Re: freebsd and
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/01/2011, at 07:02, Bill Moran wrote: (don't see why this was on -current) In response to gahn ipfr...@yahoo.com: hi all: i set up the freeradius 21.100.1 on freebsd 8.1. it uses local authentication database of /etc/passwd (thanks to the previous discussions alan did with others). the problem is: it only works with the condition of the server id running as root instead of freeradius due to the one way MD5 hash of /etc/passwd file. are there any other better ways to implement this? a) Put the Radius server in a jail, so it can run as root without all the security concerns. b) Use something other than /etc/passwd authentication Cant radius use pam? perhaps you should look into that. It may be a pain though, freeradius is largely undocumented, and what documentation exists is often incomplete, incorrect and full of people touting IT JUST WORKS when 99% of the time, It never works. Once you figure it out however, its great. I would highly recommend putting your raddb into a version control system. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNJRKdAAoJEHF16AnLoz6Je6YP/j5sfpXOReiyviyNututzGfA dS+/6MoBfumuzdLAxTZ5gCJ4r7hIWJSbl0vPbt8zDbigcGJKcuT63dfdeAsV/7vu /0KqeC1HbrS5mXB2bVVjUvxgm+LbTlTrS8pIkS3A1jWSvvYgqb5ABXL2gXDARJig pQ5Ehw/mJsgNNmYOrHD1FV5H1/0s0arXSK6rK/sJa7qBIyuLvfuatfK2NOFlPAr5 ST1UqvGrEVP5vA4GGO3+l4m7CBIuzVBuVaLpTpsHUXcdjxoB0bgZrR6se42z7VFo PgClT1bKv/Ht8rD9EO6oRpASAHB89/K1HpNvHbV9KT+veuKcla0xVPilpyt+XMES c4iDxwOBzml+N6QPiGdD9+GhfvZbg2JBgHoGYFXclyDJFceiDVkMgTWN75miB+d4 tMTZbtwkQNoobRmp/BCAlVqRJC3dUQeVqDSAUkuMf6ZU0WQWfh6g8qtGb0IA5mWH u0mRbBacEr4kx3bSeIzCb09DJMkDFmb1/kaQPVqUEYpU+ggW8yLV5sz/vdomdpRB 6hUfcXHnGK/GY4FsMPHaLTWghHdG6cFv8XwM/8ftsrCTtJYl0mD8xzSxqeTBCrua VPHcZ0d4gxe7reylYZfp8NqTAK96JBkRqEoTtYyi6Oiy8kbolY8SHiok98o/uydT nGM30URjS7EC7oSyL4N5 =ppAO -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Any recommendations for FreeBSD VPS hosting?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/12/2010, at 10:28, Randal L. Schwartz wrote: n == n j nin...@gmail.com writes: n I'm looking for inexpensive but reliable FreeBSD VPS hosting. Any n input coming from a positive personal experience will be most n appreciated. http://www.johncompanies.com/jc_bsd.html They are excellent. The service is great, and they really understand the technology. If you're an expert, and require a minimum of handholding, I highly recommend arpnetworks.com. I've had 4 boxes with them for a year, and am very pleased with the services offered and the resulting price. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNG8zaAAoJEHF16AnLoz6J95EP/irUL8MeVnf6sofw8ztQAVii KOLcPO6ITYWfMursB4YKVyKW8PAvqk7Bf9LKTGKf8/y8ZDYLM+D1NXyMhEzCHX8r 8L+N2goswgoCccRvQlHZYi+QzmzVXyU4yq7ERe02SG88EZq9Irgudqf/LzS17TI9 EmagdQkLTG9RiArVRTHMSJnlUadzG3tbTBIDtWw9JSLa82vp6Z2cIlUae89Cr1lW ZrOHkQaxGP+GgRvb/Jo6RGzlP5urclSuv3lXH5fpnCBoUiJliEPLgveQr8Sx8VVs y5FSHCubXcT8nGflpR3BsK+f3esDUeMTRRDYnc3sMQ5x6IKiTmA6zHZqZ+qz2VnZ qYmf/ZK+ro0ANjUQt8mXmi2H+2CBDaK8px/jRtZJGrbkmEVbPHYtjzSepOjuRB6U 3LPhC+xIE7hu8qYiC0fMyC5wllTviJqRQEdbR03DUle/pOQWlLDk5312nNO1JjC2 qOGPzm70YUk66LhYj2mR2B8PmZjBaMdGOzjHZDks5EB/7Fn6DXQZeF94xs/qavh5 qiC14Cv35f/Of989IT6FBsqAHrMCg+r/R4S5fPFVOCWV1ePFNE/eROqoE4yD7Lpq lZ8sv4cnqQuBmd/uqh5FDlsrfP6jdFCfMkiTMdMrtXHcd9R35CEuBmOgyhLvmSTg UX3mUhLerYZ+obi+f63k =/L1l -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Port based VLAN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I plan to make a FreeBSD based router sometime soon. I would like to be able to do port based vlanning on the router, so that a client computer that plugs into that socket is dumb to the vlans' existance. IE em0 - untagged em1 - vlan 1 em2 - vlan 2 Is what i want to achieve (as a simple example). This way i can use unmanaged switches on em2, and all clients behind that are to the router on vlan2 How does one go about this on freebsd. Thanks William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNEd3DAAoJEHF16AnLoz6JT4gP+wX5ZTY4vnd+QfTHFTQLLUNs g+UZfCUXxK0lb/6k0OCyLyoC1yMYt6fuFWshGEZpxrpxEDX0wb11tlU8P+QFJt9q ETDCZQMX8merJSO4d2iKWJ0rcnc91FE8P+GcX6qc0uwHHCALoAyYgo1wSkxXZWkw p5XJVnR/xhXMyk4A+xKxB37DNbTmWVxbj5z+K8sSPQnBRoje/t7IeAQQjUxe3oMV G3h3uMc0lww2vjhZLpqs2yB6DLERZDTsoX7n0qRZ7ODTxE3DwDZGC8A/ZN8HtJxy XKaAcTnH6mbncrowDDeL9i8cAzLb8Tay6WjQcRG2rXDFNrCj0lQ6FdZ7ePXVasp5 Q67kohgYbUjm1G1usV5eW0d/7H5vmavMrE018gHCJ4UdUCZqmt77TENBAtUkG9tf cWoGzy2hwlC/Am8Nobo1saBQv+ChjCsMwNuq47PE4sU7LTPNPMX4GrP3iTCvrYjM JwMb63F2v81eJX0EA88paPrqj/7swIppzOR3iVIuqh6yrWsnPwXVZ2iMBt8cNHh5 98TYp3K2sBxi8N8ehdeiQhCnNiNTsL/q/UU/Yo0VkQg24tj5KPNRNNhHme16BD9k A8mS1pK+K8zZFklrm1yI0veYF/NFAEUduZ4ccn7q9swweulziaRNsWe6cWBMvs7M MWGD68Ev0OXMgm4GCXwd =bvpq -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Noob Jail question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Indexer and Da Rock, many thanks, more reading, and some fiddling needed I think. It is the best way to learn. Setup a VM of fbsd 8.1 on your computer, and just play with it on that with jails, and learn what you can an cant do. Remember that if you ever need help of course, these email lists are great. Also, read the FBSD handbook, it has some great instructions Isnt self directed learning great ;) Cheers. Dave B. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNCsBsAAoJEHF16AnLoz6JG58P/Auqb1g9Id0r+uAIdg7atLf0 +KCaJ78n/2+aYYUAxbjnfAIQrv/qwqvV163EnZCVq4xJSAfUlZWo9fkV55mPN5co d5ZO9s7dr4p57ptv3MuF8+DtG0dPq9KtBPQT1U7m94uzXSDCRtjVJMzg5AqIfRTi +ZO19ewjfMkhvEi0qmk2BoOTc50WGaQSU8A09r8ItquDOAqGYV+a7yPswUhn6Uc8 NCc+m1kDdAyxjLKTMzcP1Lkxh8j/RU8fxpPZQkIc6U/6dF56NGUob+99R6xsUt5P y3LgkMd1R6pOngrid3MXxB7pIlh6Hy/tSICgcpsUPYbXinKlSFrSKlX6PIHRZlj0 vIO89ofHMl2m8T0L52zZcAupcnP43i+cUI7paPBAekbmuV/VhaCOWxCZp97CUVKd 30dgngg0zKBZFPHbCeMZLsNT4gsCRnVEJdUYSnxKMg6tLFwK8uCnXU3wPoQ/Gm0u SVsVQTdHJfkHfjt0oEqZeBEPtTi8Nd5HCn6JAEOpXY6I9d4/4qifSM0goV5uyO0F Xo++r6ej+dN1Mo1/4TR0EomEI20hgASnKit9C2exAx77qqmpMpk95O6EZbvF4Q4U dNR/o72Qq5v7SFLV18DlA5sFUnLk7cZclNsaeNf60ZAzp6iCxrsSoZjmbIkX0qEv W5gn8NQbQqDFVy7XbJyk =KnnJ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Noob Jail question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SSH remote login for admin needs (But not for root login) Also working well. Good! I think I'd like to run Hiawatha in a Jail, as it seems the right thing to do with something that will be exposed to the www. (Comments/advice?) - From a security standpoint it makes sense, as it confines a malicous user *if* they get in. But, how do I arrange it to safely get (read only) access to the website data, without preventing the FTPD service from having access to update that data. FTPD will only be reachable from LAN side of the main gateway router, Hiawatha will have an outside world port forwarded to it by the router. You notice the way jails work? they are essentially a fenced off part of your filesystem. So your jail may live in /usr/jails on the host system. You can access all the contents of the jail from the host of course. An easy answer to this would be something like, have a directory called /var/www and have the FTPD write to that. Then mount /var/www as a nullfs in read only mode to /usr/jails/var/www, and point your webserver (which inside the jail is unaware of some of this) to /var/www (or to the host, the /usr/jails/var/www) What I'm asking I guess, is.. Can a jail'd app, reach outside the jail in read only mode. (I suspect, maybe?) Or can an app outside the jail, drop stuff off inside the jail? (For whatever reason, I suspect not?) A jailed app cannot reach outside , this defeat the purpose. On the other hand the host can reach in The best way to learn is to try, so setting it up on a dev machine is probably the best way to go. Again, if you need more help, email this list. Sincerely William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNCVW3AAoJEHF16AnLoz6JXo4P/Rg0+pdhxP8tiKeqSGi6n9dy hYj4KsnnG1diggB/+VI7tnffJqhm9HTqds9f+VXqx/YkTXNZirTBSbQtqAPz41Z6 FwAr1bAw5aUVQf8Pc80xsk9UMeI9L1wM7/rjRYRab1h6g8SBv2Gf/AZ4oLC3rO4C PQwigplntB/MIYMBrAsizpBar7f+sPPpftxlYAIl3s3prysja1KTOW4l+NDOPO4U OUQ2o5x4Gpbt/suhlrx/jjWhSRqyhwblN8DEXkwuIyR6HT9PuUOH05YDB1bg4nSs OW8N5ZD6VoTkcDP1kayBoD5kEcRQX4eji9LksTnsJoxXb4bers1JyT2wsAYZr5LC W45UEtvaHjidsP4mpnnaWMeHL7U89YEaUub8PtR3NYs2ky2A3stw2qKDemvQuP1q QntJVeq8VETig139aKjBcEs04NW/8MkEajKigkDFmUEoHpFfxAsIsIUZO6P0QElQ whcFTDLiq9IG+J+eeq3/YcykCWLJju1cnL0Nzah91L5GHTi866cR2vafP8aJN1/5 D2EQEoghbstIjgTtTBC5Y+csBDffzAS6MfjsJ0S8TC8fYBRSF5sAqQXAc3x/pNZ6 lw8GNgkAmLrrKMmRpbmnHJbGOs22udzfuqtEKMs+dme+L0xNeCuZSJGbxC2+CXtD qayfvD4Kqj8yK+vYMBAt =8A/f -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ultimate backup choice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 1) running from e.g.: a cronjob 2) when running, it just checks the folder in SERVER A and SERVER B. if a file/folder has been added/removed/ modified in the SERVER A's folder, then it copies/removes it/them to SERVER B's folder. http://www.freebsd.org/doc/handbook/backup-basics.html William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNA6QxAAoJEHF16AnLoz6JRzsP/2rtrtu7a1vPc3jmhOMppg9q YJYcFTAOcVDR6rjb+82WBn75GgkhGWGfVmOwUThbyu/5kzfvsb70gVzWdia6RcuG Dr5XBFjObYQYRBme7sJBRuRZH1xwb3fzFzbkBf/moi2GvH7yi98FKAkqU8jtmgYN +/Qls+BHYthE8We7HV+02FGmC1s0uC6boebjdrwSFLdBjvM5ehUg4Lb7UL40bckz piC6OpL4vkRmx3VtpsxShvunljaCctiOAkYrs77TMIkooa7pV1kVBbvadUCylx/1 /YZpuz33KnL5+Sd+69HDNOkd+4Ix0a/SPglZdVif9qPt8yAFraxMxqCDauddzEyX bzp6qlEMoSxW8oLptImkI91dYjoMJlT5V51rF5UN50jVlfMKGp4JydK2/T9WBYY3 zN1KagMtzmhz0wgN+Fy2TEh7K034IDtVLZVu34ZGPVgJh8C3+b41CKD2JdtQSMXD 2R64rSerJw3Di9b9Gm/Djt27TR32HDagj/UUH24Gn4uArOkkccmYYgpVR2BrQXPf D6WlopScMhzpRGa7U1IvLMdfe7gLLqVWFQmCkd/mTz2RhT5gBiB2kSOwVtePGDnC dKeM9ahBo+JNC8wSqZq64KOPoqqAkWNRB0oQxjcsP+IsTx8Q+vNDNebjENSz2sBo woXN30B9tPU3Ea21Zqwx =GHAI -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mirror Site Requirements.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/11/2010, at 08:27, Chris Brennan wrote: On Thu, Nov 25, 2010 at 10:21 AM, Walter Gonzalez Flores wgonza...@gtdinternet.com wrote: Hello everyone!. I work for an ISP and we would like to be mirror site for downloads. What are the requirements for this?. More generally speaking, lots of disk in an array for good speed and muti-threaded access, a way to sync content automatically, and good network connections to the server itself. You might consider looking at the handbook, specifically http://www.freebsd.org/doc/en/articles/hubs/mirror-howto.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM7uyBAAoJEHF16AnLoz6JQawQALQID91a2Zd7T6RTnOjao2vh eWz5zwWqp4ahveGDWHTHtLUD6g79HRMhcA5ABKY+SgS5h2UACnQKFRu34XJkJNR0 51Poq/ssOb4mm52StYPE1lbNXy/HDijP+0CLedgYZT5jaqp68oyazA31gSSCUjUr 3+TgX3SxmHfL9+wIzHjXYxRk70cCVii8/4Fm2Nz7r/jOg0ZSPLwRSToMJ5LCzwBW CuX2z5JyH7VTwZn9pXtaUVW+4ahJV5LjUR87bxGKh/FYCKbv7Q0Mw56XZs1FjWZR XMdBjL1W87PZSnD4/XhRjP/INrpZjMeO22jhkj/PvGHZeyz/mwRxxibYpObqjBQJ sRAnGux/g+NE4JHuFDxB0wiHyFt5Uudh4jnc70w7YHmHQUbVPwhCjpVExNhW2rPv bRFUYk6NziVT9+Qodo4LrIvXlDNCN45f2kc1yHO9xuz9mW28YndEnG8tTNcvmVe4 DJ+wOC40XsKul4Ik/JMO4/Bh6oVX/iXU9zpXPQt/vEdZbBi/SYMH3wOBSYEVRSjk rfyhKQS6byY53vHjcppr/qrF9OrP2Bl/UDYJUyCtrMPAvFxpOWrlFdK9/mZV82lz 0XArH5Z/bMVajby+iVJiuavkST2z3EzjM4y9wwt4THfsUZ8xNzoXkZ15E4oDkJzo ywQmfr40L0Gwuo1AIqFl =e0ua -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 32 or 64 bit as server ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/11/2010, at 20:22, Eva Kukulies wrote: I'm thinking of renting a hosting server and I have an offer of getting a FreeBSD 8.1 server. I want to run MySQL 5.x, PHP5, apache2.2 on it and I'm asking myself whether it would matter if I choose 32 of 64 bit ? depends on ram amount, and if you plan to use ZFS. probably not really an issue though. Take 64 if you can however. -- Christoph ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM674aAAoJEHF16AnLoz6JsEkP/iCnejN17c2gbRoKiDeNPN8h lvY58GzVrSI9SbUdgKsIgZkcTabXxDG9qAuNeDaST8e5xCwkx4VQYoWJNnOeAPyh I+6edmdnjb1q2wQVWyauuY/K9n0o5NtcH/L+GjmjpOrvc42EoYwo0AUOekYY20da mRpyKWZd//fZLEiK1E0efjHBa4JOs0WcTZjg39M2C2aq1UsNIRb87VrzOZzilN/u FwzzBSdu+Wdyk6HSzJMKjKPVHmJlqI2Q9jogr2oJQghma+MXVv7+HkAeiDi/1qeA VimQl8+HOH70xDzLHNfS3qmokhwlvlfiarR8/21rSxaeKPSUqpAnJnt+DczmOF5W RSaM0fw0G5+G0jNovbqavgK/5tGF64PDlMLBgwOYsxprUWyXO1znU5w2WoB7YQVF dQZnxbLwGvtgpwIxJyTTmIFYgkXhTPi3aHe3P/sEE3ZQpgxRxHOGGONvze1lDOfk PiS+QYnrZFQAitM8hQh8wXnYlEYymm4TFn6GuSGTWPYDEXcb4p+8wKnyCc6OY8Ut uQQ9VtL14Xij+9WM4YAGXGTJTZSDC0XmN//98QwHV3j/S68p0kac9tZ6WUJZ7rbK ygVN6DrJX+Iu188U4+0XXbakDyHBgR1e9JsBpmUSQPi9QkioDZJfEF9EL4O6yGCh nKjMNKffgwuk0GBXQcag =1gGy -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD and large harddrives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/11/2010, at 22:46, Andy Wodfer wrote: Hi, I'm going to build a server that's intended to store uncompressed videofiles (where 1 hour film equals about 500GB). I plan on using Western Digital 2TB or 3TB SATA harddrives. Total storage in version 1 of this server will probably be 8-12 TB. Harddrive speed is not so important so a 5400rpm drive would be OK. Seems like the green line of WD harddrives use both 5400rpm and 7200rpm. I will use RAID 5. The processor will be a 64bit capable Intel processor and I plan on using a Highpoint Rocketraid or 3ware Raid controller. So now my questions: 1. Which FreeBSD version should I install? (it must support large drives). I'm currently using the standard FreeBSD 8.1 (STABLE) on several servers, but this is a 32bit version, right? I suppose I need a 64bit version when I use large harddrives? Freebsd has been 64 bit for a long time. It supports multiple architectures. You want amd64 (yes, even on an intel 64bit) 2. I know that the 3ware Raid controller supports larger drives than 2TB (or was it 1TB?). The Highpoint controller I'm not so sure of, but I've had good experience with these on a few Windows servers and on one FreeBSD server. My setup would be to use the entire disk for both operating system and filestorage (in version 1). How can I create this huge partition/slice? I don't think the installer (atleast on the standard FreeBSD version) supports these large drives? You can use vinum or ZFS. Thanks for your help. I might have follow-up questions as my project make progress. Best, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM5RpXAAoJEHF16AnLoz6JCdQP/06Sne+m2b3xKg9p1FQzK6vi vcE4rnWvA6EJNTc6I4R1ftv824CryKMpOtmy4HIySbGIoljx/1cAacQtUQr00oS0 GBR8IMJF3UaH3dUd+5nAuNJLhrHwJcDDT1bKF79zut8n4YiJ7a9d4ad9QZt4kkdr pNrDQgEZSvTYPKxREevutrmy723u0y979c8S1H7B8WT0MigQ7JwIK6zS9WhveMNt ONUxToppQxL0BhD8SP8lwUHF37WUJ11bUaGgNtEK38c3871vVZmEwfjfx1N9rbrt Skg9DulDnFM01iCuav1RTmKChlFXdvS6CcKt9SjeiEu3IvnYHoD8KW7OXnOfKssy UT5i4lYXYepjcObwBpcIJuqNlBPX+kV1GDLJ7Fu0crQwI251sOJknJlAP2RkkfLw NMax7kd1IvAlN/AoFQcSeGsdoFvqM+KZDSi5h6OO3A53Qqx0/MFQ6mneL01Fbxhx rDgpjKN0acuKEENasUDcCvhXA5Ffpvf3ih/+gH23xD1TEFuYZ4owNzmkefI69clH 3s/dYL5Qt0cj3gB/TiABojZbrr8SA1BfXUmDekY+LnTH62s8CVJ0ypkyL8tWcWSj TGzOyfJELpvLEGWyzfP593lCD2aTtpMkGc+BVivfDAu710qzPMBMWXFxBY5izF4N QMjpiI6PFs2oewbsP9XN =KFw3 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD and large harddrives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/11/2010, at 23:12, Andy Wodfer wrote: [snip] 1. Which FreeBSD version should I install? (it must support large drives). I'm currently using the standard FreeBSD 8.1 (STABLE) on several servers, but this is a 32bit version, right? I suppose I need a 64bit version when I use large harddrives? Freebsd has been 64 bit for a long time. It supports multiple architectures. You want amd64 (yes, even on an intel 64bit) Thanks! I didn't know I could use amd64 on Intel servers. Then my next questions will be: How about the ports collection - does the 64bit version have most of the ports? I need ffmpeg, php, apache, mysql, imagemagick, ghostscript, exiftools and a few more small ones. Yes, it has largely the same ports. 64bit support has been very good for a long time, i use it on all my servers, production and dev. 2. I know that the 3ware Raid controller supports larger drives than 2TB (or was it 1TB?). The Highpoint controller I'm not so sure of, but I've had good experience with these on a few Windows servers and on one FreeBSD server. My setup would be to use the entire disk for both operating system and filestorage (in version 1). How can I create this huge partition/slice? I don't think the installer (atleast on the standard FreeBSD version) supports these large drives? You can use vinum or ZFS. Excellent. I'm using ZFS on a FreeNAS installation. Is ZFS still considered experimental on FreeBSD or is it now production ready? What tool or command is used to partition/format/create a large ZFS drive? Thanks and best regards, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM5SEuAAoJEHF16AnLoz6J1fQP/jvPKWwQwKNffF4VGvjH/xN/ kFZ7jPCGY9hUamZjw7XpXbS7rmlVQzhUBHNI4og+K/wfn7eCtVE78cKYYWofOJ7S OsboIRRFWIHEL+Ob1MlTxlP+zCKE3ZFM8dy8ZDTqAkX2kEroj2tUrQl63+1uaJeJ 0fJ67Svsv36zVYjIRCJteaWgGARqZSKz8zVl6OfLuedcEh2ui571AWggMdnVtZ+S Y+T6kM9ZP5cYsbX7lruCJRdzM1H1GCaAClwrzpzK5Wedf/TQq07qtbcCohFhhtvw T/cr+KXm+bvOsUbMI/++mXfAxs6JB2mjl1Y0gi8ePFluC3FSwmI7jsdOEhpcY2CD vU27CIIC7bUyY8d0Q77rufVb8CpgcqELUEzejdfP6inBM9sQ+5Ds4M1420EXlGMo w0HXLoK5fYhXpQvBhYwT6gbcrJ/l4vUANa6YwP53igFU3JVXnmgRgA7iDZWyeG3N Ub5tdjcJpUCxUP7W0BMHdOa5/wkwv8vXhBTACRVK0Nrq0gbFTCqUJn2jhEOa2P1x FbrhlWMSXmZ2PlSKro7sqcYg3EeXH8zlPuAWO88ZPufBTxnTqsDY+rBYsM4HFN1S bKcsKWkkF8GoYs0yg407r/GhNt4+GvpQnU9JQJPQVHgwyapvcDT9uIZ/Q9dw1ps6 xL1pUajo//OKwSGBIi2c =S+nL -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD and large harddrives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry missed the ZFS part. 2. I know that the 3ware Raid controller supports larger drives than 2TB (or was it 1TB?). The Highpoint controller I'm not so sure of, but I've had good experience with these on a few Windows servers and on one FreeBSD server. My setup would be to use the entire disk for both operating system and filestorage (in version 1). How can I create this huge partition/slice? I don't think the installer (atleast on the standard FreeBSD version) supports these large drives? You can use vinum or ZFS. Excellent. I'm using ZFS on a FreeNAS installation. Is ZFS still considered experimental on FreeBSD or is it now production ready? What tool or command is used to partition/format/create a large ZFS drive? ZFS has its own command set and management tools. There are a number of talks about production readiness of ZFS. I have never had issues with it, but my own personal experiences are not true of the world. http://wiki.freebsd.org/ZFSQuickStartGuide i avoid using the raw block devices, and use gpart and create a partition the size of the device, and then use the /dev/gpart/label devices. see http://blogs.freebsdish.org/lulf/2008/12/16/setting-up-a-zfs-only-system/ for some ideas about gpart and this. Thanks and best regards, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM5SHQAAoJEHF16AnLoz6JPZIQALgW/gs0YlkVKxMkcMqwJe2q /g3Sbb0xqp9Zuo0cwMv5KxZQKhaY2FZ1UD7ynSxB7lwxGEkNFPRUwS/CpXg4lJpK 6WbYEGfN2AAZKW2raE9Ufhb17xBuya5Z02EBnIBWVO9ts4wAiBT3AQ3PGQSuZu+A auO6HRsBcDmd6c/U2Q+Xg4yFXm4Y2RTh8mFzSFsGtKcbiRxPL7GD+isi1+ShbXCH KxNHkW2dub9Udn6cyA/9vCpdLV1SBL69MDh3ihDChI3g+QFgqnMzw2OWDusSxad5 Ub4Ox5dP8X06AYL6jiFThk9Wg51pxLlLj/+DuCvc9dwg0nqZfHca7fWkNQiRleQH kvOMq1OjWY2/E4Jz7qRe3/y7Yy9wrwIs+3w490p/1xtqE8b2d+Lr3g8OZgbkASoJ WWFJhEz5xVlkEusN/hbQpgn0eNOP4E4p7cVWiAf/YcCEDIJOufuIkgLlpBsjXEhP IO3ybMEDnpxVjDbumpUMLaYgXoVG3XDgKtBltb/vexdcvM0tKXNf9mvrAIIuc9dB XvrLXHU04YfggXj6Nakw8wRQqIDQI7JcJsejJNiiQVaBmIkIhoIDVfe4bOxpvrJw JMDWAejiAwqLpN3vgCkF9ohpiXrSwTOFNCAOBYZ+WubODJNfjGFrUdL7Dz+GZlPO Ehv6uu2QbF7SszSc5mHl =sTvS -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: openssl version - how to verify
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/11/2010, at 00:38, Jerry wrote: On Mon, 15 Nov 2010 16:17:10 +0300 c0re nr1c...@gmail.com articulated: If I look at base openssl in 7.3-RELEASE-p3 sys# openssl version -a OpenSSL 0.9.8e 23 Feb 2007 built on: Mon Sep 27 11:54:36 MSD 2010 platform: FreeBSD-i386 options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx) compiler: cc OPENSSLDIR: /etc/ssl but at www.openssl.org I see that it's not recent version 01-Jun-2010:OpenSSL 0.9.8o is now available, including important bug and security fixes I know that freebsd security team make patches for base openssl, but how can I know what patchlevel of openssl in base version? Like -p5 in OpenSSL 0.9.8e-p5 23 Feb 2007. Why not just install the ports version: It breaks alot, and causes you to need to rebuild some parts of the base system. The most notable, is SSHD, which whenever I install the openssl from ports, will not work unless i rebuild SSHD or, remove the ports version. openssl version -a OpenSSL 1.0.0a 1 Jun 2010 built on: Sun Jun 6 12:19:12 EDT 2010 platform: BSD-x86_64 options: bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -O2 -pipe -march=athlon64 -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM OPENSSLDIR: /usr/local/openssl You would need to add this to the /etc/make.conf file first I believe: WITH_OPENSSL_PORT=yes -- Jerry ✌ freebsd.u...@seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Fat Liberation: because a waist is a terrible thing to mind. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM4T+aAAoJEHF16AnLoz6JNjsP/iK5wpZqSnQzkPpnjusBDUTG emCG8MJw7191ovvLjREbwzQjdjRFm8iGnkXcFgQabatI24Ks5WP8bR88PzYShDG7 h2kFBcmfqftnEfeWmvdjTxpE6hSxzN6291Zew4O36RMraEY/RHAUZjblB5Bu1IgS XSrOJ1ETQNXS54eMTctf6erpX1ASgGq2kGRcXGCBbqTN8smUoGtz06GiNsYzS9Qk 7iytF8kpUMpqmKoV/Os07ETcmoRTwbAgv6J7IL0nS7kTN+8BYgUY5vxL/+pRHN+Y YiXWKHgK4VCz3fW5NXQddDR1I/6clDK0ZfSDnZdHOHjkMrjTMdlzIz2OTMtkF9Z+ saQm1m78/or1FXBNXfzUhvKd3UnAoJC0PpndZTzrwiB7huJiAvvD0AJdvNyzPtM2 V7DuDY9zrBRmB5DDr1HQEEqgTRI1ZzdXo5uPwUM+RctOsxYDFvF8MFqs/eC3z9Vz PFxHX/uIbEAC6IdrkwhyVOQR1vup8U/bwgLiXDK9y82oQdksNBYbU1EWh2nanaPH CJj9WJNn2suNrYouTRhTDnCVxl0hbAgYT7w5CEfRAx8s3g82sZ+/evJutr2U7tHW /LzwoY9qyWn19t6dqMw+kENsGDKPzXkFIQ9txi5XIH8bgUKeOhJQE610uMSPvmB8 zDwJ4bEaIUzjhasCKjNS =c5mr -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: You complain about my exceeded question but got an outstanding volume of answers!!! Why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2010, at 22:54, José Silveira wrote: You guys complain cause I asked why do use a demon as a mascot of freeeBSD. Some says... oh no this crap again, others desrespected me but what is incredible is that even a simple question like I did caused so many rage and movement of answers!!! I think this theme still alived... I got thousands of answers! Just one with apropriate contents. The rest was a crap. You can drown in this crap that is freeBSD!!! http://www.google.com.au/search?sourceid=chromeie=UTF-8q=why+does+freebsd+use+a+demon Also, obvious troll, is obvious. RTFM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM3TXUAAoJEHF16AnLoz6JeYgP/2zzVjdSCDHWaQ6Zwc8pLLfk FipZaX3V/3SirI6wphtnc39W6nU7QDrOph4Zc4SSSN2dVjy9WU8FXilqfeUYXBCJ MBV6M3KB6mvYZHRUI/629z6gGSKCkeQFnCBicgp5qrK2qm+oESXqFPjp9oWwQ9Qd f6kWQWL8qKFPLgQCf44r59xkOgxhxR14Xjv6n9S/5cK7LF4HRfzVhz1XbuqW0uKd k3Q+ClgaP4QXMcceaimXj+cndXXlIqZllWDrpAp9fudWvVWrsSB6FoGXuo1hlcld 46Y7jjYMJDzfZJNgtRq9eKjt8tthsukYMTp0kndabP5REuK8QVEZVaUJvTXpgZi7 3g2BAJthYm5u2/2kev2mu2ReHEDoch1HiHIQa6CqYg1tSc6DDi1YbGJ6FdOCRaPN 9BB2EJVOA1PGmyLYSFZRwdPMcnb4Li3e9d1kRS739O3jNDzSpvSb1nLYABuGXTUY J4aHkDIUmvzLfifGYuuMhaGW+10nBuHs9sQx8Smr6VUO5P085fMlSIfTv/5ZLNEP y97XEGRQWMGT6uhUq/0J3cG5QmvIYSUaB6spTexEa23isnR2aOjQxeLvzXGYb7AJ cksYJTOwbChddV9Zhht58N6O/BVBHIL3HA/fRHxc7IBRenot9SgF4pGSWGG7oyS0 jRgqCGF0v6eJAODNgw/G =F7I5 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with php.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Try using ?php as your beginning tag. r...@ethic:/usr/local/www/apache22/data# php ./test.php ? phpinfo(); ? r...@ethic:/usr/local/www/apache22/data# Hm. php aimed at ./test.php just catenates the file. Does that tell you anything? Yes, it tells me that you cant read properly. you need to make test.php ?php phpinfo(); ? THEN you do your php ./test.php command here ill make it easy for you echo ?php phpinfo(); ? test.php ; php test.php forexample [williambr...@mai ~]$ echo ?php phpinfo(); ? test.php ; php test.php phpinfo() PHP Version = 5.3.2 . most likely the default php config has short tags OFF and it has been this way for some time now. It is a good thing because it forces you NOT to be lazy, and it avoids issues with other languages that do use ? as their only syntax for embedding code (I think asp.net does it) William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMv1W9AAoJEHF16AnLoz6Jlh0P/R71ueWi6ah6dD5lzuB8QX+x 97mHleEojPkFElrsYpH+FF6yAngPFa7AkxV3N7sVUS+o7CiQ+ER9m8KuyVPwaTKR wsaT64pIyW/85221TFVTCryyU4MhQ1kfDc2Q2MF5gEXDfOe14NPnXT+O+gEBUz/g WWlUr2m54YiQ3G2FaA0e9gyfaHaGLgda4IOC9zsVqGkuJPzDsKi7EiL9aBGDayE5 GHg+TxbUBvmkp6HrT0Amz0xjX7M8PBXi4kB9Jj1PmNQaHnjmStYMK8FPTeZ+R+RP 7Lp9iutqpI5gVfda8msCqFIvzEt7vJOlep0/ucFENoA6Se+mJNkAh8J+OCFXW7bJ gpmEmVt5MhoEFevvS54GYaBPEUmK//1Oud36sqSLTAYKeLbLCzwJaMaoJQ/afGvM gAFInwHWlqjbKfYMEJC0mf9+B2Au7zPiuh12dNiyJfxcqG+w5AfYsf3tqBiUBo+t p8SmH1SFJnCPykF+QFVi9XnLlN6c+iiF3sP9jbBACGU+yny4VyPGtvpU56m7KJTo WkKHrBMQH8FeuV2BONFxoz+AGzV0I2qOJ7CigJ9Q/1GI175J6KLx1tou9BF2vrsD exdyUMJJrxUwZKnUSkpW/pAEQ6Pj5q6RkNKgiB2YzgZ6bpDU8fWrNn8ikh0QitD+ +DtSANLQxce32KZUf+9z =0oHb -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 b On 12/10/2010, at 10:59 AM, Gary Kline wrote: -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.90a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMs7AqAAoJEHF16AnLoz6JK4gP/0y9QkO6IXBPh3cj+HWYLoJh FJJTS/wcL3TaJZLqU515oG8KPPHvTiVn9DwYuVDIpD2KYoNn7vPWoNIsWhEYBJi6 m1nBskgC2cRdFOWGBFm6m4K3kQsLqolhLP4gmlGEomZnYEb/0SewlA/eiXVVVerE a3g27p70LhAuKIMF6xlddvwPB867boJUABtPZi7yDq36S2uqOWQNp9LI38GThX44 ND/AMFrLR4mZ1xmO/qyLtAs7NkU3wYPEVcELlIv62o4vZ9ytzJlSGwM5mmah6oHZ ItPmROT0YnpsVT6eyfZMWLm885ejZP0JGTuBp/S4EFZeLmWXwjAAR3aX14D/sv5E nKIn1N6omk54utj6BY4y6HLGTbVEqLMnNaSqLiOrrk+9Exsn22sUzvOM0H2eDNCr bTThYw6r8dA6qkZWkyJP4gEomHVL7ybTxDOEi6IpQLHPl30aj0197sD63DeXkimU +IC7uFedlO9PVyZdudijYHiMHbVda4AJWFkq/cretcTjfYpz5B5cVJms/Mt5jSVD W5fi3O41W315JQR/htap+20zriiJmg7TGXyJwD+cusuluCycFjUw59Ngq/fUqUZF pzNkZimnfcAloSfrqIW5nWDfZDHOyWaaB4bueuV/l2ZTOOz4/uD9JrusHtgkLhBE 3WVZpRcN55LU/qcyjojj =9eXZ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sasl passthrough authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I am attempting to setup SASL passthrough authentication on a server.
I have install and configured saslauthd, and plan to use this with kerberos5
When i attempt to use the command
testsaslauthd -u will...@realm -p supersecretpassword
I get the following in /var/log/messages.
Oct 7 16:37:13 blackrabbit saslauthd[1557]: auth_krb5: k5support_verify_tgt
[r...@blackrabbit ~]# saslauthd -a kerberos5 -d -V
saslauthd[1555] :main: num_procs : 5
saslauthd[1555] :main: mech_option: NULL
saslauthd[1555] :main: run_path : /var/run/saslauthd
saslauthd[1555] :main: auth_mech : kerberos5
saslauthd[1555] :ipc_init: using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[1555] :detach_tty : master pid is: 0
saslauthd[1555] :ipc_init: listening on socket: /var/run/saslauthd/mux
saslauthd[1555] :main: using process model
saslauthd[1555] :have_baby : forked child: 1556
saslauthd[1556] :get_accept_lock : acquired accept lock
saslauthd[1555] :have_baby : forked child: 1557
saslauthd[1555] :have_baby : forked child: 1558
saslauthd[1555] :have_baby : forked child: 1559
saslauthd[1557] :rel_accept_lock : released accept lock
saslauthd[1558] :get_accept_lock : acquired accept lock
saslauthd[1557] :do_auth : auth failure: [user=will...@realm]
[service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
I have looked for help on this, and sadly can only find that i should have a
host/f...@realm principal in my /etc/krb5.keytab . I have already done this
however. /etc/hosts also corresponds with this correctly and my servers fqdn is
listed inside. (host/blackrabbit.re...@realm)
My krb5kdc log shows
Oct 07 16:39:07 blackrabbit.realm krb5kdc[868](info): AS_REQ (4 etypes {18 17
16 23}) 127.0.0.1: ISSUE: authtime 1286431747, etypes {rep=16 tkt=16 ses=16},
will...@realm for krbtgt/re...@realm
I know that i am missing something obvious, but any help or suggestions would
be appreciated
Sincerely
William Brown
pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMrWUxAAoJEHF16AnLoz6JvrUP/3QTMDtubHs+3OFrujKssQ2W
83LIYlV1lzv3lLkT5BlgudiFqUmVFI2JVZ0/iq8xNUJ8pITFcay+YO7XVkBBq6KI
RDUKdL02b9Z6eV8SXtF20ppT/Z3vvAXxLcwb8/KLAdf6lknf+FhQG07PaOOtf5Um
crgJbVz4mXGR4/+nYXwfWu4WXzBEyEEIbgN6x0RGqg0deWiRfdaG0/VocYM6TSXg
nEDXxWu8eLaKf3tfIiPjuvPaEFTCTreiVRiS7wG7H+UuBo4Wc9A0aPLnchdVn4Xb
POgklHOGKb3W+MrlRSseioOscxTdr+7IB3vDB5TE7uaQuCIOc05pwAWA6PsLjOho
zoTkUpmzA8MRr08AU2Qm6IChEHI+1idpaxaEpgCOUuteBl2GM6WZZBoNqFXINAm+
T7wP4UbH78xT8UYrVbBz9n98/H+Oo8LzX44ov+btQT2CfjQgE3jQpSoJtd8ePSJJ
pRxs/2IOqukPm+tUJH2XLGhpnf2BMUz89Y5NXKF+WF4aQmqihxfvzb/ZDGvstCOw
ch7Eg2+AH2V816Ot9ZHPLZrJzqkTWMORGUVPDjyRlTqIvYUm49MNtog5Vlr7AHDl
Ejgzsjb8FUKgHK17bQSZoPc48bRTwp3As00lnsRDp7xZxKyDvpb36ETVFZMry9WJ
a/1zkAIqMd5/fiWHa0gw
=lI71
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: LDAP Authentication from console
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/10/2010, at 3:09 AM, Kevin Mai wrote: Didn't receive all the emails, thank god this maillist is indexed! ;) Very handy isnt it :) Now, about you problem. Remove the line auth sufficient /usr/local/lib/pam_ldap.so no_warn and account required/usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user from the login file. The login file includes system, so you only need to modify that. In system make your file look like this ∙ # ∙ # $FreeBSD: src/etc/pam.d/system,v 1.1.30.1 2009/04/15 03:14:26 kensmith Exp $ ∙ # ∙ # System-wide defaults ∙ # ∙ ∙ ∙ # auth ∙ authsufficient pam_opie.so no_warn no_fake_prompts ∙ authrequisite pam_opieaccess.so no_warn allow_local ∙ #auth sufficient pam_krb5.so no_warn try_first_pass ∙ #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn ∙ authrequiredpam_unix.so no_warn try_first_pass nullok ∙ ∙ # account ∙ #accountrequiredpam_krb5.so ∙ account requiredpam_login_access.so account required/usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user ∙ account requiredpam_unix.so ∙ ∙ # session ∙ #sessionoptionalpam_ssh.so session required pam_permit.so ∙ session requiredpam_lastlog.so no_fail ∙ ∙ # password ∙ #password sufficient pam_krb5.so no_warn try_first_pass ∙ passwordrequiredpam_unix.so no_warn try_first_pass I have added 3 lines, they do not have a . preceding them Now, after that, copy the system file to sshd. THEY SHOULD BE THE EXACT SAME. As it currently stands, Your ldap user can ssh into your server, but module order in pam is VERY important. BACKUP YOUR PAM.D DIRECTORY BEFORE YOU DO ANYTHING. pam is very touchy, and the slightest mistake it will just panic, and throw up its hands in defeat. Remember when doing this, that you should hold a root terminal open, to edit these files. open a second terminal and test the following 1) You can ssh in as a user in the unix files (root for example if your ssh is setup for this, else an account you have created) 2) That your ldap user can login 3) That your file user can sudo correctly 4) That your ldap user can sudo correctly. 5) That your user in files can login at a console 6) That your ldap user can login at a console. Now, have a rescue CD handy, or remember how to single user mode freebsd if worst comes to worse (hint: press 4 at the boot loader menu, then hit enter, and mount -a the disks to gain access to /usr etc. from there fix your pam and reboot) If any of these do not work, especially, the sshd logins, then reset your pam.d files. You DO run the risk of locking yourself out of your own server, and i have done this to myself many times. Hopefully, this helps you get under way, and your users authenticating properly. Sincerely William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMrf6vAAoJEHF16AnLoz6JFI8P/2WOrhfK/9O4w0EQw+Ksw3z2 icBlz7iAZBbgobWRC/3QJTxd3b5L4yIlSUt6kMHKSPoKfG2uDv6XtIuL6OBDvKc0 px7BbtjGQXP9QjOOzDFxxR4pH5Mbp+wO7XI4GGz9CjRjCZh6vG4zcQTejbqBnIUF e+zx1CY0andlMdTIBj012SIzsi+qoq2i6W+4/XcM4cODcamwGdH2764mkieGRDa6 cbwsfVBkNyQpQQJaGJDgPlyA7s5EpS5Nzydh4qHOwykfJgwV8cmSbZIdrgTwSFwU 9HMZZfbmdt3cYIawWVMuHGTf8QVOsTFD9g619hyMgetRdCGBnmdPjbI8pYSC0MUY nul2JEg9skzwoxgoyi2AmIzafe4AvSZ+4+CMs4MxNbtx/1Gb/GUq5oYldXm1dtkb 9ZTLyQ28+zBJJKKWpNL0RSAZJYGXu9MP2B/VWX9LULIcDGBksiNYTmSoEnAsqrSS Rys9prXlyK7W972WEYssaCMcs90Pcs1c7OqpHmcTjY/+u7YB9xJVcxxHS99Z6Q5z BWESgYoQHjJKQfpv4agFKGMNcH9mWSC05HhqTz6UtKJHNcG5mq+LFTrNJDBPq9Dk oxfGP5rlvkJR2Qw6rNRxNxTuJwkiWYpALPZom0FoI+3pcP4256ipKDa9yqdbhbQk N+zUpSQ07jjVdn/IhgOf =lXpn -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: LDAP Authentication from console
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/10/2010, at 10:05 AM, Michel Talon wrote: Kevin Mai wrote: Logins over ssh and sudo work great with ldap, but when I try to log in from console, it prompts me twice for the password. If I put a wrong password it prints out that it cannot bind to the ldap server, what means that I'm being able to bind to ldap, but cannot login for some reason. Can you send a copy of your /etc/pam.d/sshd and /etc/pam.d/system ? What i think you have done is this authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_krb5.so no_warn try_first_pass authsufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass authrequiredpam_unix.so no_warn use_first_pass Notice the try_first_pass options on krb5 and ldap? This will prompt for the krb5 password then prompt again for the ldap password, and then fall back to unix. It looks like this when you enter the wrong password Password: LDAP Password: Password LDAP Password: etc In your case, you likely have something else, and not krb5, but editing your file to appear like this will be of great help authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass authrequiredpam_unix.so no_warn use_first_pass You need to set ldap to try_first_pass, and unix to use_first_pass. This will stop the double prompting Also of note, is that /etc/pam.d/login is an include of system. Thus likely you have your system file setup wrong. Mine is a carbon copy of my sshd file. Here it is here authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass authrequiredpam_unix.so no_warn use_first_pass #auth requiredpam_deny.so use_first_pass account requiredpam_nologin.so #account requiredpam_krb5.so account requiredpam_login_access.so account optionalpam_unix.so account required/usr/local/lib/pam_ldap.so ignore_authinfo_unavail ignore_unknown_user # session #sessionoptionalpam_ssh.so session requiredpam_permit.so #account optionalpam_krb5.so #session requiredpam_mkhomedir.so skel=/etc/skel/ umask=0022 passwordsufficient pam_unix.so no_warn use_first_pass A few other hints Make sure your certificates have the correct CN, that matches your hosts FQDN. You can specifiy them with the option tls_cacertfile and these DO NOT need converting into any weird formats, just the standard output from openssl will work. @Michael If you plan to use LDAP groups to control access to be able to login to a server, you need to change your ldap account line, as at this time it will allow anyone through into the system. Regardless, what i have also means that ldap is not checked for non ldap users. Changing ldap passwords IS NOT POSSIBLE from the passwd binary. I cannot remember why but it is not. You must use the ldappasswd utility. Alot of basic help can be found here http://www.freebsd.org/doc/en/articles/ldap-auth/ldap.html Sincerely, William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMrQkTAAoJEHF16AnLoz6JjmAP/2AnyWUT1EwoyAm8gAH6Qjoq WC0dSHnfuYzJiw8UM3Uhzdj4LXPNLFh/bqHsgFpDxO1OwyG8OnTv40NdR9506O7e BP0SmnADt9a8beLHM54jOfJsYHz0kH1bpHk4HkcA5zQEsl76H7IsF6m6tiFxTSII WLrXwHTN+Z6zpo80N7Ng9GGVCxrs68gU/JQFX58lIIkSlXe2kJ7W8DAcs2q2O13x 5VPl9x2bEYugRwggDLAWwD22ETL6BAjk+qr2+yG8yLKgsg/NTyPoBkdVhHCgOBw2 vt8IGxVeeau3MLvrm/c2+dK7i2Aw9FlB94EBZo5G2QM5AfzmTqtiLAeQ8sM2tQkD suqPijBB6aLmrnpbqjQxPgKQANv1szELBASC4qcCKHQFNeGtfueikRpgnVaGLrnq LMOEKpnnuJQ7OrW3TmY6vZFrnKm1QD1cniuJV2Hhb3FZ8JTTq/L2Ae9NHaPKlR3F 7pXcTTTo4hXUe9h9McSv7fUPbTFC9KU/ntc9XQDS+5TLyyMsN1tuaY506v3kTGWh wdczKBhrSLcwjvh3DUjrutaYg+oYQWOpNvzSOUAQgmLURZcb7zr0q6lstlzHzsZp 4z5jDn6sGUNHCZzzf/eRZjtR3bikQsBrfKgmuHGBVNjwpIzwAus1m1B4XeQ3lhTX xErK6nRRH75mS3igwcMa =qIai -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysinstall with Fixit option and RootOnZFS/GPTZFSBoot caused kernel panic on Vmware machine!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/09/2010, at 7:29 PM, Phan Quoc Hien wrote: Hi everyone! I followed tut at http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/ to install FreeBSD Root on ZFS using GPT on my VMWARE virtual machine. When I go to step Install FreeBSD to zroot kernel-panic appeared! It sounds like you are either low on ram, or are using i386. Look at http://wiki.freebsd.org/ZFSTuningGuide and follow the steps here in the loader prompt on the live system, and also add the same options to your loader.conf when you install the system. My virtual machine detail: RAM: 512MB HDD: 10GB vmware workstation: 7.1.0 build-261024 with FreeBSD 8.1-REL! See more detail about panic on image attached file. Please let me know how to solve this problem. Best regards, Mr.Hien Hope this helps you. I think buwping the amount of ram in your VM wouldnt hurt either, ZFS really needs 1GB minimum, 2GB or more is preferred iirc. -- Mr.Hien E-mail: phanquoch...@gmail.com Website: www.mrhien.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMmN1FAAoJEHF16AnLoz6JYiMP/3xU6a3pd90kEsWIOgaWfQZ5 ff0tCYdMoMTmIZ9zgB7u7/YA7kIEp4o7zM8MbYPRt8OcC+9oWQBjbCvVeKXLEOil 6faRrYR3CxBSa1CIUxTsfPS3OR3rOB8GlTMJObW/UrOPonVgpyD6RMW/J3wMbme9 pN0V2xOSwOv9rgdFWwHgAOT4eBpzmFeOAbLERFMcv3sUm2l1k56IUpgEDQNoHVPY wp8Cxsl8QClP5bTpl2iSXvt0krCvo16HA64G4I1Bm6FSAY/aP45L5zouABHyHyIT RCZjTzCaaWHHXvwErAdQfx6oBFuyAxzwgb1ZRdYMDoFHs1swJd3D0pWIYcjQ9ILz 3AR1YFY5t1SE+kP03Fssoz/HNpq2lO3IgjJsg/T8bsMEbb2/6zJlCKF5wAsMZHdY 1kj+75IsZ+phbzaPrpdL8kjfTWBP1De3WWH7sN85wGAw2c1mQCFLg9bsC2Ahxe1V S/kRWwKDoJPvBaEEdo5LM7CLfoneXOR3taa3mqLvgkWAwyTG0iEtwwxhxMMFSmpp InMWYplq/zu4au27+ujW+f6Mj3GhpSzaMNAfGkGdpsn4D4muBWgrLt04nSxuvjX6 K3ZoGAMlnH9rOLwZLvu2uaxKGZnyf/TYndgPQtpNm3iq7liXoSYnNl3B4NeNjI7j l5wz40a62K6b2J/G/cIa =6/hT -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: So I've Been Wondering...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What model of MBP do you have? If it is a dual GFX card model, your in for a world of pain. On 16/09/2010, at 5:37 AM, Jud wrote: Thinking of installing FreeBSD with ZFS root on my MacBook Pro as dual boot, possibly treble with Win7. What's the best way to do this - Boot Camp, then follow FreeBSD Wiki? Thanks, Jud -- I'd take the awe of understanding over the awe of ignorance any day. — Douglas Adams ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMkbpIAAoJEHF16AnLoz6Ja20P/RBoHgNeHBLaCPCz1x70i7zr lc58inPScJHTc+RDfL+Ey7ANyJFVRn+3u8kVXq28auSajUGiGyrdK0AgCWFkGwDF mSCQwfcqdL3Z5mgHWYSG2MUQYczMnRH72gAMJhTnTTvcaGUBndUOXq+B9ELBOcpN MueoqMg6kmEwieo5ueQTGEwE34Ffg/cRSDo0tfKXtlA2drfL/PDjwNDAbZxOtNHi ozcsEjXWhwhs73HTCi5GbDYfc5JOzlelOuuhKvuUZPmpDVTRyyjCey02h1ke3uDP UfxMTUHDk36BXuOX86KEhSGVYJ6sYanAk2T7nSlM31fFO8Y3HDx5AT5zEKgdegrE KefsNVwxITQ3OkDK+92BTbYvsrwNsCGXaqOLX495AFu6fVCL5O3r5IzVS9N7GIgr mFTFzbbpN4ykoUOft03dvT4r1azoOfeeBHfSLfbwlsjqRhw5OPqQAo8xxrSOZWlh GcFJFhYeuriluv+rOacGIFhGksZKRMsG4lfTpn+iWcHU46dpImVoHCG0/i+LlXoA 7sffuEXKXBKwZ6RXexsZ/6Z4ieqV2CzB15Haa4OEKqJm2z636cmO8VMn07EXSsYK JuxvYneEHqaTdXw4eKS5q9K23Y14l0s6pAXqe1ePoYxnB44qT1tCrRkrO8zS1LQG XGRdjQm0RMsAE+l4kiVA =O5Dc -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISC-DHCP6 does not send replies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 29/08/2010, at 4:28 PM, Matthew Seaman wrote:
On 29/08/2010 04:10:24, Indexer wrote:
subnet6 fe80:1::216:e6ff:fe7f:972e/128 {
That's your problem.
That's a link-local address. It should be your network address -- which
I think is probably 2001:44b8:7988:c60::/64
For testing purposes, I'd also take out the host {} block giving
mai a fixed address. Once mai is picking up an address successfully,
then try again with the fixed address stuff.
Finally, you do know about SLAAC? (StateLess Address AutoConfiguration)
An IPv6 machine can automatically pick up the local network prefix and
create itself an address from that range by combining it with its MAC
address. To enable, you simply need to run rtadvd on your server, and
rtsold on your client. It only deals with IP address and default
gateway -- other things you'll have to either configure manually, or use
DHCP for, or even set up Bonjour/Avahi.
Cheers,
Matthew
Yes, i already run radvd at home. I have temporarily disabled it because i
wanted to experiment with DHCP6 for some business work ( and general curiosity
).
When i change the subnet block to subnet6
2001:44b8:7988:c60::/64 {
The client still sends solicits to the server, but now the server no longer
receives them. Checking wether the client could connect to ff02::1:2 came back
with UDP connect: No route to host
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
William Brown
pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMeg/OAAoJEHF16AnLoz6Jx4MP/2eDRe6+DzU4yxABaPDs7eGz
OdNasU2HTN/tqW0UM9yk5uDCLXvBjhQcgEy8TrYuv9c0CiY5nptvfuKg/9d2citB
Kns5lVtLZw7km+wU8QDHC83BB6PfkH/xAbj9n3ViCtQ977aC71cLqBe8cEyEwxHj
lyV969JY2zVAYdBTdi3W0N4DtCkmG/GG4arT+gyYs5bGch3yEb6pE0pu7qmpQFiB
dnJHVrjTIFenYuxWd0Ilw3ZzrfO28g2B1bxeOyGOuJ4sHHK0iJq36d/pbkBLWVaS
lv/Dvq48LGV4hgsMxtYBZlL81B8SDASMpqM82y2NDnSfD969rPBaGbNhituuYd2r
phmqtE0Bl6tBIAunFLE9eCpn+6InSXw3nBgdZaZMju+UaFbjfcoLLF6pjVV8i5Me
9O9T5LdbVH/v4OKKJv8y3Jcs+mPXkhwRAG1rGQt8B7OfywZKCj0GeJ0kVPnLfnn3
GU1IgsKdCYiRJ0zTnJUtwhfblwSpGRy6qN0WRtZLNWk95wZpzpguFnnEz1+8UnA6
YlirNlSTkmqPu4AtE+sCxB6JWQITj+2kHeua7i90XAYX33FPzw9jzxkpwaYI2fd8
Iz/o/OHd9Ec8awwGaKeTd/4En0+sCA+JPOQYTV8X2oSgf3EEMdhQRV8OS8zw9SIw
n51EFA6oRTyK5mBjRkPN
=KRG7
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISC-DHCP6 does not send replies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Connecting to [ff02::1:2]:547 (link-scoped All_DHCP_Relay_Agents_and_Servers) or [ff05::1:3]:547 (site-scoped All_DHCP_Servers) should get some sort of answer. I can ping6 to ff02::1:2 successfully. Check the routing table on server and client -- on a FreeBSD box, I get: % netstat -r | grep ff02 ff02::%re0 fe80::e2cb:4eff:fe U re0 ff02::%fwe0fe80::1e:8cff:fec2 U fwe0 ff02::%fwip0 fe80::21e:8c00:c2: U fwip0 ff02::%lo0 localhost U lo0 ff02::%gif0fe80::e2cb:4eff:fe U gif0 Here is my routing table on my gateway system, using the same command as yours. ff02::/16 ::1 UGRSlo0 ff02::%em0/32 fe80::216:e6ff:fe7f:972e%em0 U em0 ff02::%lo0/32 ::1 U lo0 ff02::%tun0/32fe80::216:e6ff:fe7f:972e%tun0 UGStun0 ff02::%tun2/32fe80::216:e6ff:fe7f:972e%tun2 U tun2 ff02::%tun3/32fe80::216:e6ff:fe7f:972e%tun3 U tun3 ff02::%tun1/32fe80::216:e6ff:fe7f:972e%tun1 U tun1 That ff02::/16 does not look quite right . (ie. a route for all network interfaces known on the system, whether active or not) The next step in debugging is to start capturing packet traces (tcpdump(1), wireshark(1)) on both client and server and hunting in there for clues. I know some IPv6 traffic won't get through my wireless router, but that device is IPv4 only and the poor thing gets easily confused by all this new-fangled IPv6 stuff... Thankfully, all my gear is quite new, and IPV6 runs happily on it with radvd. I at least know its not my networking gear :) . I also, luckily, have two wireless APs to test (one on RADIUS, one without) so i can rule that out as the cause of the issue as well Cheers, Matthew PS. On the off chance that it is the firewall. A good debugging trick with pf is to add a 'log' clause to any rule that has a block or reject action. Eg. in lines like the following: # tcpdump -i pflog0 -vv and make your client request a new lease. Did all of this to be 100% sure about this. No ip6 traffic was blocked. Now, with IPv6, link-local addresses are always configured, and there are a whole new set of prefixes for local-, site- and global- scope addresses. I don't know if dhcp client tries using MAC-broadcast at all in the IPv6 case (I would think dhcpd should answer if it does) but the link-local address stuff is possibly what's being blocked somewhere. Yes, the new ipv6 stuff is very interesting. In fact Internode my ISP, use DHCP6 for router prefix advertisement on the pppoe session. In fact, could that be the issue? I have dhcp6c running from my pppoe session (tun0), and it assigns the prefix to em0. I also am trying to use em0 as the DHCP6 server. This shouldn't be breaking it, but it *could* be? -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW Thanks again, its greatly appreciated. William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMem6SAAoJEHF16AnLoz6JmV0P/i9ZbOD1vUx0x5V5jG31smoP cDlkREQJWHxeHKROoe4/Em24Djk07iUtOkmSyHQjh7Lq7mAyqDiJfp/8CfCs+Z4a I0/6kmWrZ6ojoqMbFRD01yQ9PubwS1pEbZxSEJnh503G5B/dy0mDCUIXRQtsfppP EJBhg0F2rw95NV4dtNtLHvJUxppWXqiLDOHoBWwa443rkgIziWi9ZkEUjcm+0x5f uOKD1Fiv9Wqua+4HWDR1IVLjHiIGO1AlLnPHVwH4T2/k63xj1fFKXT7hmQ8+i2jn FptT9T5kAPzbjO474YblyI/n7qGMzhTDuvqY9IZkycrNG/vpI7TlCP/YeI6XhIgx cO+ZlU+XUxzd1l1YcB9ipzGW0aEJcKWwmB/d4XzHoEcA/EzTS0vgmEE6ToHJBxSZ nYFMJ2OuD4ojYcrkF45+kefgA/JCH4SJk0W6qoWTzopY5yuq0pSXY7PpknwKNZlu M2YxIXWkfjdZRzItbgylSGurHcEXBwr9/Rbg5glOZ/Zkf7znTfZzG25psjy9SCCp aiNNU/Rhh5wbbn8GY8CeLXPVDgOybbx1C+zLeH5n/yqakrl9v5O5FwF5qDs7uvX5 hdc9UDKAaJBdgX3YsLecyhSt9ekmPxLY4tEvLUXsf1YUJX5J+HcUoE+ke0uzEqu1 vgnIJiUzdYP/hR0X4BHc =xWfb -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISC-DHCP6 does not send replies
Dear Sir/Madam, Your email was unable reach the intended person that you were sending it to. For more information on our business please click on the following link: [1]Click here for our website We look forward to your continued business in the future. Regards, Webmaster References 1. http://www.xpbargains.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISC-DHCP6 does not send replies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's different, yes. That could be due to running DHCP6 -- after all, the daemon has to have some way of receiving all the DHCP traffic to the various site- and link- local addresses. You can test that by turning off dhcpd and checking the routing table with it not running. If the route doesn't disappear, try disabling dhcpd in /etc/rc.conf, rebooting and then see if that route is still present. Either way, re-enable dhcpd in rc.conf and re-start the daemon: if the route appears then it's required by dhcpd and everything looks to be in order. I removed this route, and it did not reappear when i restarted the DHCP6 server. It also did not affect the situation, i still get no leases. Ah. Yes, this might cause you problems. Possibly. If Internode DHCP6 has been configured as authoritative for your address range and if the query packets from your client can reach Internode's DHCP6 server then you probably will have trouble. I shouldn't think its likely though -- your client's DHCP6 initial queries will be to find a server on the same network segment, and to reach the Internode servers it would have to hop through your gateway machine, which is your DHCP6 server anyhow. Well, it seems that the packets are all being sent to my gateway, not internode. If your network prefix is dynamically assigned, then I don't think there is a way to have a DHCP6 server be a DHCP6 client as well, and pass on the prefixes it has obtained dynamically. BICBW. If your ISPs policy is actually to assign you a particular prefix permanently rather than give you one out of some dynamically assigned pool, then it's worth a try using a static configuration on your gateway machine -- I believe you said this was a test setup to see if it could be rolled out on a customer network? Should be fine to try static configuration like that for a limited time even supposing it's all dynamically assigned. I tried, but the moment i turned off dhcp6c, i lost ipv6 connectivity, so no go sadly. Well, now i have a server that listens properly, but when my client sends it solicits, it dosen't pick them up at all. might be time to start playing with wireshark and tcpdump I guess. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMewPVAAoJEHF16AnLoz6JUfIQAIXkS5ocTuI+cf8kuB/ByNC/ wkybfdFoqh3ac1c2v1q/KD0ZhPWKGTN93x5f9rmdDO1BiCrBvDQGONh32xOImgt+ a/XuGL5kNZi24iW5JRHSHgS5hJmLqtZpuN2nYG28WBQJzSTfKEi61lMq55EFcAL5 VKUTTvSv9i3us5WbuzdjPoP0VScjkJjhycOYZW4YmWVbcnVdl4xdfqkZr1qevRE3 /d3YO4GO++ZsY7y6Ria1WDt6ckP2Arf2zic8UTSGJnv1h1GHo+iU6KSGpbCFqnNW XcR7ics/cUwjCiyG870EBWBTtHM45+WC1JhTHUUI4UQmPCv+Ux7cTI3j0/JHQE/r sgAgBiloi5qRrNntOVZwIhtGCilGj2ZWR+3C/HMb9YbBkKGQTYzd60Madj4L2dWQ XVKAakV4HOvC/+vv5r7nsZLv2OFRNmEoHIybfE++uXGl+YZ5iK+Cyh/ziRhsp8ji XoViwmINSm04cz+6V/bkzhSh84OYf+iIWLKPLT9fuyFU3jQtSmXX9N4UTmLKp2Xx Ps48wfv+sZi7P2Ho74dGxrh8vmZnYsTpGR0x4q/eMNY+gD3IsF/tIlYsnwqxxGqt vpUdP3d40OLFDoM+ncsJS1bLL/qshZCJDXeuiUuzsW6kUkAt/cFhAeNRgF7O5gLP rNlJwiTGlUADar6hPi6O =RIEP -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ISC-DHCP6 does not send replies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have been trying to setup DHCPV6 between two systems. I have my gateway, with
a correctly assigned prefix from my ISP, and a client who has ipv6 enabled, and
dhcp6c installed.
When i activate the dhcpd, it starts correctly but when i try to gain a lease
from my client, it recieves the solicit message, but does not appear to send a
response.
Client
Aug/29/2010 12:34:12: extracted an existing DUID from /var/db/dhcp6c_duid:
00:01:00:01:14:0b:f3:79:64:b9:e8:b7:b4:6a
Aug/29/2010 12:34:12: failed to open /usr/local/etc/dhcp6cctlkey: No such file
or directory
Aug/29/2010 12:34:12: failed initialize control message authentication
Aug/29/2010 12:34:12: skip opening control port
Aug/29/2010 12:34:12: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file
or directory
Aug/29/2010 12:34:12: reset a timer on en1, state=INIT, timeo=0, retrans=383
Aug/29/2010 12:34:13: a new XID (74e55f) is generated
Aug/29/2010 12:34:13: set client ID (len 14)
Aug/29/2010 12:34:13: set elapsed time (len 2)
Aug/29/2010 12:34:13: send solicit to ff02::1:2
Aug/29/2010 12:34:13: reset a timer on en1, state=SOLICIT, timeo=0, retrans=1088
Aug/29/2010 12:34:14: set client ID (len 14)
Aug/29/2010 12:34:14: set elapsed time (len 2)
Aug/29/2010 12:34:14: send solicit to ff02::1:2
Aug/29/2010 12:34:14: reset a timer on en1, state=SOLICIT, timeo=1, retrans=2151
Aug/29/2010 12:34:16: set client ID (len 14)
Aug/29/2010 12:34:16: set elapsed time (len 2)
Aug/29/2010 12:34:16: send solicit to ff02::1:2
Aug/29/2010 12:34:16: reset a timer on en1, state=SOLICIT, timeo=2, retrans=4283
Server
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
WARNING: Host declarations are global. They are not limited to the scope you
declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Bound to *:547
Listening on Socket/5/em0/fe80:1::216:e6ff:fe7f:972e/128
Sending on Socket/5/em0/fe80:1::216:e6ff:fe7f:972e/128
Solicit message from fe80::226:bbff:fe1a:2d2e port 546, transaction ID
0x5FE57400
Solicit message from fe80::226:bbff:fe1a:2d2e port 546, transaction ID
0x5FE57400
Solicit message from fe80::226:bbff:fe1a:2d2e port 546, transaction ID
0x5FE57400
I have tried this, having disabled PF on both systems to make sure that it was
not that as an issue. the results were the same in both cases (my pf rules
allow all outgoing traffic, and all from fe80 regardless).
Here is my dhcpd config
option domain-name chocolate.lan;
option domain-search chocolate.lan,dhcp.chocolate.lan,concrete.lan;
option domain-name-servers nemo.chocolate.lan;
option dhcp-server-identifier nemo.chocolate.lan;
default-lease-time 129600;
max-lease-time 1296000;
authoritative;
subnet6 fe80:1::216:e6ff:fe7f:972e/128 {
range6 2001:44b8:7988:c60::10 2001:44b8:7988:c60::110;
prefix6 2001:44b8:7988:c60:: 2001:44b8:7988:c60:: /64;
host mai {
host-identifier option dhcp6.client-id
00:01:00:01:14:0b:f3:79:64:b9:e8:b7:b4:6a;
fixed-address6 2001:44b8:7988:c60::9;
}
}
So my questions are thus
What have i missed or done wrong to prevent replies being sent to the client,
and have i done anything wrong with this dhcpd config? Documentation about this
subject is also rather sparse, especially about errors and configurations.
William Brown
pgp.mit.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBAgAGBQJMec+kAAoJEHF16AnLoz6JqY8QAIMKq+V0PRoslFwgy53lVvkj
+SZ5Q09ObD3I4MoU2fn9T+m1boTP2m65IpceXi9E2ZaT57v5HrqDr0ubUVE+D9KX
tA/Xc5U5etdXaV/Ebw0B9gpTA84K/JSwcw8GRurpWkP8MBN2tmI7r2Q2DTEmukMn
/8/3fx76x7Vvh47QruwIGI0A3pBlW5s9vV5DYM39cRMHLNZ26sgUa1smAbynZhJH
tVVUsarfQMcr5+671m643y2L7VbARVJqh/2jN24muMtdUw2DhWy8aSxocZRF41Ee
hqJUqHkyyaHWaX/jpDsbToCejiokzpcNOt4hwyUm7+WHmGOF7PIptij8lOl/fs3/
cU3hbkl1iNc3qN20jZzVlC/aAM/R2ewG2ZKbbOsyKOsA2JAeMJ9QQafGrxql17ef
vZMWLOkbb9WCTfk6ZeaHyb2hSyKHy7YXF1UAGGsiUprYE5LlHIa/yMZMFqneRqC5
XU3+vswbKV87ftVVj53kwQ+X8OXKX3CMpmDFRbWmePigIJz/zMeOJLMcR8ugwikf
CuMQ88hg5ki3r+39AfrE54ie2icYS8HH9SINC7/3Xi7DiDTLjWJMBaybUJL+STG+
OFoO6dyJNPsJBSbJfxZEt+Z5DDAgq2c7zAOpG5zNMBzxqkRUQSi02Zb4M6kDmP29
sZ++zRJcJFApMJCx12/f
=nOJi
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
