i did not explicitely check the source.

Besides, yppush(8) does not make much sense in the ypldap(8)
context.  You want to pull from LDAP, not manually push some map
onto the server.


Rebooting seems to regenerate the maps.


Of course, because the ypldap(8) server restarts, so it can't
help loading new maps from LDAP.


I tried yppoll as follows:

# yppoll -d foretell -h 127.0.0.1 passwd
yp_order: clnt_call: RPC: Procedure unavailable


Looks like ypldap(8) does not implement yp_order(3) - again,
i did not check the source.  Perhaps it doesn't make much sense.
Are you sure LDAP has a concept of YP version numbers in the
first place?  Otherwise, it can't tell you...


No such map passwd. Reason: Can't communicate with ypbind
But ypbind is running and pf is off.


Oh well, don't get me started on RPC and YP error messages.
Frankly, that's not the best part of error messages in OpenBSD.
Last year, i did tiny bits of cleanup near the edges of that
heap of *, but unfortunately, it is a large heap and probably
won't be cleaned up fully this decade.
The problem is that the the very design of SUN RPC error messages
is questionable at best, but changing it today is not easy.
You don't want to break interfaces without a good reason.

Basically, YPERR_YPBIND (see /usr/src/lib/libc/yp/yperr_string.c)
can happen when...  something went wrong.  So the second message
you are seeing is less important than the first one.


Are commands like yptest usable when ypldap is used instead of
ypserv?


Oh, unlike ypldap(8), yptest(8) is not rocket science.
It is just a straightforward hack to issue a few YP client calls.
When you have an uncommon setup, typically part of it will work
and part of it won't.  Count ypldap(8) as one particular example
of an uncommon YP setup.


# yptest

[...]

Test 4: yp_master
yp_master: clnt_call: RPC: Can't decode result


Here you see again that yp_master(3) doesn't appear to be supported
by ypldap(8).


Also wanted to mention that killing ypldap and ypbind and then
restarting them manually also allows me to see the new user.


Sure, restarting ypldap(8) will certainly reload the maps from LDAP,
how else could the new daemon get at them?

Restarting ypbind(8) almost certainly has nothing to do with it.

According to the ypldap.conf(5) manual, you can specify in the
configuration file how often ypldap(8) shall pull the directory
from LDAP.  The relevant function for pulling the maps appears
to be client_configure() in /usr/src/usr.sbin/ypldap/ldapclient.c.
My impression is that it is only called on startup and then
periodically, and you can't trigger it manually.
In /usr/src/usr.sbin/ypldap/ypldap.c, SIGHUP appears to be
ignored, even though comments indicate there were plans to
implement it.

Thus, i guess your options are
 - wait for the next periodic update
 - or kill and restart ypldap(8) in case you are impatient

Oh, and in case Pierre-Yves speaks up, listen to him, not to me.  ;-)

Yours,
  Ingo



Thank you very much for the detailed reply and your thoughts on this as 
well as for pointing out the ypldap.conf settings for interval. Setting 
the interval to 30 instead of the 3600 I had in ypldap.conf makes this 
very usable.


Can't believe what a great idea this is! Thank you aschrijver@ and p...@.

Thanks again Ingo,

Vijay



--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

Hold for now, Re: asking for donation: laptop mostly out of commission

[Marc Espie]

I think we probably have enough money.
I'll check things tomorrow (it's nearly zzz time)
and tell you how things go.

A big collective THANK YOU to everyone so far. I'll be sure to send personal
notes (in private of course) once I've cross-checked everything.

Re: Source Overview

[Daniel Ouellet]

On 4/21/10 8:47 PM, Adam M. Dutko wrote:

You are not the only one with limited time. Sorry for the late reply, but
also I wanted to provide details as to why.



I realize.


Hi Adam,

Sorry for the delay here. Just very limited time on my side.

Anyway, here is the credential to access the todo page on the site if 
you still want to do it.


I can put an ssh key if you like and that would be faster and easier for 
you.


Anyway have fun:

user: amdutko
password: Q2n9lPK

Then when you login, in your home directory, you will see a softlink 
that bring up directly into the todo directory of the openbsdsupport.org 
site.


For now, you can only change things in that directory only, but you can 
add, etc in there.


Thanks for your help on this.

Best,

Daniel

Re: Texas Tea (Testing)

[Philip Guenther]

On Sun, Apr 25, 2010 at 2:49 PM, J.C. Roberts list-...@designtools.org
wrote:
...
# cat /usr/src/sys/arch/i386/conf/GENERIC_GEM
# GENERIC with INTELDRM_GEM
include arch/i386/conf/GENERIC
option  INDELDRM_GEM
option  DRMDEBUG

Please tell us the actual file doesn't misspell INTELDRM_GEM...


Philip Guenther

Re: Source Overview

[Daniel Ouellet]

Sorry for the delay here. Just very limited time on my side.


Obviously this was a mistake on my part and shoud;n't have been sent to 
misc@


The account is deleted now.

Don't even try.

Lack of sleep does crazy thing at time! (;

No need to say how stupid that was of me!

Re: Texas Tea (Testing)

[Chris Bennett]

I am glad to see someone else agreeing that rm-ing xenocara and getting 
it again is a good choice.
I had to build a few debugging versions and I found the instructions for 
getting it clean to use again extremely confusing.

I was concerned I would get it wrong and mess everything new up.

Testing is a chore. But it is educational and helpful.
Better than working your butt off to accomplish something pointless!
(Which is why I opened my own business, I hate to do pointless tasks 
unless I choose to. :)

Re: Texas Tea (Testing)

[J.C. Roberts]

On Sun, 25 Apr 2010 15:22:31 -0700 Philip Guenther guent...@gmail.com
wrote:

 On Sun, Apr 25, 2010 at 2:49 PM, J.C. Roberts
 list-...@designtools.org wrote: ...
 # cat /usr/src/sys/arch/i386/conf/GENERIC_GEM
 # GENERIC with INTELDRM_GEM
 include arch/i386/conf/GENERIC
 option  INDELDRM_GEM
 option  DRMDEBUG

 Please tell us the actual file doesn't misspell INTELDRM_GEM...


Sorry about that typo. That's just a typo in my notes which were written
out on a separate system. The test system has it right. Also, the gem
enabled driver won't work with an non-gem kernel.

--
The OpenBSD Journal - http://www.undeadly.org

Re: Texas Tea (Testing)

[Owain Ainsworth]

On Sun, Apr 25, 2010 at 05:27:26PM -0500, Chris Bennett wrote:
 I am glad to see someone else agreeing that rm-ing xenocara and
 getting it again is a good choice.
 I had to build a few debugging versions and I found the instructions
 for getting it clean to use again extremely confusing.
 I was concerned I would get it wrong and mess everything new up.

To get a completely clean tree with nothing unrecognised by cvs,
assuming that no files known by cvs are corrupted (do not do this if you
have testing drivers in the tree that are not related to cvs). If it
breaks, you keep the pieces.

$ cvs up | grep ^\? | tr -d '\?' | xargs rm -rf
$ cvs up # just in case 

Those who are better at awk than I could come up with something shorter,
I bet.

-0-
-- 
Show respect for age.  Drink good Scotch for a change.

Re: Texas Tea (Testing)

[Marco Peereboom]

On Sun, Apr 25, 2010 at 02:49:21PM -0700, J.C. Roberts wrote:
 This is a story about a man named Jeb, a poor mountaineer barely kept
 his family fed, and then one day when he was shootin' at some food, when
 up from the ground came a'bublin crude... Black Gold. Texas Tea.
 
 Actually, this is a story about what *should* happen when a developer
 asks you to redo something you've already done. 
 
 Of course, the above quote is from the Beverly Hillbillies since making
 fun of Texans is one of the favorite pastimes of Californians. ;)

Y'all are a bunch of rope smoking hippies.

Get yourself a nice mug:
http://www.cafepress.com/+i_am_from_texas_what_country_are_you_from_mug,411581556

Re: Source Overview

[Daniel Ouellet]

On 4/25/10 6:24 PM, Daniel Ouellet wrote:

Sorry for the delay here. Just very limited time on my side.


Obviously this was a mistake on my part and shoud;n't have been sent to
misc@

The account is deleted now.

Don't even try.


Really, no point in trying to access it. User near Stuttgart, 
Baden-W|rttemberg located in Germany are pretty quick here I must say.


It was a stupid mistake on my part corrected right away before the 
follow up and I was just to quick on the reply list button oppose to 
reply button.


I saw it as I sent it, but couldn't stop it then. I deleted the account 
right away and it's gone. Really no need to even try, or you will just 
block yourself.


Just wonder what you wanted to do? No really, no need to answer that really!

Apr 25 18:35:42 www1 sshd[30701]: Invalid user amdutko from xx.xxx.81.65
Apr 25 18:35:42 www1 sshd[16332]: input_userauth_request: invalid user 
amdutko
Apr 25 18:35:42 www1 sshd[30701]: Failed none for invalid user amdutko 
from xx.xxx.81.65 port 26380 ssh2
Apr 25 18:35:48 www1 sshd[30701]: Failed password for invalid user 
amdutko from xx.xxx.81.65 port 26380 ssh2

Apr 25 18:35:56 www1 sshd[16332]: Connection closed by xx.xxx.81.65

Re: Texas Tea (Testing)

[Martin Schröder]

2010/4/26 Marco Peereboom sl...@peereboom.us:
 Get yourself a nice mug:
 http://www.cafepress.com/+i_am_from_texas_what_country_are_you_from_mug,411581556

https://secure.wikimedia.org/wikipedia/en/wiki/Texas_Secession_Debate

Best
Martin

Re: Texas Tea (Testing)

[J.C. Roberts]

On Sun, 25 Apr 2010 23:55:35 +0100 Owain Ainsworth
zer...@googlemail.com wrote:

 On Sun, Apr 25, 2010 at 05:27:26PM -0500, Chris Bennett wrote:
  I am glad to see someone else agreeing that rm-ing xenocara and
  getting it again is a good choice.
  I had to build a few debugging versions and I found the instructions
  for getting it clean to use again extremely confusing.
  I was concerned I would get it wrong and mess everything new up.
 
 To get a completely clean tree with nothing unrecognised by cvs,
 assuming that no files known by cvs are corrupted (do not do this if
 you have testing drivers in the tree that are not related to cvs). If
 it breaks, you keep the pieces.
 
 $ cvs up | grep ^\? | tr -d '\?' | xargs rm -rf
 $ cvs up # just in case 
 
 Those who are better at awk than I could come up with something
 shorter, I bet.

For me at least, the problem is not 'unrecognized' files, instead it is
*modified* files. With XENOCARA_RERUN_AUTOCONF=Yes set in mk.conf,
half the damn tree is molested by gnu autoshit resulting supposedly
modofied files.

Since the `cvs up -C` flag is currently broken in both gnu cvs and
opencvs (BUG: user/6363 -- copies modified files rather than moving
them out of the way and fetching a fresh copy from cvs, resulting in
a merge M rather than U update/fetch of the now missing file), there
is no way to simply overwrite the modified files.

Anyhow, whether or not '-C' works, you'd still be refetching half (or
more) of the xenocara tree since a vast portion of it is gnu autoshit
files which have been modified.

As for building a lot quicker by not setting XENOCARA_RERUN_AUTOCONF,
well, then you would not be testing to make sure gnu autoshit is still
working properly. In short, it's a no-win situation.

-- 
The OpenBSD Journal - http://www.undeadly.org

Re: Texas Tea (Testing)

[Owain Ainsworth]

On Sun, Apr 25, 2010 at 06:37:42PM -0700, J.C. Roberts wrote:
 On Sun, 25 Apr 2010 23:55:35 +0100 Owain Ainsworth
 zer...@googlemail.com wrote:
 
  On Sun, Apr 25, 2010 at 05:27:26PM -0500, Chris Bennett wrote:
   I am glad to see someone else agreeing that rm-ing xenocara and
   getting it again is a good choice.
   I had to build a few debugging versions and I found the instructions
   for getting it clean to use again extremely confusing.
   I was concerned I would get it wrong and mess everything new up.
  
  To get a completely clean tree with nothing unrecognised by cvs,
  assuming that no files known by cvs are corrupted (do not do this if
  you have testing drivers in the tree that are not related to cvs). If
  it breaks, you keep the pieces.
  
  $ cvs up | grep ^\? | tr -d '\?' | xargs rm -rf
  $ cvs up # just in case 
  
  Those who are better at awk than I could come up with something
  shorter, I bet.
 
 For me at least, the problem is not 'unrecognized' files, instead it is
 *modified* files. With XENOCARA_RERUN_AUTOCONF=Yes set in mk.conf,
 half the damn tree is molested by gnu autoshit resulting supposedly
 modofied files.
 
 Since the `cvs up -C` flag is currently broken in both gnu cvs and
 opencvs (BUG: user/6363 -- copies modified files rather than moving
 them out of the way and fetching a fresh copy from cvs, resulting in
 a merge M rather than U update/fetch of the now missing file), there
 is no way to simply overwrite the modified files.
 
 Anyhow, whether or not '-C' works, you'd still be refetching half (or
 more) of the xenocara tree since a vast portion of it is gnu autoshit
 files which have been modified.
 
 As for building a lot quicker by not setting XENOCARA_RERUN_AUTOCONF,
 well, then you would not be testing to make sure gnu autoshit is still
 working properly. In short, it's a no-win situation.

I leave it turned off unless there's a new driver I am playing with.
Then I turn it on for that driver build and that one only.

Regenning configure really buys you nothing.

-0-
-- 
A lack of leadership is no substitute for inaction.

Re: Source Overview

[Adam M. Dutko]

I've started the list at http://openbsdsupport.org/todo and have taken what
was posted during our conversation(s) on that list.  I will look for others
and will be happy to post links given to me for others.

Thank you for the account Daniel.

Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Hi,

This is the only mailing I will do on this subject, but if you do have a 
OpenBSD specific users group meeting anywhere in the world, could/would 
you send me a very quick short details about it?


Nothing more then

city
state or province
country
usual meeting date
URL if any and if not, fell free to send a short blurb about it's 
locations and all so that users many find it.


Or even just the URL of a site for it is fine.

Send it off list to me if preferable as to not pollute this list here, 
or to the list if that's any good. Use your best judgment on this.


May be nice to collect this information and make it available so that 
users may find locations where they might go to share knowedge and 
interests on their favorite OS.


Sorry, I am not interested in Linux and the like. No offense intended.

OpenBSD only please.

It will be here:

http://openbsdsupport.org/ugs/

Adam Dutko offer to help me collect the details and hopefully make 
something good out of it. If not, then sorry for the noise and just 
ignore me.


Thanks

Daniel

Re: Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Actually there is a very good list here:

http://www.openbsd.org/groups.html

Sorry for the noise!

Re: Regular OpenBSD users group meeting location anyone?

[Otto Moerbeek]

On Mon, Apr 26, 2010 at 12:53:45AM -0400, Daniel Ouellet wrote:

 Hi,
 
 This is the only mailing I will do on this subject, but if you do
 have a OpenBSD specific users group meeting anywhere in the world,
 could/would you send me a very quick short details about it?

Why duplicate the effort?

Please just link to http://www.openbsd.org/groups.html and ask people
to send updates to us.

-Otto

 
 Nothing more then
 
 city
 state or province
 country
 usual meeting date
 URL if any and if not, fell free to send a short blurb about it's
 locations and all so that users many find it.
 
 Or even just the URL of a site for it is fine.
 
 Send it off list to me if preferable as to not pollute this list
 here, or to the list if that's any good. Use your best judgment on
 this.
 
 May be nice to collect this information and make it available so
 that users may find locations where they might go to share knowedge
 and interests on their favorite OS.
 
 Sorry, I am not interested in Linux and the like. No offense intended.
 
 OpenBSD only please.
 
 It will be here:
 
 http://openbsdsupport.org/ugs/
 
 Adam Dutko offer to help me collect the details and hopefully make
 something good out of it. If not, then sorry for the noise and just
 ignore me.
 
 Thanks
 
 Daniel

Re: Regular OpenBSD users group meeting location anyone?

[Jorge Castillo]

There is already a page with that information at the OpenBSD website.

http://www.openbsd.org/groups.html

 Date: Mon, 26 Apr 2010 00:53:45 -0400
 From: dan...@presscom.net
 To: misc@openbsd.org
 Subject: Regular OpenBSD users group meeting location anyone?

 Hi,

 This is the only mailing I will do on this subject, but if you do have a
 OpenBSD specific users group meeting anywhere in the world, could/would
 you send me a very quick short details about it?

 Nothing more then

 city
 state or province
 country
 usual meeting date
 URL if any and if not, fell free to send a short blurb about it's
 locations and all so that users many find it.

 Or even just the URL of a site for it is fine.

 Send it off list to me if preferable as to not pollute this list here,
 or to the list if that's any good. Use your best judgment on this.

 May be nice to collect this information and make it available so that
 users may find locations where they might go to share knowedge and
 interests on their favorite OS.

 Sorry, I am not interested in Linux and the like. No offense intended.

 OpenBSD only please.

 It will be here:

 http://openbsdsupport.org/ugs/

 Adam Dutko offer to help me collect the details and hopefully make
 something good out of it. If not, then sorry for the noise and just
 ignore me.

 Thanks

 Daniel


_
Hotmail: Trusted email with Microsofts powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969

Re: Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Why duplicate the effort?

Please just link to http://www.openbsd.org/groups.html and ask people
to send updates to us.

-Otto


You are 100% right. It's just not my day today!

I was looking for it and find it a but later then sending my email. 
Might be a good idea to add the link to it from the front page may be.


Just an idea, but fell free to ignore me.

I need to go get some sleep and stop making a foll of myself...

Daniel