Re: OpenVPN Setup
On 5/10/2011 3:55 PM, Bill Tillman wrote: I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? There's a client for Windows from the OpenVPN folks available under http://openvpn.net/index.php/open-source/downloads.html If you're on Windows 7, Install is by running it as administrator, and configure the shortcut to run the client itself as administrator. You should then have a nice roaming setup. -- Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does NAT require DNS (named)?
Gary Dunn wrote: Continuing the saga of building a wireless access point, what is the best way to provide DNS service to the dowstream network? Seems like all I need is a simple pass-through. For that named seems like overkill. Anyone have an /etc/named/named.conf that does that? I normally run a copy of djbdns on the private IP, having private clients use that for DNS. Alternately, the private clients could just use your ISP's caching servers, which should work without any other configuration (possibly an allowance on the firewall). - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSHD/Kerberos on FreeBSD 7 STABLE
Ansar Mohammed wrote: Is sshd compiled with Kerberos support on freebsd 7.0? Yup: ldd /usr/sbin/sshd: ... libgssapi.so.9 = /usr/lib/libgssapi.so.9 (0x28124000) libkrb5.so.9 = /usr/lib/libkrb5.so.9 (0x2812b000) ... Otherwise, you should be able to use PAM, with /etc/pam.d/sshd having the line authsufficient pam_krb5.so before authrequiredpam_unix.so - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo, LDAP, and Kerberos
I'm setting up a centralized Kerberos/LDAP authentication system and trying to get sudo to use a) Kerberos for the password, and b) LDAP for a non-local user's group. Locally on a client system /etc/sudoers specifies %sysadmin to be able to sudo to root. I don't need to move sudoers to LDAP just yet. I've had success on some machines compiling sudo from source with --enable-kerb5 and --enable-ldap. But on many other systems sudo segfaults, or returns bus errors, and overall gave me nothing but grief. So I'm looking for alternate ways of supplying sudo with a user's group. Is it possible to compile sudo (without kerberos and ldap support) and configure a pam.d file (/etc/pam.d/sudo) to interact with kerberos and LDAP? I created a sudo file with authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_krb5.so warn try_first_pass ... and running sudo (compiled with only a ./configure, no other options) as a non-local user I successfully authenticate, but then sudo has no idea of the group this user belongs to and says not in the sudoers file. Is it possible to use PAM as a go-between for sudo and the remote LDAP system to provide sudo with the user's group info? How has everyone else set up a central auth system? Seems to me sudo's configure script has some flaws and I don't want to rely on it. Maybe there's a better way, but aside from sudo acting up, the above would be a fine set up for me. Any pointers appreciated. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LDAP user authentication?
Jon Theil Nielsen wrote: I have googled for a very long time, but I haven't found any useful howto on this issue. Well, there is http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html but that seems to be a bit confusing an not up-to-date. I guess it _should_ be possible - and indeed very useful (especially combinde with Samba PDC and an easily maintainlable mail server). So please, if you have any experiences or knowledge of a useful description..! Regards, Jon Theil Nielsen At the risk of a thread-jack... how are home directories handled? Will 'user' have a home dir on the local system? I suppose once LDAP is set up properly, you can then create the home dir, then chown it 'user', with 'user' not being a local user and not in passwd/master.passwd files. So when you chown/chgrp, those commands go through pam/nss/ldap to retrieve the proper id and name from the LDAP server? For anyone that runs such a system, is there a delay when logging in or 'ls -l'ing an LDAP user's files, etc? Or is it unnoticeable if the network between them is resonably responsive? - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Integrating Postfix + Amavisd-new + Clamav + DSpam + DBmail
Tek Bahadur Limbu wrote: Since I am very new to database terminology, how scalable is a database in terms of the data storage size. I mean suppose, we have 2 users each with a quota of 1 GB. What will eventually happen if they all used up their quotas. That will be about 20 TB in size!! Thanking you... You should also consider that DSPAM, fully trained, can grow very large. I use a single username for a dozen email boxes, and the database is 3.5GB. Though you can trim it by dropping tokens that aren't as accurate, or aren't as frequently used, it could still become big, especially with a lot of users. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 6.X and postfix/postmap - corrupt maps
Hi there,
I am unable to use the 'postmap' program under 6.0- or 6.1-RELEASE.
Instead of building a valid hash map, it puts in various data from what
appears to be my /etc/master.passwd file, complete with crypted
password. I believe that this is some type of a library issue.
I'm doing this with postfix-2.3.2 downloaded right off the website, but
the same happened with earlier releases, as well as an install from the
ports.
As an example, I use the file 'transport' which contains
# cat /etc/postfix/transport
* smtp:[192.168.0.1]:25
The syntax is correct as I use it on 5.4 and 5.5 boxes (I've had to
downgrade to that to be able to use postfix).
# uname -a
FreeBSD some.host.name 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Fri Jul 14
13:43:37 EDT 2006 darek@:/usr/src/sys/i386/compile/SOME_KERNEL i386
# /usr/sbin/postmap transport
On a system where postmap works fine, this is what I get:
# strings /etc/postfix/transport
* smtp:[192.168.22.29]:25
Please scroll down to APPENDIX_1 to see the 'strings' output on a 6.1
box. I tried this on 6.0 and 6.1 installed on a number of different
machines, all with the same result, so I don't think that this is a
memory or hardware issue. I also tried this on 6.x, 4.10, 4.11, 5.4 and
5.5 on the same system, and only the 6.x installs failed in this way.
Also, scroll down to APPENDIX_2 for an strace of the postmap execution.
You will note that the open, read, and write calls often have weird info
in them (I believe the filename part), with parts of strings, and random
characters, like 'open(ΓΏ'
I got a couple USB-only Dell towers for my SMTP boxes, and FreeBSD below
6 doesn't recognize the keyboard during install. So I'm forced to use
6.x with these. Unless someone knows how to use a USB keyboard in 5.5
installs...
Thanks.
APPENDIX_1
# strings transport.db
darek
*my encrypted password*
User
/home/darek
/usr/local/bin/bash
darek
*my encrypted password*
User
/home/darek
/usr/local/bin/bash
1darekdarek
*my encrypted password*
User
/home/darek
/usr/local/bin/bash
darek
*my encrypted password*
User
/home/darek
/usr/local/bin/bash
AdarekGdnscache
User
/home/Gdnscache
/sbin/noshell
Gdnscache
User
/home/Gdnscache
/sbin/noshell
nobody
Unprivileged user
/nonexistent
/usr/sbin/nologin
nobody
Unprivileged user
/nonexistent
/usr/sbin/nologin
Post Office Owner
/nonexistent
/usr/sbin/nologin
1poppop
Post Office Owner
/nonexistent
/usr/sbin/nologin
Apopbind
Bind Sandbox
/usr/sbin/nologin
bind
Bind Sandbox
/usr/sbin/nologin
bind
Bind Sandbox
/usr/sbin/nologin
5bind
Bind Sandbox
/usr/sbin/nologin
kmem
KMem Sandbox
/usr/sbin/nologin
kmem
KMem Sandbox
/usr/sbin/nologin
Tty Sandbox
/usr/sbin/nologin
Tty Sandbox
/usr/sbsmtp:[192.168.0.1]:25
APPENDIX_2
# mount -t procfs proc /proc
# /usr/local/bin/strace /usr/sbin/postmap transport
execve(0xbfbfe720, [0xbfbfec10], [/* 0 vars */]) = 0
mmap(0, 3608, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28082000
munmap(0x28082000, 3608)= 0
__sysctl([...], 0x2807e998, 0xbfbfe9c4, NULL, 0) = 0
mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =
0x28082000
issetugid(0)= 0
open(/etc/libmap.conf, O_RDONLY) = -1 ENOENT (No such file or
directory)
open(/var/run/ld-elf.so.hints, O_RDONLY) = 3
read(3, DUMP_REL_PRE\0LD_DUMP_REL_POST\0__..., 128) = 128
lseek(3, 128, SEEK_SET) = 128
read(3, /lib:/usr/lib:/usr/lib/compat:/u..., 60) = 60
close(3)= 0
access(/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or
directory)
access(/usr/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or
directory)
access(/usr/lib/compat/libpcre.so.0, F_OK) = -1 ENOENT (No such file
or directory)
access(/usr/X11R6/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or
directory)
access(/usr/local/lib/libpcre.so.0, F_OK) = 0
open(/usr/local/lib/libpcre.so.0, O_RDONLY) = 3
fstat(3, {st_mode=0, st_size=0, ...}) = 0
read(3, \177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\234\23...,
4096) = 4096
mmap(0, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_NOCORE, 3, 0) =
0x2808a000
mprotect(0x28099000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x28099000, 4096, PROT_READ|PROT_EXEC) = 0
mmap(0x2809a000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x1) = 0x2809a000
close(3)= 0
access(/lib/libc.so.6, F_OK) = 0
open(/lib/libc.so.6, O_RDONLY)= 3
fstat(3, {st_mode=0, st_size=0, ...}) = 0
read(3, \177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\331\1...,
4096) = 4096
mmap(0, 884736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_NOCORE, 3, 0) =
0x280a1000
mprotect(0x2816, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x2816, 4096, PROT_READ|PROT_EXEC) = 0
mmap(0x28161000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0xc) = 0x28161000
mmap(0x28166000, 77824, PROT_READ|PROT_WRITE,
Re: Low-cost, FreeBSD-compatible notebook
John Kimble wrote: Hello everyone. I am looking into buying a cheap notebook computer (sub $800, the cheaper the better). I have been playing around with FreeBSD for the last few months and have decided to make it my sole OS, so I really want a notebook that's as FreeBSD-compatible as possible. I know ThinkPad's the best for Linux (I would expect the same for FreeBSD), but as they are a little out of my price range ;) I was wondering if you guys had some other suggestions. Depends on what your budget is. I paid $1600 last year for a spiffy T42 with a great 14 SXGA LCD. The Express models on Lenovo's site are the cheaper versions You can score a T20, 21, 22 or 23 on eBay really cheap, and still get a decent CPU with X support, so don't assume they come at a premium cause you might miss out on a decent machine with the best keyboard around. I personally don't run FBSD on it as I have yet to see a successful implementation of sleep/hybernate. So far, only Ubuntu Linux seems to support it in a stable way, but I replaced Windows XP's explorer.exe with Blackbox4Windows and cygwin, so its almost like using a unix box with a decent window manager. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nologin: Attempted login by root on UNKNOWN
doug wrote: On Tue, 18 Jul 2006, Tuc at T-B-O-H wrote: Hi, All of a sudden today I'm getting : nologin: Attempted login by root on UNKNOWN on a server... Its happening QUITE a bit : Jul 18 13:16:01 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:16:01 asgard kernel: Jul 18 13:16:01 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:18:23 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:18:23 asgard kernel: Jul 18 13:18:23 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:19:25 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:19:25 asgard kernel: Jul 18 13:19:25 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:19:25 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:21:27 asgard kernel: Jul 18 13:19:25 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:30:56 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:30:56 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:55:11 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:55:11 asgard kernel: Jul 18 13:55:11 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 14:08:47 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:08:47 asgard kernel: Jul 18 14:08:47 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin: Attempted login b y root on UNKNOWN I'm not sure who/what/where to start looking. Ideas? I believe that I've seen this before. If I remember correctly, the UNKNOWN part happens because the connection was closed before sshd or the system got info on the client's host. This is probably not very accurate, but the overall result was that it was not cause for concern. The only thing that this shows is that ssh is open to anyone, so you might want to close it with a firewall, or within /etc/ssh/sshd_config with the AllowUsers directive. Also within that file, you probably should have PermitRootLogin set to no. Also look at the output of 'last' and 'last -f /var/log/wtmp.0 ... wtmp.N' just to make sure root didn't log in. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nologin: Attempted login by root on UNKNOWN
Tuc at T-B-O-H.NET wrote: Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN I'm not sure who/what/where to start looking. Ideas? Hey Darek, Good to hear from NYI. :) Heh, are you a customer, or just familiar with the company? SSH is TCPWrapper'd, and only *1* machine in the entire datacenter can access it (Typical jump box configuration). http://lists.debian.org/debian-wnpp/2006/05/msg00092.html Does root have /bin/nologin for the shell? If it does, then the UNKNOWN would refer to the terminal, Just the way the 'nologin' binary is set to log to syslog. Basically means that someone tried to log in as root, but before they could even provide a password, the nologin binary kicked them off. That's why the terminal type is set to UNKNOWN because it hadn't been set yet. You'll have to figure out how that person is getting access as apparently they are reaching the box. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating system's natd config from natd.conf
Hi there, What is the procedure to make active changes made to /etc/natd.conf? Sometimes, restarting the natd process with an HUP drops my connection. Other times the restart didn't seem to make any difference. The only way I've ever updated natd rules was to restart the server and never was able to find anything relating to this topic online. Any other options? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usernames with uppercase
Spades wrote: Hi, I tried to add a username ie. Bryan, but FreeBSD doesn't allow me to do so. It gives me illegal username error. Any idea how to go about adding usernames like 'Bryan-admin' etc. Please help. Thanks.. Bryan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] su-2.05a# pw useradd -n Darek -s /usr/local/bin/bash su-2.05a# cat /etc/passwd | grep Darek Darek:*:6672:6673:User :/home/Darek:/usr/local/bin/bash ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: A while ago you posted about qmail
Roland Giesler wrote: Hi all, I've installed qmail but for some or other reason I cannot log on to the pop3 service. I keeps saying authorisation failed. readproctitle reports: # ps -aux | grep readproc root 130 0.0 0.0 860 72 con- SWed05PM 2:07.15 readproctitle service errors: ...r directory\nhead: /var/qmail/control/me: No such file or directory\nhead: /var/qmail/control/me: No suc... Might want to check why that file doesn't exist. It is required by qmail. Run tail on /var/log/maillog while trying to log in. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
