which pam.d config does telnetd use for authentication when SRA is activated?
Hi all, how can I apply radius authentication for all possible types of freebsd telnet connections? I am trying to use pam_radius.so for my remote authentication. when I add auth sufficient pam_radius.so to pam.d/sshd file, it works fine and authentication is done via radius servers. If i run telnetd(via inetd) with -X sra option (or if second machine does not support SRA), if I add mentioned line to pam.d/login file, it correctly uses radius servers for authentication.. but if SRA connection is set, it seems that authentication is done kinda locally.. in both of these telnet connections, it seems pam.d/telnetd authentication config is not applied.. am i right?? then why?! Excuse me for including different questions in one email.. but i found them all related to my need.. Thank you all for your helps and ideas. Best Regards, takCoder ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. Cheers, -- Demelier David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: 2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. Have a look at jail(8) and the last lines of /etc/default/rc.conf. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
2013/8/12 Trond Endrestøl trond.endres...@fagskolen.gjovik.no: On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: 2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. Have a look at jail(8) and the last lines of /etc/default/rc.conf. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++ I see, I've added what Maciej Suszko told me but the sysctls in the jail is not set as it should be : security.jail.param.allow.sysvipc: 0 security.jail.param.allow.chflags: 0 And thus, it's not enabled as postgresql tells: creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented Cheers, -- Demelier David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
vBSDcon 2013 Registration Opens!
In April 2013, Verisign announced vBSDcon 2013 to be held October 25 – 27, 2013 in Dulles, VA. The conference, formatted to resemble an unConference concept, will feature speakers such as David Chisnall, Luigi Rizzo, Baptiste Daroussin, Henning Brauer, Reyk Floeter, and others. vBSDcon will include events like hacker lounges, doc sprints, BSDA exams, and a mid-conference social*. In these most recent months, we have been developing the vBSDcon conference website hosted at http://www.vbsdcon.com/. It includes full details surrounding the schedule, agenda, and speakers for vBSDcon. The most recent addition to the conference website is that registrations are now open! We look forward to seeing many of you from the various BSD communities at vBSDcon 2013! * Schedule is subject to change without notice, The BSDA exams are hosted by the BSD Certification group and not an official part of vBSDcon -- Vincent (Rick) Miller Systems Engineer vmil...@verisign.commailto:vmil...@verisign.com t: 703.948.4395 m: 703.581.3068 12061 Bluemont Way, Reston, VA 20190 http://www.verisigninc.com “This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.” ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: 2013/8/12 Trond Endrestøl trond.endres...@fagskolen.gjovik.no: On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: 2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. Have a look at jail(8) and the last lines of /etc/default/rc.conf. I see, I've added what Maciej Suszko told me but the sysctls in the jail is not set as it should be : security.jail.param.allow.sysvipc: 0 security.jail.param.allow.chflags: 0 And thus, it's not enabled as postgresql tells: creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented I'll look into this by creating a new jail for PostgreSQL 9.2 when I get home. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: if_bridge and ng_netflow
10.08.2013 16:51, Fbsd8 wrote: if_bridge is relatively new in FreeBSD. Netgraph precedes if_bridge and is un-aware of if_bridge. Change your if_bridge definition to a ng bridge definition and everything your trying to do should fall into place. ng_bridge lacks some if_bridge goodies like passing by traffic filtering and stp. However yes, ng_bridge works for me and I can compose a good bridge and even record netflow without data duplication. -- Sphinx of black quartz, judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
9.2-RC1 rc.firewall workstation type and myservices
Hello :-) I just have setup some service on 9.2-RC1. I want this service to be available on WAN but still I want to have stateful firewall running. I am using workstation firewall type and put the service port on firewall_myservices. However by default only TCP connections are accepted, still I need to serve UDP connections. Wouldn't that be more convenient to change TCP into IP for default firewall_myservices and maybe add TCP and UDP for firewall_myservices_{tcp,udp} ? Below is the script part.. Best regards, Tomek # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. # If you really wish to let anyone use services on your # workstation, then set firewall_allowservices='any' in /etc/rc.conf # # Note: We don't use keep-state as that would allow DoS of # our statetable. # You can add 'keep-state' to the lines for slightly # better performance if you fell that DoS of your # workstation won't be a problem. # for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do ${fwcmd} add pass tcp from $i to me $j done done -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Setup HP Laserjet 1120m over network with LPD
06.08.2013 22:58, Juris Kaminskis wrote: after several trials and errors and reading through FreeBSD handbook I am at dead end on how to proceed further, hope someone can guide me. I always use foomatic for such things, it's quite easier to set up. For example I have: hplj2420d|lp|HP LaserJet 2420|:\ :af=/usr/local/etc/foomatic/lpd/hplj2420d.ppd:\ :lf=/var/log/lp-errs:\ :ppdfile=/usr/local/etc/foomatic/lpd/hplj2420d.ppd:\ :sd=/var/spool/lpd/hplj2420d:\ :lp=/dev/ulpt0:\ :if=/usr/local/bin/foomatic-rip:\ :sh:\ :mx#0: I installed those ones: print/foomatic-db-engine print/foomatic-db-hpijs This is local setup, but I think network setup can be done almost the same way. This printer was initially set up as a network printer but after Windows 7 emerged there were numerous problems with printing anything so I grabbed the box and converted it to lpd printer. Now everything works flawlessly for years. In your case the key might be using correct filters to feed raw data to printer. Most winprinters doesn't know what ps is and require user to provide correct raw data. -- Sphinx of black quartz, judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
David Demelier demelier.da...@gmail.com wrote: 2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. I suppose jail_(jname)_parameters rc.conf option is available in at least 9-STABLE. -- regards, Maciej Suszko. signature.asc Description: PGP signature
Re: sysvipc only for one jail
On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote: On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: 2013/8/12 Trond Endrestøl trond.endres...@fagskolen.gjovik.no: On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: 2013/8/11 Maciej Suszko mac...@suszko.eu: Maciej Suszko mac...@suszko.eu wrote: [...] You can specify different params for each jail using _parameters, for example: jail_jailname_params=allow.chflags=1 allow.sysvipc=1 Sorry, my mistake - it should be jail_jailname_parameters= of course. -- regards, Maciej Suszko. Thanks for your message, However, I could not find this setting in the manual of rc.conf(5) neither in /etc/rc.d/jail :(. It does not seems to be applied. Have a look at jail(8) and the last lines of /etc/default/rc.conf. I see, I've added what Maciej Suszko told me but the sysctls in the jail is not set as it should be : security.jail.param.allow.sysvipc: 0 security.jail.param.allow.chflags: 0 And thus, it's not enabled as postgresql tells: creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented I'll look into this by creating a new jail for PostgreSQL 9.2 when I get home. My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16. The jails are running world, also at r254150. I added the following to the host's /etc/rc.conf: jail_enable=YES jail_list=postgresql jail_postgresql_rootdir=/jails/postgresql jail_postgresql_hostname=postgresql.bsd.net jail_postgresql_interface=vtnet0 jail_postgresql_fib=0 jail_postgresql_ip=10.0.2.103,2001:db8::103 jail_postgresql_exec_start=/bin/sh /etc/rc jail_postgresql_exec_stop=/bin/sh /etc/rc.shutdown jail_postgresql_devfs_enable=YES jail_postgresql_parameters=enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1 I added the following to the host's /etc/jail.conf: postgresql { path = /jails/postgresql; enforce_statfs = 1; allow.chflags; allow.sysvipc; allow.mount; allow.mount.zfs; mount.devfs; host.hostname = postgresql.bsd.net; ip4.addr = 10.0.2.103; ip6.addr = 2001:db8::103; interface = vtnet0; exec.start = /bin/sh /etc/rc; exec.stop = /bin/sh /etc/rc.shutdown; } PostgreSQL 9.2.4 had no problems running initdb nor running postgres inside the jail: root@freebsd-jails:/ # jexec 4 csh root@postgresql:/ # /usr/local/etc/rc.d/postgresql status pg_ctl: server is running (PID: 46623) /usr/local/bin/postgres -D /usr/local/pgsql/data root@postgresql:/ # If you start the jail manually using jail(8), then /etc/jail.conf comes into play, whereas the lines in /etc/rc.conf is used during automatic startup of the jails when the host is rebooted. The whole arrangement seems unnecessary redundant, and I truly wish this can be merged sooner rather than later. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SolarFlare 10GB card
Hi all, We've a brand spanking new SolarFlare 10GB nic for use with our beast of a server. However the vendor support page says the driver is in beta. Has any one used this card in production? Thanks in advance, - aurf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SolarFlare 10GB card
On Mon, Aug 12, 2013 at 10:47:27AM -0700, aurfalien wrote: Hi all, We've a brand spanking new SolarFlare 10GB nic for use with our beast of a server. However the vendor support page says the driver is in beta. If you look in the download[1], you'll see that the driver is named sfxge. It was released in November 2011. This driver is already present in FreeBSD 9.1, look at the source in /usr/src/sys/dev/sfxge. So it seems like it is as much out of beta as any other driver. :-) [1]: https://support.solarflare.com/index.php?view=categoriesid=1847option=com_cognidox) Roland -- R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpIbeA5E1rhI.pgp Description: PGP signature
Re: SolarFlare 10GB card
On Aug 12, 2013, at 11:12 AM, Roland Smith wrote: On Mon, Aug 12, 2013 at 10:47:27AM -0700, aurfalien wrote: Hi all, We've a brand spanking new SolarFlare 10GB nic for use with our beast of a server. However the vendor support page says the driver is in beta. If you look in the download[1], you'll see that the driver is named sfxge. It was released in November 2011. This driver is already present in FreeBSD 9.1, look at the source in /usr/src/sys/dev/sfxge. Ahh, thanks man. Didn't even think to look there. So it seems like it is as much out of beta as any other driver. :-) Yea, I concur :) - aurf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.2-RC1: Problem with Kernel
On Sun, 11 Aug 2013 22:47:36 +1000, Ian Smith wrote: In freebsd-questions Digest, Vol 479, Issue 8, Message: 10 On Sun, 11 Aug 2013 09:43:57 + (UTC) Walter Hurry walterhu...@gmail.com wrote: On Sat, 10 Aug 2013 21:29:10 +0200, Polytropon wrote: On Sat, 10 Aug 2013 19:04:29 + (UTC), Walter Hurry wrote: This is 9.2-RC1 on amd64 (upgraded from 9.2-BETA1 by refetching the source from releng/9.2 and rebuilding kernel and world). The kernel compiles and runs fine using the supplied GENERIC, but when I try to use my custom kenel config file, on reboot I get this: Mounting from ufs:/dev/ada0p2 failed with error 19 What module(s) have I missed? Diff against the GENERIC kernel. Maybe device xhci? What bootable media is listed when you type ? at the mountroot prompt? If GENERIC boots and your kernel doesn't, there should be a significant difference regarding the config file's content. :-) Thanks for the reply. When I type ? at the mountroot prompt I get: List of GEOM managed disk devices: with nothing shown. After restoring the GENERIC kernel, the output from 'gpart list' is: Geom name: ada0 [..] Consumers: 1. Name: ada0 Mediasize: 21474836480 (20G) Sectorsize: 512 Mode: r2w2e3 (This is a small VirtualBox VM.) Kernel config is at http://paste2.org/h17Ih0PD Please Walter, it's not fair to make us do the work of figuring out what you've changed from GENERIC in that, when all you need to provide is: # diff -uw /path/to/GENERIC /path/to/YOURKERNEL More ideal for custom kernel configs - for just these occasions - is: include GENERIC ident YOURKERNEL # custom {no,}device and {no,}options statements Sorry again. Anyway, I have it nailed down now. For anyone who is interested, the missing entry was: options ATA_CAM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.2-RC1: Problem with Kernel
On Mon, 12 Aug 2013 21:01:14 + (UTC), Walter Hurry wrote: Sorry again. Anyway, I have it nailed down now. For anyone who is interested, the missing entry was: options ATA_CAM Correct. Line 84 and 264 have it commented out. This is the new method of talking to disk devices, similarly as the acd interface for optical media has been trans- formed into SCSI over ATA (ex device atapicam). So the disk drive has not been recognized by the kernel, therefore: No soup for you (i. e., no boot device). :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
On 12/08/2013 21:39, Trond Endrestøl wrote: On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: And thus, it's not enabled as postgresql tells: creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented I'll look into this by creating a new jail for PostgreSQL 9.2 when I get home. While it is currently in beta maybe you could also try 9.3 and verify that the shared memory update works or eliminates this configuration? If you missed the change, 9.3 is implementing shared memory using mmap. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sysvipc only for one jail
On 13. aug. 2013, at 06:14, Shane Ambler free...@shaneware.biz wrote: If you missed the change, 9.3 is implementing shared memory using mmap. But still using sysvipc for some locks/mutexes, so doesn't allow you to run sysvipc-free. Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org