Re: 802.1X authenticator for FreeBSD

2017-10-18 Thread Charles Sprickman via freebsd-stable 

> On Oct 18, 2017, at 1:10 PM, Peter Ankerstål  wrote:
> 
>> 
>> I’m under the impression that the authenticator function in a wired network 
>> is usually part of the switch, and the switch will talk to some 
>> authentication server like RADIUS, giving it the port number of the 
>> connected device and additional information.
>> 
>> If FreeBSD had such a function, I think it would be limited to 
>> point-to-point Ethernet links, 802.1x being a link-layer protocol.
>> 
> 
> Yes I know, but this is functional in hostapd for Linux and it would be nice 
> to have it in FreeBSD as well. 

I’m not seeing this in FreeBSD, but pfsense does claim to support 802.1x for 
wifi.

I just happen to be reading about radius (last I used it was for dialup) for 
wifi auth and the quick overview on the radius side of things is that the AP 
software sends your auth info as well as MAC and a bunch of other stuff, and 
the radius server (much like dialup) sends back all sorts of info beyond auth 
success/fail - session timeout, info on what VLAN the client may be on, 
firewall policies, etc. Pretty cool stuff.

Charles

> 
> Thanks anyway!
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: programm to edit rc.conf key/values ?

2017-10-18 Thread Ian Smith 
On Wed, 18 Oct 2017 15:30:42 +0200, Stefan Esser wrote:
 > Am 18.10.17 um 14:32 schrieb Kurt Jaeger:

 > > man rc.conf and man rc need a pointer to this!
 > 
 > Yes, I also once searched for sysrc and had appreciated references
 > in some other man pages ...
 > 
 > Therefore, I've just added those references to rc.8 and rc.conf.5,
 > as you suggested.
 > 
 > I forgot to set a MFC reminder, but I'll see that these references
 > are merged to 10 and 11 before the end of the month.

What's wrong with you, man?  Suggestion to commit took almost an hour!  

:-)

Ian
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: 802.1X authenticator for FreeBSD

2017-10-18 Thread Peter Ankerstål 
> 
> I’m under the impression that the authenticator function in a wired network 
> is usually part of the switch, and the switch will talk to some 
> authentication server like RADIUS, giving it the port number of the connected 
> device and additional information.
> 
> If FreeBSD had such a function, I think it would be limited to point-to-point 
> Ethernet links, 802.1x being a link-layer protocol.
> 

Yes I know, but this is functional in hostapd for Linux and it would be nice to 
have it in FreeBSD as well. 

Thanks anyway!
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: 802.1X authenticator for FreeBSD

2017-10-18 Thread Stefan Bethke 


> Am 18.10.2017 um 18:35 schrieb Peter Ankerstål :
> 
> 
> 
>> On 17 Oct 2017, at 22:27, Chris Ross  wrote:
>> 
>> 
>> wpa_supplicant is the client we use at work, on Linux systems.  But, it’s 
>> also the tool described in the FreeBSD wireless configuration pages, so I 
>> know it can be used there.
>> 
>> I haven’t tried FreeBSD with wired 802.1x myself, but just a thought I had.
>> 
>>  - Chris
>> 
> Its my understanding that wpa_supplicant is actually a working client in 
> FreeBSD. But I’m looking for the server side of this.
> 
> It would be just fine if it worked just like hostapd (control access of one 
> nic) and dont have any control over switchports or whatever. Another nice way 
> of doing it would be to have some sort of integration with authpf or pf 
> itself.

I’m under the impression that the authenticator function in a wired network is 
usually part of the switch, and the switch will talk to some authentication 
server like RADIUS, giving it the port number of the connected device and 
additional information.

If FreeBSD had such a function, I think it would be limited to point-to-point 
Ethernet links, 802.1x being a link-layer protocol.


Stefan

--
Stefan Bethke    Fon +49 151 14070811




signature.asc
Description: Message signed with OpenPGP

Re: 802.1X authenticator for FreeBSD

2017-10-18 Thread Peter Ankerstål 


> On 17 Oct 2017, at 22:27, Chris Ross  wrote:
> 
> 
>  wpa_supplicant is the client we use at work, on Linux systems.  But, it’s 
> also the tool described in the FreeBSD wireless configuration pages, so I 
> know it can be used there.
> 
>  I haven’t tried FreeBSD with wired 802.1x myself, but just a thought I had.
> 
>   - Chris
> 
Its my understanding that wpa_supplicant is actually a working client in 
FreeBSD. But I’m looking for the server side of this. 

It would be just fine if it worked just like hostapd (control access of one 
nic) and dont have any control over switchports or whatever. Another nice way 
of doing it would be to have some sort of integration with authpf or pf itself.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: programm to edit rc.conf key/values ?

2017-10-18 Thread Stefan Esser 
Am 18.10.17 um 14:32 schrieb Kurt Jaeger:
> Hi!
> 
>> sysrc nrpe2_enable="YES"
>>
>> for instance
> 
> Yes, that's it! Thanks!
> 
> man rc.conf and man rc need a pointer to this!

Yes, I also once searched for sysrc and had appreciated references
in some other man pages ...

Therefore, I've just added those references to rc.8 and rc.conf.5,
as you suggested.

I forgot to set a MFC reminder, but I'll see that these references
are merged to 10 and 11 before the end of the month.

Regards, STefan
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: programm to edit rc.conf key/values ?

2017-10-18 Thread Kurt Jaeger 
Hi!

> sysrc nrpe2_enable="YES"
> 
> for instance

Yes, that's it! Thanks!

man rc.conf and man rc need a pointer to this!

-- 
p...@opsec.eu+49 171 3101372 3 years to go !
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: programm to edit rc.conf key/values ?

2017-10-18 Thread Ruben 
sysrc nrpe2_enable="YES"

for instance


On 18/10/17 14:20, Kurt Jaeger wrote:
> Hi!
>
> I vaguely remember that there's a new way to edit the content of
> /etc/rc.conf via some command, to be used in scripting system-setups.
>
> Can someone point me into the right direction ?
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

programm to edit rc.conf key/values ?

2017-10-18 Thread Kurt Jaeger 
Hi!

I vaguely remember that there's a new way to edit the content of
/etc/rc.conf via some command, to be used in scripting system-setups.

Can someone point me into the right direction ?

-- 
p...@opsec.eu+49 171 3101372 3 years to go !
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: error instaling any ports

2017-10-18 Thread Denis Granato 
thanks guys , I wil try and let you know
about the kernel, I think was for ipfw or something



On Tue, Oct 17, 2017 at 5:11 PM, Kurt Jaeger  wrote:

> Hi!
>
> > > uname -a
> [...]
> > > *server# uname -aFreeBSD server.avgroup.loc 9.1-PRERELEASE FreeBSD
>
> So you have a PRERELEASE version and you have a custom kernel.
>
> Do you know why that is ? Any specific change that needs to
> be in that kernel config ?
>
> Please check if you have a 'svn' binary somewhere, because it looks
> like you need to do a source upgrade first.
>
> rm -rf /usr/obj /usr/src
> mkdir /usr/src
> cd /usr/src
> svn checkout https://svn.freebsd.org/base/release/9.3.0/ .
> make buildworld
> make buildkernel
> make installkernel
> make installworld
> mergemaster -UiP
> shutdown -r now
> cd /usr/src
> make check-old
> make delete-old
> make delete-old-libs
>
> > *server# freebsd-update -r 9.3-RELEASE upgradeLooking up
> update.freebsd.org
> >  mirrors... 3 mirrors found.Fetching public
> key
> > from update6.freebsd.org... failed.Fetching public key from
> > update5.freebsd.org... failed.Fetching public key from
> > update4.freebsd.org... failed.No mirrors remaining, giving up*
>
> Well, freebsd-update only works on GENERIC kernels and systems, so
> your first step needs to be a source upgrade.
>
> Please note: Your binaries from 9.1-PRE will work on 9.3, and probably on
> 10.x, so no need to worry about the packages installed for now.
>
> You can rebuild your ports when you're on 10.x.
>
> --
> p...@opsec.eu+49 171 3101372 3 years to
> go !
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Cosmetic bug in TOP(1) on i386

2017-10-18 Thread Maurizio Vairani 
Running:

# uname -a



FreeBSD qbic 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug  9
11:17:49 UTC 2017    
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386


after some minutes running top, I can read:


last pid:   853;  load averages:  0.01,  0.09,  0.07
  up 0+00:08:18  14:38:05

27 processes:  1 running, 26 sleeping

CPU:  0.0% user,  0.0% nice,  2.2% system,  0.8% interrupt, 97.0% idle

Mem: 24M Active, 3980K Inact, 79M Wired, 3137M Free

ARC: 36M Total, 17M MFU, 18M MRU, 149K Anon, 870K Header, 800K Other    

    21쿿20mpressed, 352M Uncompressed, 16.94:1 Ratio

Swap:

Seconds to delay:

 PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND

 839 root  1  20    0  7328K  2160K CPU0    0   0:00   0.04% top


where the second ARC line is corrupted. Pressing Ctrl-L corrects the ARC
lines.

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"