Re: Samba on obsd
25.03.2020 02:06, Lars Bonnesen пишет: Hi. I am having a project on setting up Samba to work as a replacement for MS AD. I would prefer to do it on OpenBSD, but how is the implementation of Samba on OpenBSD? Is it enhanced in a way that will cause any known problems that would not be on say... CentOS? Regards, Lars. samba ad is not working on OpenBSD because ffs has no ea support. centos is bad choise too, because of permanently outdated version of samba. You should try arch linux or freebsd for this project, both of them has nearly latest version of samba.
Re: Samba on obsd
As a replacement for MS AD you have no chance with OpenBSD.Sadly.� --� Maksim Rodin� � � 25.03.2020, 02:10, "Lars Bonnesen" : Hi. I am having a project on setting up Samba to work as a replacement for MS AD. I would prefer to do it on OpenBSD, but how is the implementation of Samba on OpenBSD? Is it enhanced in a way that will cause any known problems that would not be on say... CentOS? Regards, Lars.
Samba on obsd
Hi. I am having a project on setting up Samba to work as a replacement for MS AD. I would prefer to do it on OpenBSD, but how is the implementation of Samba on OpenBSD? Is it enhanced in a way that will cause any known problems that would not be on say... CentOS? Regards, Lars.
Re: npppd pptp hangs
On Tue, 24 Mar 2020 09:34:09 +0100 Marko Cupać wrote: > On Tue, 24 Mar 2020 07:13:27 +1000 > Stuart Longland wrote: > > > On 23/3/20 10:26 pm, Marko Cupać wrote: > > > Anything I can do to avoid future hangs? I got another hang, this time killing npppd process crashed complete OS (sorry for photo, I don't have serial console set up): https://oblak.mimar.rs/index.php/s/Cc9J745jH93RK6j At the time when npppd wouldn't accept new connections, and npppctl won't return anything, but before the crash, i noticed high CPU usage in top: 45125 _ppp 640 3128K 6340K onproc/3 -39:05 99.85% npppd Pehaps bugs@ would be more appropriate list? -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: npppd pptp hangs
On Tue, 24 Mar 2020 07:13:27 +1000 Stuart Longland wrote: > On 23/3/20 10:26 pm, Marko Cupać wrote: > > Anything I can do to avoid future hangs? > > Whilst probably not the answer you're looking for: moving away from > PPTP would be a good start. > > The MSCHAPv2 authentication used in PPTP is vulnerable to dictionary > attacks and the RC4 cipher used in MPPE (the security layer of PPTP) > is laughably weak in today's security context. Whilst MSCHAPv2 can be > replaced with EAP-TLS, there's no fix for MPPE. > > IPSec (which is built into OpenBSD) or OpenVPN (in ports) would be > vastly superior options. Indeed, I am also waiting for the day when I'll be able to point iked to Microsoft's implementation of a RADIUS server (NPS), which will authenticate Active Directory domain-joined machines by their machine certificate and hopefully with additional domain user password for 2FA, authorise them by Active Directory group membership, and log their accounting in format which can be easily parsed and converted into human-readable statistics with currently available parsers. Uh, that sounded like I'm some kind of Microsoft fanboy, but I'm not. I just have to provide hundreds of Windows users a way to access resources on a corporate network in order to keep my bills paid. npppd's pptp helps me brilliantly (anyone remember poptop? that was hell :) Anyway, I use IPSec extensively to connect branch office routers, both in tunnel mode for passive clients with dynamic IPs, and in transport mode for protecting GRE tunnels (OSPF). Lately I'm adding multipath redundancy over multiple ISPs using rdomains. OpenVPN also has a place on my network. OpenBSD is a miracle :) Pardon my blatant self-promotion on link below, but I think it's a win-win situation - I get eternal fame and glory on the Internet, and list readers get copy/paste howto set up npppd pptp server with RADIUS authentication. Could come handy in this "end of days" situation where everyone works remotely :D https://www.mimar.rs/blog/how-to-set-up-pptp-vpn-server-with-openbsd-and-npppd Best regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
PF on loopback interfaces and skips
Hello, I am using openbsd as a router and I heavily utilise skips in pf on the transit interfaces. I use a dedicated loopback interface for router management. However, this poses a problem where the use of skips on transit interfaces then allows all traffic to my management loopback interface. Any idea on how to solve this while keeping the skips? I have been considering putting my management interface into a separate rtable. This is probably the prudent thing to do but it requires rather substantial changes on my end. Another way would be to remove skips and use very wide "pass" rules combined with blocks. Example current pf.conf: set ruleset-optimization none set reassemble no set state-defaults sloppy set limit tables 500 set skip on vlan1001 set skip on vlan1002 set skip on vlan1003 pass quick on lo1 from