Re: Radius Authentication
Hi Matt, The three important steps here are as follows: 1.) Confirm that authentication against the RADIUS server succeeds using any command line RADIUS util. 2.) configure /etc/radius.conf as per man pam_radius and man radius.conf 3.) Add a user on the FreeBSD machine whose name corresponds with the Windows domain account (if the name contains spaces then refer to the pre-Windows2000 compatible username in AD). This is mandatory as pam_radius is only used for authentication. UID, GID, home dir and all *nix relevant account parameters are still retrieved from the local user database. An alternative to step 3 would be to use the template_user option in radius.conf, but this means that all your Windows users will appear to the system with same UID/GID as the template_user. MattAD wrote: I would just like to know if anyone on earth has been able to get the pam_radius module working on FreeBSD, using a windows domain username through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd config looks like so: # # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $ # # PAM configuration for the sshd service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_radius.so no_warn try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass authsufficient pam_unix.so no_warn try_first_pass # account account requiredpam_nologin.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account requiredpam_unix.so # session #sessionoptionalpam_ssh.so session requiredpam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass passwordrequiredpam_unix.so no_warn try_first_pass :confused: -- Regards, Todor Genov Systems Operations Verizon Business South Africa (Pty) Ltd [EMAIL PROTECTED] Tel: +27 11 235 6500 Fax: 086 692 0543 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OO 2.4.1 package problem
Hi Ghirai, Is your home directory on an NFS partition by any chance? I ran into similar issues on my diskless environment and resolved it by adding the following to the NFS server and clients' rc.conf files: rpc_lockd_enable=yes rpc_statd_enable=yes rpcbind_enable=yes Also my /usr/local/openoffice.org-2.4.1/program/soffice file has the following lines changed/uncommented: # STAR_PROFILE_LOCKING_DISABLED=1 export STAR_PROFILE_LOCKING_DISABLED # # file locking now enabled by default #SAL_ENABLE_FILE_LOCKING=1 #export SAL_ENABLE_FILE_LOCKING Regards, Todor Genov Systems Operations Verizon Business South Africa (Pty) Ltd Tel: +27 11 235 6500 Fax: 086 692 0543 Ghirai wrote: Hello list, I installed OOo_2.4.1_FreeBSD70Intel_install_en-US.tbz, along with the required deps, as well as diablo-jre-freebsd7.i386.1.6.0.07.02.tbz. Now i'm getting this error: [EMAIL PROTECTED] /usr/home/ghirai]$ openoffice.org-2.4.1 javaldx: Could not find a Java Runtime Environment! The application cannot be started. The component manager is not available. Segmentation fault (core dumped) Any ideas? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: branches, updates, buildworld
[EMAIL PROTECTED] wrote:
Hi,
I'm new to FreeBSD and I'd like to give it a try as a PostgreSQL test
server on an ancient box.
Since I have a lot to learn about this OS, I chose FreeBSD-7.0-RELEASE.
(It's the most current production-ready release now, right?).
On the other hand I'd like to make every possible speed improvement,
because the CPU is [EMAIL PROTECTED] So, my questions are:
1) After reading the docs I remained with the impression that sources
should be updated for -current and -stable branches only. Is this
correct?
The STABLE and CURRENT branch are works-in-progress and change daily,
thus if you wish to follow them you need to update your sources quite
frequently.
The only time the RELEASE branch changes (and needs to be updated) is
when security and bug fixes are applied to the current source tree -
these are known as RELEASE-p? versions. You can follow these updates at
http://security.freebsd.org/advisories and on the
freebsd-security-notifications mailing list.
2) If I'm wrong about (1) how should I update the -release sources in
order to make buildworld with additional gcc optimisations?
make buildworld in /usr/src will compile whatever sources you have in
the directory. Whether the compiled code is optimized depends on what
you put in /etc/make.conf
If you haven't done a cvsup since your installation then you have the
7.0-RELEASE source which was on the CD.
If you want to obtain the latest 7.0-RELEASE-p? source you need to
cvsup with tag=RELENG_7_0 in the cvsup config file. Thereafter you do a
buildworld/installworld (and buildkernel/installkernel) which will then
give you the latest -RELEASE version (7.0-RELEASE-p4 if I am not mistaken).
Similarly tag=RELENG_7 will fetch the -STABLE branch and tag=. will
fetch the -CURRENT branch, but you should probably stick with RELENG_7_0
3) make buildworld re-compiles _everything_ or the base system only?
It recompiles the base system. For updates to packages installed from
ports look at portupgrade.
4) Will make buildworld fail with a make.conf like this:
PERL_VER=5.8.8
PERL_VERSION=5.8.8
BDECFLAGS=-march=pentium2 -mmmx -pipe -O3 -fomit-frame-pointer \
-combine -fno-strict-aliasing
CFLAGS+=${BDECFLAGS}
CXXFLAGS=${CFLAGS}
COPTFLAGS=-march=pentium2 -mmmx -pipe -O3 -fomit-frame-pointer \
-combine -fno-strict-aliasing
BOOTWAIT=3000
DOC_LANG=en
NO_SHAREDOCS=True
WITHOUT_MODULES=INET6 zfs wlan firewire lpt joy iscsi cpufreq coda \
coda5 3dfx acpi unionfs ilpt srv4 smbfs reiserfs pccard palm uscanner \
xfs audiocs emu10k1 fm801 neomagic t4dwave cmi emu10kx hda sb16 uaudio \
ad1816 cs4281 envy24 ich sb8 via8233 als4000 csa envy24ht maestro \
via82c686 atiixp driver es137x maestro3 solo vibes au88x0 ds1 mss \
spicds
Seems OK on first inspection. Guess you won't know till you run the
buildworld :)
Regards,
Todor Genov
Systems Operations
Verizon Business South Africa (Pty) Ltd
[EMAIL PROTECTED]
Tel: +27 11 235 6500
Fax: 086 692 0543
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: branches, updates, buildworld
OK. It brings another question. For example Postgres is not a part of the base system. Will it break if i make: ## pkg_add -r postgresql83-server.tbz cvsup /usr/share/examples/cvsup/standard-supfile make buildworld make buildkernel make installkernel reboot (in single mode) mergemaster -p make installworld mergemaster reboot ## The pre-compiled binary depends on certain system calls and library APIs to function. As long as those don't change the binary will continue to work. It's highly unlikely to have any such changes occur between RELEASE-p? versions unless they are extremely critical updates. In fact in most cases you will probably find that your binary will continue to work between RELEASE versions (7.0, 7.1 etc). We trust the developers won't go and and change libc without giving us a heads-up, but you should still read the changelog before upgrading the base system and know what to expect. ...And what should I do if Postgres (or any other arbitrary binary package) breaks afterwards? How should I keep the binary packages up-todate? Actually I intend to compile Postgres from the ports after success in re-building and installing the base system, but the question still remains. You can always reinstall it from ports which will compile and link software according to your existing environment. To manage already installed packages you can use portaudit and portupgrade both of which can be found in the ports tree as well as the pkg_* tools included in the base system. 4) Will make buildworld fail with a make.conf like this: Seems OK on first inspection. Guess you won't know till you run the buildworld :) I was kind of hoping not to figure out the optimal combination of gcc flags by following the generate and test method on Pentium-2. :) Take a look at /usr/share/examples/etc/make.conf and use that as your starting point if you haven't already done so. Most of your options seem to be in line with the recommended defaults except maybe -combined - I have no idea how it will affect the build. I would use -O2 rather than -O3 as there's a good chance you'll end up with broken code rather than any noticeable performance gains. Last but not least: Thanks for the fast and detailed response. I appreciate it very much. Glad I could be of help. Regards, Todor Genov Systems Operations Verizon Business South Africa (Pty) Ltd Tel: +27 11 235 6500 Fax: 086 692 0543 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7 and ESXi
I have ran FreeBSD 6.3 and 7.0 in ESXi and haven't bumped into any problems so far. When they say supported they are referring to service level agreements and technical support should something go wrong, so if you plan to use this in a production environment you need to do some prior testing on your own. Regards, Todor Genov Systems Operations Verizon Business South Africa (Pty) Ltd [EMAIL PROTECTED] Tel: +27 11 235 6500 Fax: 086 692 0543 [EMAIL PROTECTED] wrote: HI all, I'm planning to virtualize a FreeBSD server on a Dell PowerEdge with embedded hipervisor VMware ESXi 3.5. Fbsd isn't listed as supported as guest OS for ESX(i), since version 4.x. Is there any report about problems or impossibility doing that? - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
