Re: Issues with OpenLDAP 2.4.15 and FreeBSD 8.0-CUrrent as well as with FreeBSD 7.2-PRE using DB 4.7
First I see on all FreeBSD flavours (7.2 and 8.0) a coredump of LDAP clients when doing ldapsearch, ldappasswd. The client performs well, but at the end it terminates with some SIG 11. http://www.mail-archive.com/openldap-softw...@openldap.org/msg15161.html Regards, Thierry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pam_start error
in openpam_load_module(): no /usr/local/lib/pam_ldap.so found pam_start:system error FWIW I've just fought a couple hours with the same problem just to realize that I was using openldap-client-2.4.13 together with pam_ldap-1.8.4_1 built against openldap-client-2.4.15_1. Everything is in order now that I've replaced openldap-client-2.4.13 with openldap-client-2.4.15_1. Regards, Thierry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
strange sendmail problems
Hello, I experienced a strange problem with sendmail on FreeBSD 6.1 which happened during a routing problem on a network which isolated my network from the outside. On five out of seven boxes my logs started to show (capital names used to hide real ones) : Aug 30 15:53:13 MYHOST sm-mta[6247]: l7UAqbOp091438: [EMAIL PROTECTED], delay=03:00:00, xdelay=00:00:00, mailer=esmtp, pri=618410, relay=MYMAILER.MYDOMAIN., dsn=4.0.0, stat=Deferred: Name server: MYMAILER.MYDOMAIN.: host name lookup failure Running an MX query with nslookup on MYHOST was correctly giving MYDOMAIN mail exchanger = 1 MYMAILER.MYDOMAIN. and 'host MYMAILER.MYDOMAIN' was correctly resolving the name. The problem did not show up on two boxes. All boxes run 6.1 and have default sendmail configurations. The only difference that I can see is that the two unaffected boxes run dhclient while the affected ones have static IP but I don't how it could affect the issue. Any idea what could explain this? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pam_ldap issues
On Wednesday 04 July 2007 09:35, Eric Masson wrote: Thierry Lacoste [EMAIL PROTECTED] writes: Hello, I have a very similar setting on 6.1 Maybe you have an ACL problem (see below). What does the following command give? ldapsearch -x -D cn=testuser,ou=people,dc=interne,dc=example,dc=org -W The command asks for an ldap password that I type but, the result is : ldap_bind: Invalid credentials (49). I've double checked the password and reinitialized the ldap database, but no change atm. Simplify your slapd.conf as much as possible. When the above ldapsearch works throw in changes step by step. In particular you should probably start with ACLs like these: access to attrs=userPassword by anonymous auth by self write by * none access to * by * read Add loglevel 128 to your slapd.conf to log access control list processing. BTW what does ldapsearch -x -D cn=Manager, dc=interne, dc=example, dc=org -W give? Regards, Thierry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pam_ldap issues
I have a very similar setting on 6.1 Maybe you have an ACL problem (see below). What does the following command give? ldapsearch -x -D cn=testuser,ou=people,dc=interne,dc=example,dc=org -W /usr/local/etc/ldap.conf base dc=interne,dc=example,dc=org uri ldap://127.0.0.1:389/ logdir /var/log/ldap #debug 256 timeout 5 bind_timeout 5 bind_policy soft rootbinddn cn=Manager,dc=interne,dc=example,dc=org BTW I think you can remove this one nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one nss_base_group ou=groups,dc=interne,dc=example,dc=org?one /usr/local/etc/ldap.conf /usr/local/etc/openldap/slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath/usr/local/libexec/openldap moduleloadback_bdb access to dn.base= by self write by * auth access to attrs=userPassword by self write by * auth Replace this one with by anonymous auth access to attrs=shadowLastChange by self write by * auth access to * by * read by anonymous auth I think you sould also remove all the other above lines containing auth. schemacheck on idletimeout 30 backend bdb database bdb suffixdc=interne, dc=example, dc=org rootdncn=Manager, dc=interne, dc=example, dc=org rootpwpassword checkpoint1024 5 cachesize 1 directory /var/db/openldap-data # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub /usr/local/etc/openldap/slapd.conf HTH, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: deleting old mails
On Sunday 03 June 2007 14:01, Christopher Hilton wrote: Thierry Lacoste wrote: I'm running a postfix server on FreeBSD 6.1 and I'd like to have a cronjob which deletes old mails from mboxes in /var/mail. I tried mail/archivemail but it cannot create it's lock file in /var/mail because it runs as the user owning the mailbox on which it operates. I also tried mail/archmbox but I'm wondering if it is safe to use it while postfix is running. Quoting the manual: A few words about locking. There has been a discussion about archmbox handles file locking. The answer is simple: no mailbox is ever locked. The reason behind this behavior is that I want archmbox to be as least invasive as possible, so other kind of checks are performed to ensure that no data is lost (mailbox has changed/mailbox is in use by another program). I will surely add some locking mechanism in the future. Any help would be appreciated. Have you consider using Maildir/ format instead? A switch to Maildir/ format would allow you to use the find program to weed out your mailbox and locking is not an issue. AFAICS the Maildir/ format implies that mails are delivered to the home directory of the users. On the mail server the home diretory is NFS-mounted read-only just to be able to see the .forward files. Users are required to use only pops to read their mail (qpopper is on the mail server) and I wanted to avoid unnecessary network traffic: from the mail server to the NFS server upon mail receipt and in the other way when readind mail with pops. Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Recommendations for config file revision control
Do you have an idea of how to manage symlinks with jailed software? Thierry. On Saturday 02 June 2007 01:35, Maxim Khitrov wrote: On 6/1/07, Kevin Downey [EMAIL PROTECTED] wrote: On 6/1/07, Maxim Khitrov [EMAIL PROTECTED] wrote: Hi everyone, I'm currently setting up a new server, and I'd like to keep track of all changes made to various config files (in /etc, /usr/local/etc, and a few other places perhaps). My first thought was to setup a subversion server which would contain the partial directory structure that matches that of the server's starting at /. It would contain versioned copies of all the configuration files that I want to keep track of in their appropriate locations. What I would do then is write a hook for subversion that will issue an automatic export command (don't want .svn directories everywhere) every time a commit is made to the repository. So to edit some configuration file I would first checkout a working copy of the repository to some other location, make the change and commit it. The server would be automatically updated with the new file and I would be able to keep track of every change. This seems like a decent strategy to me, but before I go off writing the scripts and setting up the server I wanted to ask what you guys might be using to keep track of the server configuration (backups don't count)? Is there an easier way of doing the same thing, for example, eliminating the need to do a working copy checkout first? Perhaps a way to monitor certain files for changes, and automatically commit them every time a change is saved. I'd be glad to hear any suggestions you might have in this regard. If possible, I'd like all the versioned files to contain an id string, so that it's easy to determine when the file was last changed and by whom, but this is optional. For the most part I just need a way of going back to previous versions. Thanks, Maxim Khitrov What is the objection to having the metadata directories (.svn) everywhere? Well to be honest, I just really don't like that design. I think the metadata should be separated out from the data, and placing .svn directories into each directory of the project seems like a bad idea to me. I understand why it was done this way, but I wish that some extra effort was put in to consolidate all that information into perhaps a single .svn directory in the root of the project. That, and since they keep copies of the original files it also creates additional storage requirements, but for storing configuration files I don't really care. I did just think of another thing I could do. What if I create a new directory on the server, and move all configuration files from their original location to this directory. I then make then make it into an svn working directory, and in place of the original files put symlinks that point to the corresponding file in the working directory. This would mean that I no longer have .svn directories all over the file system, there is just one working directory that is separate from everything else. Instead of an export operation I could have the hook script do an update, and this would also give me a rather simple way of editing the files locally on the server (plus it has the advantage of quick access to all important files without having to constantly move from /etc to /usr/local/etc). Does this seem like a decent idea to try and do? Might some software have a problem with its configuration file being a symlink to some other location? devel/bazaar-ng is rather nice, and distributed vcs is very flexible. Will take a look at this as well, thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Recommendations for config file revision control
I did just think of another thing I could do. What if I create a new directory on the server, and move all configuration files from their original location to this directory. I then make then make it into an svn working directory, and in place of the original files put symlinks that point to the corresponding file in the working directory. This would mean that I no longer have .svn directories all over the file system, there is just one working directory that is separate from everything else. Instead of an export operation I could have the hook script do an update, and this would also give me a rather simple way of editing the files locally on the server (plus it has the advantage of quick access to all important files without having to constantly move from /etc to /usr/local/etc). Does this seem like a decent idea to try and do? Might some software have a problem with its configuration file being a symlink to some other location? Sorry for my previous top-posting. Will a chrooted named work if you make files in /var/named/etc/namedb/ symlinks to the working directory ? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Recommendations for config file revision control
I keep track of my servers config files with CVS. Let's say I want to track a machine named 'box'. On this machine I have a working copy of the cvs module box in /root/box. I have a couple of scripts cvs-add and cvs-ci. 'cvs-add /etc/rc.conf' copies /etc/rc.conf to /root/box/etc/rc.conf and then adds it to the cvs repository. 'cvs-ci -m message /etc/rc.conf' verifies that /root/box/etc/rc.conf exists and that the two files are indeed different then makes the copy and checks it in the repository. Finally I install a cronjob which checks if the files in the working copy are indeed identical to the 'real' files they mirror. It's very simple but very handy. However I'd like to hear about alternative solutions. Regards, Thierry. On Friday 01 June 2007 21:27, Maxim Khitrov wrote: Hi everyone, I'm currently setting up a new server, and I'd like to keep track of all changes made to various config files (in /etc, /usr/local/etc, and a few other places perhaps). My first thought was to setup a subversion server which would contain the partial directory structure that matches that of the server's starting at /. It would contain versioned copies of all the configuration files that I want to keep track of in their appropriate locations. What I would do then is write a hook for subversion that will issue an automatic export command (don't want .svn directories everywhere) every time a commit is made to the repository. So to edit some configuration file I would first checkout a working copy of the repository to some other location, make the change and commit it. The server would be automatically updated with the new file and I would be able to keep track of every change. This seems like a decent strategy to me, but before I go off writing the scripts and setting up the server I wanted to ask what you guys might be using to keep track of the server configuration (backups don't count)? Is there an easier way of doing the same thing, for example, eliminating the need to do a working copy checkout first? Perhaps a way to monitor certain files for changes, and automatically commit them every time a change is saved. I'd be glad to hear any suggestions you might have in this regard. If possible, I'd like all the versioned files to contain an id string, so that it's easy to determine when the file was last changed and by whom, but this is optional. For the most part I just need a way of going back to previous versions. Thanks, Maxim Khitrov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
deleting old mails
I'm running a postfix server on FreeBSD 6.1 and I'd like to have a cronjob which deletes old mails from mboxes in /var/mail. I tried mail/archivemail but it cannot create it's lock file in /var/mail because it runs as the user owning the mailbox on which it operates. I also tried mail/archmbox but I'm wondering if it is safe to use it while postfix is running. Quoting the manual: A few words about locking. There has been a discussion about archmbox handles file locking. The answer is simple: no mailbox is ever locked. The reason behind this behavior is that I want archmbox to be as least invasive as possible, so other kind of checks are performed to ensure that no data is lost (mailbox has changed/mailbox is in use by another program). I will surely add some locking mechanism in the future. Any help would be appreciated. Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SOLVED : nfs issue after client crash
Somebody gave me the answer to my question http://lists.freebsd.org/pipermail/freebsd-questions/2006-November/135179.html I'm posting it in case somebody hits a similar problem. I have a bunch of Ubuntu clients which mount /home at boot time from a FreeBSD 6.1 NFS server. When a client crashes it won't mount /home at boot. In that case, trying to mount manually gives can not read super bloc. The client still appears in the showmountoutput of the server. Sometimes /home will be mounted after the second reboot but sometimes not even after several reboots (I haven't been able to find a regular pattern here). If I restart the NFS server or just wait long enough (e.g. one day) everything is OK. By default the client is using NFS/TCP and when it crashes it does not release the TCP connection. It appears that the server then refuses to establish a second connection. On the linux clients I'm now using mount -o udp /home in my rc.local and everything seems fine. Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: check_disk_smb: another nagios problem
I tried that: define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb -H $HOSTADDRESS$ -s public -w 85% -c 95% } But I still have a CRITICAL error in nagios (Access Denied) On the samba server I have this in log.smbd: [2006/11/23 11:34:26, 0] auth/auth_domain.c:domain_client_validate(242) domain_client_validate: unable to validate password for user -H in domain MIAGE to Domain controller CASTOR. Error was NT_STATUS_NO_SUCH_USER. On Wednesday 22 November 2006 20:37, Jeremy Johnston wrote: I had problems with this at first then I added -w 85% -c 95% to the command_line and it works great now. Thierry Lacoste wrote: There is something weird about check_disk_smb from nagios-plugins-1.4.3,1 on FreeBSD 6.1-RELEASE-p10. From the command line (pwd is /usr/local/libexec/nagios) the switches work as expected: # ./check_disk_smb -H 194.214.13.140 -s public -u guest -p Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public One has the same result without the switches: ./check_disk_smb 194.214.13.140 public guest Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public But the second form is the only way I can make it work within nagios define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb $HOSTADDRESS$ public guest } If I introduce the switches (e.g like below) I have all sorts of errors (invalid warning threshold, Access denied, etc ...) depending on the order of the arguments. define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb -H $HOSTADDRESS$ -s public -u guest -p } Is anybody else seeing this? Have I done something wrong? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
problems with check_dhcp in nagios
Hello, I'm using nagios-2.4 with nagios-plugins-1.4.3,1 on FreeBSD 6.1-RELEASE-p10. I have a problem to make check_dhcp work. dhclient works as expected: [EMAIL PROTECTED] ~]# dhclient em0 DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPDISCOVER on em0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on em0 to 255.255.255.255 port 67 interval 8 DHCPOFFER from 194.214.13.3 DHCPOFFER from 194.214.13.2 DHCPOFFER already seen. DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPACK from 194.214.13.3 bound to 194.214.13.6 -- renewal in 21600 seconds. But check_dhcp doesn't work (with dhclient killed): [EMAIL PROTECTED] ~]# /usr/local/libexec/nagios/check_dhcp -i em0 -v DHCP socket: 3 Hardware address: 000d56bd84c5 DHCPDISCOVER to 255.255.255.255 port 67 DHCPDISCOVER XID: 1804289383 (0x6B8B4567) DHCDISCOVER ciaddr: 0.0.0.0 DHCDISCOVER yiaddr: 0.0.0.0 DHCDISCOVER siaddr: 0.0.0.0 DHCDISCOVER giaddr: 0.0.0.0 send_dhcp_packet result: 548 No (more) data received Result=ERROR Total responses seen on the wire: 0 Valid responses for this machine: 0 DHCP problem: No DHCPOFFERs were received. The -s switch to specify the IP of a DHCP server doesn't help. Using ethereal I can see one DHCP Discover packet sent and nothing else. I don't know if it is relevant but I noticed that the source adress of this packet is the IP of the machine while the source address of DHCP Discover packets issued by dhclient is 0.0.0.0. Any tip would be appreciated. Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
check_disk_smb: another nagios problem
There is something weird about check_disk_smb from nagios-plugins-1.4.3,1 on FreeBSD 6.1-RELEASE-p10. From the command line (pwd is /usr/local/libexec/nagios) the switches work as expected: # ./check_disk_smb -H 194.214.13.140 -s public -u guest -p Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public One has the same result without the switches: ./check_disk_smb 194.214.13.140 public guest Domain=[MIAGE] OS=[Unix] Server=[Samba 3.0.22] Disk ok - 396M (79%) free on \\194.214.13.140\public But the second form is the only way I can make it work within nagios define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb $HOSTADDRESS$ public guest } If I introduce the switches (e.g like below) I have all sorts of errors (invalid warning threshold, Access denied, etc ...) depending on the order of the arguments. define command{ command_namecheck_disk_smb command_line$USER1$/check_disk_smb -H $HOSTADDRESS$ -s public -u guest -p } Is anybody else seeing this? Have I done something wrong? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
nfs issue after client crash
I have a bunch of Ubuntu clients which mount /home at boot time from a FreeBSD 6.1 NFS server. When a client crashes it won't mount /home at boot. In that case, trying to mount manually gives can not read super bloc. The client still appears in the showmountoutput of the server. Sometimes /home will be mounted after the second reboot but sometimes not even after several reboots (I haven't been able to find a regular pattern here). If I restart the NFS server or just wait long enough (e.g. one day) everything is OK. Is this a server or a client issue? Is this related to the client still showing up in showmount? Is there a better workaround than restarting the NFS server? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clock running too fast
Thank you. I tried TSC, ACPI-fast and i8254 but I still have the same problem. Best regards, Thierry. On Sunday 29 October 2006 15:46, Chuck Swiger wrote: Thierry Lacoste wrote: On one of my servers running 6.1-RELEASE-p10 I cannot keep the clok synchronized using ntpd. AFAICS this is certainly because the clock is running way too fast (about one second per minute). After I run ntpdate then ntpd the clock is drifting and /var/db/ntp.drift contains 0.00. Is there a way to slow down the system clock (something like tickadj under some linux distributions) ? Take a look at sysctl kern.timecounter, and choose another clock from the list of choices (by setting kern.timecounter.hardware to something else in the list of choices). If you are using TSC now, especially on a dual-CPU system, try using ACPI-safe or i8254 instead. If you are using the ACPI timecounter, try looking for a BIOS update for your hardware; perhaps that might fix the bogus clock. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
clock running too fast
On one of my servers running 6.1-RELEASE-p10 I cannot keep the clok synchronized using ntpd. AFAICS this is certainly because the clock is running way too fast (about one second per minute). After I run ntpdate then ntpd the clock is drifting and /var/db/ntp.drift contains 0.00. Is there a way to slow down the system clock (something like tickadj under some linux distributions) ? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: problems with a LaCie USB disk
I have further informations about a problem I described some days ago. With FreeBSD 6.1-RELEASE-p10 on a Dell PowerEdge 850, when I plug a brand new LaCie 500 GB USB disk I have this: Sep 28 18:24:57 polaris kernel: umass0: LaCie Group.SA BigDisk Extreme, rev 2.00/1.18, addr 2 Sep 28 18:24:59 polaris kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Sep 28 18:24:59 polaris kernel: da0: LaCie BigDisk Extreme Fixed Direct Access SCSI-4 device Sep 28 18:24:59 polaris kernel: da0: 40.000MB/s transfers Sep 28 18:24:59 polaris kernel: da0: 476950MB (976794112 512 byte sectors: 255H 63S/T 60802C) After 'newfs /dev/da0' I'm able to mount it and use it. When I unplug it (after unmounting) and shut it down I'm unable to use it again. Here's all I get when I plug it in again: Oct 4 12:18:28 polaris kernel: ugen0: Texas Instruments TUSB6250 Boot Device, rev 2.00/3.00, addr 2 I tried with two different new LaCie disks and I have the same behavior. I tried both disks on a Dell Precision 650 with 6.1-RELEASE-p10 and everything works fine. I'm really confused and I would be grateful if someone could give me a clue. Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
following RELENG_6_1
I have a bunch of servers running FreeBSD 6.1-RELEASE. They perform crucial tasks like Samba domain control, LDAP directory, mail, etc... Though I'm reluctant to touch them I feel that the recent Security Advisories (especially about ssh ans ssl) are a very good reason to follow RELENG_6_1. I'd be grateful if someone could answer the following questions. Is it possible that an upgrade might break software installed from the port? I'm planning to use a build machine as explained in Tracking for Multiple Machines http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html What are the alternatives? Is there an easiest yet safe way to go? I was interested by /usr/ports/security/freebsd-update but some of my kernels have options QUOTA so I guess it rules out freebsd-update. Quoting FreeBSD-SA-06:23.openssl NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. How can I find the applications which fall in this category? Best regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
problems with a LaCie USB disk
I'm running FreeBSD 6.1-RELEASE on a Dell PowerEdge 850. When I plug a brand new LaCie 500 GB USB disk I have this: Sep 28 18:24:57 polaris kernel: umass0: LaCie Group.SA BigDisk Extreme, rev 2.00/1.18, addr 2 Sep 28 18:24:59 polaris kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Sep 28 18:24:59 polaris kernel: da0: LaCie BigDisk Extreme Fixed Direct Access SCSI-4 device Sep 28 18:24:59 polaris kernel: da0: 40.000MB/s transfers Sep 28 18:24:59 polaris kernel: da0: 476950MB (976794112 512 byte sectors: 255H 63S/T 60802C) After 'newfs /dev/da0' I'm able to mount it and use it. When I unplug it (after unmounting) and shut it down I'm unable to use it again. Here's all I get when I plug it in again: Oct 4 12:18:28 polaris kernel: ugen0: Texas Instruments TUSB6250 Boot Device, rev 2.00/3.00, addr 2 Did I miss something? Best regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/etc/crontab and mail
Answering myself it may be related to http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-April/086659.html I'm using openldap-server-2.3.24 and nss_ldap-1.250. My /var/log/debug.log was full of: Jul 22 20:34:04 castor sm-mta[58735]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found Jul 22 20:34:04 castor last message repeated 3 times Jul 22 20:34:04 castor sm-msp-queue[58736]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found Jul 22 20:34:04 castor sm-msp-queue[58736]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found Jul 22 20:35:00 castor cron[58738]: NSSWITCH(nss_method_lookup): ldap, group, setgrent, not found Jul 22 20:35:00 castor cron[58738]: NSSWITCH(nss_method_lookup): ldap, group, getgrent_r, not found Jul 22 20:35:00 castor cron[58738]: NSSWITCH(nss_method_lookup): ldap, group, endgrent, not found Jul 22 20:35:00 castor cron[58738]: NSSWITCH(nss_method_lookup): ldap, passwd, endpwent, not found I rebooted the machine and now everything seems to work fine. When I put 14 8 * * * root echo test in /etc/crontab a mail is now sent as expected. Any idea why a reboot seems to have solved the problem? Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/etc/crontab and mail
I have two boxes running FreeBSD 6.1-RELEASE. AFAICS their configuration is identical. On both machines, I put at the end of /etc/crontab: 14 8 * * * root echo test On one machine root receives a mail with test as the boby of the message while on the other machine I have no mail. Here are the relevant entries in /var/log/maillog: Jul 21 08:14:00 pollux sendmail[61144]: k6L6E0l1061144: from=root, size=236, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Jul 21 08:14:00 castor sendmail[11872]: k6L6F0mP011872: from=root, size=0, class=0, nrcpts=0, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] I'm really confused. Can someone shed some light? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Segmentation fault with smbpasswd
On Tuesday 11 July 2006 18:24, Micah wrote: Thierry Lacoste wrote: I'm running FreeBSD 6.1-RELEASE and installed samba-3.0.22,1 from a relatively recent snapshot or /usr/ports. Here is the global section of my /usr/local/etc/smb.conf: [global] workgroup = OFFICE server string = Samba Server passdb backend = tdbsam logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes After a fresh install of samba smbpasswd gives this: [EMAIL PROTECTED] ~]# smbpasswd -a admin New SMB password: Retype new SMB password: Unable to open/create TDB passwd Unable to open/create TDB passwd pdb_getsampwnam: TDB passwd (/usr/local/private/passdb.tdb) did not exist. File successfully created. Segmentation fault: 11 (core dumped) Then it gives this: [EMAIL PROTECTED] ~]# smbpasswd -a admin New SMB password: Retype new SMB password: Unable to open/create TDB passwd pdb_getsampwnam: Unable to open TDB passwd (/usr/local/private/passdb.tdb)! account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 TDBSAM version too old (0), trying to convert it. TDBSAM converted successfully. Added user admin. After that, samba seems to work properly. If I touch /usr/local/private/passdb.tdb after a fresh install of samba I have directly the second behavior (no segfault) and then again samba is operational. What did I miss? Regards, Thierry. You possibly found a bug in the port. Contact the maintainer or file a pr. HTH, Micah Thanks. I did contact the maintainer. I tried with FreeBSD 6.0-RELEASE and samba-3.0.14a_1,1 from the ToolKit disk. When I first use smbpasswd I only have the account_policy_get failures (no segfault). BTW I searched the web about the account_policy_get failures but couldn't find any explanation exept that it is safe to ignore those messages when smbpasswd is used for the first time. Can someone shed some light on them? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Segmentation fault with smbpasswd
I'm running FreeBSD 6.1-RELEASE and installed samba-3.0.22,1 from a relatively recent snapshot or /usr/ports. Here is the global section of my /usr/local/etc/smb.conf: [global] workgroup = OFFICE server string = Samba Server passdb backend = tdbsam logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes After a fresh install of samba smbpasswd gives this: [EMAIL PROTECTED] ~]# smbpasswd -a admin New SMB password: Retype new SMB password: Unable to open/create TDB passwd Unable to open/create TDB passwd pdb_getsampwnam: TDB passwd (/usr/local/private/passdb.tdb) did not exist. File successfully created. Segmentation fault: 11 (core dumped) Then it gives this: [EMAIL PROTECTED] ~]# smbpasswd -a admin New SMB password: Retype new SMB password: Unable to open/create TDB passwd pdb_getsampwnam: Unable to open TDB passwd (/usr/local/private/passdb.tdb)! account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0 TDBSAM version too old (0), trying to convert it. TDBSAM converted successfully. Added user admin. After that, samba seems to work properly. If I touch /usr/local/private/passdb.tdb after a fresh install of samba I have directly the second behavior (no segfault) and then again samba is operational. What did I miss? Regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
monitoring raid arrays
I'm running FreeBSD 6.1 on a Compaq Proliant and a Dell PowerEdge 1800. They have hardware raid 1 arrays controlled respectively by a Compaq Smart Array 532 controller and PERC 4/SC. Here is the relevant dmesg output on the Proliant: ciss0: Compaq Smart Array 532 port 0x4000-0x40ff mem 0xf7fc-0xf7ff,0xf7ef-0xf7ef3fff irq 24 at device 3.0 on pci7 [snip] da0 at ciss0 bus 0 target 0 lun 0 da0: COMPAQ RAID 1 VOLUME OK Fixed Direct Access SCSI-0 device da0: 135.168MB/s transfers da0: 34727MB (71122560 512 byte sectors: 255H 32S/T 8716C) Here is the relevant dmesg output on the PowerEdge: amr0: LSILogic MegaRAID 1.53 mem 0xf80f-0xf80f irq 37 at device 5.0 on pci2 amr0: delete logical drives supported by controller amr0: LSILogic PERC 4/SC Firmware 351S, BIOS 1.10, 64MB RAM [snip] amr0: delete logical drives supported by controller amrd0: LSILogic MegaRAID logical drive on amr0 amrd0: 139900MB (286515200 sectors) RAID 1 (optimal) What are my options to monitor the status of these arrays? Best regards, Thierry. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD loader
How can I configure the loader of FreeBSD 5.2 such that the default is loading the kernel with ACPI support. with ACPI is the default, is it not? No. When I let the loader timeout, it does not load the acpi.ko module. This is the second choice. This is the way /boot/beastie.4th operates; at least for FreeBSD 5.2 installed from the freebsdmall CDs. Huh, that's strange, I could have sworn it was on mine...but nevermind that, on to a solution. Ideally, all the acpi option does is load the acpi module, so if you use /boot/loader.conf (man loader.conf) you could use the load keyword and it should load it right up on boot. It works. Thanks. Now the problem with your solution is that the acpi module is loaded unconditionally. I'd like to make acpi the default but keep the possibility of loading FreeBSD without acpi in case there's a problem with it. In other words, my present beastie menu begins with 1. Boot FreeBSD [default] 2. Boot FreeBSD with ACPI enabled and I'd like to just swap these options. Regards, Thierry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD loader
How can I configure the loader of FreeBSD 5.2 such that the default is loading the kernel with ACPI support. I'd like to make minimal changes. I thought I could exchange the values of the variables bootkey and bootacpikey in /boot/beastie.4th but I couldn't find where their values are set. Regards, Thierry Lacoste. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD loader
How can I configure the loader of FreeBSD 5.2 such that the default is loading the kernel with ACPI support. with ACPI is the default, is it not? No. When I let the loader timeout, it does not load the acpi.ko module. This is the second choice. This is the way /boot/beastie.4th operates; at least for FreeBSD 5.2 installed from the freebsdmall CDs. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]