date:20070226


*** Error code 1

Stop in /usr/ports/databases/clip.
[EMAIL PROTECTED] /usr/ports/databases/clip]# exit

Script done on Sun Feb 25 23:57:04 2007


Basically it (gcc/gmake) are looking for headers / definitions that don't 
exist in the included files.


Please submit the information included above and the configuration script 
output to the port maintainer.

-Garrett


already did

http://www.freebsd.org/cgi/query-pr.cgi?pr=109485

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP


I am using the default FreeBSD IMAP server in FreeBSD.  It works great with


what's the default FreeBSD IMAP server? i don't remember IMAP in base 
FreeBSD distro?



thunderbird, but Outlook is not able to log in even though I have Secure 
Authentication checked.  Any ideas?


no idea. with dovecot all imap clients work, both with and without 
ssl.


anyway - outlook doesn't work well anytime, especially with imap. simply 
don't use it, thunderbird for windows works good with imap.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP


*Not* off-topic, the context being how best to configure Outlook
for use with FreeBSD IMAP.  One hopes something more secure than
plain-text passwords can be made to work.

My answer is Don't use Outlook.  For anything.  Period.


as my answer. i have ca 500 users in my networks (mostly one), outlook 
users always have problems, and i always answer that they like problems 
and use outlook.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf and keep/modulate state on 6.2

2007-02-26 Thread J.D. Bronson


At 02:52 AM 02/26/2007, you wrote:

Wow, this fixed my FTP-over-DSL-to-6.2 problem too. With modulate
state, I was getting ~30K/sec. With just keep state, I'm now getting
more like what my connection is capable of. This is between two 6.2
hosts on opposite sides of the Atlantic.

Ted, I use pf because I like the format of the configuration file, I
like the logging and pftop, and like how it's harder to lock yourself
out of a remote machine by accident :)

/JMS


I use pf since its newer (I think?) and I came from openbsd..pf just 
works and the config file is nice and sweet.


I had thought that modulate state would put a load on my proc, but 
sheesh, its a p4-3.06 - thats more than robust for a router.


I wonder if we should file a bug on this?

I am glad my post helped here. I still use modulate state for any 
INCOMING connections though (www/smtp/etc).


-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: kernel panic at boot on any 6.x OS

2007-02-26 Thread Ted Mittelstaedt

- Original Message - 
From: Joe Auty [EMAIL PROTECTED]
To: Ted Mittelstaedt [EMAIL PROTECTED]
Cc: Daan Vreeken [PA4DAN] [EMAIL PROTECTED]; Kip Macy
[EMAIL PROTECTED]; freebsd-questions@freebsd.org;
freebsd-hackers@freebsd.org
Sent: Sunday, February 25, 2007 10:39 PM
Subject: Re: kernel panic at boot on any 6.x OS

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On Feb 25, 2007, at 7:56 PM, Ted Mittelstaedt wrote:

  - Original Message -
  From: Joe Auty [EMAIL PROTECTED]
  To: Daan Vreeken [PA4DAN] [EMAIL PROTECTED]
  Cc: Kip Macy [EMAIL PROTECTED]; freebsd-questions@freebsd.org;
  freebsd-hackers@freebsd.org
  Sent: Sunday, February 25, 2007 8:14 AM
  Subject: Re: kernel panic at boot on any 6.x OS

  Any idea how this could have happened after disabling everything in
  my /etc/loader.conf, and simply running a:

  make buildworld
  make buildkernel KERNCONF=myconfig
  make installkernel KERNCONF=myconfig

  well your supposed to do this single-user, run mergemaster and a
  few other
  things.
  I also don't see a make installworld.

 I usually perform those steps after I've rebooted to ensure that my
 system will boot off the new kernel, as per the instructions in the
 FreeBSD handbook.

  Joe, please try booting from a 6.2-release install ISO.  If it
  works without
  panicing,
  then you did something wrong during the upgrade.

 Downloading the image now, I'll let you know if I'm able to boot from
 it...

  Since by your own admission your not an expert, you would be well
  advised
  to simply back up your files the old fashioned way, reformat your
  hard disk,
  install from a 6.2 boot ISO, then restore your files.  Leave the fancy
  in-place
  updating to someone else.  It's a big PIA and doesen't work half
  the time
  anyway.

 How well does simply upgrading with the CD work (as opposed to wiping
 clean)? I've upgraded several times to new releases simply by
 rebuilding world, it has never failed me in the past. I don't doubt
 what you are saying here, but since I will have to change how I work,
 assuming that I can boot off of the 6.2 CD, I'd appreciate any
 general upgrade tips that don't involve wiping the disk clean (which
 is not really an option).

If wiping the disk really isn't an option then you have one or more of the
following
problems:

1) Production system with a lack of hardware spares

2) inadequate backup plan and execution.

People who state that wiping the disk isn't an option are screaming
at the top of their lungs for the hardware gremlins to explain what MTBF is
all about.

The gremlins will visit you, I guarentee.  And they always pick the very
best
times for it too.  I just hope (if this is your workplace) that your job
survives.

 For instance, is rebuilding world between point releases (e.g. 5.4 to
 5.5) an okay idea, compared to across major releases (e.g. 5.5 to 6.2)?

 I'll do my own homework regarding this too, but I appreciate any
 nuggets of wisdom you might have! As far as me being an expert, I
 guess I'd categorize me somewhere in between complete newb and
 FreeBSD developer =)

The problem is that all of the ports and packages that you put on a server
change from release to release.  The developers of openssl, for example,
don't give a tinkers damn about how FreeBSD's upgrade process works,
when they are making changes in their code.

I run a number of FreeBSD servers and what I do is simply keep them patched
with security updates.  Every once in a while a security hole will be
discovered in a non-core program and if it's serious enough I'll go into the
port
and do a make deinstall followed by downloading and compiling the program
the old fashioned way  I shoot for a min of 3 years on the OS before even
thinking about updating, and when it's time to update the hardware has
generally reached the old rag stage anyway.

Ted

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Client host rejected: cannot find your hostname

2007-02-26 Thread justinsc

 
 
I get a messages from mx1.freebsd.org:
450 4.7.1 Client host rejected: cannot find your hostname,
[80.126.252.247]
Seems that the soa file of justnosweat.net is not on the dns server, I
get the root server.


I did a dig on the  name server of freebsd dig @NS1.IAFRICA.COM
justnosweat.net any.
What`s the problem
 
 
;  DiG 9.3.2  @NS1.IAFRICA.COM justnosweat.net any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 20111
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
 
;; QUESTION SECTION:
;justnosweat.net.   IN  ANY
 
;; AUTHORITY SECTION:
net.164187  IN  NS  f.gtld-servers.net.
net.164187  IN  NS  k.gtld-servers.net.
net.164187  IN  NS  g.gtld-servers.net.
net.164187  IN  NS  d.gtld-servers.net.
net.164187  IN  NS  b.gtld-servers.net.
net.164187  IN  NS  j.gtld-servers.net.
net.164187  IN  NS  e.gtld-servers.net.
net.164187  IN  NS  m.gtld-servers.net.
net.164187  IN  NS  h.gtld-servers.net.
net.164187  IN  NS  l.gtld-servers.net.
net.164187  IN  NS  c.gtld-servers.net.
net.164187  IN  NS  i.gtld-servers.net.
net.164187  IN  NS  a.gtld-servers.net.
 
;; ADDITIONAL SECTION:
f.gtld-servers.net. 147753  IN  A   192.35.51.30
k.gtld-servers.net. 147753  IN  A   192.52.178.30
g.gtld-servers.net. 147753  IN  A   192.42.93.30
d.gtld-servers.net. 147753  IN  A   192.31.80.30
b.gtld-servers.net. 147749  IN  A   192.33.14.30
j.gtld-servers.net. 147753  IN  A   192.48.79.30
e.gtld-servers.net. 147753  IN  A   192.12.94.30
m.gtld-servers.net. 147753  IN  A   192.55.83.30
h.gtld-servers.net. 147749  IN  A   192.54.112.30
l.gtld-servers.net. 147753  IN  A   192.41.162.30
c.gtld-servers.net. 147749  IN  A   192.26.92.30
i.gtld-servers.net. 147753  IN  A   192.43.172.30
a.gtld-servers.net. 147753  IN  A   192.5.6.30
b.gtld-servers.net. 147749  IN  2001:503:231d::2:30
 
;; Query time: 397 msec
;; SERVER: 196.7.0.139#53(196.7.0.139)
;; WHEN: Mon Feb 26 13:34:01 2007
;; MSG SIZE  rcvd: 490
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Quanta+ freezes after upgrading

2007-02-26 Thread dgmm

On Monday 26 February 2007 05:32, Rico Secada wrote:
 Since I upgraded KDE to 3.5.5 Quanta+ always freezes when I try to start it
 up. It doesn't do anything. No errors, just a freeze, and a CPU usage of
 97%.

 Has anyone else experienced problems with Quanta+ since KDE 3.5.5?


No, as I've not upgraded yet, but to help those who might be able to help you, 
open a shell window and run quanta from there so you can see all the output 
as the program loads up.  Odds are you'll see it stuck in a loop of some kind 
looking for files or trying to find backups.


-- 
Dave
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pf and keep/modulate state on 6.2

2007-02-26 Thread RW

On Mon, 26 Feb 2007 05:59:58 -0600
J.D. Bronson [EMAIL PROTECTED] wrote:

 At 02:52 AM 02/26/2007, you wrote:
 Wow, this fixed my FTP-over-DSL-to-6.2 problem too. With modulate
 state, I was getting ~30K/sec. With just keep state, I'm now getting
 more like what my connection is capable of. This is between two 6.2
 hosts on opposite sides of the Atlantic.
 
 Ted, I use pf because I like the format of the configuration file, I
 like the logging and pftop, and like how it's harder to lock yourself
 out of a remote machine by accident :)
 
 /JMS
 
 I use pf since its newer (I think?) and I came from openbsd..pf just 
 works and the config file is nice and sweet.
 
 I had thought that modulate state would put a load on my proc, but 
 sheesh, its a p4-3.06 - thats more than robust for a router.
 
 I wonder if we should file a bug on this?
 
 I am glad my post helped here. I still use modulate state for any 
 INCOMING connections though (www/smtp/etc).

I wonder how much point there is in using modulate these days. The ISN
vulnerabilties it protects against were fixed a long time ago -  we're
talking about unpatched Windows NT/9X machines and the like. 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Having trouble with viewvc package.

2007-02-26 Thread mal content


Hi.

I'm trying to create a binary package of viewvc that can be installed on
my web server. The port, however, seems to create a package with
the wrong dependency information.

I've tried various combinations of 'make package' and 'make package-
recursive' but I always end up with a package that does this:

# pkg_add viewvc*
pkg_add: could not find package python24-2.4.3_3 !
pkg_add: could not find package gdbm-1.8.3_3 !
pkg_add: could not find package apr-db42-1.2.7_1 !
pkg_add: could not find package python24-2.4.3_3 !
pkg_add: could not find package gdbm-1.8.3_3 !
pkg_add: could not find package apr-db42-1.2.7_1 !
pkg_add: autoload of dependency '/home/mc/subversion-python-1.4.3.tbz' failed!

Basically, it looks like the wrong packages are created. Where I should
get 'apr-db42', I actually get 'apr-db42-gdbm' or something similar, which
pkg_add then refuses to use. I've tried forcing with the '-f' flag, but I
don't like the potential future consequences of doing that, I'd like it
to work properly...

any ideas?
MC
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: microphone and FreeBSD 6.2

2007-02-26 Thread Pietro Cerutti


On 2/26/07, Charlie  Root [EMAIL PROTECTED] wrote:

the microphone does not work at all

dev.pcm.0.%desc: ATI SB450 High Definition Audio Controller
dev.pcm.0.%driver: pcm
dev.pcm.0.%location: slot=20 function=2 handle=\_SB_.PCI0.AZAL
dev.pcm.0.%pnpinfo: vendor=0x1002 device=0x437b subvendor=0x8086
subdevice=0xd60
1 class=0x040300
dev.pcm.0.%parent: pci0
dev.pcm.0.wake: 0
dev.pcm.0.buffersize: 16384
dev.pcm.0.vchans: 4
dev.pcm.0.vchanrate: 48000
dev.pcm.0.vchanformat: s16le
dev.pcm.0.polling: 0


Mixer vol  is currently set to  76:75
Mixer pcm  is currently set to  69:69
Mixer line is currently set to  75:75
Mixer mic  is currently set to  84:84
Mixer cd   is currently set to  75:75
Mixer rec  is currently set to  86:86
Recording source: vol


pcm0: HDA Codec: Realtek ALC883
pcm0: HDA Driver Revision: 20070105_0038pcm0: unregister: channel
pcm0:virtual:0:dsp0.v0 busy (pid 929)

Help me please.


Please, try out the latest patchset from Ariff:
http://people.freebsd.org/~ariff/


--
Pietro Cerutti

- ASCII Ribbon Campaign -
against HTML e-mail and
proprietary attachments
  www.asciiribbon.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Steve Bertrand

anyway - outlook doesn't work well anytime, especially with imap. simply 
don't use it, thunderbird for windows works good with imap.


This is not as feasible as stated. Changing 500 users from Outlook to 
something they have likely never seen is always a nightmare, even if the 
subtleties are small.


Try explaining that to upper management...uh, we are getting rid of 
your Outlook, as well as everyone elses because our server won't work 
with it. It should only take an hour per user to transfer everything 
over to the new software, and most users will experience data loss 
because not all parts are transferable. In short, it would cost less to 
install Exchange than it would to migrate, train and re-create data for 
that many users.


To the OP...have you checked the log files on the server to check for 
errors? I have numerous Outlook and OE users who use IMAP over SSL, and 
SMTP Auth on port 587 (again with SSL). We do not use SPA. We use 
courier-imap and qmail, and have vpopmail managing the multiple domains.


Almost all of our domains have to use their full email address as 
username. I have seen before however, that sometimes Outlook will try to 
append their domain to the username (eg: [EMAIL PROTECTED] or 
something similar) so the problem may rest there.


Depending on what IMAP server you use, the log file may be 
/var/log/maillog. It should give you an idea of where to start looking.


Steve


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Bill Moran

In response to Steve Bertrand [EMAIL PROTECTED]:

  anyway - outlook doesn't work well anytime, especially with imap. simply 
  don't use it, thunderbird for windows works good with imap.

I've got to say, I don't know where this is coming from.

We have a menagerie of IMAP clients here, and probably 10% of them are
Outlook, and we don't have any more trouble with the Outlook clients than
any other clients.

We use Cyrus.  Perhaps that's saying something in Cyrus' favor?

-- 
Bill Moran
Collaborative Fusion Inc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Client host rejected: cannot find your hostname

2007-02-26 Thread Vince

Well locally to me, your reverse resolves to justnosweat.net, but
justnosweat.net does not have a DNS entry.Based on that I'd suggest you
 either create an A record for justnosweat.net with data 80.126.252.247
or change the reverse DNS for 80.126.252.247 to be mail.justnosweat.net.

Vince

justinsc wrote:
  
  
 I get a messages from mx1.freebsd.org:
 450 4.7.1 Client host rejected: cannot find your hostname,
 [80.126.252.247]
 Seems that the soa file of justnosweat.net is not on the dns server, I
 get the root server.
 
 
 I did a dig on the  name server of freebsd dig @NS1.IAFRICA.COM
 justnosweat.net any.
 What`s the problem
  
  
 ;  DiG 9.3.2  @NS1.IAFRICA.COM justnosweat.net any
 ; (1 server found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 20111
 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
  
 ;; QUESTION SECTION:
 ;justnosweat.net.   IN  ANY
  
 ;; AUTHORITY SECTION:
 net.164187  IN  NS  f.gtld-servers.net.
 net.164187  IN  NS  k.gtld-servers.net.
 net.164187  IN  NS  g.gtld-servers.net.
 net.164187  IN  NS  d.gtld-servers.net.
 net.164187  IN  NS  b.gtld-servers.net.
 net.164187  IN  NS  j.gtld-servers.net.
 net.164187  IN  NS  e.gtld-servers.net.
 net.164187  IN  NS  m.gtld-servers.net.
 net.164187  IN  NS  h.gtld-servers.net.
 net.164187  IN  NS  l.gtld-servers.net.
 net.164187  IN  NS  c.gtld-servers.net.
 net.164187  IN  NS  i.gtld-servers.net.
 net.164187  IN  NS  a.gtld-servers.net.
  
 ;; ADDITIONAL SECTION:
 f.gtld-servers.net. 147753  IN  A   192.35.51.30
 k.gtld-servers.net. 147753  IN  A   192.52.178.30
 g.gtld-servers.net. 147753  IN  A   192.42.93.30
 d.gtld-servers.net. 147753  IN  A   192.31.80.30
 b.gtld-servers.net. 147749  IN  A   192.33.14.30
 j.gtld-servers.net. 147753  IN  A   192.48.79.30
 e.gtld-servers.net. 147753  IN  A   192.12.94.30
 m.gtld-servers.net. 147753  IN  A   192.55.83.30
 h.gtld-servers.net. 147749  IN  A   192.54.112.30
 l.gtld-servers.net. 147753  IN  A   192.41.162.30
 c.gtld-servers.net. 147749  IN  A   192.26.92.30
 i.gtld-servers.net. 147753  IN  A   192.43.172.30
 a.gtld-servers.net. 147753  IN  A   192.5.6.30
 b.gtld-servers.net. 147749  IN  2001:503:231d::2:30
  
 ;; Query time: 397 msec
 ;; SERVER: 196.7.0.139#53(196.7.0.139)
 ;; WHEN: Mon Feb 26 13:34:01 2007
 ;; MSG SIZE  rcvd: 490
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ffmpeg build fails

2007-02-26 Thread Lowell Gilbert

Andriy Babiy [EMAIL PROTECTED] writes:

 I found the header file in /usr/src/sys/sys directory. Actually, the 
 content of the folders looks the same. I'm not sure why the file was 
 missing in the /usr/include/sys.

Note that this means your system is installed improperly; soundcard.h
should definitely be in /usr/include/sys.  Now would be a good time to
do a periodic upgrade -- who knows what else you are missing...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ipfw questions

2007-02-26 Thread Curby


Thanks for the replies!

On 2/25/07, Andrew Pantyukhin [EMAIL PROTECTED] wrote:

On 2/25/07, Curby [EMAIL PROTECTED] wrote:
If you don't forward packets, then it's not very different,
packets for not me are gonna get dropped anyway right
after the firewall.


Thanks!  I think I found a case where to all is preferable over to me.
Since SMB seems to like broadcasting things, I'm allowing like the
following instead of to me:

allow udp from any 137,138 to any in keep-state

I guess I could write a rule with to me and another with the
broadcast address of my subnet, but this is simpler. =)


There are a lot of complicated/illegal configurations
when verrevpath shoots you in the foot. Keeping rules
simple and stupid will save you a lot of headache in
the end.


I'll keep that in mind as I go forward.  I'm interested in trying to
do traffic control and NAT via hand-written configurations. =)

On 2/26/07, Nikos Vassiliadis [EMAIL PROTECTED] wrote:

Most ready-to-use rulesets will have such generalizations. It's not
much of a difference, you can't say they are wrong and since you know
exactly what you want to achieve, it's up to you to change them to
fit perfectly your situation...


Yeah, I wasn't really asking about the default/policy rule so much as
asking for opinions on to me vs to all for service-related rules,
like:

allow tcp from any to me 22 in keep-state

As I found out, troublesome UDP protocols sometimes send to
multicast/broadcast addresses so that might be a reason for to all.


I don't know about Mac but on FreeBSD they are redundant anyway.
The TCP/IP stack denies packets from/to 127/8 coming from a wire,
and it also denies sending packets to/from 127/8 down to a wire.


Thanks for the notes about the multicast address space.

I guess I'll just try to keep the ruleset simple and compact, then
tweak as I go.  Thanks!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Fw: FIN_WAIT_2

2007-02-26 Thread Grant Peel


Hi All,

I have done some research ...

It appears that inn certain conditions, when the 
net.inet.ip.fw.dyn_keepalive=1 (sysctl), remote clients or other servers may 
not respond, and a new rule or dynamic rule is setup. turning this to 0 
seemed to help.


The effect (of having net.inet.ip.fw.dyn_keepalive=1) is that over time, 
hundreds of FIN_WAIT_2 tcp states occure. With some software, (vm-pop3d), it 
runs out of sockets, and I suspect the daemon does not know how to hadle 
this.


So do a:

sysctl net.inet.ip.fw.dyn_keepalive=0

and in about 10 minutes all FIN_WAIT_2 's dissappear. (well almost all).

I expect it virtually shut down dynamic rules too in ipfw, but I have been 
reading more and more that people are saying don't use dynamics on a busy 
site. Anyone care to comment.


-Grant
- Original Message - 
From: Tek Bahadur Limbu [EMAIL PROTECTED]

To: Grant Peel [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Sent: Sunday, February 25, 2007 8:53 AM
Subject: Re: Fw: FIN_WAIT_2



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 25 Feb 2007 05:23:20 -0500
Grant Peel [EMAIL PROTECTED] wrote:


 my problem is that so many of my vm-pop3d processes get in that
state that semi-frequently, we get locked out of downloading email.

 I kill all the vm-pop3d processes then we have to wait for all the
 FIN_WAIT_2 to die befor i can restart the vm-pop3d process.

 If I try to start vm-pop3d before all the FIN_WAIT_2 sockets die, I
get a 'Can't bind to port error.

 When I do the lsof thing it shows no files or processes connected to
that port, or socket.


Hi Grant,

I also seem to getting the same problem as yours except that my server
is a Squid proxy running on FreeBSD 6.0. Using

netstat -an | grep tcp | awk '{print $6}' | sort | uniq -c

gives the following:

23 CLOSE_WAIT
  9 CLOSING
3955 ESTABLISHED
3342 FIN_WAIT_1
2604 FIN_WAIT_2
 49 LAST_ACK
  15 LISTEN
 16 SYN_SENT
 148 TIME_WAIT

Then I start to get the following in my squid logs:

2007/02/25 17:10:37| comm_open: socket failure: (55) No buffer space
available

I tried by setting the variable net.inet.ip.fw.dyn_keepalive=0 but it
didn't help that much.

It is only after I stop Squid for about 20-30 seconds and restart it,
will the number of connections start to drop.

I think that the best way to tackle this problem is by using a firewall
to rate-limit the number of connections per IP per time.




 -Grant

 - Original Message - 
 From: Christian Walther [EMAIL PROTECTED]

 To: Grant Peel [EMAIL PROTECTED]
 Cc: freebsd-questions@freebsd.org
 Sent: Saturday, February 24, 2007 9:53 AM
 Subject: Re: FIN_WAIT_2


 On 24/02/07, Grant Peel [EMAIL PROTECTED] wrote:
 Hi all,

 Just wondering if anyone has found / knows of a way to kill
 sockets that are stuck in FIN_WIAT_2 state - without rebooting
 the server.

 When I kill the processes (in this case the pop3 server) that
 allows the connection, it still takes about 3 hours for the
 socket to time out and die.

 What is your problem with sockets being in this state? Normaly they
 don't consume any resources that would lead to performance
 problems. As you say, they die eventually.
 Sockets in this state are no problem, it's just that the client
 failed to sent the last ACK to the server, which would finally
 close the communication.




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]




- -- 



With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFF4ZTAVrOl+eVhOvYRAmWsAJ48mBKXDDYPIB+9Whgq2kl51JvIvACdHvR/
T73CpykghiHwlVZ4yCKxJE0=
=UDbN
-END PGP SIGNATURE-




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Garrett Cooper


Steve Bertrand wrote:
anyway - outlook doesn't work well anytime, especially with imap. 
simply don't use it, thunderbird for windows works good with imap.


This is not as feasible as stated. Changing 500 users from Outlook to 
something they have likely never seen is always a nightmare, even if the 
subtleties are small.


Try explaining that to upper management...uh, we are getting rid of 
your Outlook, as well as everyone elses because our server won't work 
with it. It should only take an hour per user to transfer everything 
over to the new software, and most users will experience data loss 
because not all parts are transferable. In short, it would cost less to 
install Exchange than it would to migrate, train and re-create data for 
that many users.


To the OP...have you checked the log files on the server to check for 
errors? I have numerous Outlook and OE users who use IMAP over SSL, and 
SMTP Auth on port 587 (again with SSL). We do not use SPA. We use 
courier-imap and qmail, and have vpopmail managing the multiple domains.


Almost all of our domains have to use their full email address as 
username. I have seen before however, that sometimes Outlook will try to 
append their domain to the username (eg: [EMAIL PROTECTED] or 
something similar) so the problem may rest there.


Depending on what IMAP server you use, the log file may be 
/var/log/maillog. It should give you an idea of where to start looking.


Steve


I honestly do think that MS Outlook complies as well as other IMAP 
clients, just like MS and their IE browser _...


For example, the University of Washington has the following for their 
email client page: 
http://www.washington.edu/computing/email/programs.html#configuring , 
and if you note the location of outlook (the bottom) along with the 
information we don't support this, then maybe you get a hunch about 
how usable Outlook is with IMAP.


The UW uses uw-imap (whatever the latest version is) because they 
develop that mailserver.


I'd look at the directions a bit though, see what's going on, but yes 
authentication does work with SSL/TLS, and it works well from what I can 
understand. Otherwise other depts (like the one I was working for at the 
UW) would complain about not being to use Outlook, unless it was 
Exchange related.


-Garrett
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread chris

  How do I use the Cram-MD5 passwords with Outlook?
  Or do I have to go plain text?

 Off-topic for FreeBSD-Questions but I don't believe
 Outlook supports CRAM-MD5 out of the box.

 *Not* off-topic, the context being how best to configure Outlook
 for use with FreeBSD IMAP.  One hopes something more secure than
 plain-text passwords can be made to work.

 My answer is Don't use Outlook.  For anything.  Period.
 but the OP may be stuck with it for some reason.


Thank You, if I was talking about Anna Nichole Smith or something, that
would be *OFF* topic. ;o).

I am stuck with outlook if I want to synch my PDA phone to my e-mail.  It
seems to work ok with gmail pop3.  Maybe I can just have sendmail foreward
a copy of all my mail to gmail.

Thanks Guys,

Chris Maness


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Josh Tolbert

On Mon, Feb 26, 2007 at 07:16:58AM -0800, [EMAIL PROTECTED] wrote:
   How do I use the Cram-MD5 passwords with Outlook?
   Or do I have to go plain text?
 
  Off-topic for FreeBSD-Questions but I don't believe
  Outlook supports CRAM-MD5 out of the box.
 
  *Not* off-topic, the context being how best to configure Outlook
  for use with FreeBSD IMAP.  One hopes something more secure than
  plain-text passwords can be made to work.
 
  My answer is Don't use Outlook.  For anything.  Period.
  but the OP may be stuck with it for some reason.
 
 
 Thank You, if I was talking about Anna Nichole Smith or something, that
 would be *OFF* topic. ;o).
 
 I am stuck with outlook if I want to synch my PDA phone to my e-mail.  It
 seems to work ok with gmail pop3.  Maybe I can just have sendmail foreward
 a copy of all my mail to gmail.
 
 Thanks Guys,
 
 Chris Maness

I run imap-uw. Outlook 2003 works just fine with my mail server. However, I
haven't been able to get Outlook 2002 to work properly. Outlook Express also
works fine for me.

My (quite popular) page about running both sendmail and imap-uw with SSL/TLS
and authentication can be found here:
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html. The page states
that one of the goals of the described mail setup is compatibility with
Microsoft e-mail clients.

Thanks,

Josh
-- 
Josh Tolbert
[EMAIL PROTECTED]  ||  http://www.puresimplicity.net/~hemi/

Security is mostly a superstition. It does not exist in nature, nor
do the children of men as a whole experience it. Avoiding danger
is no safer in the long run than outright exposure. Life is either
a daring adventure, or nothing.
-- Helen Keller
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: input/output error on hd

2007-02-26 Thread Jerry McAllister

On Mon, Feb 26, 2007 at 04:49:46PM +1100, Ian Smith wrote:

 On Sun, 25 Feb 2007, Jerry McAllister wrote:
   On Sun, Feb 25, 2007 at 10:38:01AM -0500, Marty Landman wrote:
   
On 2/24/07, Jerry McAllister [EMAIL PROTECTED] wrote:


Well, I think you are past any label problems now and on to the
bad sectors and/or finding superbocks.Although I am not quite clear
from above what resulted in the 'INCOMPLETE LABEL...'  message.


Ok then, can you point me to somewhere that can learn about superblocks 
 and
give me an idea of what to do next? 
   
   Most of what I figured out several years ago (and have essentially
   forgotten since) came from the handbook and something I found by
   searching the web that gave the layout of blocks and chains.  I would
   have to go back searching again.
 
 Failing someone who actually knows what they're talking about re UFS
 structures chipping in to this discussion, all I can offer in addition
 is what my own exploration of manuals and a bit of googling turned up .. 
 
 Firstly, Marty, you should run dumpfs(8) on your ad1s1a.  With the -m
 switch, this produces a single line suitable for feeding into newfs with
 all parameters, and is probably worth saving for all slices in case of
 any subsequent emergencies.  I've just done that for mine, anyway, along
 with fdisk and boot0cfg -v output, and bsdlabel output for UFS slices. 

Yes.  Good call.
I couldn't think of the dumpfs command the other evening when
I was writing, but that is the place to start.   Definitely run
that output to a file.   It will take some learning to understand
how to follow it out.   There are tables somewhere that tell what
each of those things mean and what fields to look in in the raw
data to find each thing - and to write it back if that is what you
will want to do.

Note that it will tell you in the first line if your filesystem if UFS2
or something else.

Good luck - maybe if you are successful, you can write a paper on it
and post it to a web page somewhere.   I probably should have way back
when and then I would remember more now.

jerry

 
 Without the -m switch, feed the output to a file, or less, as it's very
 voluminous.  For a 240GB drive, it'll likely be huge.  However the data
 at the head is probably what's needed, though I can't make much of it.
 
 This post by Ian Dowse explains how to compute where the superblocks
 are, for a quoted example dumpfs: http://noc.caravan.ru/faq/SBLOCK.html
 
 Note however that Ian is talking about UFS1 (where the superblock offset
 was 32) but if you consult fsck_ffs(8) you'll see (under -b) that for
 UFS2, which you almost certainly would have used, it's at 140 .. I
 gather that's the offset from the start of each cylinder group?
 
 
  Also assuming my bad sectors really are
totally bad, wouldn't fsck allow me to mark them as unusable and move on?
   
   No, fsck does not do that.   Marking blocks bad happend below the
   level of the OS - generally in the disk controller itself.   It remaps
   sectors until it runs out of spares and when it runs out, it starts
   reporting unrecoverable errors.   This is not even reported to the OS
   until it runs out of spares.
   
   The only thing you can do with those bad sectors is to try and figure 
   out if any of them are superblocks.  If they are, you can probably
   rebuild it from other superblock clones.   If it is not, it is probably
   lost data.  In that case try to overwrite the bad sector.  If that 
   works, then the sector itself is OK, but the data that was there is
   gone.   If it doesn't work, then it is bad and there is a good chance
   that more than data got nuked in the power failure - eg, it damaged
   the disk or controller in some way.
 
 Seeing if fsck_ffs will use any discovered alternate superblocks would
 be the first step, and if so, whether that helps to get it mounted.  I'd
 certainly be careful to mount it read-only before trying data recovery! 
 
 Since Marty has already been bravely using dd :) rewriting those sectors
 should be easy enough, bearing in mind the apparent off-by-one numbering
 difference between the sectors dd found bad and those fsck reported bad.
 
   But, the next thing seems to be learning about how to follow the file
   chains and how to find and read and write superblocks.  Alternatively
   you can decide it isn't worth the effort to recover and try and write
   over the drive completely - just totally trash it - and see if those
   bad sectors will write.  If you did that, then you would have to rebuild 
   the slice and partition table and do a newfs before you could again
   use the drive and everything previously on it would be lost.
 
 Well if a dd rewriting those specific contiguous sectors failed, I doubt
 that newfs would do any better, so the dd is definitely worth a try, but
 I wouldn't write anything further to the fs until all else has failed.
 
   Good luck.
 
 I can only echo that,

Re: services file question

2007-02-26 Thread Lowell Gilbert

Steel City Phantom [EMAIL PROTECTED] writes:

 I have been trying to figure out an issue with my newest bsd server.
 i am trying to get jboss to run but nothing outside of the local
 machine can access it.  i have been working on this for a while and
 am completely out of ideas except for one, but i need a little
 information before i start playing

 according to tcpdump when another machine goes to ip:8080 to access
 jboss, the packet does not even reach the box.  all i can think of
 next is the services file.  in order for bsd to allow traffic on a
 specific port, does it have to be listed in the services file?

No.

Are you running some kind of firewall?  
Does the *other* machine confirm that the packet actually hits the wire?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Paul Schmehl

--On Monday, February 26, 2007 21:55:45 +1300 Juha Saarinen 
[EMAIL PROTECTED] wrote:



On 2/26/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

*Not* off-topic, the context being how best to configure Outlook
for use with FreeBSD IMAP.  One hopes something more secure than
plain-text passwords can be made to work.


Uh, OK.


My answer is Don't use Outlook.  For anything.  Period.
but the OP may be stuck with it for some reason.


Outlook supports SSL and TLS for both IMAP and SMTP if makes a
difference, plus AUTH but I'm not sure if it sets up a tunnel before
sending the plain-text password. Googling seems to indicate otherwise,
but perhaps someone better versed in Outlook can say for sure?


Outlook works just like any other IMAP client.  You can set up SSL or TLS. 
You can change the default port, if you need to.  And yes, it sets up the 
tunnel before exchanging credentials and connecting to one's mailbox.


I don't think there's any way to use CRAMD5, but why would you need to if 
you're already using SSL?


Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Re: Fw: FIN_WAIT_2

2007-02-26 Thread Chuck Swiger


Grant Peel wrote:
[ ... ]

sysctl net.inet.ip.fw.dyn_keepalive=0

and in about 10 minutes all FIN_WAIT_2 's dissappear. (well almost all).

I expect it virtually shut down dynamic rules too in ipfw, but I have 
been reading more and more that people are saying don't use dynamics on 
a busy site. Anyone care to comment.


That's some interesting feedback.  There's probably another tunable for how 
long IPFW dynamic rules are supposed to persist by default.


In answer to your closing remark, I would attempt to configure static rules 
for known-permitted services, especially the most commonly used ones, and rely 
on dynamic rules only for ad-hoc internal traffic, and not for inbound client 
requests.


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cron mystery

2007-02-26 Thread Robin Becker


Can anyone think of something that can stop cron working for a particular user?
I just noticed on one of our 6.1 machines the crontab for a particular user 
wasn't run properly since dec 21. There were hourly and daily jobs, but neither 
seemed to be running.


Looked in var/cron and see no deny or allow files. The user x had an proper 
crontab.

In the end I modified the users crontab and rewrote it

before
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  $HOME/bin/daily
19 * * * *  $HOME/bin/hourly


after
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  /home/user/bin/daily
41 * * * *  /home/user/bin/hourly


and at 41 past the hour the hourly job came back.

Is it the HOME variable or the act of rewriting? User did have home defined in 
/etc/passwd.

--
Robin Becker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cron mystery

2007-02-26 Thread Chuck Swiger


Robin Becker wrote:
[ ... ]

before
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  $HOME/bin/daily
19 * * * *  $HOME/bin/hourly


after
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  /home/user/bin/daily
41 * * * *  /home/user/bin/hourly


and at 41 past the hour the hourly job came back.

Is it the HOME variable or the act of rewriting? User did have home 
defined in /etc/passwd.


I suspect that $HOME isn't being defined as one might expect-- cron provides a 
very minimal shell environment for scripts it runs.


--
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cron mystery

2007-02-26 Thread Robin Becker


Chuck Swiger wrote:

Robin Becker wrote:
[ ... ]

before
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  $HOME/bin/daily
19 * * * *  $HOME/bin/hourly


after
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  /home/user/bin/daily
41 * * * *  /home/user/bin/hourly


and at 41 past the hour the hourly job came back.

Is it the HOME variable or the act of rewriting? User did have home 
defined in /etc/passwd.


I suspect that $HOME isn't being defined as one might expect-- cron 
provides a very minimal shell environment for scripts it runs.


except that I have exactly the same script running on another box with the same 
freeBSD version and that runs things fine. Looking in man 5 crontab seems to 
suggest that SHELL=/bin/sh  HOME, LOGNAME are set from the user passwd entry.

--
Robin Becker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ffmpeg build fails

2007-02-26 Thread Martin Tournoij

On Mon, February 26, 2007 16:00, Lowell Gilbert wrote:
 Andriy Babiy [EMAIL PROTECTED] writes:

 I found the header file in /usr/src/sys/sys directory. Actually, the
 content of the folders looks the same. I'm not sure why the file was
 missing in the /usr/include/sys.

 Note that this means your system is installed improperly; soundcard.h
 should definitely be in /usr/include/sys.  Now would be a good time to
 do a periodic upgrade -- who knows what else you are missing...

It could also be the sign of a failing hard drive.

If you don't keep backups, then now would be a good time to start keeping
them.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Mike Barnard



I am using the default FreeBSD IMAP server in FreeBSD.  It works great
with thunderbird, but Outlook is not able to log in even though I have
Secure Authentication checked.  Any ideas?



one - what POP/IMAP server are you using?
two - some setups will require you to use the FULL email address as the username
three - outlook works well as an IMAP client, but you dont want
something that works
  wellyou want something that works PERFECT.
four - log files always help you outi believe that will be
/var/log/maillog that will help you out...

usually a detail of what you are running on your IMAP server, (IMAP server
software, versiop of FreeBSD.)

hope that helps

--
Mike

Of course, you might discount this possibility, but remember that one in
a million chances happen 99% of the time.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cron mystery

Environment variables are set first by the users shell which then is used 
to exec cron jobs.  Basically, always take nothing in the environment for 
granted.


-Derek


At 10:19 AM 2/26/2007, Robin Becker wrote:
Can anyone think of something that can stop cron working for a particular 
user?
I just noticed on one of our 6.1 machines the crontab for a particular 
user wasn't run properly since dec 21. There were hourly and daily jobs, 
but neither seemed to be running.


Looked in var/cron and see no deny or allow files. The user x had an 
proper crontab.


In the end I modified the users crontab and rewrote it

before
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  $HOME/bin/daily
19 * * * *  $HOME/bin/hourly


after
##
SHELL=/bin/sh
MAILTO=user

13 3 * * *  /home/user/bin/daily
41 * * * *  /home/user/bin/hourly


and at 41 past the hour the hourly job came back.

Is it the HOME variable or the act of rewriting? User did have home 
defined in /etc/passwd.

--
Robin Becker
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Can't make raid array bootable

Check your BIOS, many system boards are configured to NOT allow writes to 
the boot area as a way to protect against virus's and malware.


-Derek


At 10:14 PM 2/25/2007, [EMAIL PROTECTED] wrote:

Hi,

I've tried transferring my system (6.0) to an Nvidia hardware raid array
of two SATA drives on an Asus A8N-E motherboard, following the
instructions in the FAQ. I can't seem to use fdisk to make the array
bootable, or to rewrite the master boot record. It claims to write the
information to disk and then, when I check again, nothing has stuck. I
have tried fdisk -B -b ar0, boot0cfg -s 1 ar0, boot0cfg -B ar0, and
probably many other things in the course of the day, but so far I am
rewarded only with:

Invalid partition
Invalid partition
No boot/loader

Boot defaults to an ad(0,a) which doesn't exist.

Further, diskeditor has just started showing two partitions, one which is
the primary of the raid and the other being the array itself. As the raid
section of the handbook says the disk(s) will look like a single drive to
FreeBSD, this concerns me.

Would anyone have any ideas?

Oliver

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Using source control to manage system configs

2007-02-26 Thread Chuck Swiger


Rob wrote:
I'd like some advice on managing config files on multiple servers with a 
source control system. The idea is to update files locally, and commit 
them back to a central repository.


I know that CVS is the usual choice, but there are a couple of things 
that I can't get CVS to do.

[ ... ]
So... has anyone come up with a neat way to do these things in CVS, or 
an SCM system that does it better?


If you don't have strong ties to CVS, already, I suggest using Subversion.  It 
handles many of your complaints about permissions and symlinks better than CVS 
does.


You might find that using something like cfengine from ports suits your goals 
better than rolling your own pushing mechanism.  The issue that you'll run 
into is that you tend to need a human or at least a decent set of rc scripts 
to properly adjust config files and make sure that services come back up after 
a significant config change or major version update exposing some 
compatibility problem.


You might also consider starting with a more simple approach, which is making 
changes on the clients, and then pulling  things under /etc, /usr/local/etc, 
/var/ perhaps, etc somewhere and then importing those into version control, as 
a backup and as a way of tracking significant changes, being able to rollback 
or merge changes, and so forth that you get from SCM/VCS.


--
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread chris


 I am using the default FreeBSD IMAP server in FreeBSD.  It works great
 with thunderbird, but Outlook is not able to log in even though I have
 Secure Authentication checked.  Any ideas?


 one - what POP/IMAP server are you using?
 two - some setups will require you to use the FULL email address as the
 username
 three - outlook works well as an IMAP client, but you dont want
 something that works
wellyou want something that works PERFECT.
 four - log files always help you outi believe that will be
 /var/log/maillog that will help you out...

 usually a detail of what you are running on your IMAP server, (IMAP server
 software, versiop of FreeBSD.)

 hope that helps

 --
 Mike

 Of course, you might discount this possibility, but remember that one in
 a million chances happen 99% of the time.
 


I am running imap-uw:

imap-uw-2004g_1,1   University of Washington IMAP4rev1/POP2/POP3 mail servers

I was able to find out that Outlook does not support Cram-md5.  That is
the issue.

I am going to use sendmail alias to foreward to gmail and use their pop3
service.  I only need outlook for myself to sync with my PDA.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: kernel panic at boot on any 6.x OS

2007-02-26 Thread Joe Auty

On Feb 26, 2007, at 8:01 AM, Ted Mittelstaedt wrote:

- Original Message -
From: Joe Auty [EMAIL PROTECTED]
To: Ted Mittelstaedt [EMAIL PROTECTED]
Cc: Daan Vreeken [PA4DAN] [EMAIL PROTECTED]; Kip Macy
[EMAIL PROTECTED]; freebsd-questions@freebsd.org;
freebsd-hackers@freebsd.org
Sent: Sunday, February 25, 2007 10:39 PM
Subject: Re: kernel panic at boot on any 6.x OS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Feb 25, 2007, at 7:56 PM, Ted Mittelstaedt wrote:

- Original Message -
From: Joe Auty [EMAIL PROTECTED]
To: Daan Vreeken [PA4DAN] [EMAIL PROTECTED]
Cc: Kip Macy [EMAIL PROTECTED]; freebsd- 
[EMAIL PROTECTED];

freebsd-hackers@freebsd.org
Sent: Sunday, February 25, 2007 8:14 AM
Subject: Re: kernel panic at boot on any 6.x OS

Any idea how this could have happened after disabling everything in
my /etc/loader.conf, and simply running a:

make buildworld
make buildkernel KERNCONF=myconfig
make installkernel KERNCONF=myconfig

well your supposed to do this single-user, run mergemaster and a
few other
things.
I also don't see a make installworld.

I usually perform those steps after I've rebooted to ensure that my
system will boot off the new kernel, as per the instructions in the
FreeBSD handbook.

Joe, please try booting from a 6.2-release install ISO.  If it
works without
panicing,
then you did something wrong during the upgrade.

Downloading the image now, I'll let you know if I'm able to boot from
it...

Since by your own admission your not an expert, you would be well
advised
to simply back up your files the old fashioned way, reformat your
hard disk,
install from a 6.2 boot ISO, then restore your files.  Leave the  
fancy

in-place
updating to someone else.  It's a big PIA and doesen't work half
the time
anyway.

How well does simply upgrading with the CD work (as opposed to wiping
clean)? I've upgraded several times to new releases simply by
rebuilding world, it has never failed me in the past. I don't doubt
what you are saying here, but since I will have to change how I work,
assuming that I can boot off of the 6.2 CD, I'd appreciate any
general upgrade tips that don't involve wiping the disk clean (which
is not really an option).

If wiping the disk really isn't an option then you have one or more  
of the

following
problems:

1) Production system with a lack of hardware spares

2) inadequate backup plan and execution.

People who state that wiping the disk isn't an option are screaming
at the top of their lungs for the hardware gremlins to explain what  
MTBF is

all about.

The gremlins will visit you, I guarentee.  And they always pick the  
very

best
times for it too.  I just hope (if this is your workplace) that  
your job

survives.

My production system is backed up daily to two different sites,  
that's not an issue. The system I'm thinking of upgrading to 6.2 is  
my test server I run out of my house that stores movie files and  
other non-essential files. Technically, wiping it clean *would* be an  
option if it came down to it, just an inconvenience. Perhaps I should  
invest in another HD to use for instances such as this.

For instance, is rebuilding world between point releases (e.g. 5.4 to
5.5) an okay idea, compared to across major releases (e.g. 5.5 to  
6.2)?

I'll do my own homework regarding this too, but I appreciate any
nuggets of wisdom you might have! As far as me being an expert, I
guess I'd categorize me somewhere in between complete newb and
FreeBSD developer =)

The problem is that all of the ports and packages that you put on a  
server
change from release to release.  The developers of openssl, for  
example,

don't give a tinkers damn about how FreeBSD's upgrade process works,
when they are making changes in their code.

I run a number of FreeBSD servers and what I do is simply keep them  
patched

with security updates.  Every once in a while a security hole will be
discovered in a non-core program and if it's serious enough I'll go  
into the

port
and do a make deinstall followed by downloading and compiling the  
program
the old fashioned way  I shoot for a min of 3 years on the OS  
before even

thinking about updating, and when it's time to update the hardware has
generally reached the old rag stage anyway.

Do you run any non-production machines where you test running newer  
OSes and test software updates and such?

---
Joe Auty
NetMusician: web publishing software for musicians
http://www.netmusician.org
[EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: kernel panic at boot on any 6.x OS

2007-02-26 Thread Mike Meyer

In [EMAIL PROTECTED], Ted Mittelstaedt [EMAIL PROTECTED] typed:
  For instance, is rebuilding world between point releases (e.g. 5.4 to
  5.5) an okay idea, compared to across major releases (e.g. 5.5 to 6.2)?

For the record, I do a rebuild between point releases - actually, I
track -stable on those systems, but do the wipe  reinstall across
major releases.

 I run a number of FreeBSD servers and what I do is simply keep them patched
 with security updates.  Every once in a while a security hole will be
 discovered in a non-core program and if it's serious enough I'll go into the
 port
 and do a make deinstall followed by downloading and compiling the program
 the old fashioned way  I shoot for a min of 3 years on the OS before even
 thinking about updating, and when it's time to update the hardware has
 generally reached the old rag stage anyway.

This works great for servers, that don't have any real users on them,
and is pretty much how I do things. I'll try updating the ports tree
and installing from that rather than building the old fashioned way,
because that works a surprising percentage of the time.

On desktop and development systems, the users tend to get pissed if I
let things get that old. So I do upgrade them more often. There are a
couple of things you can do to make reinstalling to a clean disk a bit
less painfull.

1) Intelligent file system layout. I put all the things that aren't
installed from the FreeBSD disks on their own partitions (/home and
/local). I can then wipe and reinstall /, /var and /usr without
clobbering the non-system data.

2) Mirrored disks. Disks for consumer systems are cheap. Throwing a
second one in a system and mirroring the system disk is a cheap way to
improve the reliability of the system. When it's time to upgrade, take
a drive out of the mirror, and install to that drive. You can reboot
to the old system if you need to interrupt the process and run the old
system for some reason. With a file system layout as per #1, you can
even mount the users files under both versions of the OS. When you're
happy with the new system, mirror the new system drive to the old one.

Neither of these is an excuse for not backing up your data before you
start the process.  Given the above, the backups are for disaster
recovery, so you don't need full level 0 dumps, just up-to-date
incrementals. So if you're running daily backups, this should be easy:
drop into single user, and run an incremental since the last daily,
which typically takes me a few minutes.

mike
-- 
Mike Meyer [EMAIL PROTECTED]  http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

sshd attempting to start twice?


Hi there,

any clues why sshd is attempting to start twice?


sshd[836]: error: Bind to port 22 on :: failed: Address already in use.
sshd[836]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.


here is the /etc/rc.conf of the server:

-- sysinstall generated deltas -- # Fri Jan 26 05:42:42 2007
# Created: Fri Jan 26 05:42:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
linux_enable=YES
named_enable=YES
moused_enable=YES
nfs_client_enable=YES
nfs_server_enable=YES
rpcbind_enable=YES
sshd_enable=YES
sshd_program=/usr/local/sbin/sshd
sshd_flags=-f /etc/ssh/sshd_config
usbd_enable=YES
ntpd_enable=YES
ntpd_flags=-c /etc/ntp/ntp.conf
ntupdate=YES
ntpdate_config=/etc/ntp/ntp.conf
nfs_client_enable=YES
nfs_client_flags=-n 4
inetd_enable=YES
syslog_ng_enable=YES
syslog_ng_pid=/var/run/syslog-ng.pid



cheers,

Noah

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Patches in FreeBSD

2007-02-26 Thread Jerry

Hi All,  

I am being forced to use something besides FreeBSD - probably Susie or 
Red Hat Linux for the base of a server system.   The primary reason
given is that when security issues come along, FreeBSD has no way
of patching the running system, but rather requires rebuilding the
system - CVSUP, make, install, etc whereas Susie and Red Hat can
be patched on the fly.I presume this means kernel type security
stuff rather than concerns about third party software.

Up to now, I have not been in a situation that doing a cvsup and builds
and installs or even scratch installs of new versions wasn't just fine, 
so that is what I have done and have some experience with.   But the powers 
that be here are saying that is unacceptable because it will take the
system down too much for critical fixes.
   
My question is:   How do I respond to this?   
I have seen the word patch used in security update messages - but 
didn't follow that path.   Is that real?   Does it cover kernel
things essentially on the fly or is a 'time consuming' rebuild 
still needed?

I will look up some stuff on patches in FreeBSD, but would like to
hear some perspective on this.

Thanks,

jerry  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Using source control to manage system configs

2007-02-26 Thread David Robillard

If you don't have strong ties to CVS, already, I suggest using Subversion. It
handles many of your complaints about permissions and symlinks better than CVS
does.

I agree, Subversion is better then CVS. We've switched from CVS to
Subversion a year ago and so far the entire dev team is very happy. If
you do have an existing CVS infrastructure, it's also possible to
switch to Subversion with cvs2svn which is in the ports tree (i.e.
devel/cvs2svn).

You might find that using something like cfengine from ports suits your goals
better than rolling your own pushing mechanism. The issue that you'll run
into is that you tend to need a human or at least a decent set of rc scripts
to properly adjust config files and make sure that services come back up after
a significant config change or major version update exposing some
compatibility problem.

Again, Chuck is absolutely right. Cfengine is great, but you must know
what you're doing.

If you simply want to track changes and be able to roll back your
configuration files, then go with a more simple approach like using
RCS locally. RCS is part of the base FreeBSD system.

Just create a directory named RCS (in capital letters) and use the RCS
commands. Check the man pages for rcs(1) ci(1) co(1) rcsdiff(1) and
rcsintro(1). Actually, rcsintro(1) is probably where you want to
start.

http://www.freebsd.org/cgi/man.cgi?query=rcsintroapropos=0sektion=0manpath=FreeBSD+6.2-RELEASEformat=html

Now if you want to keep your changes on another machine, then it's
just a simple question of running a backup of your machines. (you do
backup right? ;)

I've been using RCS for 10 years now and it's simple, fast and does
not depend on your network. So it's always there even in worst case
scenarios.

RCS is also present under a whole bunch of different UNIX flavors like
FreeBSD, NetBSD, OpenBSD, RedHat, SuSE, Solaris, AIX, IRIX and HP-UX.
So you're never lost because it's always the same :)

Have fun,

David
--
David Robillard
UNIX systems administrator Oracle DBA
CISSP, RHCE Sun Certified Security Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

DNS and mail servers behind a PF firewall?

2007-02-26 Thread Jacques Beigbeder

Hello,

My question is related to PF performances with large state tables.
FreeBSD : 5.5
hw.model: Intel(R) Xeon(TM) CPU 3.20GHz
hw.physmem: 2138378240 = 2 Gb

If I put a mail server
20 SMTP hits per second (thanks to spam...)
15 seconds per SMTP dialog
90 seconds for PF timeout tcp.close
the state table will have:
20 * (90 + 15) * 2 ways = 5.000 entries

Since any mail generates a few DNS queries (reverse DNS,
+ DSNRBL queries), the state table will also gets 
2 ways * 60 seconds (timeout udp.multiple) * 5 (DNS queries) * 20 
(connections)
= 12.000 entries

So I'll get around 20.000 entries, each of them have a short lifetime.

Question:
. is such a number a performance problem?
  It seems strange to constantly add and delete entries for DNS
  requests in the state table?
. or do I have to write rules to avoid all the (unnecessary??)
  entries? As far as I understand, beginning with
pass in quick proto udp from a.b.c.d port 53 to any
... same for TCP/25 ...
  is the trick.

Thanks,

--
Jacques Beigbeder|  [EMAIL PROTECTED]
Service de Prestations Informatiques | http://www.spi.ens.fr
Ecole normale supérieure |
45 rue d'Ulm |Tel : (+33 1)1 44 32 37 96
F75230 Paris cedex 05|Fax : (+33 1)1 44 32 20 75

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread Josh Carroll


My question is:   How do I respond to this?
I have seen the word patch used in security update messages - but
didn't follow that path.   Is that real?   Does it cover kernel
things essentially on the fly or is a 'time consuming' rebuild
still needed?


6.2 now official supports binary patches via freebsd-update(8). From
the 6.2-RELEASE announcement
(http://www.freebsd.org/releases/6.2R/announce.html):

freebsd-update(8) provides officially supported binary updates for
security fixes and errata patches

So there's your response. :)

Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread pete wright


On 2/26/07, Josh Carroll [EMAIL PROTECTED] wrote:

 My question is:   How do I respond to this?
 I have seen the word patch used in security update messages - but
 didn't follow that path.   Is that real?   Does it cover kernel
 things essentially on the fly or is a 'time consuming' rebuild
 still needed?

6.2 now official supports binary patches via freebsd-update(8). From
the 6.2-RELEASE announcement
(http://www.freebsd.org/releases/6.2R/announce.html):

freebsd-update(8) provides officially supported binary updates for
security fixes and errata patches

So there's your response. :)



and you can update your third party packages via binary packages
(which you can get from freebsd.org or build yourself)...so it seems
these two solutions would be a great fit.

-pete



--
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread Josh Carroll


and you can update your third party packages via binary packages
(which you can get from freebsd.org or build yourself)...so it seems
these two solutions would be a great fit.


Right, using packages instead of ports means he can do binary updates
of packages as well, without having to recompile them from ports for
version updates.

Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

The errors you are getting is indicative that sshd is already running.  Try 
doing:

ps -ax|grep named

-Derek

At 12:30 PM 2/26/2007, Noah wrote:

Hi there,

any clues why sshd is attempting to start twice?


sshd[836]: error: Bind to port 22 on :: failed: Address already in use.
sshd[836]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.


here is the /etc/rc.conf of the server:

-- sysinstall generated deltas -- # Fri Jan 26 05:42:42 2007
# Created: Fri Jan 26 05:42:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
linux_enable=YES
named_enable=YES
moused_enable=YES
nfs_client_enable=YES
nfs_server_enable=YES
rpcbind_enable=YES
sshd_enable=YES
sshd_program=/usr/local/sbin/sshd
sshd_flags=-f /etc/ssh/sshd_config
usbd_enable=YES
ntpd_enable=YES
ntpd_flags=-c /etc/ntp/ntp.conf
ntupdate=YES
ntpdate_config=/etc/ntp/ntp.conf
nfs_client_enable=YES
nfs_client_flags=-n 4
inetd_enable=YES
syslog_ng_enable=YES
syslog_ng_pid=/var/run/syslog-ng.pid



cheers,

Noah

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Giorgos Keramidas

On 2007-02-26 10:30, Noah [EMAIL PROTECTED] wrote:
 Hi there,
 
 any clues why sshd is attempting to start twice?
 
 sshd[836]: error: Bind to port 22 on :: failed: Address already in use.
 sshd[836]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
 
 here is the /etc/rc.conf of the server:
 
 -- sysinstall generated deltas -- # Fri Jan 26 05:42:42 2007
 # Created: Fri Jan 26 05:42:42 2007
 # Enable network daemons for user convenience.
 # Please make all changes to this file, not to /etc/defaults/rc.conf.
 # This file now contains just the overrides from /etc/defaults/rc.conf.
 linux_enable=YES
 named_enable=YES
 moused_enable=YES
 nfs_client_enable=YES
 nfs_server_enable=YES
 rpcbind_enable=YES
 sshd_enable=YES
 sshd_program=/usr/local/sbin/sshd
 sshd_flags=-f /etc/ssh/sshd_config
 usbd_enable=YES
 ntpd_enable=YES
 ntpd_flags=-c /etc/ntp/ntp.conf
 ntupdate=YES
 ntpdate_config=/etc/ntp/ntp.conf
 nfs_client_enable=YES
 nfs_client_flags=-n 4
 inetd_enable=YES
 syslog_ng_enable=YES
 syslog_ng_pid=/var/run/syslog-ng.pid

I see you have switched the `rc.conf' path of sshd to point to the
version of sshd in `/usr/local/sbin'.  Make sure that you don't have
*both* this setting *and* an executable script in /usr/local/etc/rc.d :-)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Jeffrey Goldberg


On Feb 26, 2007, at 5:48 AM, Wojciech Puchar wrote:

as my answer. i have ca 500 users in my networks (mostly one),  
outlook users always have problems, and i always answer that they  
like problems and use outlook.


As an email administrator I have to concur.  Unless people really are  
using the extra features of on exchange server some place (shared  
calendars etc), getting users to move away from Outhouse is a major  
security improvement and reduces most of the email tech support calls.


Please note that Outhouse (and some other Windows IMAP clients) do  
IMAP in a POPish way.  This will undermine the advantages of IMAP and  
almost certainly lead to lost mail through users POPing their box.


But I do understand that getting rid of Outhouse simply might not be  
an option.


Unfortunately, I can't answer the original question because I haven't  
played with IMAP on FreeBSD yet.  I don't even know what IMAP server  
the OP is using.  It will almost certainly be one of courier, cyrus,  
or uw.


I would recommend to the OP to first find out what imap server they  
are running and then post the question to the very helpful Usenet  
group comp.mail.imap


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Jeffrey Goldberg


On Feb 26, 2007, at 11:53 AM, [EMAIL PROTECTED] wrote:

I was able to find out that Outlook does not support Cram-md5.   
That is

the issue.


The question of using CRAM-MD5 over TLS can lead to holy wars.  It is  
still what in recommended by the UW IMAP team, but it has the  
disadvantage of not being universally support and it means that the  
server stores an unencrypted copy of the users' secret credentials.   
I, personally, don't use it for the servers I have managed.


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Peter A. Giessel

On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:
 On 2007-02-26 10:30, Noah [EMAIL PROTECTED] wrote:
 sshd_enable=YES
 sshd_program=/usr/local/sbin/sshd

[snip]

 inetd_enable=YES

[snip]

 I see you have switched the `rc.conf' path of sshd to point to the
 version of sshd in `/usr/local/sbin'.  Make sure that you don't have
 *both* this setting *and* an executable script in /usr/local/etc/rc.d :-)

You might also want to check that you don't have it enabled in both
inetd.conf and in rc.conf.  If inetd is trying to start it and rc.conf
is trying to start it as well, that would explain your errors.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Eric


Peter A. Giessel wrote:

On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:

On 2007-02-26 10:30, Noah [EMAIL PROTECTED] wrote:

sshd_enable=YES
sshd_program=/usr/local/sbin/sshd


[snip]


inetd_enable=YES


[snip]


I see you have switched the `rc.conf' path of sshd to point to the
version of sshd in `/usr/local/sbin'.  Make sure that you don't have
*both* this setting *and* an executable script in /usr/local/etc/rc.d :-)


You might also want to check that you don't have it enabled in both
inetd.conf and in rc.conf.  If inetd is trying to start it and rc.conf
is trying to start it as well, that would explain your errors.



if you installed openssh port, i think the preferred way is to start it 
like this:


# disable built in SSH and enable SSH_portable
sshd_enable=NO
openssh_enable=YES

that way the built in sshd is not used (startup script in /etc/rc.d) and 
the openssh version is used (from /usr/local/etc/rc.d)


Eric

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Giorgos Keramidas

On 2007-02-26 10:28, Peter A. Giessel [EMAIL PROTECTED] wrote:
 On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:
  On 2007-02-26 10:30, Noah [EMAIL PROTECTED] wrote:
  sshd_enable=YES
  sshd_program=/usr/local/sbin/sshd
 
 [snip]
 
  inetd_enable=YES
 
 [snip]
 
  I see you have switched the `rc.conf' path of sshd to point to the
  version of sshd in `/usr/local/sbin'.  Make sure that you don't have
  *both* this setting *and* an executable script in /usr/local/etc/rc.d :-)
 
 You might also want to check that you don't have it enabled in both
 inetd.conf and in rc.conf.  If inetd is trying to start it and rc.conf
 is trying to start it as well, that would explain your errors.

Ah, yes!  Very good point :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Giorgos Keramidas

On 2007-02-26 13:06, Derek Ragona [EMAIL PROTECTED] wrote:
 The errors you are getting is indicative that sshd is already running.
 Try doing:

 ps -ax|grep named

You mean grep sshd right? :)

A slightly more complex command, which gives nicer output is:

$ ps xau -p $(echo $(pgrep 'ssh') | sed -e 's/ /,/g')

Replace 'ssh' with any other string, and enjoy :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

isc dhcpd startup script error

2007-02-26 Thread Sean Murphy


FreeBSD 6.2
Internet Systems Consortium DHCP Server V3.0.5

ISC DHCP server I installed from ports after cvsuping


I run

/usr/local/etc/rc.d/isc-dhcpd start

chown: not found
/usr/local/etc/rc.d/isc-dhcpd: WARNING: unable to change permissions of 
/var/db/dhcpd/dhcpd.leases


however dhcpd works and runs

I tried the

usr/local/etc/rc.d/isc-dhcpd install

then run the start script but receive the same thing.

What am I doing wrong?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread Dan Nelson

In the last episode (Feb 26), Jerry said:
 I am being forced to use something besides FreeBSD - probably Susie
 or Red Hat Linux for the base of a server system.  The primary reason
 given is that when security issues come along, FreeBSD has no way of
 patching the running system, but rather requires rebuilding the
 system - CVSUP, make, install, etc whereas Susie and Red Hat can be
 patched on the fly.  I presume this means kernel type security stuff
 rather than concerns about third party software.

FreeBSD can be patched on the fly just as easily as Linux.  In both
cases: Kernel fixes require a reboot.  Fixes to running deamons require
them to be restarted.  Fixes to shared libraries require all running
programs using them to be restarted (usually simpler to just reboot).

YAST/up2date/whatever may automatically restart daemons (I know apt-get
in Debian does), but for something like a libc update, the fact that
the file is delivered via an RPM versus a make install step doesn't
save you from a reboot.
 
 My question is:   How do I respond to this? I have seen the word
 patch used in security update messages - but didn't follow that path. 
 Is that real?  Does it cover kernel things essentially on the fly or
 is a 'time consuming' rebuild still needed?

A patch lets you fix the problem listed in the security advisory
without necessarily having to do a full buildworld.  The SA-07:02.bind
advisory, for example, gives instructions on how to patch, rebuild,
install, and restart named.

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?




Peter A. Giessel wrote:

On 2007/02/26 10:07, Giorgos Keramidas seems to have typed:
  

On 2007-02-26 10:30, Noah [EMAIL PROTECTED] wrote:


sshd_enable=YES
sshd_program=/usr/local/sbin/sshd
  


[snip]

  

inetd_enable=YES
  


[snip]

  

I see you have switched the `rc.conf' path of sshd to point to the
version of sshd in `/usr/local/sbin'.  Make sure that you don't have
*both* this setting *and* an executable script in /usr/local/etc/rc.d :-)



You might also want to check that you don't have it enabled in both
inetd.conf and in rc.conf.  If inetd is trying to start it and rc.conf
is trying to start it as well, that would explain your errors.
  



its commented out

# grep ssh /etc/inetd.conf
#sshstream  tcp nowait  root/usr/sbin/sshd  sshd -i -4
#sshstream  tcp6nowait  root/usr/sbin/sshd  sshd -i -6


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Oliver Koch

Hi,

Noah schrieb:

 its commented out
 
 # grep ssh /etc/inetd.conf
 #sshstream  tcp nowait  root/usr/sbin/sshd  sshd -i -4
 #sshstream  tcp6nowait  root/usr/sbin/sshd  sshd -i -6

could you please post your sshd_config? Perhabs there's something wrong.

Kind regards,

Oliver

-- 
Oliver Koch  Phone:  +49-(0)5323-72-2626
Computer Center  Fax:+49-(0)5323-72-3536
Clausthal University of Technology   E-Mail: [EMAIL PROTECTED]
Erzstraße 51 Web:  http://www.rz.tu-clausthal.de
38678 Clausthal-Zellerfeld, Germany



signature.asc
Description: OpenPGP digital signature

Re: Outlook With FreeBSD IMAP

the extra features of on exchange server some place (shared calendars etc), 
getting users to move away from Outhouse is a major security improvement and 
reduces most of the email tech support calls.


i provide services for users, including mail services with IMAP access. 
and i often help users of my services how to configure their client 
programs (which is often not my duty) for free.


but i don't help solving problems that people willingly create, FOR 
EXAMPLE by using Outlook for mail.


other examples are using internet explorer, others are installing some 
magic firewalls and feeling secure instead of just stopping all 
windows network services and then running few really needed (often none).


Other is using POP3 instead of IMAP, so no e-mails are kept on server side 
(and backed up by me daily) and then


but thats problems they are willingly creating, and chance to get some 
cash providing data recovery services etc...


people are allowed to be stupid. it's natural. no need to worry
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP


the issue.


The question of using CRAM-MD5 over TLS can lead to holy wars.  It is still


the answer is that when using windows (biggest security hole), using best 
ever secure connection (assuming such thing exist) is as good as not using any,


if company/office uses windows, right company-wide done VPN is an answer, 
even better - mail server in the same place on the same LAN

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: DNS and mail servers behind a PF firewall?

2007-02-26 Thread J65nko


On 2/26/07, Jacques Beigbeder [EMAIL PROTECTED] wrote:

Hello,

My question is related to PF performances with large state tables.
FreeBSD : 5.5
hw.model: Intel(R) Xeon(TM) CPU 3.20GHz
hw.physmem: 2138378240 = 2 Gb

If I put a mail server
20 SMTP hits per second (thanks to spam...)
15 seconds per SMTP dialog
90 seconds for PF timeout tcp.close
the state table will have:
20 * (90 + 15) * 2 ways = 5.000 entries

Since any mail generates a few DNS queries (reverse DNS,
+ DSNRBL queries), the state table will also gets
2 ways * 60 seconds (timeout udp.multiple) * 5 (DNS queries) * 20 
(connections)
= 12.000 entries

So I'll get around 20.000 entries, each of them have a short lifetime.

Question:
. is such a number a performance problem?
  It seems strange to constantly add and delete entries for DNS
  requests in the state table?
. or do I have to write rules to avoid all the (unnecessary??)
  entries? As far as I understand, beginning with
pass in quick proto udp from a.b.c.d port 53 to any
... same for TCP/25 ...
  is the trick.


[snip]

Yes, keeping state on DNS traffic is quite expensive ;) This is
mentioned in the series of 3 artilcles by the architect of pf, Daniel
Hartmeier, at undeadly.org

http://undeadly.org/cgi?action=articlesid=20060927091645mode=expanded
http://undeadly.org/cgi?action=articlesid=20060928081238mode=expanded
http://undeadly.org/cgi?action=articlesid=20060929080943mode=expanded

Try if just passing quick port 53 traffic without keeping state has a
measurable postive impact.

Or you could  install a small not resource hungry caching nameserver
like Bernstein's dnscache, which will save a lot of DNS and RBL
ttraffic.

Most of the time however, perl based virus scanning is the cause of
less than expected performance of a mail server.

=Adriaan=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?


Yup, my bad typo.

-Derek


At 01:56 PM 2/26/2007, Giorgos Keramidas wrote:

On 2007-02-26 13:06, Derek Ragona [EMAIL PROTECTED] wrote:
 The errors you are getting is indicative that sshd is already running.
 Try doing:

 ps -ax|grep named

You mean grep sshd right? :)

A slightly more complex command, which gives nicer output is:

$ ps xau -p $(echo $(pgrep 'ssh') | sed -e 's/ /,/g')

Replace 'ssh' with any other string, and enjoy :)


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?

2007-02-26 Thread Roger Olofsson


Hello,

Without knowing more, could sshd be listening to more than one interface 
 in your machine? If so, try setting 'ListenAddress 
your.ip.adress.here' in /etc/ssh/sshd_config.


Greetings
/Roger

Noah skrev:

Hi there,

any clues why sshd is attempting to start twice?


sshd[836]: error: Bind to port 22 on :: failed: Address already in use.
sshd[836]: error: Bind to port 22 on 0.0.0.0 failed: Address already in 
use.



here is the /etc/rc.conf of the server:

-- sysinstall generated deltas -- # Fri Jan 26 05:42:42 2007
# Created: Fri Jan 26 05:42:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
linux_enable=YES
named_enable=YES
moused_enable=YES
nfs_client_enable=YES
nfs_server_enable=YES
rpcbind_enable=YES
sshd_enable=YES
sshd_program=/usr/local/sbin/sshd
sshd_flags=-f /etc/ssh/sshd_config
usbd_enable=YES
ntpd_enable=YES
ntpd_flags=-c /etc/ntp/ntp.conf
ntupdate=YES
ntpdate_config=/etc/ntp/ntp.conf
nfs_client_enable=YES
nfs_client_flags=-n 4
inetd_enable=YES
syslog_ng_enable=YES
syslog_ng_pid=/var/run/syslog-ng.pid



cheers,

Noah

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: isc dhcpd startup script error


Check your rc script, you may need to add the full path to chown!

-Derek

At 02:03 PM 2/26/2007, Sean Murphy wrote:

FreeBSD 6.2
Internet Systems Consortium DHCP Server V3.0.5

ISC DHCP server I installed from ports after cvsuping


I run

/usr/local/etc/rc.d/isc-dhcpd start

chown: not found
/usr/local/etc/rc.d/isc-dhcpd: WARNING: unable to change permissions of 
/var/db/dhcpd/dhcpd.leases


however dhcpd works and runs

I tried the

usr/local/etc/rc.d/isc-dhcpd install

then run the start script but receive the same thing.

What am I doing wrong?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Juha Saarinen


Outlook has some good features, no doubt about that, but it's not a
great IMAP client. Outlook Express is better - doesn't use Personal
Storage Files that grow into insane sizes and suffer corruption, plus
allows you to relocate Special Folders to the IMAP server, like Sent
Messages and Drafts. You want to be able to do this, trust me. OE is
also much quicker.

Thunderbird has its own set of issues, but it's the best readily
available IMAP client for Windows users currently. The latest beta of
version 2.0 works rather nicely. It doesn't have the features
corporate Outlook users expect though, like good contacts management,
calendaring and ability to synch with mobile devices.

If Outlook was a better IMAP client and could be coaxed into handling
email properly without resorting to VBA hacks, I'd switch to it.
Unfortunately however, Microsoft is turning a deaf ear to fixing those
issues, and Outlook 2007 for instance has taken a few steps forward
(better IMAP support) but also some backwards (quoting is badly broken
by default).

Bringing it back to FreeBSD, Outlook will work with any old IMAP
server. Just not as well as other clients.

--
Juha
http://www.geekzone.co.nz/juha
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread Jerry McAllister

On Mon, Feb 26, 2007 at 10:53:20AM -0800, Josh Carroll wrote:

 My question is:   How do I respond to this?
 I have seen the word patch used in security update messages - but
 didn't follow that path.   Is that real?   Does it cover kernel
 things essentially on the fly or is a 'time consuming' rebuild
 still needed?
 
 6.2 now official supports binary patches via freebsd-update(8). From
 the 6.2-RELEASE announcement
 (http://www.freebsd.org/releases/6.2R/announce.html):
 
 freebsd-update(8) provides officially supported binary updates for
 security fixes and errata patches
 
 So there's your response. :)

Thank you.
I didn't realize my question is to cutting edge - so to speak.
I saw a few posts mentioning update, but didn't take the time to
follow them and didn't realize their possible relevance.
So, good news!

jerry

 
 Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Patches in FreeBSD

2007-02-26 Thread Jerry McAllister

On Mon, Feb 26, 2007 at 02:11:48PM -0600, Dan Nelson wrote:

 In the last episode (Feb 26), Jerry said:
  I am being forced to use something besides FreeBSD - probably Susie
  or Red Hat Linux for the base of a server system.  The primary reason
  given is that when security issues come along, FreeBSD has no way of
  patching the running system, but rather requires rebuilding the
  system - CVSUP, make, install, etc whereas Susie and Red Hat can be
  patched on the fly.  I presume this means kernel type security stuff
  rather than concerns about third party software.
 
 FreeBSD can be patched on the fly just as easily as Linux.  In both
 cases: Kernel fixes require a reboot.  Fixes to running deamons require
 them to be restarted.  Fixes to shared libraries require all running
 programs using them to be restarted (usually simpler to just reboot).
 
 YAST/up2date/whatever may automatically restart daemons (I know apt-get
 in Debian does), but for something like a libc update, the fact that
 the file is delivered via an RPM versus a make install step doesn't
 save you from a reboot.

I rather thought that, but wasn't informed enough at the time to
make an argument.  

This will take some diplomacy around here, but, this is helpful.

Thanks,

jerry

  
  My question is:   How do I respond to this? I have seen the word
  patch used in security update messages - but didn't follow that path. 
  Is that real?  Does it cover kernel things essentially on the fly or
  is a 'time consuming' rebuild still needed?
 
 A patch lets you fix the problem listed in the security advisory
 without necessarily having to do a full buildworld.  The SA-07:02.bind
 advisory, for example, gives instructions on how to patch, rebuild,
 install, and restart named.
 
 -- 
   Dan Nelson
   [EMAIL PROTECTED]
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

FDISK output question

2007-02-26 Thread DAK GHATIKACHALAM


Hi Freebsd

Question about FDISK

Do you have an idea what does that  '+' means in  Blocks columns

as seen below it is 419425019+

Does it signify anything  , because for certain disks I do not see that '+'
as the end of blocks?

Thanks
Dak

[EMAIL PROTECTED] root]# fdisk /dev/sdk

The number of cylinders for this disk is set to 52216.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
  (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p

Disk /dev/sdk: 429.4 GB, 429496729600 bytes
255 heads, 63 sectors/track, 52216 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

  Device BootStart   EndBlocks   Id  System
/dev/sdk1 1 52216 419425019+  83  Linux

Command (m for help):
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

configuring console on 6.2


running 6.2

I am trying to get the console DB9 port to work.  I want to be able to 
log in via the DB9 port and alos I want console messages to continue to 
output to the VGA card as well.


Adding the following:

echo 'console=comconsole'  /boot/loader.conf

stops the dumping of console messages to the VGA during boot.


What changes do I need to make to make that happen?

Cheers,

Noah

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: configuring console on 6.2

2007-02-26 Thread J.D. Bronson


At 01:55 PM 2/26/2007 -0800, Noah wrote:

running 6.2

I am trying to get the console DB9 port to work.  I want to be able 
to log in via the DB9 port and alos I want console messages to 
continue to output to the VGA card as well.


Adding the following:

echo 'console=comconsole'  /boot/loader.conf

stops the dumping of console messages to the VGA during boot.


What changes do I need to make to make that happen?


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html

the manual/handbook is a great thing.

-JD 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sshd attempting to start twice?




Oliver Koch wrote:

Hi,

Noah schrieb:

  

its commented out

# grep ssh /etc/inetd.conf
#sshstream  tcp nowait  root/usr/sbin/sshd  sshd -i -4
#sshstream  tcp6nowait  root/usr/sbin/sshd  sshd -i -6



could you please post your sshd_config? Perhabs there's something wrong.

Kind regards,

Oliver

  



sure thing


access2# cat /etc/ssh/sshd_config
# This is ssh server systemwide configuration file.
#
# The master copy of this file is on
#   red:/etc/local/dist/files/sshd_config_openssh
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.5 2001/01/18 22:36:53 
green Exp $


Port 22
#Protocol 2,1
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
#PermitRootLogin yes
PermitRootLogin without-password
# ConnectionsPerPeriod has been deprecated completely

# After 10 unauthenticated connections, refuse 30% of the new ones, and
# refuse any more than 60 total.
MaxStartups 10:30:60
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for 
RhostsRSAAuthentication

#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
SkeyAuthentication no
#KbdInteractiveAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
UseLogin no
#UseDNS yes

# Uncomment if you want to enable sftp
Subsystem   sftp/usr/libexec/sftp-server

Banner /etc/ssh/ssh_banner


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: kernel panic at boot on any 6.x OS

2007-02-26 Thread Joe Auty


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well,

My system does boot off of disc 1 of the FreeBSD 6.2 CD. However,  
even when copying the /boot directory from the CD to my machine, it  
still produces the same kernel panic, even when starting in safe  
mode. I've run a memtest, and it checked out fine.


There must be something in my user space or world that it barfs on. I  
guess I will try a clean install and rebuild at some point...


If you have any other ideas, I'm all ears!

Here is my error message again (with verbose logging enabled,  
although that has no effect on this output):




WARNING: Device driver 

Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x40
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc06d4614
stack pointer = 0x28:0xf015491c
frame pointer = 0x28:0xf015491c
code segment = base 0x0, limit 0xff, type 0x1b
 = DPL 0, pres 1, def32 1, gran 1
processor eflags = interupt enabled, resume, IOPL = 0
current process = 898 (kldload)
trap number = 12
panic: page fault
uptime: 36s
cannot dump. No dump device defined
automatic reboot in 15 seconds



Thanks again for your time!


- ---
Joe Auty
NetMusician: web publishing software for musicians
http://www.netmusician.org
[EMAIL PROTECTED]


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)

iD4DBQFF42FSCgdfeCwsL5ERArNQAJ9pEyu3ZT3BXe4YhEsgRsid6fB+SwCXeGjO
fO0GeeBUPKKYq4N5rRHDTw==
=PgI8
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

test

2007-02-26 Thread Justin Schlingmann

Lets see if the mailserver can find my hostname from 80.126.252.242
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

samba read failure for 4. Error = Operation timed out

2007-02-26 Thread Justin Schlingmann



Hello,

I have a samba server running on my freebsd 5.5 machine.
I installed samba-2.2.12_2 and i get this log error message.

[2007/02/20 15:50:19, 0] lib/util_sock.c:read_data(436)
  read_data: read failure for 4. Error = Operation timed out

I get this message in my /var/log/messages.
I`ve been looking for over three weeks now and i can`t seem to find the
reason for this error message.
I`ve disbled oplocks on my windows machine but that doesn`t help me in
fixing this problem.
i put   oplocks = no
level2 oplocks = no
locking =yes
kernel oplocks = no in my /usr/local/etc/smb.conf but the
error log keeps appearing.
Is there any one who can help me with this problem.
Is there anyone who has had the same error message???


Thanks in adcance,
Justin Schlingmann.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

enabling console


Hi,

so I am want to enabled entering the DDB Debugger from the Serial Line.

here is my /usr/src/sys/i386/conf

Why arent the options working?

--- snip ---

include GENERIC

ident   SMP-LOCAL

# To make an SMP kernel, the next line is needed
options SMP # Symmetric MultiProcessor Kernel

options BREAK_TO_DEBUGGER
options DDB

--- snip ---

here is the error during the build:


# make buildkernel KERNCONF='LOCAL'  buildkernel.LOCAL.output
./aicasm: 880 instructions used
./aicasm: 826 instructions used
/usr/src/sys/i386/i386/machdep.c:101:2: #error KDB must be enabled in 
order for DDB to work!


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: enabling console

2007-02-26 Thread Chris Slothouber


Noah wrote:

Hi,

so I am want to enabled entering the DDB Debugger from the Serial Line.

(snip)


/usr/src/sys/i386/i386/machdep.c:101:2: #error KDB must be enabled in 
order for DDB to work!


Maybe you could try:

options KDB



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: test

2007-02-26 Thread Greg 'groggy' Lehey

On Friday, 23 February 2007 at 22:46:40 -, Justin Schlingmann wrote:
 Lets see if the mailserver can find my hostname from 80.126.252.242

I think we're going to have to put this in the charter: please do
*not* send test messages to tens of thousands of people when you
just want to test your own configuration.  We have a mailing list
[EMAIL PROTECTED] exactly for that purpose.

Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
See complete headers for address and phone numbers.


pgp5fV7xw5jMa.pgp
Description: PGP signature

Re: Patches in FreeBSD

2007-02-26 Thread Brian


Josh Carroll wrote:

and you can update your third party packages via binary packages
(which you can get from freebsd.org or build yourself)...so it seems
these two solutions would be a great fit.


Right, using packages instead of ports means he can do binary updates
of packages as well, without having to recompile them from ports for
version updates.

Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]

Assuming the package is available, which is not always the case.

Brian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Brian


Garrett Cooper wrote:

Steve Bertrand wrote:
anyway - outlook doesn't work well anytime, especially with imap. 
simply don't use it, thunderbird for windows works good with imap.


This is not as feasible as stated. Changing 500 users from Outlook to 
something they have likely never seen is always a nightmare, even if 
the subtleties are small.


Try explaining that to upper management...uh, we are getting rid of 
your Outlook, as well as everyone elses because our server won't work 
with it. It should only take an hour per user to transfer everything 
over to the new software, and most users will experience data loss 
because not all parts are transferable. In short, it would cost less 
to install Exchange than it would to migrate, train and re-create 
data for that many users.


To the OP...have you checked the log files on the server to check for 
errors? I have numerous Outlook and OE users who use IMAP over SSL, 
and SMTP Auth on port 587 (again with SSL). We do not use SPA. We use 
courier-imap and qmail, and have vpopmail managing the multiple domains.


Almost all of our domains have to use their full email address as 
username. I have seen before however, that sometimes Outlook will try 
to append their domain to the username (eg: [EMAIL PROTECTED] 
or something similar) so the problem may rest there.


Depending on what IMAP server you use, the log file may be 
/var/log/maillog. It should give you an idea of where to start looking.


Steve


I honestly do think that MS Outlook complies as well as other IMAP 
clients, just like MS and their IE browser _...


For example, the University of Washington has the following for their 
email client page: 
http://www.washington.edu/computing/email/programs.html#configuring , 
and if you note the location of outlook (the bottom) along with the 
information we don't support this, then maybe you get a hunch about 
how usable Outlook is with IMAP.


The UW uses uw-imap (whatever the latest version is) because they 
develop that mailserver.


I'd look at the directions a bit though, see what's going on, but yes 
authentication does work with SSL/TLS, and it works well from what I 
can understand. Otherwise other depts (like the one I was working for 
at the UW) would complain about not being to use Outlook, unless it 
was Exchange related.


-Garrett
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
[EMAIL PROTECTED]
I use the UW thing with OE it works fine, better than TBird actually.  
Just specify ssl, put mail in as the folder, I'm good.


Brian

Brian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Quanta+ freezes after upgrading

2007-02-26 Thread Rico Secada

On Mon, 26 Feb 2007 13:33:02 +
dgmm [EMAIL PROTECTED] wrote:

 On Monday 26 February 2007 05:32, Rico Secada wrote:
  Since I upgraded KDE to 3.5.5 Quanta+ always freezes when I try to start it
  up. It doesn't do anything. No errors, just a freeze, and a CPU usage of
  97%.
 
  Has anyone else experienced problems with Quanta+ since KDE 3.5.5?
 
 
 No, as I've not upgraded yet, but to help those who might be able to help 
 you, 
 open a shell window and run quanta from there so you can see all the output 
 as the program loads up.  Odds are you'll see it stuck in a loop of some kind 
 looking for files or trying to find backups.
 

I wish! :-) There is no output.

 -- 
 Dave
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

amd(aumount) and smbfs

2007-02-26 Thread Celso Viana


Hi all,

Somebody knows if it is possible to use smfbs with amd (automount)?

Thanks

--
Celso Vianna
BSD User: 51318
http://www.bsdcounter.org

63 8404-8559
Palmas/TO
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

named not starting during boot

2007-02-26 Thread Noah Garrett Wallach


Hi there,

named is not starting when I reboot a FreeBSD 6.2 server and I cant 
figure out why.

there are no error mesasges in /var/log/messages during the boot process.

even when I manually start there are no error messages.

# grep named /etc/rc.conf
named_enable=YES
# pkg_info | grep bind
bind9-9.3.4 Completely new version of the BIND DNS suite with 
updated D




# grep BIND messages
Feb 26 11:50:53 access2 named[1704]: starting BIND 9.3.3
Feb 26 14:07:19 access2 named[990]: starting BIND 9.3.3
Feb 26 17:19:59 access2 named[966]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf
Feb 26 17:20:07 access2 named[974]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf
Feb 26 17:20:19 access2 named[981]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf

# /etc/rc.d/named stop
# /etc/rc.d/named start
# grep BIND messages
Feb 26 11:50:53 access2 named[1704]: starting BIND 9.3.3
Feb 26 14:07:19 access2 named[990]: starting BIND 9.3.3
Feb 26 17:19:59 access2 named[966]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf
Feb 26 17:20:07 access2 named[974]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf
Feb 26 17:20:19 access2 named[981]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf
Feb 26 17:23:46 access2 named[1005]: starting BIND 9.3.4 -c 
/etc/namedb/named.conf



any clues please?

Cheers,

Noah
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: named not starting during boot

2007-02-26 Thread Kevin Kinsey


Noah Garrett Wallach wrote:

Hi there,

named is not starting when I reboot a FreeBSD 6.2 server and I cant 
figure out why.

there are no error mesasges in /var/log/messages during the boot process.

even when I manually start there are no error messages.


Have you tried with -fg ?  There are a lot of really quick restarts in 
that log snippet around 5:20 


snip



any clues please?


Not really, most of the time I think I'm completely clueless ;-)

Kevin Kinsey
--
I've been there.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: named not starting during boot

2007-02-26 Thread Noah Garrett Wallach


Kevin,

those were manual restarts.

cheers,

Noah




Kevin Kinsey wrote:

Noah Garrett Wallach wrote:

Hi there,

named is not starting when I reboot a FreeBSD 6.2 server and I cant 
figure out why.
there are no error mesasges in /var/log/messages during the boot 
process.


even when I manually start there are no error messages.


Have you tried with -fg ?  There are a lot of really quick restarts 
in that log snippet around 5:20 


snip



any clues please?


Not really, most of the time I think I'm completely clueless ;-)

Kevin Kinsey

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Outlook With FreeBSD IMAP

2007-02-26 Thread Bill Campbell

On Mon, Feb 26, 2007, Brian wrote:
Garrett Cooper wrote:
...
I honestly do think that MS Outlook complies as well as other IMAP 
clients, just like MS and their IE browser _...

For example, the University of Washington has the following for their 
email client page: 
http://www.washington.edu/computing/email/programs.html#configuring , 
and if you note the location of outlook (the bottom) along with the 
information we don't support this, then maybe you get a hunch about 
how usable Outlook is with IMAP.

The UW uses uw-imap (whatever the latest version is) because they 
develop that mailserver.

As you say the U.W. would have a hard time using anything but uw-imap
(where do you thing the uw in uw-imap comes from :-).

We've been using courier-imap for about seven years now with thousands of
users at our ISP customer's sites.  One of our first installations was at a
local newspaper group, and I had problems at first until I discovered the
build option ``--enable-workarounds-for-imap-client-bugs'' which cured the
problems with broken Microsoft software (but I repeat myself).

Courier-imap uses qmail-style Maildir mail stores which I much prefer to
the monolithic files used by uw-imap as they make life generally easier:

   + The store each message in its own file where the file name consists of
 a time stamp, sequence, hostname, and status.

   + This method of storage eliminates all file locking problems so works
 well with clusters of servers writing and reading e-mail.

   + There aren't any issues when deleting messages as one has with the
 single-file stores where the entire file must be rewritten.

   + Unlike Cyrus-IMAP, which also uses per-file message stores, the
 Maildir format doesn't have a semi-proprietary database so works well
 with other Unix tools (e.g. you want to delete all files over thirty
 days old from a mail store, a command like this works a treat):

 find ~user/Maildir -mtime +30 | xargs rm

Bill
--
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:(206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

A fake fortuneteller can be tolerated.  But an authentic soothsayer should
be shot on sight.  Cassandra did not get half the kicking around she deserved.
-- R.A. Heinlein
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Win FREE Tickets to THE CLIPSE / Behind the scenes at TRAXXAMILLION's video shoot and more!

2007-02-26 Thread STASH Magazine


[1][stash-logo-top.jpg] [2][readitnow.jpg] 

  [3][yobana.gif] 

   March is almost here so that means the new issue of STASH Magazine is
 out soon! Stay tuned for more details of STASH Magazine Issue #2.

 It's never too late to subscribe! Subscribe now and get the first
issue featuring Mistah FAB as well as other goodies!
 [4]SUBSCRIBE NOW!

   [5]WIN TICKETS TO SEE THE CLIPSE AT MEZZANINE!
   [clipse1.jpg] 

[6][traxshoot.jpg] 
   [7]Traxxamillion I'm From the Hood 
Behind the scenes pictures from Traxamillion's video shoot for I'm
   From the Hood featuring San Quinn, Jacka and Husalah

[8][rap4rights.jpg]
  [9]Rap 4 Rights 
 Listening to Rap4Rights' music, there is a sense of hope creeping
through the lyrics. Rap4Rights attributes this to his past.

  THROWBACK VIDEO
  of the week [10]
[sommed.jpg]
 Medication
 Souls of Mischief


ADVERTISE IN STASH MAGAZINE!
 If you are interested in getting your product into the faces of the
urban youth and Hip-Hop fans - Advertise with STASH Magazine
 Send all advertising questions to:
   [EMAIL PROTECTED]

   LADIES!
You think you got what it takes to be a STASH Stunna?
  E-mail [EMAIL PROTECTED]




   » WHAT'S CRACKIN': 
[13][front.jpg]
   Industreet Insider
   Wednesday Workshop
   Performance Showcase, meet  greet, informative panels, product
   presentations, networking and more
   Timeout Bar, Concord
   Every Wednesday in Feb.
   [14][celebrity1.jpg] 
   Celebrity Tuesday
   Mac Mall  RBL Posse
   Hosted by Big Von
   Club Seventeen
   Oakland, CA
   February 27, 2007
   [15][563_half_back.jpg]
   [563_half_front.jpg] 
   Hot Import Nights
   E-40 Live in concert, Over 500 show cars, top industry models + more!
   San Mateo Expo Center
   San Mateo, CA
   March 10, 2007
   [16][l_dd04d53521e601e8991b0223765e5115.jpg] 
   The Jacka, Big Rich, Equipto, Alias John Brown
   DJ Juice
   Fat City (Studio-Z)
   San Francisco, CA
   March 3 2007
[17][clipse2.jpg] 
   Clipse
   Low B of Hollertronix, Spank Pops, Diz Gibran, J-Billion, DJ DE
   Mezzanine
   San Francisco, CA
   March 14, 2007
   [18][djjuicecelebritybirthdaas0.jpg] 
   DJ Juice Celebrity Birthday Bash
   Sponsored by Remy Martin
   DJ Moe-1 and DJ Fuze
   Club Seventeen
   Oakland, CA
   March 18, 2007
   [19][MIGHTY49yearFRONT-1.jpg]
   
   Carry On Tradition
   Mighty 4 9th Year Anniversary
   934 Brannan Street
   San Francisco, CA
   March 24, 2007
   [20]
   [12715839_m.jpg]
   
   El-P (Def Jux)
   Mezzanine
   San Francisco, CA
   March 25, 2007
 [21][april7th.Front.jpg] 
   Zion-I  The Grouch
   Equipto, Forensic Science, Bayliens,
   Delinquent Monastery
   Hosted by LCJ
   The Phoenix Theater
   Petaluma, CA
   April 7, 2007

___

   [22]Change email address / Leave mailing list
   Hosting by [23]YourMailingListProvider

References

   Visible links
   1. http://www.stashonline.com/
   2. http://www.stashonline.com/latestissue.html
   3. mailto:[EMAIL PROTECTED]
   4. http://www.stashonline.com/subscribe.html
   5. http://www.stashonline.com/clipse.html
   6. http://www.stashonline.com/traxshoot.html
   7. http://www.stashonline.com/traxshoot.html
   8. http://www.stashonline.com/features/rap4rights.html
   9. file://localhost/tmp/features/rap4rights.html
  10. http://www.stashonline.com/av2.html
  11. mailto:[EMAIL PROTECTED]
  12. mailto:[EMAIL PROTECTED]
  13. 
http://blog.myspace.com/index.cfm?fuseaction=blog.viewfriendID=131465992blogID=221766453MyToken=772e3723-6e6e-49a7-a33d-489bcbf3ef08
  14. http://i108.photobucket.com/albums/n19/m1promo/celebrity1.jpg
  15. http://www.hotimportnights.com/
  16. 
http://a438.ac-images.myspacecdn.com/images01/33/l_dd04d53521e601e8991b0223765e5115.jpg
  17. http://www.stashonline.com/images/wc/clipse1.jpg
  18. http://img169.imageshack.us/img169/3339/djjuicecelebritybirthdaas0.jpg
  19. http://www.mighty4.com/
  20. http://www.myspace.com/elp
  21. http://www.myspace.com/xienhow
  22. http://ymlp.com/[EMAIL PROTECTED]
  23. http://www.ymlp.com/

   Hidden links:
  24. http://www.true-skool.org/
  25. http://www.true-skool.org/
  26. http://www.hotimportnights.com/
  27. http://www.true-skool.org/
  28. http://www.hotimportnights.com/
  29. http://www.true-skool.org/
  30. http://www.true-skool.org/
  31. http://www.true-skool.org/
  32. http://www.true-skool.org/
  33.

Re: kernel panic at boot on any 6.x OS

2007-02-26 Thread Kip Macy


It looks like it may be loading an out of sync kernel module. Cleaning
out /boot/modules might help.

   -Kip

On 2/26/07, Joe Auty [EMAIL PROTECTED] wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well,

My system does boot off of disc 1 of the FreeBSD 6.2 CD. However,
even when copying the /boot directory from the CD to my machine, it
still produces the same kernel panic, even when starting in safe
mode. I've run a memtest, and it checked out fine.

There must be something in my user space or world that it barfs on. I
guess I will try a clean install and rebuild at some point...

If you have any other ideas, I'm all ears!

Here is my error message again (with verbose logging enabled,
although that has no effect on this output):


 WARNING: Device driver 

 Fatal trap 12: page fault while in kernel mode
 fault virtual address = 0x40
 fault code = supervisor read, page not present
 instruction pointer = 0x20:0xc06d4614
 stack pointer = 0x28:0xf015491c
 frame pointer = 0x28:0xf015491c
 code segment = base 0x0, limit 0xff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
 processor eflags = interupt enabled, resume, IOPL = 0
 current process = 898 (kldload)
 trap number = 12
 panic: page fault
 uptime: 36s
 cannot dump. No dump device defined
 automatic reboot in 15 seconds


Thanks again for your time!


- ---
Joe Auty
NetMusician: web publishing software for musicians
http://www.netmusician.org
[EMAIL PROTECTED]


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (Darwin)

iD4DBQFF42FSCgdfeCwsL5ERArNQAJ9pEyu3ZT3BXe4YhEsgRsid6fB+SwCXeGjO
fO0GeeBUPKKYq4N5rRHDTw==
=PgI8
-END PGP SIGNATURE-


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: test

2007-02-26 Thread Warren Block


On Tue, 27 Feb 2007, Greg 'groggy' Lehey wrote:


On Friday, 23 February 2007 at 22:46:40 -, Justin Schlingmann wrote:

Lets see if the mailserver can find my hostname from 80.126.252.242


I think we're going to have to put this in the charter: please do
*not* send test messages to tens of thousands of people when you
just want to test your own configuration.  We have a mailing list
[EMAIL PROTECTED] exactly for that purpose.


A notice on the web page here might help:

http://www.freebsd.org/community/mailinglists.html

With it between the Mailing List Archives and English Mailing Lists 
sections, saying something like:


Test Messages

The lists freebsd-test, ..., ... have been created for test messages. 
Please use only these test lists for test messages.


Do not send test messages to any of the normal lists.

-Warren Block * Rapid City, South Dakota USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

single mode console does not display on VGA