Re: ldapd and namespace access
5 jan 2011 kl. 13.59 skrev Joel Carnat: Greetings, I would like to limit the access to my ldapd content. I've read ldapd.conf(5) but there are bits I don't get. The policy I would like to apply is: (1) allow anyone to authenticate (2) allow read access to all namespace by users that have been authenticated There is currently no support for wildcard matching of users. I'm working on a diff to add that. (3) allow write access to their own object to users that have been authenticated (4) deny any other access Right now, I configured (1) allow bind access by any (2) allow read access by self // how to replace self by any authenticated ? (3) allow write access by self (4) deny read access to any by any The last matching rule decides what action is taken, so these rules would always deny read access. For the moment, I am able to authenticate but won't go further: result: 50 Insufficient access What would be the correct rules to implement my policy ? TIA, Jo -martin
Re: multicore processors gain
On Fri, Jan 7, 2011 at 7:54 PM, Ted Unangst ted.unan...@gmail.com wrote: On Fri, Jan 7, 2011 at 1:18 PM, Christian Weisgerber na...@mips.inka.de wrote: I guess Landry doesn't read this list, or he could tell you how his experiment with parallel ports building on a 64-way sparc64 T2 went. With 32 build jobs it looked like this: landry_p22 0.8%Int 48.9%Sys 6.0%Usr 0.0%Nic 44.3%Idle landry_p22 around that all the time My understanding is that the T2 is closer to an 8-way machine. If we could recognize the real cores and balance appropriately, 8 build jobs shouldn't be too bad. At least with a 4-core 8-thread i7 processor, make -j 8 scales reasonably well. In that particular case, dpb jobs are a bit different than just running 'make -j'. It's more like oh let's build XX ports at the same time, which is a perfect stresstest for smp. 32 Build jobs made the machine totally unusable (load was constant around 40/45 iirc), so far i've settled for 12 jobs, which spawns approx ~50/60 make processes in parallel (a single port build spawns 4/5 makes), more or less the same amount of shells, and smth like ~20 ssh process as it's the dpb master node. Load is constant around 20, and the machine is still 'responsive'. 227 processes: 210 idle, 17 on processor All CPUs: 5.8% user, 0.0% nice, 16.9% system, 0.8% interrupt, 76.5% idle Landry
Re: ldp session between openbsd and junos
On Mon, Jan 03, 2011 at 10:54:50PM +0100, Marcel Wiget wrote: Hi, thanks to the recent enhancements in openbsd 4.8-current (thanks!), I started playing with l3vpn's between openbsd and JUNOS (10.4R1) and finally got it working, but I needed to disable RFC 3479 (fault tolerance for ldp) and use the interface's IP as transport-address on the router side and make a small modification in ldpd/hello.c in order to get the ldp hello's from the router accepted. Maybe someone can have a look at the diff below and see if it makes sense. Commited the diff. I guess there is a bit more needed so that we handle various unknown TLVs correctly in hello and initializaion. I hope I can provide a diff for this soon. Btw. I would be interested in the ldpd -dv output of the failures you get when the JUNOS has RFC 3479 enabled or when a different transport addr is used. I have no access to JUNOS systems and my crapy old ciscos don't expose any problems when setting the transport addr with: mpls ldp discovery transport-address 10.83.66.64 -- :wq Claudio
qemu -nographic
Hello, I'm not sure if it is a good idea (or even possible) but I'm trying to run OpenBSD as guest in qmemu on a Soerkis and OpenBSD as host. A Soekris has no graphic capabilities so I need to run qemu in nographic mode. I'm not able to do that until now. I ssh to the Soeris and tried several options: lilium$ qemu -nographic -curses obsd.img qemu: -curses: invalid option lilium$ qemu -nographic obsd.img [no output, but qemu is running] lilium$ tty /dev/ttyp0 lilium$ qemu -nographic -serial /dev/ttyp0 obsd.img QEMU 0.13.0 monitor - type 'help' for more information (qemu) [So I do see monitoring mode, but no console output.] lilium$ qemu -nographic -serial stdio obsd.img chardev: opening backend stdio failed qemu: could not open serial device 'stdio': No such file or directory lilium$ qemu -nographic -serial telnet:localhost:1200,server obsd.img QEMU waiting for connection on: telnet:127.0.0.1:1200,server 'lilium$ telnet localhost 1200` does connect, but gives nothing. Am I doing something wrong, or is it just not possible? Pieter qemu-0.13.0 OpenBSD 4.8-current (GENERIC) #477: Fri Nov 12 01:27:20 MST 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 500 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 536440832 (511MB) avail mem = 517615616 (493MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ 0xfac40 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0xa800 cpu0 at mainbus0: (uniprocessor) amdmsr0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) io address conflict 0x6100/0x100 io address conflict 0x6200/0x200 pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:00:24:ca:da:68 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5, address 00:00:24:ca:da:69 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9, address 00:00:24:ca:da:6a ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 00:00:24:ca:da:6b ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ral0 at pci0 dev 17 function 0 Ralink RT2561S rev 0x00: irq 15, address 00:12:0e:61:48:98 ral0: MAC/BBP RT2561C, RF RT5225 glxpcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 1: HITACHI HTS541680J9SA00 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 7, version 1.0, legacy support ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 7 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask 65c5 netmask ffe5 ttymask mtrr: K6-family MTRR support (2 registers) vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: '\$' or '#' must appear in PS1 in order to be properly exported as root?
On Thu, Jan 6, 2011 at 5:40 PM, Ezequiel GarzC3n garzon.luc...@gmail.com wrote: Greetings. This is my first post to the OpenBSD community, so please let me know if I'm in the wrong list, this is just too basic or any other faux pas. Under the default ksh, the default /root/.profile and indeed a completely fresh 4.8 install, adding the following line to /root/.profile does not work as expected: export PS1='$PWD ' PS1 shouldn't be exported Set it in .shrc or something and ENV=~/.shrc in .profile
Re: ldp session between openbsd and junos
On Jan 8, 2011, at 4:20 PM, Claudio Jeker wrote: Commited the diff. I guess there is a bit more needed so that we handle various unknown TLVs correctly in hello and initializaion. I hope I can provide a diff for this soon. Btw. I would be interested in the ldpd -dv output of the failures you get when the JUNOS has RFC 3479 enabled or when a different transport addr is used. Thanks! Without 'set protocols ldp graceful-restart helper-disable' on junos, I get the following output from ldpd -dv. Packet dump of the LDP initialization message and openbsd's response further down: # ldpd -dv fast = 2 startup mpath route not found if_fsm: event UP resulted in action START and changing state for interface em2 from DOWN to ACTIVE if_fsm: interface lo1, event UP not expected in state LOOP kernel add route 0.0.0.0/0 kernel add route 10.0.5.0/24 kernel add route 192.168.56.0/24 kernel add route 192.168.91.0/24 kernel add route 192.168.91.0/24 kernel add route 192.168.91.0/24 kernel add route 192.168.92.0/24 kernel add route 192.168.93.0/24 kernel add route 192.168.93.0/24 kernel add route 192.168.94.0/24 kernel add route 192.168.95.0/24 kernel add route 192.168.100.1/32 kernel add route 192.168.100.2/32 kernel add route 192.168.100.3/32 kernel add route 192.168.100.4/32 nbr_fsm: event HELLO RECEIVED resulted in action START INACTIVITY TIMER and changing state for neighbor ID 192.168.100.3 from DOWN to PRESENT nbr_fsm: event SESSION UP resulted in action START NEIGHBOR SESSION and changing state for neighbor ID 192.168.100.3 from PRESENT to INITIALIZED recv_init: neighbor ID 192.168.100.3 session_shutdown: nbr ID 192.168.100.3, status 8007 session_close: closing session with nbr ID 192.168.100.3 nbr_fsm: event SESSION CLOSE resulted in action CLOSE SESSION and changing state for neighbor ID 192.168.100.3 from INITIALIZED to PRESENT nbr_fsm: event SESSION UP resulted in action START NEIGHBOR SESSION and changing state for neighbor ID 192.168.100.3 from PRESENT to INITIALIZED recv_init: neighbor ID 192.168.100.3 session_shutdown: nbr ID 192.168.100.3, status 8007 session_close: closing session with nbr ID 192.168.100.3 nbr_fsm: event SESSION CLOSE resulted in action CLOSE SESSION and changing state for neighbor ID 192.168.100.3 from INITIALIZED to PRESENT nbr_fsm: event SESSION UP resulted in action START NEIGHBOR SESSION and changing state for neighbor ID 192.168.100.3 from PRESENT to INITIALIZED recv_init: neighbor ID 192.168.100.3 session_shutdown: nbr ID 192.168.100.3, status 8007 session_close: closing session with nbr ID 192.168.100.3 nbr_fsm: event SESSION CLOSE resulted in action CLOSE SESSION and changing state for neighbor ID 192.168.100.3 from INITIALIZED to PRESENT nbr_fsm: event SESSION UP resulted in action START NEIGHBOR SESSION and changing state for neighbor ID 192.168.100.3 from PRESENT to INITIALIZED recv_init: neighbor ID 192.168.100.3 session_shutdown: nbr ID 192.168.100.3, status 8007 session_close: closing session with nbr ID 192.168.100.3 nbr_fsm: event SESSION CLOSE resulted in action CLOSE SESSION and changing state for neighbor ID 192.168.100.3 from INITIALIZED to PRESENT nbr_fsm: event SESSION UP resulted in action START NEIGHBOR SESSION and changing state for neighbor ID 192.168.100.3 from PRESENT to INITIALIZED recv_init: neighbor ID 192.168.100.3 session_shutdown: nbr ID 192.168.100.3, status 8007 session_close: closing session with nbr ID 192.168.100.3 nbr_fsm: event SESSION CLOSE resulted in action CLOSE SESSION and changing state for neighbor ID 192.168.100.3 from INITIALIZED to PRESENT ^Clabel decision engine exiting if_fsm: event DOWN resulted in action RESET and changing state for interface em2 from ACTIVE to DOWN if_fsm: event DOWN resulted in action NOTHING and changing state for interface lo1 from LOOP to DOWN ldp engine exiting kernel routing table decoupled terminating # - -- No. TimeSourceDestination Protocol Info 18 20:52:39.958729 192.168.93.3 192.168.93.1 LDP Initialization Message Frame 18 (118 bytes on wire, 118 bytes captured) Ethernet II, Src: CadmusCo_8a:96:a1 (08:00:27:8a:96:a1), Dst: CadmusCo_ab:97:62 (08:00:27:ab:97:62) Internet Protocol, Src: 192.168.93.3 (192.168.93.3), Dst: 192.168.93.1 (192.168.93.1) Transmission Control Protocol, Src Port: 57182 (57182), Dst Port: ldp (646), Seq: 1, Ack: 1, Len: 52 Label Distribution Protocol Version: 1 PDU Length: 48 LSR ID: 192.168.100.3 (192.168.100.3) Label Space ID: 0 Initialization Message 0... = U bit: Unknown bit not set Message Type: Initialization Message (0x200) Message Length: 38 Message ID: 0x01f3 Common Session Parameters TLV 00.. = TLV Unknown bits: Known TLV, do not Forward (0x00) TLV Type: Common Session Parameters TLV (0x500) TLV
Re: ldp session between openbsd and junos
On Jan 8, 2011, at 4:20 PM, Claudio Jeker wrote:
provide a diff for this soon. Btw. I would be interested in the ldpd -dv
output of the failures you get when the JUNOS has RFC 3479 enabled or when
a different transport addr is used.
This time I removed the statement 'set protocols ldp transport-address
interface' from junos and get the following ldpd -dv output (I added the
output of src.sin_addr to the log_debug msg, diff further down). 192.168.100.3
is the routers loopback address. Openbsd has a route to that loopback. The
router does send the LDP hello's from the interface IP address, but initiates
the TCP session from its loopback. Let me know if you need more details.
# ldpd -dv
fast = 2
startup
mpath route not found
if_fsm: event UP resulted in action START and changing state for interface em2
from DOWN to ACTIVE
if_fsm: interface lo1, event UP not expected in state LOOP
kernel add route 0.0.0.0/0
kernel add route 10.0.5.0/24
kernel add route 192.168.56.0/24
kernel add route 192.168.91.0/24
kernel add route 192.168.91.0/24
kernel add route 192.168.91.0/24
kernel add route 192.168.92.0/24
kernel add route 192.168.93.0/24
kernel add route 192.168.93.0/24
kernel add route 192.168.94.0/24
kernel add route 192.168.95.0/24
kernel add route 192.168.100.1/32
kernel add route 192.168.100.2/32
kernel add route 192.168.100.3/32
kernel add route 192.168.100.4/32
nbr_fsm: event HELLO RECEIVED resulted in action START INACTIVITY TIMER and
changing state for neighbor ID 192.168.100.3 from DOWN to PRESENT
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
disc_recv_packet: cannot find a matching interface:: 192.168.100.3
^Cif_fsm: event DOWN resulted in action RESET and changing state for interface
em2 from ACTIVE to DOWN
if_fsm: event DOWN resulted in action NOTHING and changing state for interface
lo1 from LOOP to DOWN
ldp engine exiting
label decision engine exiting
kernel routing table decoupled
terminating
#
-
# cvs diff -u packet.c
Index: packet.c
===
RCS file: /cvs/src/usr.sbin/ldpd/packet.c,v
retrieving revision 1.13
diff -u -r1.13 packet.c
--- packet.c4 Nov 2010 09:52:16 - 1.13
+++ packet.c8 Jan 2011 19:19:06 -
@@ -272,7 +273,8 @@
session_socket_blockmode(newfd, BM_NONBLOCK);
if ((iface = session_find_iface(xconf, src.sin_addr)) == NULL) {
- log_debug(sess_recv_packet: cannot find a matching
interface);
+ log_debug(disc_recv_packet: cannot find a matching
interface:: %s,
+ inet_ntoa(src.sin_addr));
close(newfd);
return;
}
#
Re: microsoft.com - NetBSD
On Thu, 30 Dec 2010, Ted Unangst wrote: I think cuba is supposed to be -0500, but you're some sort of rogue nation, so who knows. :) This term applies very well to other nations too.
Re: multicore processors gain
Well, Thank you for on topic answers. I've seen the -pthread parameters on some ports' compile, but I thought is an alias for process. I will read about them. Damn, am I the only one who gets mad when receiving a link to wikipedia ? It looks like a sindrome on internet. I'm confused about multicore gain, but what the hell, let the who has the bigger dick [computer, server, %, etc. ] game continue
Re: qemu -nographic
* Pieter Verberne pieterverbe...@xs4all.nl [2011-01-08 17:23]: Hello, I'm not sure if it is a good idea (or even possible) but I'm trying to run OpenBSD as guest in qmemu on a Soerkis and OpenBSD as host. A Soekris has no graphic capabilities so I need to run qemu in nographic mode. I'm not able to do that until now. I ssh to the Soeris and tried several options: you need qemu-old. they broke the newer one. in turn, the older one is broken in different ways (and much much faster, btw). don't we all love quality software? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: qemu -nographic
On Sat, 8 Jan 2011 21:03:56 +0100, Henning Brauer wrote: * Pieter Verberne pieterverbe...@xs4all.nl [2011-01-08 17:23]: Hello, I'm not sure if it is a good idea (or even possible) but I'm trying to run OpenBSD as guest in qmemu on a Soerkis and OpenBSD as host. A Soekris has no graphic capabilities so I need to run qemu in nographic mode. I'm not able to do that until now. I ssh to the Soeris and tried several options: you need qemu-old. they broke the newer one. in turn, the older one is broken in different ways (and much much faster, btw). don't we all love quality software? No luck :-/ Installed qemu-0.9.1p16 Apparently there is no -curses option. lilium$ qemu -no-kqemu -nographic -serial stdio obsd.img [this time no could not open serial device 'stdio' error, but no further output. Is there any way to catch the output?] lilium$ qemu -no-kqemu -nographic -serial telnet:localhost:1200,server obsd.img QEMU waiting for connection on: localhost:1200,server [Sweet, it waits for me] lilium$ telnet localhost 1200 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. [no input possible and no output in the telnet session. The shell where I run qemu gives me the qemu monitor the moment I connect] Anyway, where I want it for :-) I want to run a public accessible Samba server. (for... fun) I don't really trust it running on Soekris together with all the other services and wanted to 'jail' it in some way. I read Samba is very hard (if possible) to chroot, so I thought about running it in a qemu virtual machine wich AFAIK, acts like a jail. (No, I don't have another computer available) I would also love to use Virtualbox on OpenBSD, but I can imagine that porting Vbox takes a lot of work. Cheers,
Re: qemu -nographic
* Pieter Verberne pieterverbe...@xs4all.nl [2011-01-08 21:53]: On Sat, 8 Jan 2011 21:03:56 +0100, Henning Brauer wrote: * Pieter Verberne pieterverbe...@xs4all.nl [2011-01-08 17:23]: Hello, I'm not sure if it is a good idea (or even possible) but I'm trying to run OpenBSD as guest in qmemu on a Soerkis and OpenBSD as host. A Soekris has no graphic capabilities so I need to run qemu in nographic mode. I'm not able to do that until now. I ssh to the Soeris and tried several options: you need qemu-old. they broke the newer one. in turn, the older one is broken in different ways (and much much faster, btw). don't we all love quality software? No luck :-/ Installed qemu-0.9.1p16 Apparently there is no -curses option. dunno about curses lilium$ qemu -no-kqemu -nographic -serial stdio obsd.img [this time no could not open serial device 'stdio' error, but no further output. Is there any way to catch the output?] hmm. this works for me. br...@shmi $ alias qemu1 qemu1='sudo qemu -m 32 -net nic,macaddr=udontstealmine -net tap -serial stdio -nographic /path/to/qemu/qemu.1' -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: qemu -nographic
On Sat, Jan 08, 2011 at 09:50:36PM +0100, Pieter Verberne wrote: lilium$ qemu -no-kqemu -nographic -serial stdio obsd.img [this time no could not open serial device 'stdio' error, but no further output. Is there any way to catch the output?] lilium$ qemu -no-kqemu -nographic -serial telnet:localhost:1200,server obsd.img QEMU waiting for connection on: localhost:1200,server [Sweet, it waits for me] lilium$ telnet localhost 1200 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. You have serial console setup? Do you have console enabled in /etc/ttys? What's wrong with VNC? I would also love to use Virtualbox on OpenBSD, but I can imagine that porting Vbox takes a lot of work. You dream a lot about this crap. jirib
Novità finanziarie
Se non visualizzi bene news clicca qui /P n bsp;remove mail
Clase - Taller Fobias y Pánico
Responder a: i...@escuelasistemica.com.ar Escuela Sistimica Argentina presenta: Clase-Taller Fobias y Panico. Supervisisn de casos clmnicos. == Miircoles 13 de Enero de 18.00 a 19.30 y de 19.30 a 21.00 hs. Coordina: Dr. Marcelo R. Ceberio Actividad aranceladaSe entregaran certificados. La reserva de vacantes puede ser realizada vma mail o telefsnicamente. Informes e inscripcisn: Fray J. S. M. Oro 1843 (C1414DBC) Cap. Fed. Tel/ Fax: 4774-2875/6112 - 4899-1053i...@escuelasistemica.com.ar
