Port overrides for multiple installs.
Hi,
I would like to run Mailman on a dedicated mail box. While Mailman
supports virtual domains it cannot provide, say, [EMAIL PROTECTED] and
[EMAIL PROTECTED] from the same installation.
I plan to run Mailman on about three domains and have considered ways to
tie this into the ports system. My idea is basically:
create the mail/mailman-dom1 port which is something like:
PKGNAMESUFFIX= -dom1
MASTERDIR= ${.CURDIR}/../mailman
MM_DIR= mailman/dom1
MM_USERNAME=mailman-dom1
While this will work (and moving the mailman.sh file via pkgtools.conf)
it will only work for a single installation, afaik.
So my question is: how can I allow mailman to be installed n times
without overwriting the database, files, etc.?
Thanks very much,
-Lewis Thompson.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: baffled by pam_ldap
On Thu, May 12, 2005 at 05:11:03PM -0500, Benjamin J Doherty wrote:
I've been struggling with pam_ldap for three days now and cannot see
what I am doing wrong. I'm trying to use OpenLDAP for
authentication, though I threw nss_ldap in for good measure. What's
so baffling to me is that I can add a new user to the directory and
verify its existence using id but SSH refuses to bind.
I couldn't spot any references to pam.d/sshd anywhere else in your post. To
allow sshd to authenticate via pam_ldap you need to have the lines:
authsufficient pam_ldap.so no_warn try_first_pass
account sufficient pam_ldap.so
passwordsufficient pam_ldap.so no_warn try_first_pass
I think just the auth line will do but the rest seem helpful too.
To go a little further than that, I have my pam.d/passwd file configured:
passwordsufficient pam_unix.so no_warn try_first_pass
nullok
passwordsufficient pam_ldap.so no_warn use_first_pass
pam.d/system:
authsufficient pam_ldap.so no_warn try_first_pass
authrequiredpam_unix.so no_warn try_first_pass
nullok
passwordsufficient pam_ldap.so no_warn try_first_pass
passwordrequiredpam_unix.so no_warn try_first_pas
You can apply the following patch to /usr/src/usr.bin/passwd/passwd.c to allow
passwd to be used to change passwords via pam_ldap (it also works for pam_unix)
(see http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/71290):
***BEGIN
--- passwd.c.orig Wed Mar 9 03:20:02 2005
+++ passwd.cWed Mar 9 03:20:29 2005
@@ -120,9 +120,8 @@
pwd-pw_name);
break;
default:
- /* XXX: Green men ought to be supported via PAM. */
- errx(1,
- Sorry, `passwd' can only change passwords for local or NIS users.);
+ fprintf(stderr, Changing LDAP password for %s\n,
+ pwd-pw_name);
}
#define pam_check(func) do { \
***END
To use passwd you will also need to configure your /usr/local/etc/ldap.conf
file by setting:
pam_password exop
and at the server-side set:
password-hash to whatever you want (SMD5 is good!)
in /usr/local/etc/openldap/slapd.conf.
It took me a good deal of time and effort to bring all those things together
and I have them sat in a non-publicly available wiki. You can find a very good
tutorial which should cover most of this (I think) at
http://books.blurgle.ca/read/book/1 -- unlike other tutorials this one is
dedicated to FreeBSD (and I even got my name in the credits ;).
chsh doesn't work so I came up with this very simple shell script (it's
probably not great and no doubt could be greatly improved):
*** BEGIN
#!/bin/sh
# is shell specified?
if test ! $1; then
echo Usage: $0 newshell
exit 1
fi
# is shell listed in /etc/shells?
grep -w $1 /etc/shells /dev/null
if test $? -ne 0; then
echo That shell is not listed in /etc/shells.
exit 1
fi
# attempt modify
user=`whoami`
ldapmodify -D uid=$user,ou=People,dc=domain,dc=com -x -W - EOT
dn: uid=$user,ou=People,dc=domain,dc=com
changetype: modify
replace: loginShell
loginShell: $1
EOT
if test $? -eq 0; then
echo Shell changed successfully.
else
echo A problem occurred changing your shell. Please contact [EMAIL
PROTECTED] for assistance.
fi
*** END
To use that just place it over /usr/bin/chsh (WARNING! THIS COULD BE BAD! :)
I hope that's some help. Good luck!
-Lewis Thompson.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user owned groups
On Wed, May 11, 2005 at 01:37:27PM -0400, Chuck Swiger wrote: If all of the users have their default group be staff or some such, anyone can change any file which is group-writable. If each user has their default group be a unique group (with UID==GID), then users can safely use a 002 umask, without worrying about their files being stolen or changed by other users, and yet still use group accounts to work with other users when they do want to share files with. Okay, I'm going to jump in now and ask something I have always wanted to know the answer to but always seem to forget. Can /home be configured so all files are created with permissions of 0600 (or 0700 for directories)? I use a umask of 77 but that's annoying when playing with files in other locations. Sorry if this is obvious/stupid :) -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user owned groups
On Wed, May 11, 2005 at 02:33:30PM -0400, Chuck Swiger wrote: setgid on directories won't help, but maybe the behavior of the sticky bit is what you are looking for? Is how stuff in /tmp handled OK permission-wise for your expectations? No, I was thinking more along the lines of inheriting permissions on new files from the directory they are in, i.e. umask 22 mkdir inherit chmod 5700 inherit (let's pretend 5 is my inherit mode) cd inherit touch test The end result would be that test would be created 0600 (or maybe 0700 but that's not very handy). Does that make sense? Is it possible? Thanks, -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user owned groups
On Wed, May 11, 2005 at 03:15:40PM -0400, Chuck Swiger wrote: If you mkdir private chmod 700 private, any files created under private will be safely[1] hidden away from anyone else but you, regardless of their permissions or what your umask is. Ah, okay. A slightly bad example. How about 0711 (now a home directory, say /home/lewiz). I would like to have a public_html directory that is generally accessible. Since /home/lewiz is now executable is it not possible for somebody to do, say, cat /home/lewiz/.cshrc? They know the file is there (but can't use ls to see it) so can access it. Sorry for all these questions ;) -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: user owned groups
On Wed, May 11, 2005 at 03:44:04PM -0400, Chuck Swiger wrote: Sure, modulo the permissions on .cshrc itself. If you don't want them to, give that file 600 perms. The Unix octal permissions bits work just fine for almost all reasonable cases, but no default is ever going to suit all possible variations of intent. Yeah, I was thinking more have a default that protects files/directories (0600/0700) from other users (inherited from the parent directory). To provide public_html I would have to explicitly set the permissions to 0755. Anyway, if you do want to do something more complex, look to UFS2 and POSIX ACL's. I might give this a go, actually, thanks :) -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Process tracking
On Mon, May 09, 2005 at 03:51:30PM +0200, John Oxley wrote: Linux has a nifty utility called htop, but that is not in the FreeBSD ports. Not sure about htop but pstree is in the ports and will show you things hierarchically, which should do the trick. Best wishes, -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing portupgrade without X.org
On Sat, Apr 09, 2005 at 12:26:48PM +0100, Paul Waring wrote: I'm currently trying to get portupgrade onto my new FreeBSD system by running make install clean from /usr/ports/sysutils/portupgrade (after doing a recent cvsup). Everything seems to go along fine, it starts fetching all the packages it requires and then suddenly I see a download for X.org. It is not portupgrade that needs X but a dependent port. Which specific port? In general just with WITHOUT_X11=1 to /etc/make.conf. Once you've got portupgrade installed you can control individual ports more specifically through editing pkgtools.conf in /usr/local/etc. -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing portupgrade without X.org
On Sat, Apr 09, 2005 at 01:37:22PM -0700, Sergei Gnezdov wrote: I think it is WITHOUT_X11=YES Does it make any difference? Not really. WITHOUT_X11=1 works perfectly for me. Just saves a little time typing it ;) -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing portupgrade without X.org
On Sat, Apr 09, 2005 at 06:35:27PM -0700, Sergei Gnezdov wrote:
Manpage does not seem to provide much help and I could not find
anything related to individual package configuration options such as
WITHOUT_X11 in the file itself.
pkgtools.conf is just a handy way of storing all of the port-specific
options. If you search the file you will find MAKE_ARGS. There are
some examples in the file and good comments. e.g.
MAKE_ARGS = {
'databases/phpmyadmin' = 'WITH_SUPHP=1',
}
would cause portupgrade to /always/ build databases/phpmyadmin with
WITH_SUPHP=1
Are there any instructions on pkgtools.conf file?
They're mostly in the pkgtools.conf file itself.
Hope that's some help,
-Lewis Thompson.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
nss_ldap, pam_krb5 and passwd.
Hi, I have user accounts in LDAP and authentication is done via pam_krb5. nss_ldap is installed and configured in terms of /etc/nssswitch.conf. However, when I run passwd I receive the following message: passwd: Sorry, `passwd' can only change passwords for local or NIS users. Judging by pam_krb5(8) this module supports the changing of passwords and it is just passwd that is refusing to change a non-local (i.e. not in /etc/passwd) password. /etc/nssswitch.conf passwd: files ldap So, here's the question: can I work around this? Is there any way to make passwd change passwords for user accounts stored in LDAP? Maybe this will require some hacking of passwd.c? Thanks very much, -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: py-bittorrent
On Tue, Jan 25, 2005 at 10:25:30PM +1000, Warren wrote: I just installed py-bittorrent bit i cant seem to find the command to run the program .. anyone happen to know what it is ? Check the pkg-plist for the port -- a whole pile of binaries are listed at the top. You probably want a btdownload... one. In future best to check the pkg-plist first and not to post to ports@, questions@ is the best place but only after you've done your research. -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
passwd(1) fro KerberosV (Heimdal)
Hi, After successfully setting up KerberosV I am looking into using passwd(1) rather than kpasswd(1) to change principal passwords. In /etc/pam.d I have all instances of krb5 uncommented and have also added krb5 to passwd with no luck. With a valid ticket running passwd gives: passwd: Sorry, `passwd' can only change passwords for local or NIS users. /etc/nssswitch.conf has: group: ldap files passwd: files ldap which I suspect may be the problem (but I use LDAP for accounts). Is there any way to work around this so I can use passwd for changing KerberosV passwds? Thank you, -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Packet filtering with pf and gif tunnels.
Hi, I am wondering what sequence a packet goes through when it is passing through a gif tunnel. I have the following interface and gif tunnel (with the equivalent being on the same subnet at the other side): fxp0: a.a.a.a/24 gif0: a.a.a.a - a.a.a.b (192.168.0.1/32 - 192.168.0.2/32) My question is really what order does the packet go pass through my firewall (pf) in? i.e., is it: in on fxp0 from a.a.a.b to a.a.a.a (unencapsulated) in on gif0 from 192.168.0.2 to 192.168.0.1 or does it just magically ``appear'' on gif0 straight away? Now I write it out I am assuiming that it passes through pf twice (first on fxp0 and secondly on gif0); if this is in fact the case, what sensible rule might I add to allow this encapsulated traffic from a.a.a.b? Currently I have pf configured as follows: pass all pass quick proto icmp block in on fxp0 pass out on fxp0 keep state pass in on fxp0 proto tcp from any to fxp0 port 22 keep state The reason I ask this question is that for my tunnel endpoints to ping each other, a.a.a.a must be doing so (a.a.a.b has no firewall). Thank you, -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Good image editor
On Sat, Jan 08, 2005 at 07:33:26PM -0500, Trey Sizemore wrote: Yes, I use it as well. I like it, but for simple editing and looking at pictures in an album-type format, I'm looking for a package like pixie-plus or digikam (these don't work on my 5.3 box) I like gqview for viewing. It has a configurable menu that allows you to open any image in a variety of editors. -Lewis Thompson. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ath Super G.
Hi, I managed to find http://lists.freebsd.org/pipermail/freebsd-questions/2004-February/035424.html but I couldn't find an answer to the qeustion about Super G support. Do you have any plans to introduce Super support? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpl3RHUecn79.pgp Description: PGP signature
pf/altq prioritisation (for ssh).
Hi,
I want to use pf/altq to give ssh a high priority so I don't get lagged
down when something is downloading.
I have:
altq on ath0 priq queue { default, ssh }
queue default priq(default)
queue ssh priority 15 priq(red)
I'm pretty sure this ``works'' but I was really hoping for more.
Without the 5.3 miniinst ISO downloading a SSH connection is perfect (no
lag, just like the local machine) but as soon as I set it going it
becomes a bit laggy. Am I expecting too much to have a lag-free SSH
connection while downloading something at the same time? Any other
alternatives?
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
pgp5Qxz8hKylx.pgp
Description: PGP signature
Re: IPSEC (5.3-RC2) -- IKE traffic problem.
On Tue, Nov 02, 2004 at 07:33:47PM +, Lewis Thompson wrote: I'm attempting to get an encrypted tunnel going between two machines. Before I start pasting away my configs, tcpdump logs, racoon logs, etc. I would like to ask the following question: I've read that 5.2.1 had broken IPSEC, such that IKE traffic (port 500) was not bypassed (or something along those lines). A full thread can be found at http://groups.google.com/groups?hl=enlr=threadm=257C203C-8104-11D8-9902-00039303AB38_mac.com%40ns.sol.netrnum=10prev=/groups%3Fq%3Dan%2520acceptable%2520proposal%2520found%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg Does anybody know if this has now been resolved in 5.3RC2? Do I need to start doing special things to make IPSEC work? Or am I just a bonehead who has screwed his config up somehow? It turns out I'd make the simplest of mistakes: the permissions on psk.txt were wrong! IPsec works fine on 5.3RC2. racoon only warned me about the permissions when I started it in the foreground (either that or I managed to overlook it in the debug log over and over again -- it wouldn't surprise me). -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpqcl4ERnlQo.pgp Description: PGP signature
IPSEC (5.3-RC2) -- IKE traffic problem.
Hi, I'm attempting to get an encrypted tunnel going between two machines. Before I start pasting away my configs, tcpdump logs, racoon logs, etc. I would like to ask the following question: I've read that 5.2.1 had broken IPSEC, such that IKE traffic (port 500) was not bypassed (or something along those lines). A full thread can be found at http://groups.google.com/groups?hl=enlr=threadm=257C203C-8104-11D8-9902-00039303AB38_mac.com%40ns.sol.netrnum=10prev=/groups%3Fq%3Dan%2520acceptable%2520proposal%2520found%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg Does anybody know if this has now been resolved in 5.3RC2? Do I need to start doing special things to make IPSEC work? Or am I just a bonehead who has screwed his config up somehow? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpIzFlMi2qk4.pgp Description: PGP signature
Setting KRB5_KEYTAB for slapd startup script.
Hi, I'd like to start slapd using the distributed slapd.sh script but I also want to also KRB5_KTNAME=/usr/local/etc/openldap/ldap.keytab. Can anybody suggest a sensible way of doing this? I'm looking ideally for something that will continue to work with upgrades of openldap (and the startup script) but if this isn't possible then the most sane way to hack the script ;) Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpZI2XhKfkUx.pgp Description: PGP signature
NFS4.
Hi, Does anybody here know anything about NFS4 server support in FreeBSD? Searching doesn't reveal much but I'm asking on the offchance somebody has some inside information. Thanks, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpmYSiKWQACo.pgp Description: PGP signature
Re: NFS4.
On Mon, Nov 01, 2004 at 03:14:16PM -0600, Dan Nelson wrote: In the last episode (Nov 01), Lewis Thompson said: Does anybody here know anything about NFS4 server support in FreeBSD? Searching doesn't reveal much but I'm asking on the offchance somebody has some inside information. A snapshot for FreeBSD 5.2 is at ftp://ftp.cis.uoguelph.ca/pub/nfsv4/ . In the Readme.first file, the author says it's pretty solid. He posts announcements to the freebsd-fs list and the nfsv4 list at http://www.ietf.org/mailman//listinfo/nfsv4 . Excellent. Thanks very much! Just what I was looking for. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpyChH0KSf8n.pgp Description: PGP signature
World sendmail and LDAP.
Hi, I'm just wondering if anybody can tell me how I can build sendmail from world with LDAP support. I currently have SASL support enabled in make.conf (copied examples from defaults/make.conf) and hoped it might be possible to do the same for LDAP. Can anybody tell me if this is the case? Thanks, -lewiz. -- ``I was so much older then, I'm younger than that now'' -Bob Dylan, 1964 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question
On Sat, Sep 18, 2004 at 08:16:39PM -0400, Hotmail wrote: I Bought from you FreeBSD 4.10 v, my main concern after I installed it in my laptop I have trouble defining my network wireless card Linksys wireless -B and the network, How can I do that?. Also Do I need the device wi0?, and how can I find it? I have a Linksys Wireless-B PCI card and it's not the same as all of the other Linksys wireless cards. It is not supported by FreeBSD. However, if you are willing to get your hands dirty you could upgrade to 5.3BETA4 and then play with if_ndis, which will allow you to use a Windows driver. It works really well for my Sony wireless card. Best wishes, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp8hk0eMskvh.pgp Description: PGP signature
sysctl meanings.
Hi, I wonder if there is a comprehensive list of what many of the sysctl values are, both in terms of what the node (by this I mean, say, hw.acpi.verbose) means, and what the values would mean/do? If this doesn't exist would it be worth creating a website with a list of all these? I've got some spare time in the next couple of days and I could whip something up in PHP that would hopefully do the job. Thanks, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpqQQrtxQOph.pgp Description: PGP signature
Re: VESA_800x600 (age old question)
On Thu, Sep 09, 2004 at 07:53:59AM -0700, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lewis Thompson Sent: Wednesday, September 08, 2004 2:13 PM To: FreeBSD-questions Subject: Re: VESA_800x600 (age old question) On Wed, Sep 08, 2004 at 04:59:23PM -0400, Parv wrote: in message [EMAIL PROTECTED], wrote Lewis Thompson thusly... vidcontrol: cannot set videomode: Operation not supported by device Can somebody please tell me what this means? All that means is the card does not have proper/complete VESA implementation. IOW, get a card w/ proper/complete VESA implementation? Aha! So while it does have a VESA BIOS it's just not complete. Presumably the vesa code uses some of the less common features to achieve what it does? In a word, it's doesn't work and it's not going to without some really radical changes to the vesa code? Can you confirm/refute this? VESA was a standard that was important back in the DOS days. When it first came out the card vendors all came out with TSR's that would intercept the VESA calls and either make the equivalent BIOS calls into the card BIOS or would setup the registers directly. Later on the card vendors all integrated that into their video card BIOS roms. These days in the age of Windows and protected mode OSs, the video card driver generally does not make calls into video BIOS for most things. With FreeBSD the VESA stuff is handled by the VESA driver (kldload vesa) which talks to vga() which I believe handles the ugliness of the bios calls into the actual video card bios. Only certain cards have been tested with this module and this driver. (you did load the vesa module before running vidcontrol and specing VESA modes, did you?) Yeah, I had it compiled into my kernel ;) It's quite possible that your video card does have vesa extensions but because of some difference in their implementation, the calls from vga() fail, thus the vesa module cannot use it. Or it's quite possible that your manufacturer didn't include VESA support at all. There are some DOS utilities floating around which test for VESA compatability, you might try booting your laptop into DOS and running one of those. If they say your laptop supports VESA extensions then perhaps the vga developer would add support into the driver. Okay, I'll see if I can give that a go... I'll have to figure out how to netboot DOS now... :/ Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp1RVymg7b70.pgp Description: PGP signature
VESA_800x600 (age old question)
Hi, This question has been rehashed many times, so I apologise. I've got VESA and SC_PIXEL_MODE in my kernel and I want to be able to do: vidcontrol VESA_800x600. However, when I do this I receive the following message: vidcontrol: cannot set videomode: Operation not supported by device The general answer to this seems to be make sure SC_PIXEL_MODE is in your kernel. It is. This is an Intel 855GM/GME Montara (I use i810 for x.org). I don't know if it means anything but in the Xorg.log file I am told that a VESA BIOS is detected: (II) I810(0): VESA BIOS detected Can somebody please tell me what this means? Somebody seemed to think that the error means that the card doesn't have a VESA BIOS but this doesn't seem to be the case. Is VESA_800x600 just not supported on the 855GM? Thanks and apologies... this topic is getting boring now ;) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpjbJ7Jkzt1t.pgp Description: PGP signature
Re: VESA_800x600 (age old question)
On Wed, Sep 08, 2004 at 04:59:23PM -0400, Parv wrote: in message [EMAIL PROTECTED], wrote Lewis Thompson thusly... vidcontrol: cannot set videomode: Operation not supported by device Can somebody please tell me what this means? All that means is the card does not have proper/complete VESA implementation. IOW, get a card w/ proper/complete VESA implementation? Aha! So while it does have a VESA BIOS it's just not complete. Presumably the vesa code uses some of the less common features to achieve what it does? In a word, it's doesn't work and it's not going to without some really radical changes to the vesa code? Can you confirm/refute this? I'd love to switch the card... unfortunately this is a laptop and I really don't fancy soldering it; might void my Sony warranty ;) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpm7lxCyIGuA.pgp Description: PGP signature
Re: ftp-master.FreeBSD.org
On Sun, Sep 05, 2004 at 03:53:48AM +1000, Chris Ryan wrote: How can I get access to ftp-master.FreeBSD.org to help with testing? I think you might be getting confused. If you want to help with testing you want to be tracking -STABLE (or maybe even -HEAD). Reading the Handbook is a good idea here; http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html might be a good place to start. Good luck, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpggPgHJqccx.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Fri, Aug 27, 2004 at 08:28:58AM -0600, Aaron Siegel wrote: Hello I am in the process of setup a similar configuration using poptop to create a pptp link between a static server and a roaming computer with an anonymous. There is also l2tpd from what I read it is more secure than pptp but it does not work through a NAT. I will hopefully get this up and running soon sofar I have only been able to create an unencrypted pptp link. That sounds very interesting. I don't suppose you would let me see any notes you make when you get a bit further along? I've not got much further -- mainly because I've been trying to get my sound card working properly. Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpWlQHlcZv1F.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Fri, Aug 27, 2004 at 03:40:08PM +0100, Lewis Thompson wrote: On Fri, Aug 27, 2004 at 08:28:58AM -0600, Aaron Siegel wrote: Hello I am in the process of setup a similar configuration using poptop to create a pptp link between a static server and a roaming computer with an anonymous. There is also l2tpd from what I read it is more secure than pptp but it does not work through a NAT. I will hopefully get this up and running soon sofar I have only been able to create an unencrypted pptp link. That sounds very interesting. I don't suppose you would let me see any notes you make when you get a bit further along? I've not got much further -- mainly because I've been trying to get my sound card working properly. I've just spent a while playing around with mpd and I have successfully got what I wanted working. On the server there is an mpd daemon. I have connected successfully with my laptop (running mpd as a client) and also with a remote Windows XP SP2 machine (my friend somewhere else in England). Only thing is that it's encrypted at just 128kbit. Something more along the lines of 256kbit-1024kbit would be much nicer ;) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpkMuPas1bkl.pgp Description: PGP signature
Roaming tunnel (IPSEC or something).
Hi, I'm wondering if it's possible to have a ``roaming tunnel'' so I have local-like access on my laptop wherever I am. I currently have an encrypted IPSEC tunnel set up between my laptop and server (both with static IPs) as explained in the Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html) but I'd like to extend it so that I can connect to my server (a static IP) from anywhere with my laptop (a dynamic IP). Is this even possible? I've been told about isakmpd but I fail to see really how it differs from racoon. Any suggestions about this would be greatly appreciated. Thanks! -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpUGs0atBUcw.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Wed, Aug 25, 2004 at 05:42:21PM -0500, David Kelly wrote: On Aug 25, 2004, at 4:44 PM, Lewis Thompson wrote: I'm wondering if it's possible to have a ``roaming tunnel'' so I have local-like access on my laptop wherever I am. Have not done it myself but IIRC the key is to define an anonymous host in raccoon.conf. I spotted that existed... but I have gif tunnels set up and firewall rules... how do these work? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpQ3YMyjxIxQ.pgp Description: PGP signature
Re: Change root user name? possible?
On Wed, Aug 25, 2004 at 07:03:10PM -0400, Ara Avvali wrote: What I mean if someone wants to hack to machine or even get physical access half of the job is done by knowing the root user name. But they could just look in the passwd file... -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpmMshBaT4aT.pgp Description: PGP signature
Repeated polling of CD/DVD-ROM.
Hi,
I have written some code that does some rather nasty stuff to determine
whether or not there is media in the drive. It is basically this:
open('/dev/dvd', 'rb')
read(1)
at which point if I get an exception (in Python) I know there is no
media (or it is blank). If it throws no exception I consider the disc
to be good.
I know how bad this is (I unfortunately don't understand ioctls and
need this to work quickly in the short term -- I plan on learning more
about this stuff and doing it properly later) but my question is this:
Does the device actually get read /every/ time I do this operation? (it
gets called every two seconds) It looks to me that after an initial
probe there are no further accesses, which makes me wonder if further
down some caching is done. Anybody know what is really going on?
Thanks,
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
pgpLxndnLePRY.pgp
Description: PGP signature
Python application in rc.d.
Hi, I'm trying to create a port for a Python application that I want to start from local/etc/rc.d. The command is this: /usr/bin/su freevo -c /usr/local/bin/freevo -fs start /dev/null 21 Unfortunately when I boot up I get a message about Python not being configured/available at this time. I'm at work at the moment and I can't get the message but I wanted to ask now in the hopes that somebody would have come across this before. If not I'll send another mail with the full message when I can. Does anybody know how to fix this? Thanks, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp23JOPPnMUQ.pgp Description: PGP signature
Re: Python application in rc.d.
On Sun, Jun 20, 2004 at 03:01:54PM -0400, Chuck Swiger wrote: Lewis Thompson wrote: I'm trying to create a port for a Python application that I want to start from local/etc/rc.d. The command is this: /usr/bin/su freevo -c /usr/local/bin/freevo -fs start /dev/null 21 Unfortunately when I boot up I get a message about Python not being configured/available at this time. Does the script set $PATH to include the location where python is? If you don't list /usr/local/bin explicitly, this may be the problem... No, PATH doesn't get set but if I run it as /usr/local/bin/freevo.sh start from a login shell (i.e. after the system has booted) it works fine. I might be getting confused but I think this indicates the script is good and it's a start-up problem. Is this just wrong? Thanks for your reply, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpDawADzThIX.pgp Description: PGP signature
Re: Python application in rc.d.
On Sun, Jun 20, 2004 at 03:56:43PM -0400, Chuck Swiger wrote:
Lewis Thompson wrote:
[ ... ]
Does the script set $PATH to include the location where python is? If
you don't list /usr/local/bin explicitly, this may be the problem...
No, PATH doesn't get set but if I run it as /usr/local/bin/freevo.sh start
from a login shell (i.e. after the system has booted) it works fine. I
might be getting confused but I think this indicates the script is good
and it's a start-up problem. Is this just wrong?
No, you should not assume that running the command from an interactive
shell is the same environment that a RC startup script or a cron job runs
under.
You were correct! I've added PATH=${PATH}:%%PREFIX%%/bin to the sample
file (where %%PREIFX%% obviously gets mangled). It works great now. I
must admit I can see a situation where somebody might install my port in
a weird PREFIX and then it still won't find python (if it's installed in
the default, /usr/local) -- but I really can't see any way to handle
that nicely.
Thanks for the help, I'm hopefully going to submit this port soon --
I've only been working on it a few months!
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
-| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
pgpGVA7hd3Jlt.pgp
Description: PGP signature
Re: Firefox 0.9 Port
On Thu, Jun 17, 2004 at 12:36:09PM -0500, Jamie Novak wrote: The install was successful, but as soon as I try to run the program, all I get is the same message repeating over and over again in my xterm: *** loading the extensions datasource The browser never actually starts and that message keeps repeating until I ^C out of it. Try starting it as root then as a regular user. It's weird. I had that but after long enough I got a message about too mamy open files. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpk8qMEoxXPD.pgp Description: PGP signature
Re: 3ware Escalade 7506-4LP in PCI-X 66MHz slot?
On Wed, Jun 16, 2004 at 01:46:23PM +0200, freebsd_daemon wrote: I am planing to build a small DB-server and want to use a hot-swap capable Raid 5 array of IDE disks for the data. I am going to use FreeBSD 4.10R. I would like to use a 3ware Escalade 7506-4LP controller which is suppost to require a PCI 2.2 compliant 64-bit/66MHz bus slot. The mainboard I am considering (Tomcat E7210 S5112G2NR) has a PCI-X 66MHz slot. Will the 3ware controller work in that slot? Not sure if this is any help, but: The 7-series cards work fine in regular 32bit PCI slots. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp1fKgU43IK7.pgp Description: PGP signature
Re: Which version of freebsd..
On Sun, Apr 25, 2004 at 12:54:56AM +0200, lists wrote: Currently were going to reinstall all servers we have from redhat 9 to freebsd because redhat 9 is EOL... But after reading a few mails here that 4.9 is most likely not supported for a long time.. what version should we take then? Looks like 4.10 is in beta so if you're looking for stability it might be worth hanging on until it hits -RELEASE (or, install 4.9 and then cvsup). Bear in mind 5 is still a technology release and should not be used for production servers. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: firewall settings and dhcpd
On Sun, Apr 25, 2004 at 01:33:22PM +0200, Christoph Kukulies wrote: I'm getting this in my log/messages: Apr 25 13:25:42 mybox dhcpd: send_packet: Permission denied Could it be that a certain firewall setting or something missing would be causing this? Possibly. It might be worth including some details of your current firewall settings. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Upgrading a port....
On Sun, Apr 25, 2004 at 01:03:52PM -0400, Ralph M. Los wrote: I currently have Samba 2.2.8a running. I'd like to get up to the 3.0.x.x version, as I've heard there are significant advances in that version. Can someone tell me if I do a 'make install' from the /usr/ports/net/samba-devel directory if it'll upgrade my current Samba 2.2.8a to 3.x.x.x? If not, what will happen? Also, how would I go about upgrading in that case? No, that won't work. Look at sysutils/portupgrade. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: 1024x768 Resolution in console?
On Fri, Apr 23, 2004 at 07:46:05PM -0500, Eric Crist wrote: This is for a Compaq Presario 2100 (laptop). My beef is that my console only takes up a small section of the screen (although X is full screen). I know some laptops have a 'stretch' capability, but, alas, I was a cheap bastard, and this one does not. Not sure about your splash... but have you investigated the vidcontrol VESA_800x600 mode? This might help a little (looks great on my laptop). In your kernel config you will need VESA and SC_PIXEL_MODE. Then you should add something to rc.conf's allscreens_flags that sets up every screen at boot. Hope that's some help, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Sil0680 causes panic on 5.2.1-p5.
Hi, I've just bought a Silicon Image Sil 0680 RAID controller. I will only be using it as an IDE controller (i.e. without any RAID functionality). This causes a panic on 5.2.1-p5 (GENERIC): atapci1: SiL 0680 UDMA 133 controller port 0xcc00-0xcc0f,0xd000-0xd003,0xd400-0xd407, 0xd800-0xd803, 0xdc00-0xdc07 mem 0xcfffbf00-0xcfffbfff irq 5 at device 9.0 on pic0 atapci1: [MPSAFE] Fatal trap 12: page fault while in kernel mode cpuid = 0, apic id = 00 fault virtual address = 0xd12f8000 fault code = supervisor write, page not present instruction pointer = 0x8:0xc04d2627 stack pointer = 0x10:0xc219a0 frame pointer = 0x10:0xc219ac code segment = base 0x0, limit 0xf, type = 0x1b = DPL 0, pres1, def32 1, grain 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (swapper) trap number = 12 cpuid = 0; As you can see I just wrote this down and typed it up (so there may be errors!). If somebody needs meaningful numbers please ask me and I will go over and double-check everything. I have tried the obvious things -- removing other PCI devices, etc. I was unable to disable the onboard IDE controller because this card doesn't seem to support booting. The twist is this: there is no panic if I boot 4.9-rc4 (disk1, install) or 5.1-RELEASE (disk1, install). It is specific to 5.2.1-p5 (or at least between 5.1-R and this). I verified this with a GENERIC kernel (compiled by me) and a custom kernel (unneeded devices removed and some firewall stuff added). Please ask for any details -- I've not included a dmesg since it would be of the machine without the card plugged in. I can provide anything (but I've not used kernel debugging before). Any help with this would be much appreciated, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Missing Port
On Thu, Apr 22, 2004 at 03:24:03PM -0700, [EMAIL PROTECTED] wrote: I am tring to install mrtg on my test FreeBSD 5.1 box. I change into my /usr/ports/net/mrtg directory and find that there is only a README.html How can I get this port back? I tried to cvsup it with ports-all but the files are not there. What would be a quick solution to get the files? Without downloading the ports.tar.gz file and extracting it If it's supposed to be there, try CVSweb http://cvsweb.freebsd.org/ and you can create a specific tarball to download. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
[OT] Porting help / cdio.h.
Hi, I'm attempting to port some software (MythTV) to FreeBSD. My knowledge of this is fairly limited and I'm wondering how to convert from linux/cdrom.h to sys/cdio.h. I see I can determine the capabilities of the drive quite easily. However, what I want is to (for example) lock/unlock the tray. The CDDOLOCK define is merely a Boolean value that tells me the drive's capability. Can anybody please tell me how I go about actually locking the tray? Thanks very much and sorry this is a little off-topic, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: very long boot sshd
On Thu, Apr 08, 2004 at 09:17:14AM +0200, RazorOnFreeBSD wrote: Do you think I need to change my hardrive already ? It is just one year . :( Good news is that it's probably still under warranty :) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: console screensaver in X
On Wed, Apr 07, 2004 at 07:27:09AM +1000, sAndri Kok wrote: I'm interested in using FreeBSD's daemon logo screensaver in X. Is that possible? If it is, how do I do it? any man that I can read? Thx heaps =) That's the one where the Beastie bounces about the screen, right? Best bet is probably to go install xscreensaver from ports and then find the hack that does a bouncing image... I'm fairly sure there is one... -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: A night with threads and gdb
On Tue, Mar 30, 2004 at 05:42:41PM +0100, Andrea Venturoli wrote: To make it clear: with nss_ldap enabled, everything that accessed the user database would crash: so ls -l, id and so on (but not, e.g., ls without -l). I spoke to nectar@ about this. CVSup to that latest OpenLDAP21 and then recompile :) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Anti-virus
On Mon, Mar 29, 2004 at 08:52:23PM -0600, Earl Larsen wrote: I was wondering what is a good, free ;) anti virus program for FreeBSD. Depending what you mean by free... maybe try security/f-prot. It's free for non-commercial use. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Ordering of dummynet and natd.
Hi, Can anybody help me out with ipfw rules to do dummynet shaping before packets hit natd for translation. 192.168.0.4 should be able to upload at just 100KB/s. The default gateway and natd is done on 192.168.0.1 where I have the following rules: pipe 1 ip from 192.168.0.4 to any via xl1 divert 8668 ip from any to any via xl1 allow ip from any to any pipe 1 just limits the bandwidth to 10KB/s. pipe 1 is before divert because if I put it after then natd has already translated the address so I cannot shape the bandwidth as I want. Am I wrong in thinking I can use pipes like this? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: troubles with jdk-1.4.2p6_4
On Tue, Mar 30, 2004 at 09:35:58AM -0500, Lowell Gilbert wrote: Nikita S. Sychevsky [EMAIL PROTECTED] writes: I can't build jdk-1.4.2p6_4 from the ports collection on jdk-1.4.2p6_4 system. Can anybody help please? Looks like a known problem; it's failing on the test cluster as well. You can't build java in a directory with the sticky bit. Try and set your WRKDIRPREFIX somewhere else. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: hard disk recover
On Sun, Mar 28, 2004 at 04:25:56PM -0700, [EMAIL PROTECTED] wrote: # dd if=/dev/ad1s1a bs=64k dd: /dev/ad1s1a: Input/output error Try: dd if=/dev/ad1s1a of=? conv=noerror,sync bs=64k I recently ``recovered'' a disk from this error. The sync is critical, trust me ;) (check the man page for what it does) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Sample server for Cyrus SASL
On Fri, Mar 26, 2004 at 07:38:42AM -0500, WebTent Support wrote: I have Cyrus SASL 2.1.18 installed from ports on 5.2.1. Does it place the source somewhere? How can I test with the sample-server and sample-client? I don't think it gets installed. Look in the work directory. server and client under sample. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
natd + DUMMYNET ordering.
Hi, I'm trying to set up some traffic shaping using IPFW2 and DUMMYNET. I also use natd and I'm a little stumped as to where to put my pipes so that they will work as I expect. ipfw add pipe 1 all from 192.168.0.4 to any via xl1 ipfw add divert natd all from any to any via xl1 ipfw add pipe 1 all from 192.168.0.4 to any via xl1 ipfw pipe 1 config bw 100KB/s ipfw add pass all from any to any What I want is to able to shape traffic (incoming and outgoing) based on the internal destination/source. Hence I've put pipe 1 before natd so traffic going out will be matched. The same rule is repeated after natd so incoming traffic will be matched. However, this plain doesn't work and I'm a little stumped. Can anybody point out how to get this sort of stuff working right? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
natd + DUMMYNET ordering.
Hi, I'm trying to set up some traffic shaping using IPFW2 and DUMMYNET. I also use natd and I'm a little stumped as to where to put my pipes so that they will work as I expect. ipfw add pipe 1 all from 192.168.0.4 to any via xl1 ipfw add divert natd all from any to any via xl1 ipfw add pipe 1 all from 192.168.0.4 to any via xl1 ipfw pipe 1 config bw 100KB/s ipfw add pass all from any to any What I want is to able to shape traffic (incoming and outgoing) based on the internal destination/source. Hence I've put pipe 1 before natd so traffic going out will be matched. The same rule is repeated after natd so incoming traffic will be matched. However, this plain doesn't work and I'm a little stumped. Can anybody point out how to get this sort of stuff working right? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Sat, Mar 20, 2004 at 12:23:11AM +, Lewis Thompson wrote: On Sat, Mar 20, 2004 at 08:57:38AM +1030, Greg 'groggy' Lehey wrote: On Friday, 19 March 2004 at 3:03:34 +, Lewis Thompson wrote: In a reply to my original question you stated that ``dd if=ad3 of=ad1 bs=8192 conv=noerror'' ``may or may not work, depending on details you haven't reported.'' Do these detailed errors help at all? A little. They tell me that the drive is flaky. I'd expect to see the error messages in /var/log/messages, though. Right. I've just written a full-blown reply to this message but on the very last thing I did some looking into dd. After some searching I found somebody that said: ``One must specify conv=noerror,sync when copying raw disks with bad sectors to ensure dd stays synchronized'' I re-dd'd my disk yesterday using conv=noerror,sync and everything seems to work as planned. Vinum starts straight away and I have not managed to re-create the null fqg message. If I come across any problems I'll post them here. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: making the partition larger
On Sun, Mar 21, 2004 at 12:52:47PM +0300, CBuH. wrote: I have it of size X. And have 4 partitions marked, plus free unmarked 10Gb on that /dev/ad0. Want to make FreeBSD's partition bigger on those 10Gbs. It depends on where the free space is. If you mean growing the FreeBSD slice (which is BSD language for a DOS partition) then I don't think you can. However, if it is unallocated space in the slice take a look at the growfs man page. You'll probably need to use bsdlabel/disklabel to edit your slice partition table. Searching for bsdlabel and growfs will probably help too. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Sat, Mar 20, 2004 at 11:14:23AM +1030, Greg 'groggy' Lehey wrote: I still don't understand why you're using dd. To create as near-perfect copy of the disk as possible? I want to work on the failing disk as little as possible in case I cause further damage. Since the RAID0 volume is around 300GB I don't have anywhere that I could cp all of that data so I saw the best alternative as dd'ing the disk. Can you suggest another method I might use to achieve what I want? Thanks, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: problem with su
On Sat, Mar 20, 2004 at 07:41:53PM +0200, Eric Yellin wrote: When I su -m and login as root, all I get in the prompt is a % sign. My normal user shell is tcsh and the prompt looks like this: [EMAIL PROTECTED]/home/eric(29): but this is not kept when I su -m. How can I change this? Look in /root/.cshrc -- I generally just comment out the PROMPT line. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: I messed up my system, please help. library missing
On Sat, Mar 20, 2004 at 01:46:14PM -0500, Shaun T. Erickson wrote: How do I get the old version reinstalled, and have the new version as well, for things that need it? Take a look at portupgrade. You can find it in sysutils/portupgrade. Once it's installed portupgrade expat should do the job. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum
Hi, I might be lying to you with my answers. I'm hoping Greg Lehey or some other Vinum hacker will point anything I get wrong out though :) On Sat, Mar 20, 2004 at 01:23:53PM -0800, Evan Sayer wrote: I have a question about how vinum effects access to file systems. When i have a vinum volume on a drive which contains the file system /usr, which is being mirrored to another volume on another drive, are the contents of /usr encompassed in the volume (like a partition) or is /usr is generally partition e on the slice (at least it is on my machine). This means you can set up two Vinum drives using, for example, ad0s1e. That way you will be able to mount either disk. However, that's not really useful. You really want to be mounting /dev/vinum/usr (if that's what you called your volume). This way Vinum will handle the synchronization for you. If i do this will i be able to access all the files on the first hard drive as though it was just a regular partition. Yes. Same for the second disk. You really want to mount /dev/vinum/usr as I mentioned above. Do i need subdisks and plexes just to mirror the file systems' data? Yes. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Sat, Mar 20, 2004 at 08:57:38AM +1030, Greg 'groggy' Lehey wrote: On Friday, 19 March 2004 at 3:03:34 +, Lewis Thompson wrote: In a reply to my original question you stated that ``dd if=ad3 of=ad1 bs=8192 conv=noerror'' ``may or may not work, depending on details you haven't reported.'' Do these detailed errors help at all? A little. They tell me that the drive is flaky. I'd expect to see the error messages in /var/log/messages, though. Right. I've just written a full-blown reply to this message but on the very last thing I did some looking into dd. After some searching I found somebody that said: ``One must specify conv=noerror,sync when copying raw disks with bad sectors to ensure dd stays synchronized'' I'm feeling sheepish now. I've only used conv=noerror. This would probably explain something (i.e. I can read the config from the disk because it's synched at the beginning). I'm going to re-dd the disk on Monday (I'm away for the weekend). I'll tell you how I get on then. Thanks again for all the help, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Top posting
On Fri, Mar 19, 2004 at 05:24:59PM -0600, Tillman Hodgson wrote: On Fri, Mar 19, 2004 at 05:35:06PM -0500, Al Johnson wrote: My standard response to top-posting: A: Because it reverses the logical flow of conversation. Q: Why is putting a reply at the top of the message frowned upon? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? .siht ekil I .doog si sihT -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Thu, Mar 18, 2004 at 01:26:02PM +1030, Greg 'groggy' Lehey wrote: On Tuesday, 16 March 2004 at 17:25:26 +, Lewis Thompson wrote: I can't think of anything else. Originally I ran dd without the conv=noerror and it stopped at around 25GB (the disk is a 100GB). The destination disk is 123GB but to my knowledge that is acceptable for dd. During the process a number (maybe eight to ten) I/O errors were reported. But not to me. I've included more detailed errors neared to the end of this email :) I was really thinking of What to do if you have problems with Vinum at http://www.vinumvm.org/vinum/how-to-debug.html. Okay, I did actually do my best to follow this but maybe got sidetracked. I'm just going to bullet point these now so I don't miss any of them out. * Problems: ``dd'' cloned disk ``does not work'' (i.e. gstat shows no activity on the cloned disk during reading of files). Also see previous emails. * Version: FreeBSD 5.2.1-p1. * Changes to system: Originally vinum ran on 4.9-STABLE. This worked but had periodic ``disk crashes'' (i.e. vinum states disk as offline). I don't think this is the problem as the same behaviour happens with 5.2.1-p1 using the original dodgy disk (only GEOM removes it instead of vinum). * Vinum list (excuse lack of wrapping). vinumdrive2/ad3 is the cloned disk. The failed volume is data (I don't think you need the others but I'll leave them, just in case ;): vinum - list 3 drives: D vinumdrive2 State: up /dev/ad3s1h A: 0/95558 MB (0%) D vinumdrive1 State: up /dev/ad2s1h A: 0/117246 MB (0%) D vinumdrive0 State: up /dev/ad1s1h A: 0/117246 MB (0%) 5 volumes: V root State: up Plexes: 2 Size:255 MB V swap State: up Plexes: 2 Size:459 MB V var State: up Plexes: 2 Size:256 MB V usr State: up Plexes: 2 Size: 12 GB V data State: up Plexes: 1 Size:295 GB 9 plexes: P root.p0 C State: up Subdisks: 1 Size:255 MB P root.p1 C State: up Subdisks: 1 Size:255 MB P swap.p0 C State: up Subdisks: 1 Size:459 MB P swap.p1 C State: up Subdisks: 1 Size:459 MB P var.p0 C State: up Subdisks: 1 Size:256 MB P var.p1 C State: up Subdisks: 1 Size:256 MB P usr.p0 C State: up Subdisks: 1 Size: 12 GB P usr.p1 C State: up Subdisks: 1 Size: 12 GB P data.p0 C State: up Subdisks: 3 Size:295 GB 11 subdisks: S root.p0.s0State: up D: vinumdrive0 Size:255 MB S root.p1.s0State: up D: vinumdrive1 Size:255 MB S swap.p0.s0State: up D: vinumdrive0 Size:459 MB S swap.p1.s0State: up D: vinumdrive1 Size:459 MB S var.p0.s0 State: up D: vinumdrive0 Size:256 MB S var.p1.s0 State: up D: vinumdrive1 Size:256 MB S usr.p0.s0 State: up D: vinumdrive0 Size: 12 GB S usr.p1.s0 State: up D: vinumdrive1 Size: 12 GB S data.p0.s0State: up D: vinumdrive0 Size:100 GB S data.p0.s1State: up D: vinumdrive1 Size:100 GB S data.p0.s2State: up D: vinumdrive2 Size: 93 GB * Vinum history. I mounted the volume (which was not unmounted properly -- fsck took place first) and watched a few films. Eventually I stumbled across one that didn't even start. I am certain vinum isn't reading anything from ad3 -- gstat during fsck showed *NO* activity on ad3/vinumdrive2: 19 Mar 2004 02:46:38.668561 *** vinum started *** 19 Mar 2004 02:46:39.266076 list 19 Mar 2004 02:56:23.538633 *** vinum started *** * /var/log/messages extract. I originally started vinum a long while before, I included this entry too (excuse wrapping): Mar 17 23:33:57 amnesia kernel: vinum: loaded Mar 17 23:34:00 amnesia kernel: vinum: reading configuration from /dev/ad1s1h Mar 17 23:34:00 amnesia kernel: vinum: updating configuration from /dev/ad2s1h Mar 17 23:34:00 amnesia kernel: vinum: updating configuration from /dev/ad3s1h Mar 19 02:49:26 amnesia kernel: WARNING: /mnt/data was not properly dismounted Mar 19 02:52:15 amnesia kernel: vinum: null rqg This seems a little odd to me -- previously I had not had a null rqg error. I think maybe I didn't test it enough. Since these are mostly avi files I can tell if they are broken on not by seeing if they have an index -- last time they all played but many without indexes. Nothing has changed since then; maybe I wasn't being thorough enough? * Crash dump
gif tunnel problem.
Hi, This is the first time I've looked at gif tunnels and I'm only trying to do something simple (by that I mean no IPsec, etc.) Diagrams are always useful for this, so here goes: (int) (ext) (ext) (int) xl0 192.168.0.1 xl1 a.b.c.d - 'net - sis0 w.x.y.z rl0 192.168.1.1 192.168.0.x/24 192.168.1.x/24 That's a pretty poor diagram, sorry. Basically HostA has is the default router for 192.168.0.0/24 with in 192.168.0.1 and external ip a.b.c.d. HostB is the same for 192.168.1.0/24 with external ip w.x.y.z. I want to set up an unencrypted tunnel between the two subnets using gif. So far on HostA I have: ifconfig gif0 create ifconfig gif0 tunnel a.b.c.d w.x.y.z ifconfig gif0 192.168.0.1 192.168.1.1 and on HostB: ifconfig gif0 create ifconfig gif0 tunnel w.x.y.z a.b.c.d ifconfig gif0 192.168.1.1 192.168.0.1 I got these from the IPsec chapter in the handbook. It states at this point I should be able to ping 192.168.1.1 from HostA. This does not work. I see the echo in gif0 (using tcpdump) but it never seems to exit the gif tunnel and hit xl1. The same is true for HostB. netstat -rn on HostA shows: 192.168.1.1192.168.0.1UH 0 3183 gif0 with an equivalent entry on HostB. What am I doing wrong? I've tried to follow the chapter as best I can but it has been little help. Anybody able to point out the error in my ways? Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
gif tunnel problem.
Hi, This is the first time I've looked at gif tunnels and I'm only trying to do something simple (by that I mean no IPsec, etc.) Diagrams are always useful for this, so here goes: (int) (ext) (ext) (int) xl0 192.168.0.1 xl1 a.b.c.d - 'net - sis0 w.x.y.z rl0 192.168.1.1 192.168.0.x/24 192.168.1.x/24 That's a pretty poor diagram, sorry. Basically HostA has is the default router for 192.168.0.0/24 with in 192.168.0.1 and external ip a.b.c.d. HostB is the same for 192.168.1.0/24 with external ip w.x.y.z. I want to set up an unencrypted tunnel between the two subnets using gif. So far on HostA I have: ifconfig gif0 create ifconfig gif0 tunnel a.b.c.d w.x.y.z ifconfig gif0 192.168.0.1 192.168.1.1 and on HostB: ifconfig gif0 create ifconfig gif0 tunnel w.x.y.z a.b.c.d ifconfig gif0 192.168.1.1 192.168.0.1 I got these from the IPsec chapter in the handbook. It states at this point I should be able to ping 192.168.1.1 from HostA. This does not work. I see the echo in gif0 (using tcpdump) but it never seems to exit the gif tunnel and hit xl1. The same is true for HostB. netstat -rn on HostA shows: 192.168.1.1192.168.0.1UH 0 3183 gif0 with an equivalent entry on HostB. What am I doing wrong? I've tried to follow the chapter as best I can but it has been little help. Anybody able to point out the error in my ways? Thanks a lot, -lewiz. P.S. Sorry if this is a duplicate -- it's been a few hours since I originally posted it and I haven't received it yet... must be my MTA ;) -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Tue, Mar 16, 2004 at 07:13:25PM +0800, Greg Lehey wrote: On Tuesday, 16 March 2004 at 2:00:00 +, Lewis Thompson wrote: I had a failed disk in my RAID-0 Vinum array. This was a physical disk problem and in an attempt to recover as much data as possible I dd'ed it to another disk (dd if=ad3 of=ad1 bs=8192 conv=noerror). This may or may not work, depending on details you haven't reported. I can't think of anything else. Originally I ran dd without the conv=noerror and it stopped at around 25GB (the disk is a 100GB). The destination disk is 123GB but to my knowledge that is acceptable for dd. During the process a number (maybe eight to ten) I/O errors were reported. Previously I believe reading data from these areas on the disk caused Vinum to lose the disk (under 4-STABLE), I presume this was by design, or unavoidable. Under 5.2.1-p1 GEOM removed the disk totally. The dd was done using the rescue disk from 4.9-RELEASE (to avoid GEOM). I can actually start vinum and mount the RAID-0 array with no trouble (Vinum reports no errors I can see). Since I wrote this I posted a reply stating that whatever files I try and open (mostly my personal video collection), gstat reports no activity from ad3 -- the replaced disk. A lot of the indexes from the AVIs are dead. I don't really know how I can test the integrity of files from the replaced disk... A good start would be to read the documentation at http://www.vinumvm.org/. Unresolved bugs, 27 Feb 2000. -- this doesn't seem to have applied. When I started vinum (I previously ran dumpconfig) with create -f myconfig my data plex (comprised 2*120GB and the replaced 100GB) was listed as up. At this point I tried the fsck with an error about invalid superblocks, so I restored those on /dev/vinum/data with tunefs -A. fsck then failed with the ``cannot alloc 4316869296 bytes for inphead'' error. I've read the replacing a failed Vinum drive a couple of times now but I still don't quite understand it. Does this apply to RAID-0? Surely I can't revive a concatenated array? I assume this must only apply to RAID-1 and RAID-5 (and maybe some of the others in between I know nothing about). Reading more about debugging vinum I found this oddity (maybe it isn't, since it's actually before the config): [EMAIL PROTECTED] root state upvinumdrive0: -- ad1.config --- [EMAIL PROTECTED] root state upvinumdrive1: -- ad2.config diff on ad2.config and ad3.config instead gives: [EMAIL PROTECTED] root state upvinumdrive1: -- ad2.config --- IN VINOpurple.lewiz.orgvinumdrive2?;[EMAIL PROTECTED] root state up ^-- ad3.config There are a few extra chars different after the vinumdrive line, from those in ad1 and ad2. This probably isn't anything? I've stopped short of compiling vinum with debugging options (this was under kernel panics, which I'm not having). I'll go ahead and do this though if it can provide any more info. There is nothing of any value in /var/log/vinum_history (but I've cp'd it to http://www2.cs.man.ac.uk/~thompsl3/vinum_history just in case). If you look at this file you can see I messed with create -f a lot. This was because the old disk didn't seem to like storing the on-disk configuration. The new disk seems to do this. worked fine. However (and this is my real problem), fsck_ufs /dev/vinum/data gives the following message: ** /dev/vinum/data cannot alloc 4316869296 bytes for inphead * FILE SYSTEM STILL DIRTY * Possibly there are log messages that go with this message. It indicates to me that there's something seriously wrong in some data structure, and that fsck is asking for a ridiculous amount of memory as a result. No errors appear in any of the files in /var/log (I checked them all, just in case). Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Vinum, replaced disk -- fsck error.
Hi, I had a failed disk in my RAID-0 Vinum array. This was a physical disk problem and in an attempt to recover as much data as possible I dd'ed it to another disk (dd if=ad3 of=ad1 bs=8192 conv=noerror). This has mostly gone fine (bar the I/O errors that were to be expected) and I can actually start vinum and mount the RAID-0 array with no trouble (Vinum reports no errors I can see). I don't really know how I can test the integrity of files from the replaced disk... I attempted to fsck the volume before I mounted it but I first had to restore the superblock for the volume (tunefs -A /dev/vinum/data), which worked fine. However (and this is my real problem), fsck_ufs /dev/vinum/data gives the following message: ** /dev/vinum/data cannot alloc 4316869296 bytes for inphead * FILE SYSTEM STILL DIRTY * Searching about doesn't reveal much of any use -- Google Groups has a few of these errors for Solaris, so I assume it to be a fairly ``generic'' UFS error (?) Any suggestions what I can do now? I am expecting corruption on my array but I thought some corruption was better than nothing at all. Am I way off thinking that I can do this? I've not included many specific details here because I don't know if they are relevant. Just ask if I've missed anything and I'll provide it right away. Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Vinum, replaced disk -- fsck error.
On Tue, Mar 16, 2004 at 02:00:00AM +, Lewis Thompson wrote: This has mostly gone fine (bar the I/O errors that were to be expected) and I can actually start vinum and mount the RAID-0 array with no trouble (Vinum reports no errors I can see). I don't really know how I can test the integrity of files from the replaced disk... I've just noticed as I was playing some files from my disk that gstat shows *no* activity for ad3 (the replaced disk). Obviously all is not working as I believed. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Data recovery.
Hi, I've just had a disk (pretty much) fail on me. I'd been suspect of it for some time now, but finally confirmed it with a reinstall to 5.2.1 when GEOM started removing it for me ;) Some more tests with smartmontools (http://smartmontools.sourceforge.net/) indicate read failures at the same position on the disk. This problem is made worse by the fact that this is a 100GB disk, part of a Vinum RAID-0 array (together with two more 120GB disks). I have managed to get my hands on a 123GB disk for backing up the data to to. I know I am going to have to use dd for this, but this is something I've never done before (short of a quick flirt with floppy images, etc.) Since GEOM has previously removed the volume when it hit the bad area I need to know if I can disable this to recover as much data as possible (some is better than none). If this requires installing 4 then that's how I'll have to do it. Basically I would like to ask -questions if anybody has any advice (other than ``you should have made backups'' -- I was in the process of buying a 3Ware RAID card for this purpose ;) as to how I should go about this. Anything at all... I'm pretty desperate at this point! Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: mounting
On Mon, Mar 08, 2004 at 03:11:14AM -0700, RYAN vAN GINNEKEN wrote: [snip] Also i have the same problems with my nfs mounts if a machine goes down somewhere now of my other machines will reboot. Have you tried mounting with the -s option? Check the man page for soft. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Installation - More user friendly
On Sun, Mar 07, 2004 at 11:28:03PM -0500, JJB wrote: Right at the beginning of sysinstall should be warning about what to set PC bios options to, like plugNplay off, power management off, boot time virus check disabled, PCI irq assignments set to auto, OS type set to non-windows, ect. Give then option to cancel sysinstall to set bios. Or, alternatively, we could just put a URL to the documentation... -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Installation - More user friendly
On Mon, Mar 08, 2004 at 09:53:15AM -0500, Jerry McAllister wrote: On Sun, Mar 07, 2004 at 11:28:03PM -0500, JJB wrote: Right at the beginning of sysinstall should be warning about what to set PC bios options to, like plugNplay off, power management off, boot time virus check disabled, PCI irq assignments set to auto, OS type set to non-windows, ect. Give then option to cancel sysinstall to set bios. Or, alternatively, we could just put a URL to the documentation... That works if it can read locally, can sysinstall handle html? If it must go out to the net, can it do that?Probably not at that stage. Many of us can not afford to have an extra machine around to read online documentation while doing an install. The install is on the only machine we have. I was making the point that few people read the documentation /before/ they pop the CD in the drive. If a lot of people (I'm not saying this is you, at all) bothered to do this it really would save them a lot of hassle. As for PnP, IRQ assignments, etc. -- these would /all/ be sorted /before/ the disc was booted from. Your idea is quite nice though -- the Handbook could easily be converted to plaintext and fired up on a virtual terminal. -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: cdroast
On Sat, Mar 06, 2004 at 08:09:47PM -0800, Brian Henning wrote: how can i make it so cd roast burns files with plus signs in it. for example /usr/ports/distfiles/gtk+-1.2.10.tar.gz This should probably be aimed at the xcdroast people since it seems very specific. I'm not really sure but is there any way you can quote the funny characters? As I recall you can't but if you dig about you might find a way... maybe? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
vmware3 -CURRENT.
Hi, I've just CVSupped to -CURRENT in an attempt to learn more about FreeBSD development in general. However, vmware3 no longer works. I get errors about vmnet1 not existing, yet I have the appropriate entries in /compat/linux/dev. However, I /do/ have a vmnet4097 when I run ifconfig. I notice that ls -ld /compat/linux/dev/vmnet1 shows: crw-r--r-- 1 root wheel 149, 0x0081 Mar 5 12:49 /compat/linux/dev/vmnet1 while ls -ld /dev/vmnet1 shows: crw--- 1 root wheel 226, 0x0011 Mar 5 12:01 /dev/vmnet1 I searched on the mailing lists and eventually found an old PR (http://www.freebsd.org/cgi/query-pr.cgi?pr=48608) that seems as though it might be relevant. Any suggestions? Or am I being optimistic in thinking vmware3 will run on -CURRENT? -lewiz. P.S. I rebuilt all of the necessary packages after the upgrade. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Growing RAID5 (using RAID0).
On Fri, Mar 05, 2004 at 11:28:17PM +1100, Tony Frank wrote: On Thu, Feb 26, 2004 at 02:15:14PM +, Lewis Thompson wrote: i.e. can I create a RAID0 volume from two RAID5 volumes? I understand this might sound a little odd but if it works it would be the ideal solution for me. I would also be interested in hearing how other people might have overcome this problem of growing a large RAID5 volume. As you didnt post anything about your implementation I can only guess. If you are using hardware raid5 for each disk set and it cannot do raid0 on top you could look at using software raid0 to join the two hardware sets. Eg vinum can do raid0 in software over raid5 in hardware. If you are doing this purely in software it will depend on what software you use. If using vinum I believe you can only mirror across two (or more) raid5 plexes, so probably not what you want to do. Yes. I forgot to specify but this was going to be purely software RAID. I've recently had a little trouble buying a hardware ATA raid card (I was shipped an incorrect model and lost out about GBP 100!) so until then I'm software only. I looked at (I think) raidframe (?) and this /appeared/ to support this functionality but I wasn't sure if it was something Vinum was also able to do. It seems you have clarified this for me. Thanks a lot! -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Network File System (Coda, AFS) question.
Hi, I'm interested in setting up a distributed file system across two 5.2.1 machines. I wanted this to work such that the two machines had /different/ data but through the use of some software they can be ``mounted'' to provide a single large volume (almost the same way that the RAID0 works). First of all I'm not sure that this is possible -- I'm having a little trouble understanding some of the Coda terminology. If somebody could confirm/refute this I'd be interested. Secondly does anybody know which is my best bet (in general -- regardless of network concat support)? AFS ports seem to be nonexistent (bar a client) while Coda has a version 6 port (but no documentation newer than 2000 that I can see). If Coda is not able to do what I want -- does anybody know another way to do this? Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Growing RAID5 (using RAID0).
Hi, I've been thinking about this and I'm wondering if it is possible to do something like the following: I have an existing RAID5 volume, comprised of just 3 120GB disks. However, I've just bought three more 250GB disks that I also want to RAID5. I would still like a single volume, comprising the size of the two RAID5 volumes. Could this be possible through the use of RAID0? i.e. can I create a RAID0 volume from two RAID5 volumes? I understand this might sound a little odd but if it works it would be the ideal solution for me. I would also be interested in hearing how other people might have overcome this problem of growing a large RAID5 volume. Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: framebuffer fro freebsd
On Sat, Feb 21, 2004 at 04:58:53PM -0500, Lowell Gilbert wrote: Rahul Sawarkar [EMAIL PROTECTED] writes: is there a framebuffer port for freebsd? i want to run my console in 1024x768. Why would you want a framebuffer for that? Do you have frame grabber hardware or something? If all you want is a 1024x768 video mode driving the text console, vidcontrol(1) can do that, but I don't understand the connection to a frame buffer... Is it just me or does vidcontrol look ugly when compared to Linux's console framebuffer that allows high-resolution console displays? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Shell script containing passwords.
On Tue, Feb 10, 2004 at 10:12:09AM -0500, Lowell Gilbert wrote: Lewis Thompson [EMAIL PROTECTED] writes: I am worried that because the script must be read/writeable by the Apache user (www) that anybody that can write a PHP script on my machine can read the auth script and read the passwords that would be contained within -- those to my MySQL server. Why would the script be readable or writeable by any user? It only needs to be executable, right? Well, since it's an interpreted script (it's some standalone PHP) in order to execute it, the user must be able to read it. Since the script holds passwds that means that any user with the ability to run it can get the passwds (in my case to access my MySQL server). This is a ``flaw'' with the way Apache works because everything Apache executes must be +rw for the Apache user (www). As a result any person able to write PHP code (all of my users) can read anything that the Apache user can, because mod_php executes as the Apache user. There are security features in PHP (safe_mode) but these conflict with a large number of PHP scripts. I'm trying to work it out this way now but it's a lot of hassle. Thanks for your response, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Shell script containing passwords.
On Tue, Feb 10, 2004 at 03:56:08PM +, Peter Risdon wrote: Lewis Thompson wrote: I am worried that because the script must be read/writeable by the Apache user (www) that anybody that can write a PHP script on my machine can read the auth script and read the passwords that would be contained within -- those to my MySQL server. All you can do really is store the passwords themselves in an include file that you put in the most secure place possible, preferably not in webspace. But I imagine you have this covered. Yeah, but this is really security through obscurity, not something I'm keen on ;) Is there any way I can have a script that is not readable by a user, while still allowing that user to execute it? Maybe through using a wrapper of some sort? I do not have UFS2 so I cannot use ACLs. Not that I know of, but have you considered compiling apache with suexec? Assuming your other users have seperate logins, this might work. You can have apache execute scripts as the appropriate user, not www. That way, a 700 permission should prevent other users from reading your scripts. I read some stuff about this. I got the impression it required using PHP as a CGI, instead of mod_php. Am I wrong in thinking this? The overhead of using PHP as CGI is a little too high because the server is already pretty stretched... Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Shell script containing passwords.
On Tue, Feb 10, 2004 at 05:52:17PM +0100, Robert Barten wrote: No need for safe_mode, set php_admin_value open_basedir /www/dir/to/user/ in your vhost config, add if desired /tmp/phpupload/:/tmp/phpsession/ Yes, I've looked at this. However, I want to use userdir=public_html for serving PHP from people's public_html dir in their home dir. This doesn't seem compatible with open_basedir (open_basedir=/home/*/public_html doesn't work) and I can't find any other way to do it. Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Shell script containing passwords.
On Tue, Feb 10, 2004 at 09:41:22AM -0600, Eric F Crist wrote: Check the syntax for the .htaccess files in the httpd.conf file. This is a file that must be non-readable by regular users via php, but apache has a filter written within the httpd.conf file to disallow access. I know it's about 3/4 of the way down the page. Am I correct in assuming you mean set this sort of security up for the files I wish to protect? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Shell script containing passwords.
Hi, I'm trying to write a script to use with the Apache auth plugin mod_auth_any. I have the whole setup working, bar the script that does the authentication. I am worried that because the script must be read/writeable by the Apache user (www) that anybody that can write a PHP script on my machine can read the auth script and read the passwords that would be contained within -- those to my MySQL server. Is there any way I can have a script that is not readable by a user, while still allowing that user to execute it? Maybe through using a wrapper of some sort? I do not have UFS2 so I cannot use ACLs. Any suggestions for this as I'm stumped. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: X11 forwarding (with ``screen'' option)?
On Sat, Feb 07, 2004 at 02:43:05PM -0800, Kris Kennaway wrote: On Sat, Feb 07, 2004 at 12:16:00PM +, Lewis Thompson wrote: Is there any such thing as screen for X applications? There's xmove, but it's a bit buggy. It's a great idea though, I wish someone would make it work better. This is great! I spent quite a while figuring out how to get it to work (there isn't a great deal available on the Internet, which is a real pity). When I asked for a screen for X I really didn't quite expect that is exactly what I'd get. I think I might try and figure out how this works in detail and have a go at hacking together a HOWTO or brief tutorial. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
xmove over SSH.
Hi, At Kris Kennaway's suggestion I have been trying out xmove, which allows me to suspend an X app, move it between X displays, etc. I've got this working great on one machine (actually a jail), where my sshd_config has: X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost no I start xmove and it prints: Implementing MIT-MAGIC-COOKIE-1 user authentication XMove 2.0 ready. However. On another machine (not a jail), which the same sshd_config, except with X11UseLocalhost yes, I only get this message: XMove 2.0 ready. i.e. it doesn't seem to read my MIT magic cookie. I checked this by changing the X11UseLocalhost to no on the problematic machine and xmove then reads the cookie. However, with this setting I am unable to get any display forwarded, even something simple like xclock without any xmove. Any suggestions how I might fix this one? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
X11 forwarding (with ``screen'' option)?
Hi, I'm experimenting with X11 forwarding and I have it working so I can ssh to my server and fire up an application just great. This is forwarded to my laptop and works fine. However, I want to run something that is mostly going on in the background (non-interactive) but my Internet link is never perfect. Is there any such thing as screen for X applications? Would vnc work for just one application, or would it create unnecessary overhead? Any other suggestions? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Apache2 mod_auth_ldap (FreeBSD-specific problem?)
Hi, I've got a working Apache2 server that I've just recompiled to support mod_auth_ldap. The ldap stuff all works great (I'm using it via Samba). However, when I set up LDAP for authentication in my .htaccess file: AuthLDAPURL ldap://yellow.lewiz.org/ou=People,dc=lewiz,dc=org?uid require user lewiz and try and authenticate I get the following in my Apache error log: [notice] child pid 99543 exit signal Segmentation fault (11) I've done some Googling and this appears to often be associated with mod_php4 and mod_auth_ldap being compiled against different LDAP SDKs. To my knowledge this is not the case (I would love some help determining for certain if this is correct) -- I only have OpenLDAP21. So, as it appears to not be the common problem I wonder whether it might be FreeBSD-specific. Has anybody else run into this? Solutions? Suggestions? Any help would be greatly appreciated :) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Big troubles running FreeBSD on a Shuttle nForce2
On Tue, Jan 20, 2004 at 09:08:53PM +, anubis wrote: On Tue, 20 Jan 2004 02:26 am, Raphael Dinge wrote: I've installed a long ago FreeBSD 5.1 on my mother's computer which is a shuttle with nvidia nforce2 motherboard. The computer crashes for reasons I can't explain. Since 5.2 was out, I installed it, and the problems are still consistent. There are a number of issues with this kind of machine and they arent limited to freebsd. We have a number of these machines running windas at work. 1 works perfectly and the others are a bit flakey. We had a long look at this problem and what it comes down to is these machines have shared memory for the video. They are very fussy about what kind of ram they use. This is why when you start using the video heavily there is problems. Our good machine used good ram and the other funky ones use unsupported ram. There are 2 possible solutions. One solution is to look at the nvidia site and only use the ram they suggest for igp boards. Second solution is put in a seperate video card. I am using a stick of Crucial 256MB DDR266 PC2100 RAM. I picked it up a few months ago from www.ebuyer.com for £29.99. I have no problems with this, so it might be worth checking out. What I'd suggest is swap the RAM from your Shuttle to your Mum's Shuttle and see how you get on. If they switch around you can really be sure it is the RAM. Best wishes, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Wrong pixmaps directory (port problem).
Hi, I'm trying to create a port and everything is working fine, except that the pixmaps get installed in /usr/X11R6/share/pixmaps/app instead of /usr/X11R6/share/gnome/pixmaps/app. Apart from these pixmaps there is just the application binary itself. Can anybody suggest how I can get it to install the pixmaps in the correct location? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Network timeout.
Hi, I'm having problems with my network connection timing out during large transfers. It's connected to a 10Mbit hub so it's not topping out at the card's maximum throughput. Originally I had a Realtek 8139 card but yesterday I dumped that in favour of a Netgear FA311 (sis chipset) and this seemed to solve all timeout problems of sustained transfers (saturating the connection for a sustained period of time). However, I've just had a couple more timeouts in the last few hours. Obviously I was never sure it was the NIC in the first place but I can't ignore the fact I had a good 20GB transferred without problem yesterday (as opposed to usually around 1GB before the card dies). Data is being uploaded to a Samba server, which reports no errors in the log (and I have no problems uploading a 100Mbit from inside my network). The server is running 4.9-RELEASE and the drive the data is going to is a vinum volume (in case that has any bearing). I'm using ipnat to forward port 139 to inside a jail. Finally, my IP is assigned by a DHCP server -- the lease length is 24h but my IP is static (for the last four months, anyway ;). Any suggestions for the best way to go about tracking the problem down? If anybody needs any more details just ask and I'll do my best to provide. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
XF86Keys.
Hi, I have a funky keyboard with lots of buttons along the top (like Back, Forward, Stop, Refresh, etc.). I use a number of these in fluxbox by defining them in my keys file. However -- can anybody suggest a way I can make the XF86Back key work in firebird? Previously I have hacked the keyboard file so that it generates an ALT+Left (essentially back) but I wonder if there is an easier way. Maybe I should email the firebird developers and see if they would consider adding native support for this key? I understand quite a few keyboards provide it now, through XFree86. Is this a good idea? Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Lots of disks.
Hi, I'm currently using vinum to concatenate two large (120GB) disks, providing a single large(r) valume (240GB in theory ;). At the moment the volume is about 90% full and I'm looking to add three more 120GB disks and set up RAID5. This is somewhat offtopic (not entirely sure if it is FreeBSD or not) but if I were to put two 120GB disks per channel and buy an ATA controller for my PCI bus and put another disk (or some combination of this sort) would Vinum be able to handle it? Is it even possible to have 4 IDE disks? I know the performance would be terrible but I have considered this and realised it is irrelevant since the box only has a 10Mbit connection (it's for storing large data files (videos, etc.)). Now for the slightly off-topic question -- does anybody know of a good hardware RAID IDE controller than can support 5 devices in RAID5? I'm not sure whether such a thing exists (unless it has a primary, secondary and tertiary??? controller) and I fear it might be beyond my price range but I'd be interested to hear anyway. I know I should really be using SCSI or FC for this kind of stuff but I can't afford to go this way and the performance isn't my bottleneck. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: natd ipfw
On Sun, Dec 07, 2003 at 01:11:40PM +0300, Lev Klimin wrote: then natd don't change source address, and ping don't work. I thinked that natd must do NAT whenever and wherever it work. May I be mistaken? You may be. I had a problem a few months ago that seemed very similar. In the end I gave up asking questions and switched to ipf/ipnat (which is now working very well) but it does look very much like a bug somewhere to me. Sorry I can't help you any more than that, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Samba frontend.
Hi, I'm looking for a usable frontend to Samba, allowing me to see people accessing shares, details of files that are open, etc. I don't really care if it's console of GUI (Qt, GTK+, anything) but it would be great if it could run from the log files (allowing me to run from another machine from Samba). If this isn't possible I'll settle for anything :) Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Re: Samba frontend.
On Mon, Dec 01, 2003 at 03:47:00PM -0800, Kevin Stevens wrote: On Mon, 1 Dec 2003, Lewis Thompson wrote: I'm looking for a usable frontend to Samba, allowing me to see people accessing shares, details of files that are open, etc. I don't really Can you describe what you're looking for that the swat utility (installed by default with most Samba installs) doesn't provide? Woohoo! I always thought Swat was just for configuring Samba. That'll do just great, thanks : Best wishes, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
IPsec key renogotiation lag.
Hi, Just a quick question -- when using IPsec on my LAN I'm finding I get short jumps in films, music, etc. when the key renegotiation takes place. I understand this is quite necessary, but can anybody recommend any way to reduce the delay, or remove it totally (short of having much larger timeouts, or buying hardware encryption devices ;)? Any suggestions would be appreciated. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
Require IPSEC transparent.
Hi, I'm wondering if the following situation would be possible: I have a small LAN (one server, three workstations) and want to fully encrypt it (since it's quite easy for somebody to plug into my switch -- I'm at university and the machines are in my room). What I would like is for my server (FreeBSD 4.9-RELEASE) to only accept IPSEC encrypted packets on the range, say, 192.168.0.1-192.168.0.24. Anything above 24 can talk without IPSEC, but all sorts of insecure services are firewalled off. This seems a nice way to do things to me (although I am very open to suggestions) but I have little idea how I would mandate IPSEC packets. I currently have IPSEC ESP/transparent between my server and a workstation so I could easily expand this to more machines. Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgp0.pgp Description: PGP signature
