Setting up OpenLDAP
OpenLDAP 2.1.22, FBSD 4.8 I'm trying to set up LDAP to store passwords. Eventually I will want to store addresses and do general authentication, but right now I just want to do something really simple: add passwords. I installed from the ports using portintall, couldn't get it to work, and went back and reinstalled doing # make depend # make # make test The install didn't fail any of the tests, although make kept looping through the tests until I hit ^C. But I still have the same problems. If anyone has succeeded in installing OpenLDAP from the ports, I'd be grateful for any pointers. I'm trying to do the Quick Install described at www.openldap.org. The first problem is that the doc claims that this is supposed to be a non-referring set up, which is what I want, but OpenLDAP complains that there's no referral. So I've uncommented the referral line in slapd.conf. But attempts to add records still fail. When I do search prior to adding records, I get # /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)' dn: objectClass: top objectClass: OpenLDAProotDSE When I try to add records without a referral, I get # ldapadd -x -v -D cn=Manager,dc=domain,dc=net -W -f domain.ldif additional info: referral missing With the referral, I get ldapadd: update failed: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain ldap_add: Referral (10) referrals: ldap://root.openldap.org/dc=domain,dc=net%20%20%20objectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAFU%20%20%20dc:%20domain Configuration # less slap.conf include /usr/local/etc/openldap/schema/core.schema referral ldap://root.openldap.org pidfile /var/run/ldap/slapd.pid argsfile/var/run/ldap/slapd.args databasebdb suffix dc=domain, dc=net rootdn cn=Manager, dc=domain, dc=net rootpw md5 hash directory /var/db/openldap-data index objectClass eq # less domain.ldif dn: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain dn: cn=Manager, dc=domain, dc=net objectclass: organizationalRole cn: Manager Bob Hall ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NEED HELP! on how to import new Xdesktop to .xinitcrc
On Friday 25 July 2003 10:09 pm, marlon corleone wrote: hi guys, download fluxbox how do i import it to my .xinitrc? so i can use two X desktop at a time. here's my .xinitrc looks like. im running FreeBSd 5.1-RELEASE Two desktops? If you really want to run both Window Maker and Fluxbox at the same time, then you need to run two X servers, one on screen :0 and one on screen :1. You'll have to refer to the X Window section of the Handbook. If you want to run Fluxbox instead of Window Maker, just replace exec /usr/X11R6/bin/wmaker with exec /usr/X11R6/bin/fluxbox. -- Matthew Graybosch http://www.starbreaker.net I am become root, shatterer of kernels. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ports-supfile config
On Fri, Jul 25, 2003 at 06:55:40AM -0700, marlon corleone wrote: thanks for the reply guys, i reconfigure my ports-supfile here's my new config: *default host=cvsup.sk.freebsd.org *default base=/usr prefix=/usr *default release=cvs *default delete use-rel-suffix compress ports-alltag=. i delete srcl-all entry. here's my second question, its about the refuse file. i copy refuse file from /usr/share/examples/cvsup to /usr/ports/net/sup . is this the correct path to copy refuse file into that directory? if YES. the should i edit this line: FROM: *default base=/usr TO *default base=/usr/ports/net/sup or i should leave the default base config path? thanks and more power [snip] end of the original message Files under /usr/ports that do not belong to the Ports Collection will be deleted when you run cvsup, so /usr/ports/net/sup is not a good choice. Quoting cvsup(1) manpage: [...] As many as three refuse files are examined for each supfile line. There can be a global refuse file named base/collDir/refuse which applies to all collections and releases. There can be a per-collection refuse file named base/collDir/collection/refuse which applies to a specific collec- tion. Finally, there can be a per-release and tag refuse file which applies only to a given release/tag combination within a collection. The name of the latter is formed by suffixing the name of the per-collection refuse file in the same manner as described above for the list file. None of the refuse files are required to exist. cvsup has a built-in default value of /usr/local/etc/cvsup for base and sup for collDir but it is possible to override both of these. The value of base can be changed using the -b option or a base=pathname entry in the supfile. (If both are used the -b option will override the supfile entry.) The value of collDir can only be changed with the -c option; there is no supfile command to change it. As an example, suppose that the base and collDir both have their default values, and that the collection and release are `src-all' and `cvs', respectively. Assume further that checkout mode is being used with `tag=RELENG_3'. The three possible refuse files would then be named: /usr/local/etc/cvsup/sup/refuse /usr/local/etc/cvsup/sup/src-all/refuse /usr/local/etc/cvsup/sup/src-all/refuse.cvs:RELENG_3 If the supfile includes the command base=/foo the refuse files would be: /foo/sup/refuse /foo/sup/src-all/refuse /foo/sup/src-all/refuse.cvs:RELENG_3 If -b /bar is used (even with base=/foo in the supfile): /bar/sup/refuse /bar/sup/src-all/refuse /bar/sup/src-all/refuse.cvs:RELENG_3 and with -c stool as well: /bar/stool/refuse /bar/stool/src-all/refuse /bar/stool/src-all/refuse.cvs:RELENG_3 [...] Personally, I use /usr/local/etc/cvsup as the base dir and /usr as the prefix dir, i.e. *default base=/usr/local/etc/cvsup *default prefix=/usr The refuse file I use for the entire Ports Collection is located at /usr/local/etc/cvsup/sup/ports-all/refuse. Francesco Casadei -- You can download my public key from http://digilander.libero.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B pgp0.pgp Description: PGP signature
About wget in FreeBSD 5.0-p7
Hello there. Greetings!!! I would like to ask if how can i fix the error in my wget whenever i run the wget as to download any tar file, like: gowee# pkg_add wget-1.8.2_3.tgz gowee# wget http://people.ee.ethz.ch/~oetiker/webtools/mrtg/pub/mrtg-2.9.29.tar.gz --15:05:06-- http://people.ee.ethz.ch/%7Eoetiker/webtools/mrtg/pub/mrtg-2.9.29.tar.gz = `mrtg-2.9.29.tar.gz' /usr/libexec/ld-elf.so.1: wget: Undefined symbol OPENSSL_add_all_algorithms_noconf gowee# Thanks and More Power. Jun Vidal (FreeBSD - the Power to Serve) - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
installing packages
Hi How do u install .tbz packages from terminal. I am trying to install samba off the freebsd cd samba-2.2.7a.tbz with out any luck. Regards Ian ___ LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail http://www.webmail.co.za/dialup/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing packages
On Sat, Jul 26, 2003 at 09:06:58AM +0200, Ian Todd wrote: Hi How do u install .tbz packages from terminal. I am trying to install samba off the freebsd cd samba-2.2.7a.tbz with out any luck. As root, type # /stand/sysinstall Follow the instructions. Bob Hall ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot install any port
Dear Dan, thanks for your message. I cannot reply directly. Your mail provider, allantgroup.com, blocks any mail arriving from Brazil. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MDBTools port doesn't include libmdbodbc for ODBC connections
All references on how to connect via a JDBC-ODBC bridge is pointing to the MDB Tools suite in general and the ODBC driver in particular. But when I installed the MDB Tools from the port-system I found, a but surprised, that the ODBC driver isn't there, alla the other tools and drivers are there, and my port-tree was upgraded just a few weeks ago. Any light on this dilema would be appreciated. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DVD/CD-RW not recognized (was: Re:)
Hi all again :D I've made some triee , and these are the results: Normal Configuration ATA1 Master: MAXTOR HD 60GB Slave : Liteon 52x 24x 52x ATA2 Master: Quantum Fireball HD 30GB Slave : NEC DV-5800 I get the problems described in the previous messages New Conf ATA1 Master: Maxtor HD 60GB Slave : Quantum Fireball HD 30GB ATA2 Master: Liteon 52x 24x 52x Slave : NEC DV-5800 No problems. All works correctly (both CD drives are initialized) I don't know why this, probably my MoBo is a bit slow in responding with ATA devices when have to initialize them. I had some problems with my precedent CDRW (a philips 8x 4x 32x) , but this time with Linux too (hang at boot) . Linux have solved this problem (I've posted a bug report to Vojitek Pavlik that have worked to eliminate this problem) , but FreeBSD have this again (but with my old CDRW the drive didn't work with all possible configuration , with this one changing the position of the drives solves the problem ) now , I think that could be a good idea increase the timeout time , in order to eliminate this problem in the future and make FreeBSD more compatible with ATA drives and ATA Controllers, at the cost of some millisecond longer boot-time :) Bye Marcello --- Fierman [EMAIL PROTECTED] ha scritto: On Fri, 2003-07-25 at 16:48, Joshua Lokken wrote: this problem sounds like the exact one as i am having, (see my mail to this list: Subject: ATA identify retries exceeded (still!) Date: 24 Jul 2003 23:59:57 + jumpersettings are all ok, no possible signs of hardware itself being faulty. dmesg : ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 ata0-slave: ATA identify retries exceeded ad0: 38172MB MAXTOR 6L040J2 [77557/16/63] at ata0-master UDMA33 Mounting root from ufs:/dev/ad0s1a ??? Except that the board won't detect it? I think, if you've checked cables and jumpers (and they're proper), that the likely possibility is hardware damage. I don't know whether or not the drive is new, but new certainly doesn't equal good. Maybe at least consider it. If you can find another drive to test, try that. HTH, Joshua dont know if you didn't send this mail to the list intentionally, but thanx for the reply anyway :) yes, like I said in my previous mail to this list as well, I DID try other DVD players.. all with the same result. Also, the POST never gives any error message, as I suppose it should do with broken hardware. there are 2 possible solutions in my mind: 1. ATA driver is still somewhat broken, 2. There should be a way to adjust the time-out in the authentification routine in the ATA driver (if there is any, that is). cheers, Fierman ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DVD/CD-RW not recognized (was: Re:)
It's because (as I know from some old articles) if you connect one device with high-speed, and second with lower speed onto the same cable, they will BOTH use the lower speed. And it may be problematic for some new HDD, to be as slow as CD is (using PIO, or UDMA-33) (although they all say about standards conformity etc.). Peter Rosa - Original Message - From: Mica Telodico [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Joshua Lokken [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 10:41 AM Subject: RE: DVD/CD-RW not recognized (was: Re:) Hi all again :D I've made some triee , and these are the results: Normal Configuration ATA1 Master: MAXTOR HD 60GB Slave : Liteon 52x 24x 52x ATA2 Master: Quantum Fireball HD 30GB Slave : NEC DV-5800 I get the problems described in the previous messages New Conf ATA1 Master: Maxtor HD 60GB Slave : Quantum Fireball HD 30GB ATA2 Master: Liteon 52x 24x 52x Slave : NEC DV-5800 No problems. All works correctly (both CD drives are initialized) I don't know why this, probably my MoBo is a bit slow in responding with ATA devices when have to initialize them. I had some problems with my precedent CDRW (a philips 8x 4x 32x) , but this time with Linux too (hang at boot) . Linux have solved this problem (I've posted a bug report to Vojitek Pavlik that have worked to eliminate this problem) , but FreeBSD have this again (but with my old CDRW the drive didn't work with all possible configuration , with this one changing the position of the drives solves the problem ) now , I think that could be a good idea increase the timeout time , in order to eliminate this problem in the future and make FreeBSD more compatible with ATA drives and ATA Controllers, at the cost of some millisecond longer boot-time :) Bye Marcello --- Fierman [EMAIL PROTECTED] ha scritto: On Fri, 2003-07-25 at 16:48, Joshua Lokken wrote: this problem sounds like the exact one as i am having, (see my mail to this list: Subject: ATA identify retries exceeded (still!) Date: 24 Jul 2003 23:59:57 + jumpersettings are all ok, no possible signs of hardware itself being faulty. dmesg : ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 ata0-slave: ATA identify retries exceeded ad0: 38172MB MAXTOR 6L040J2 [77557/16/63] at ata0-master UDMA33 Mounting root from ufs:/dev/ad0s1a ??? Except that the board won't detect it? I think, if you've checked cables and jumpers (and they're proper), that the likely possibility is hardware damage. I don't know whether or not the drive is new, but new certainly doesn't equal good. Maybe at least consider it. If you can find another drive to test, try that. HTH, Joshua dont know if you didn't send this mail to the list intentionally, but thanx for the reply anyway :) yes, like I said in my previous mail to this list as well, I DID try other DVD players.. all with the same result. Also, the POST never gives any error message, as I suppose it should do with broken hardware. there are 2 possible solutions in my mind: 1. ATA driver is still somewhat broken, 2. There should be a way to adjust the time-out in the authentification routine in the ATA driver (if there is any, that is). cheers, Fierman ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suid files
Dear Chuck and others, of course, it's no problem to find-out which files ALREADY HAS suid-bit set. I'm asking to know: 1. what files MUST have... 2. what files HAVE FROM INSTALL... 3. what files DO NOT NEED... 4. what files NEVER MAY... ...the suid-bit set. Anyway, thank you and have a nice day. Peter Rosa - Original Message - From: Chuck Swiger [EMAIL PROTECTED] To: Peter Rosa [EMAIL PROTECTED] Cc: freebsd-questions [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 1:54 AM Subject: Re: suid files Peter Rosa wrote: Some another question I wanted to ask a long time ago: 1. Is there some list of files, that REALLY need suid-bit set ? 2. Is there some list of files, installed from FreeBSD, which HAVE suid-bit set ? See /var/log/setuid.today for the latter, and maybe /etc/periodic/daily/450.status-security which performs a daily check on setuid files, if that is of interest to you... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DVD/CD-RW not recognized (was: Re:)
Do you think that? That I've used my HD as UDMA 33 Devices until now :eek: :O ?? Anyway I think that should be better resolve this problem anyway , at least for compatibility reason Bye Marcello --- Peter Rosa [EMAIL PROTECTED] ha scritto: It's because (as I know from some old articles) if you connect one device with high-speed, and second with lower speed onto the same cable, they will BOTH use the lower speed. And it may be problematic for some new HDD, to be as slow as CD is (using PIO, or UDMA-33) (although they all say about standards conformity etc.). Peter Rosa __ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: More TTY's
Add more ttys be adding more statements in /etc/ttys and rebooting. Is rebooting realy needed ? Doesn't 'kill -1 1' work in this case ? Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question on cups
On 25 Jul 2003, Zhang, Peng wrote: I am running freebsd 4.8 stable, and have cups installed. # pkg_info | grep cups cups-1.1.19.0 The Common UNIX Printing System: Metaport to install comple cups-base-1.1.19.0 The Common UNIX Printing System: headers, libs, daemons cups-lpr-1.1.19.0 The CUPS BSD and system V compatibility binaries (lp* comma cups-pstoraster-7.07 GNU Postscript interpreter for CUPS printing to non-PS prin I copied /usr/local/etc/rc.d/cups.sh.sample to cups.sh, and then ran /usr/local/etc/rc.d/cups.sh start # /usr/local/etc/rc.d/cups.sh start cups: started scheduler. However when I ran ps, I got: # ps aux | grep cups # I can not find cupsd process. Why? Any suggestion? It's sometimes important to verify whether a process is running by entering ps auxww | grep cups because normal ps output is limited to 80 characters; and in case of cupsd, the command shown by ps may be something like /usr/local/sbin/cupsd which may extend beyond column 80. Don't know whether that's the case here, but may be. Regards Konrad Heuer ([EMAIL PROTECTED]) ___ ___ GWDG / __/__ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__//___// Germany ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to set background in a fluxbox desktop
anyone got a tip, on how to setup a background in fluxbox? i have eterm and xv installed. i load the image background and i cant get it right, anyone got a tip on how to config this right? thanks and more power. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
TV-Out turns off like some kind of power-save feature
My NVIDIA Geforce2 card works great with the nVIDIA beta driver. I only use the tv-out feature and everything is fine except the fact that after 10 minutes the screen is blank, no signal from the card. The tv-signal returns when I press 'any-key' on the keyboard (which isn't very convenient when the computer is located far away from the tv-set) This looks like some kind of power-save feature, but I can't fifure out if it's something in the freeBSD native or if it's the XFree86 or the nVidia that needs configuration. Any help is much appreciated ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
opera6.12 and flash
Has somebody flash working with opera-6.12 (fbsd version)? I know flash works with a wrapper for mozilla (at least it does for me) but I can't get it working w/ opera (native freebsd version). If it's not possible I'll stop using opera. I won't install the linux version for it, but use mozilla 100% ;-)) -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.8 ++ Debian GNU/Linux (Woody) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DVD/CD-RW not recognized (was: Re:)
On Sat, 2003-07-26 at 08:46, Peter Rosa wrote: It's because (as I know from some old articles) if you connect one device with high-speed, and second with lower speed onto the same cable, they will BOTH use the lower speed. And it may be problematic for some new HDD, to be as slow as CD is (using PIO, or UDMA-33) (although they all say about standards conformity etc.). Peter Rosa sounds plausible, but then again, I DID try : - hw.ata.atapi_dma to 0 or 1 in /boot/loader.conf - hw.ata.ata_dma to 0 or 1 in /boot/loader.conf the HDD (a 2 year old 40 GB maxtor) works fine in pio mode.. It would be great if the ATA driver author could find some time/energy to look into this.. cheers, Fierman ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to set background in a fluxbox desktop
i apologize for unrelated question in freebsd-questions. i have no other option but to email here. but thanks thanks very much for the reply. i have a 2nd question Akira# Esetroot -scale dxy.jpg Esetroot: Command not found. Akira# pkg_info |grep -i eterm eterm-bg-0.9Image files for background of Eterm Akira# whereis eterm eterm: /usr/ports/chinese/eterm i also installed eterm located in /usr/ports/x11/eterm why cant i run Esetroot since i installed eterm? thanks and more power __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot install any port
On Sat, Jul 26, 2003 at 02:59:29AM -0300, Leonardo Lazarte wrote: Thanks for your suggestion. Unfortunately, I update automatically my ports, so I don't know where I could find an old version of bsd.port.mk. I believe that the troublesome 'pkg_info -O' usage was intoduced in bsd.port.mk 1.455, so you should be able to use 1.454 as a stop-gap until the official patches come through. You can download what you need from: http://www.freebsd.org/cgi/cvsweb.cgi/ports/Mk/bsd.port.mk?rev=1.454content-type=text/x-cvsweb-markup Note that at least one usage of 'pkg_info -O' existed in bsd.port.mk back as far as version 1.424, which dates back to September 2002. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Setting up OpenLDAP
On Sat, Jul 26, 2003 at 02:13:28AM -0400, Bob Hall wrote: OpenLDAP 2.1.22, FBSD 4.8 I'm trying to set up LDAP to store passwords. Eventually I will want to store addresses and do general authentication, but right now I just want to do something really simple: add passwords. While you can run OpenLDAP servers on FreeBSD 4.8 quite happily, you won't be able to have the FreeBSD 4.8 system be a full blown client of the LDAP server itself. For that, you will need to upgrade to 5.1 where you can install the net/nss_ldap as well as the security/pam_ldap port. I installed from the ports using portintall, couldn't get it to work, and went back and reinstalled doing # make depend # make # make test The install didn't fail any of the tests, although make kept looping through the tests until I hit ^C. But I still have the same problems. If anyone has succeeded in installing OpenLDAP from the ports, I'd be grateful for any pointers. It's generally best to install using ports as that gets you any FreeBSD specific tweaks that have to be made, rather than following the generic Unix install instructions from the software writers. However, once the software is installed, you still need to follow the OpenLDAP installation guide for configuring the server. If you're working from http://www.openldap.org/doc/admin21/quickstart.html, then the ports installation effectively gives you steps 1 -- 7, and you can jump to step 8 directly. You would be well advised to read through section 5 of the admin guide: http://www.openldap.org/doc/admin21/slapdconfig.html so that you can gain a deeper understanding of what the instructions in section 8 of the quick start guide actually do. I'm trying to do the Quick Install described at www.openldap.org. The first problem is that the doc claims that this is supposed to be a non-referring set up, which is what I want, but OpenLDAP complains that there's no referral. So I've uncommented the referral line in slapd.conf. But attempts to add records still fail. When I do search prior to adding records, I get # /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)' dn: objectClass: top objectClass: OpenLDAProotDSE When I try to add records without a referral, I get # ldapadd -x -v -D cn=Manager,dc=domain,dc=net -W -f domain.ldif additional info: referral missing With the referral, I get ldapadd: update failed: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain ldap_add: Referral (10) referrals: ldap://root.openldap.org/dc=domain,dc=net%20%20%20objectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAFU%20%20%20dc:%20domain Configuration # less slap.conf include /usr/local/etc/openldap/schema/core.schema referral ldap://root.openldap.org pidfile /var/run/ldap/slapd.pid argsfile/var/run/ldap/slapd.args databasebdb suffix dc=domain, dc=net rootdn cn=Manager, dc=domain, dc=net rootpw md5 hash directory /var/db/openldap-data index objectClass eq # less domain.ldif dn: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain dn: cn=Manager, dc=domain, dc=net objectclass: organizationalRole cn: Manager What's the BASE setting in /usr/local/etc/openldap/ldap.conf ? That will set the default dn where clients search for data. As it is, your slapd.conf says that it serves the dn appropriate for 'domain.net' The other question is what security settings have you entered into slapd.conf ? The default security setting is 'Allow read by all' and only the rootdn can write anywhere. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: how to set background in a fluxbox desktop
read the documentation at fluxbox.sf.net its all explained there. yussef On Sat, 26 Jul 2003 02:25:09 -0700(PDT) marlon corleone [EMAIL PROTECTED] wrote: anyone got a tip, on how to setup a background in fluxbox? i have eterm and xv installed. i load the image background and i cant get it right, anyone got a tip on how to config this right? thanks and more power. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with NVIDIA drivers
one thing you'll want to do is comment out the Load dri line in XF86Config. what is /var/log/XFree86.0.log report? you might also want to try making your default depth 16, ive had experiences with 24bpp creating unexpected problems. yussef On Fri, 25 Jul 2003 15:54:24-0400 Marc LeMaire[EMAIL PROTECTED] wrote: Hello, I've installed the nvidia drivers from the ports. I've followed the instructions, and all the files are in their directory. But when I'm trying to start X, the machine crash and reboot. I've looked into the archives to see if someone had this problem but they are presently unavailable. p.s.: Could it be possible that this line that I received everytime that I fired up X be the culprit ? bad display name gryphon.krockmitaine.org:0 in remove command. How can I correct this ? This is a fresh install, 4.8, with the latest cvsup. Also, the equipment is a GeForce 256 with a ViewSonic E790. I've included my XF86Config and the config file for my kernel. Thanks in advance Marc ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question on cups
You are right. That is the problem. Thank you! Peng On Sat, 2003-07-26 at 05:21, Konrad Heuer wrote: On 25 Jul 2003, Zhang, Peng wrote: I am running freebsd 4.8 stable, and have cups installed. # pkg_info | grep cups cups-1.1.19.0 The Common UNIX Printing System: Metaport to install comple cups-base-1.1.19.0 The Common UNIX Printing System: headers, libs, daemons cups-lpr-1.1.19.0 The CUPS BSD and system V compatibility binaries (lp* comma cups-pstoraster-7.07 GNU Postscript interpreter for CUPS printing to non-PS prin I copied /usr/local/etc/rc.d/cups.sh.sample to cups.sh, and then ran /usr/local/etc/rc.d/cups.sh start # /usr/local/etc/rc.d/cups.sh start cups: started scheduler. However when I ran ps, I got: # ps aux | grep cups # I can not find cupsd process. Why? Any suggestion? It's sometimes important to verify whether a process is running by entering ps auxww | grep cups because normal ps output is limited to 80 characters; and in case of cupsd, the command shown by ps may be something like /usr/local/sbin/cupsd which may extend beyond column 80. Don't know whether that's the case here, but may be. Regards Konrad Heuer ([EMAIL PROTECTED]) ___ ___ GWDG / __/__ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__//___// Germany -- Zhang, Peng [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configure ftpd port range
Lowell Gilbert [EMAIL PROTECTED] wrote: Thanks for your response, Lowell, as always. John DeStefano writes: Due to ISP restrictions, I must change the default port on which ftpd runs in order to enable ftp access to and from my machine. That would violate the FTP spec, and isn't supported (IIRC) by the standard FreeBSD ftpd. Obviously, I'm not looking to 'violate' any specs, or to have any RFCs changed in order to accomodate my personal server. I'm just looking for a viable solution to a problem that I'm sure others have come across. I had to do the same for my httpd server, but that information was a bit more accessible. Reading material has been sparse, but I've read that adding a port number/range to the ftpd entry /etc/services and /etc/inetd.conf might do the trick. Is this an acceptible way of going about changing the ftp ports? It won't work. Why not? If you were to specify a new port number both in 'services' and 'inetd.conf', and the proper firewall holes were punched, why would it fail? If this box is sitting behind a hardware firewall (Linksys router), what range would you recommend I open in the firewall for a maximum of 5 ftp users? Same question for security on the FBSD box itself? This is going to be a royal pain anyway. The FTP protocol is tricky to get through firewalls, and *very* tricky to get through NAT. If you can use, e.g., scp(1) to move your files around, you'll be in much better shape -- FTP passes cleartext passwords. However, if you're really stuck on FTP (and I am not encouraging you to violate your contract with your ISP, but just giving the advice for informational purposes), there are other FTP daemons that can change the base ports. You'll need to punch holes for the data ports, though. Strangely enough, it sounds like moving away from the stock ftpd, and using a 3PP daemon to configure the new ports, is the way to go. Any suggestions on ports and methods? Quick sidebar: DNS is setting my domainname to my ISP's domain, not my local domain, which is causing some problems. man domainname tells me The super-user can set the domain name by supplying an argument, which I assume means domainname . But this setting does not stick on reboot. Is there an easy fix? According to the FreeBSD Handbook, the FreeBSD FAQ, and the rc.conf(5) manual, setting hostname in /etc/rc.conf is what you're looking for. The handbook merely specifies to use the format: hostname=foo.example.com in rc.conf; it doesn't say what to do when the system automatically changes the hostname on you on boot/reboot, presumably due to DHCP communications. I could be mistaken, but I don't see this topic in the FAQ (which currently covers up to 4.X) at all. 'man' says: If dhclient(8) is used to set the hostname via DHCP, this variable should be set to an empty string. However, I believe that's what's happening now and may be the reason why 'hostname' is getting reset incorrectly; see below: # cat /etc/rc.conf |grep hostname #hostname=gandalf.istari hostname=gandalf hostname=gandalf.Optonline.net My manual entry has been commented out, and new entries made. How would one keep this from getting changed automatically? Thanks, John __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to install a tar.gz from console.
How do u install tar.gz packages from terminal. Dan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cdrom eject - by software?
I have a new hand-me-down PC for my FreeBSD box. After I installed from CD (v 4.8) I discovered that the eject button does not work on this cd-rom drive. Is there any program that will cause the CD to eject? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cdrom eject - by software?
/ports/systuils/eject Utility for ejecting media from CD or optical disk drive. This is a simple program that eject media from CD or optical disk drive. This program work under FreeBSD 2.1.5-RELEASE or later version. :) On Saturday 26 July 2003 07:31 am, Lorin Lund wrote: I have a new hand-me-down PC for my FreeBSD box. After I installed from CD (v 4.8) I discovered that the eject button does not work on this cd-rom drive. Is there any program that will cause the CD to eject? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cdrom eject - by software?
On Sat, 2003-07-26 at 10:31, Lorin Lund wrote: Is there any program that will cause the CD to eject? Here's how I do it. There's no need for special ports like sysutils/eject. -$ cat ~/bin/ejectcd.sh /usr/local/bin/sudo /sbin/umount -v /cdrom /usr/sbin/cdcontrol -v -f /dev/acd0 Eject -- Adam [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up OpenLDAP
On Sat, Jul 26, 2003 at 12:08:48PM +0100, Matthew Seaman wrote: On Sat, Jul 26, 2003 at 02:13:28AM -0400, Bob Hall wrote: OpenLDAP 2.1.22, FBSD 4.8 I'm trying to set up LDAP to store passwords. Eventually I will want to store addresses and do general authentication, but right now I just want to do something really simple: add passwords. While you can run OpenLDAP servers on FreeBSD 4.8 quite happily, you won't be able to have the FreeBSD 4.8 system be a full blown client of the LDAP server itself. For that, you will need to upgrade to 5.1 where you can install the net/nss_ldap as well as the security/pam_ldap port. I installed from the ports using portintall, couldn't get it to work, and went back and reinstalled doing # make depend # make # make test The install didn't fail any of the tests, although make kept looping through the tests until I hit ^C. But I still have the same problems. If anyone has succeeded in installing OpenLDAP from the ports, I'd be grateful for any pointers. It's generally best to install using ports as that gets you any FreeBSD specific tweaks that have to be made, rather than following the generic Unix install instructions from the software writers. I guess what I wrote above wasn't clear. I've installed from the ports. However, once the software is installed, you still need to follow the OpenLDAP installation guide for configuring the server. If you're working from http://www.openldap.org/doc/admin21/quickstart.html, then the ports installation effectively gives you steps 1 -- 7, and you can jump to step 8 directly. Yes, I'm aware of that. I'm following the instructions in the Quick Start Guide, as I explained below. You would be well advised to read through section 5 of the admin guide: http://www.openldap.org/doc/admin21/slapdconfig.html so that you can gain a deeper understanding of what the instructions in section 8 of the quick start guide actually do. I've already read that. There's nothing that suggests why I'm unable to follow the Quick Start instructions. I'm trying to do the Quick Install described at www.openldap.org. The first problem is that the doc claims that this is supposed to be a non-referring set up, which is what I want, but OpenLDAP complains that there's no referral. So I've uncommented the referral line in slapd.conf. But attempts to add records still fail. When I do search prior to adding records, I get # /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)' dn: objectClass: top objectClass: OpenLDAProotDSE When I try to add records without a referral, I get # ldapadd -x -v -D cn=Manager,dc=domain,dc=net -W -f domain.ldif additional info: referral missing With the referral, I get ldapadd: update failed: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain ldap_add: Referral (10) referrals: ldap://root.openldap.org/dc=domain,dc=net%20%20%20objectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAFU%20%20%20dc:%20domain Configuration # less slap.conf include /usr/local/etc/openldap/schema/core.schema referral ldap://root.openldap.org pidfile /var/run/ldap/slapd.pid argsfile/var/run/ldap/slapd.args databasebdb suffix dc=domain, dc=net rootdn cn=Manager, dc=domain, dc=net rootpw md5 hash directory /var/db/openldap-data index objectClass eq # less domain.ldif dn: dc=domain, dc=net objectclass: dcObject objectclass: organization o: SNAFU dc: domain dn: cn=Manager, dc=domain, dc=net objectclass: organizationalRole cn: Manager What's the BASE setting in /usr/local/etc/openldap/ldap.conf ? That will set the default dn where clients search for data. As it is, your slapd.conf says that it serves the dn appropriate for 'domain.net' The default should be my LDAP server. I don't want my server to make any referrals. According to the OpenLDAP website, follwing the Quick Start instructions set up OpenLDAP with no referrals. The instructions say to use your domain name. domain is a substitute for my domain name, which is what is in my slapd.conf file. Why would it matter? The server isn't supposed to be doing any referrals. The other question is what security settings have you entered into slapd.conf ? The default security setting is 'Allow read by all' and only the rootdn can write anywhere. I haven't made any changes to the security settings. Since I following the Quick Start instructions, I've made only the changes described in the Quick Start instructions. My immediate goal is to insert the record described in the Quick Start instructions. Once I'm able to do that, I can worry about altering the
Re: cdrom eject - by software?
On Sat, Jul 26, 2003 at 08:31:02AM -0600, Lorin Lund wrote: I have a new hand-me-down PC for my FreeBSD box. After I installed from CD (v 4.8) I discovered that the eject button does not work on this cd-rom drive. Is there any program that will cause the CD to eject? This may be a dumb question, but did you remember to umount before hitting the eject button? Bob Hall ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
linux Apache on FreeBSD?
I'm trying to use the ColdFusion Server on FreeBSD (5.1 -CURRENT) I have the Linux flavor of ColdFusion, and it installs and runs just fine under Linux emulation. The problem I'm having is using the mod_coldfusion.so SO in apache (v 1.3.28). ColdFusion comes with the .c file and a Makefile to compile you own .so file, but so far I haven't been able to get it to compile. Is there a version of Linux apache that will install in FreeBSD (and if there is where might it and/or it's documentation, be)? If anyone else has tried using ColdFusion on FreeBSD, I'd love to hear some success (or failure) stories/hints/explanations. TIA Tim Kellers CPE/NJIT http://www.njit.edu/publicinfo/newsroom/beastie.php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MRTG Problem
Hi, i'm hving problem in installing the MRTG in my box FreeBSD 5.0-p7, the problem is when i run the ./cfgmaker i got an error of like this: gowee# ./cfgmaker [EMAIL PROTECTED] Can't locate MRTG_lib.pm in @INC (@INC contains: /usr/local/bin/../lib/mrtg2 /usr/local/bin /usr/local/lib/perl5/site_perl/5.6.1/mach /usr/local/lib/perl5/site_perl/5.6.1 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.6.1/BSDPAN /usr/local/lib/perl5/5.6.1/mach /usr/local/lib/perl5/5.6.1 .) at ./cfgmaker line 44. BEGIN failed--compilation aborted at ./cfgmaker line 44. can you help me pls? Best regards and More Power. Jun Vidal (FreeBSD - The Power to Serve) - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MRTG Problem
At 2003-07-26T16:02:46Z, Jun [EMAIL PROTECTED] writes: Hi, i'm hving problem in installing the MRTG in my box FreeBSD 5.0-p7, the problem is when i run the ./cfgmaker i got an error of like this: Any reason you're not using the port? -- Kirk Strauser pgp0.pgp Description: PGP signature
VIA KT600 chipset compatible with FreeBSD?
I have an Epox 8RDA nForce2 motherboard which doesn't seem to like FreeBSD very much. My USB Wireless keyboard and mouse doesn't work correctly on it and FreeBSD doesn't recognize the onboard LAN. However all of this worked on my Gigabyte 7VAXP which is a KT400 chipset. So I was thinking about buying a Gigabyte 7VT600-L which is a KT600 chipset with a Realtek 8101L LAN chip. Will this motherboard work on FreeBSD the way that I need it to? Does anyone know of a time when the nForce2 chipset will be more widely supported on FreeBSD since that seems to becoming a quite popular chipset? -- David Loszewski [EMAIL PROTECTED] BSDAdmins.net - Your #1 source for BSD Collaboration! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
hi how to edit the freebsd 5.1 setup
Hi My name is chris i wanted to know how to edit the freebsd setup i tried and i can't figure it out. And if you guys know how to edit the linux text based setup tell me that if you know Thanks bye Chris Jordan [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hi how to edit the freebsd 5.1 setup
At 2003-07-26T16:38:53Z, chris [EMAIL PROTECTED] writes: My name is chris i wanted to know how to edit the freebsd setup i tried and i can't figure it out. And if you guys know how to edit the linux text based setup tell me that if you know It's not that we don't *want* to help, Chris; it's just that we don't really know what it is you want help with. What setup? What's a linux text based setup? -- Kirk Strauser pgp0.pgp Description: PGP signature
Re: hi how to edit the freebsd 5.1 setup
On Saturday 26 July 2003 12:38 pm, chris wrote: Hi My name is chris i wanted to know how to edit the freebsd setup i tried and i can't figure it out. And if you guys know how to edit the linux text based setup tell me that if you know Did you read the FreeBSD Handbook at freebsd.org? It gives lots of basic information on how to install, configure, troubleshoot, and use FreeBSD, and it applies to 5.1 as well as 4.x. What exactly do you want to configure? It looks like you've got 5.1 installed, so what do you want to do next? -- Matthew Graybosch http://www.starbreaker.net I am become root, shatterer of kernels. PS: If you're using the root account for everyday work, like posting to mailing lists, STOP THIS INSTANT! Read Section 8 of the handbook, Users and Basic Account Management at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/users.html Even if you're the only one who uses the machine, you should use a normal account instead of root, both for security reasons (do you want to leave an open root session unattended while you're in the john?) and to avoid destroying your system if you make a silly mistake. Under Unix, root is GOD, and you have to be careful with that kind of power. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
suid bit files and securing FreeBSD
Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to find-out which files ALREADY HAS suid-bit set. But what files REALLY MUST have it ? I know generalities, as e.g. shell should never have suid bit set, but what if someone has copied any shell to some other location and have set the suid bit ? It's security hole, isn't it ? And what if I have more such files on my machine ? It is not about my machine has been compromited, it is only WHAT IF... Second question is: Has anybody an exact wizard, how to secure the FreeBSD machine. Imagine the situation, the only person who can do anything on that machine is me, and nobody other. I have set very restrictive firewalling, I have removed ALL tty's except two local tty's (I need to work on that machine), but there are still open port 25 and 53 (must be forever), so someone very tricky can compromite my machine. I'm a little bit paranoic, don't I :-))) Cheers, Peter Rosa ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suid bit files and securing FreeBSD
Sorry for disturbing you. This was for security mailing list and I sent it here by mistake Cheers, Peter Rosa - Original Message - From: Peter Rosa [EMAIL PROTECTED] To: FreeBSD Questions [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 7:11 PM Subject: suid bit files and securing FreeBSD Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to find-out which files ALREADY HAS suid-bit set. But what files REALLY MUST have it ? I know generalities, as e.g. shell should never have suid bit set, but what if someone has copied any shell to some other location and have set the suid bit ? It's security hole, isn't it ? And what if I have more such files on my machine ? It is not about my machine has been compromited, it is only WHAT IF... Second question is: Has anybody an exact wizard, how to secure the FreeBSD machine. Imagine the situation, the only person who can do anything on that machine is me, and nobody other. I have set very restrictive firewalling, I have removed ALL tty's except two local tty's (I need to work on that machine), but there are still open port 25 and 53 (must be forever), so someone very tricky can compromite my machine. I'm a little bit paranoic, don't I :-))) Cheers, Peter Rosa ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suid bit files and securing FreeBSD
Second question is: Has anybody an exact wizard, how to secure the FreeBSD machine. Imagine the situation, the only person who can do anything on that machine is me, and nobody other. I have set very restrictive firewalling, I have removed ALL tty's except two local tty's (I need to work on that machine), but there are still open port 25 and 53 (must be forever), so someone very tricky can compromite my machine. I'm a little bit paranoic, don't I :-))) Uhm, yes, you *are* just a wee bit paranoid. But it helps to be paranoid if you're root on somebody else's machine. Great power and great responsibility, right? But if you're concerned with security uber alles, I'm surprised you didn't look into OpenBSD first. According to their site (openbsd.org), they've had only one remote hole in the default install, in more than 7 years! FreeBSD certainly can be secured, but it appears that the developers put performance and reliability first, and then security. Theo de Raadt puts security first. -- Matthew Graybosch http://www.starbreaker.net I am become root, shatterer of kernels. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suid bit files and securing FreeBSD
Hello Matthew,
thank you very much. It's excatly you say. FreeBSD is my option because of
historical reasons. Someone has installed it for me two years ago, and now
I love it (he installed it after two hacks and two reinstallations of RedHat
Linux [I don't want to say, RHL is not good, but FBSD is better :-) {now I
see the storm, like with I'm christian.. mail to this list :-))) } ] ).
Wow, such a short sentence I just produced :-)
Peter Rosa
- Original Message -
From: Matthew Graybosch [EMAIL PROTECTED]
To: Peter Rosa [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, July 26, 2003 7:22 PM
Subject: Re: suid bit files and securing FreeBSD
Second question is: Has anybody an exact wizard, how to secure
the FreeBSD machine. Imagine the situation, the only person who
can do anything on that machine is me, and nobody other. I have
set very restrictive firewalling, I have removed ALL tty's except
two local tty's (I need to work on that machine), but there are
still open port 25 and 53 (must be forever), so someone very
tricky can compromite my machine.
I'm a little bit paranoic, don't I :-)))
Uhm, yes, you *are* just a wee bit paranoid. But it helps to be
paranoid if you're root on somebody else's machine. Great power and
great responsibility, right?
But if you're concerned with security uber alles, I'm surprised you
didn't look into OpenBSD first. According to their site
(openbsd.org), they've had only one remote hole in the default
install, in more than 7 years!
FreeBSD certainly can be secured, but it appears that the developers
put performance and reliability first, and then security. Theo de
Raadt puts security first.
--
Matthew Graybosch
http://www.starbreaker.net
I am become root, shatterer of kernels.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mozilla Thunderbird under Linux compatibility?
David Gerard ([EMAIL PROTECTED]) [030724 06:05]: I'm trying to run a current Thunderbird build for Linux under compatibility. It's quitting with: [EMAIL PROTECTED]:~ $ ./thunderbird/thunderbird ./thunderbird/thunderbird-bin: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory [EMAIL PROTECTED]:~ $ I have installed linux_base-6.1, linux_base-6.1_1 and linux_base-7.1_3. The last of these was enough to make Mozilla Firebird work properly ... Anyone else gotten Thunderbird to work? It turns out that Thunderbird for Linux is compiled against gtk2. My machine has native gtk2, but evidently it wants a Linux gtk2; and there is no linux-gtk port for 2, only for 1.2. How annoying! Looks like I'll have to build it myself. Perhaps someone willl do a port or package for Thunderbird 0.1, which is coming soon ... - d. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
imapd for squirrelmail is not found
I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: suid bit files and securing FreeBSD
Matthew Graybosch wrote: But if you're concerned with security uber alles, I'm surprised you didn't look into OpenBSD first. According to their site (openbsd.org), they've had only one remote hole in the default install, in more than 7 years! Caveat: the default install has almost nothing in it. This is fine if you plan to do almost nothing, but if you install any software, you'll be about as well off as if you were installing that software anywhere else. FreeBSD certainly can be secured, but it appears that the developers put performance and reliability first, and then security. Theo de Raadt puts security first. The BSDs borrow freely from each other. OpenBSD perhaps is a little more aggressive about cryptography in the base system, but the results of OpenBSD audits are often used by Net and Free. Please look up from your BSD Executive Summary article :-) To claim that FreeBSD puts reliability ahead of security doesn't make sense; a compromised system is usually not reliable. Security (and more broadly, stability/reliability) are given a little more consideration than performance, if you want to order them. A competent administrator can secure any system. An incompetent administrator should become competent (on machines unreachable from the internet) before running anything important in publically-reachable space. To the original poster: I take it you are running DNS and SMTP on the FreeBSD machine? Try to avoid BIND 8; use BIND 9 or djbdns for your DNS. Qmail and Postfix have better security records than Sendmail for SMTP; I prefer Postfix for ease of configuration. If you're running a BIND version, run it as user bind in a chroot (at least). I'd worry more about your public services than about SUID bits: if there is no shell access, nobody will be able to take advantage of SUID without first finding a hole allowing shell access. Subscribe to freebsd-security-notifications for, well, security notifications. Keep your ears open for bugs in your MTA or DNS server. With a little vigilance you have little to fear. Good luck, -- Daniel Harris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: imapd for squirrelmail is not found
At 2003-07-26T17:46:44Z, David Banning [EMAIL PROTECTED] writes: I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? Smart-aleck answer: Why, imap! Anyway, how did you install Squirrelmail? Manually or via ports? Do you have an IMAP daemon installed? Did you run 'conf.pl' to tell Squirrelmail what IMAP server it was supposed to contact? -- Kirk Strauser pgp0.pgp Description: PGP signature
Re: imapd for squirrelmail is not found
David Banning wrote: I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? FreeBSD does not come with an imap daemon. You are trying to run a nonexistent one from inetd, apparently. Install and configure an imap daemon from the ports (several are available). -- Daniel Harris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sharing among jails
I was wondering if there's a way I can share my main /usr/ports directory with the jails I'm running. I thought this would save me a LOT of space. I tried just the standard ln -s to the ports directory when I log into the jails and try to access the ports directory I get the following: cd ports ports: Too many levels of symbolic links. Is there a way I can share this directory with my jails. Someone told me to try a hard link but I haven't been able to find the info on how to do this, (ln /usr/ports ports returns ln: /usr/ports/: Is a directory) and everyone else says not to use hard links at all. Whats the best way to go about sharing this directory with my jails? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing among jails
On Sat, Jul 26, 2003 at 11:29:06AM -0700, User KATRINA wrote: I was wondering if there's a way I can share my main /usr/ports directory with the jails I'm running. I thought this would save me a LOT of space. I tried just the standard ln -s to the ports directory when I log into the jails and try to access the ports directory I get the following: cd ports ports: Too many levels of symbolic links. Is there a way I can share this directory with my jails. Someone told me to try a hard link but I haven't been able to find the info on how to do this, (ln /usr/ports ports returns ln: /usr/ports/: Is a directory) and everyone else says not to use hard links at all. Whats the best way to go about sharing this directory with my jails? IMHO, the best way would be to use mount_union or mount_null (I still can't figure out what's the difference between them...) of the ports directory. However, that said, I tried that myself about a year back, and accesses in the jail caused my FreeBSD machine to lock up solid. So I guess the warnings in the BUGS section of the mount_union and mount_null man pages are still in full effect. I do wish these would have gotten fixed though, they seem ideal for making jails (mounting nullfs or unionfs on top of a template jail is so much more elegant than making copies...) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: imapd for squirrelmail is not found
On Sat, Jul 26, 2003 at 12:55:18PM -0500, Kirk Strauser wrote: At 2003-07-26T17:46:44Z, David Banning [EMAIL PROTECTED] writes: I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? Smart-aleck answer: Why, imap! Anyway, how did you install Squirrelmail? Manually or via ports? Do you have an IMAP daemon installed? No. I am in the process of installing Cyrus-imapd but it seems very complicated. Especially when you consider openwebmail just installs and runs, without out any imap requirement, seemingly. Is there anyway around this long and complicated syrus imap install? Maybe a smaller simpler one? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: imapd for squirrelmail is not found
At 2003-07-26T20:43:55Z, David Banning [EMAIL PROTECTED] writes: Is there anyway around this long and complicated syrus imap install? Maybe a smaller simpler one? As it just so happens, I wrote a HOWTO on installing Cyrus on FreeBSD: http://subwiki.honeypot.net/cgi-bin/view/Freebsd/SendMailAndCyrus -- Kirk Strauser pgp0.pgp Description: PGP signature
Unable to open /dev/io
Earlier, I had asked a question on how to write a byte to the parallel port. And Daan Vreeken was kind enough to point me to a litle c-source that uses /dev/io. Unfortunately, as I just found out, when I raise kern.securelevel to 2 (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means I can no longer use this method; because there is no way I will allow my production server to run at kern.securelevel lower than 2. Which means I am back to square one. :( Sigh. Is there then no way to write a simple 0 or 1 to the parallel port, without compromizing the security of the server at large? Thanks, - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to install a tar.gz from console.
How do u install tar.gz packages from terminal. cd install-directory tar xvfz tar.gz directory/file-name.tar.gz or am I missing something? Mike Squires ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to install a tar.gz from console.
On Saturday 26 July 2003 05:49 pm, Michael L. Squires wrote: How do u install tar.gz packages from terminal. cd install-directory tar xvfz tar.gz directory/file-name.tar.gz or am I missing something? Are you trying to install a software package with a name like foobar.tgz? You have to use the pkg_add tool. If you just want to unzip it, then tar xzvf $archive will do, or tar xjvf $archive if it's compressed with bzip2 (*.tar.bz2) instead of gzip (*.tar.gz) Does this help? -- Matthew Graybosch http://www.starbreaker.net I am become root, shatterer of kernels. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Changing gnome fonts from KDE
Hi, Does anyone know how to change gnome fonts from KDE/command-line? I tried running gnome-control-center, which worked, but only the fonts for the control center and gthumb have changed. Maybe gnome-control-center only changes fonts for gnome2? In that case, how do I change fonts for gnome1? I want GIMP, Grip, and GnuCash fonts to change too! Thanks, -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Changing gnome fonts from KDE
On Saturday 26 July 2003 06:57 pm, Jesse Guardiani wrote: Maybe gnome-control-center only changes fonts for gnome2? In that case, how do I change fonts for gnome1? I want GIMP, Grip, and GnuCash fonts to change too! Install gtk-theme-switch and use that to change fonts for GTK 1.x apps. -- Matthew Graybosch http://www.starbreaker.net I am become root, shatterer of kernels. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
New Laptop
I am considering buying a new laptop (my current one is a Dell Inspiron PII-233 without a CD Drive (it broke :( )) I just simply want to know if there is a particluar range of laptops that work better with FreeBSD. ie: they use totally standard quality hardware, no panic on installs, also good value for money. I have had all good experiences with my Dell Inspiron regarding FreeBSD, but the time has come to improve my hardware. Cheers :) /// [EMAIL PROTECTED] \\\ AAFE Audio, Amiga and FreeBSD Enthusiast :p \ http://www.fastmail.fm // ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installing packages
On Sat, Jul 26, 2003 at 09:06:58AM +0200, Ian Todd wrote: Hi How do u install .tbz packages from terminal. I am trying to install samba off the freebsd cd samba-2.2.7a.tbz with out any luck. Use the pkg_add command. e.g. cd /cdrom/packages/All pkg_add samba-2.2.7a.tbz Kris pgp0.pgp Description: PGP signature
Re: suid bit files and securing FreeBSD
Peter Rosa wrote: [ ... ] I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to find-out which files ALREADY HAS suid-bit set. But what files REALLY MUST have it ? The files which ship setuid REALLY MUST have the setuid-bit for the underlying programs to work normally for a non-root user. If you don't care about non-root users having a normal environment, you can probably remove the setuid-bit from every program. [ Things like 'su' won't function, nor will 'ping', any utility like ps, netstat, etc which grovel in kernel data structures, etc. ] I know generalities, as e.g. shell should never have suid bit set, but what if someone has copied any shell to some other location and have set the suid bit ? It's security hole, isn't it ? Yes. And what if I have more such files on my machine ? You would have more security holes. It is not about my machine has been compromited, it is only WHAT IF... Second question is: Has anybody an exact wizard, how to secure the FreeBSD machine. Imagine the situation, the only person who can do anything on that machine is me, and nobody other. I have set very restrictive firewalling, I have removed ALL tty's except two local tty's (I need to work on that machine), but there are still open port 25 and 53 (must be forever), so someone very tricky can compromite my machine. Disconnect the machine from the network and lock it in a vault: that's a secure system. If you can't do that, say because you need to run network services on this system, then you need to stay up-to-date with regard to those services, and upgrade or apply patches as appropriate, ie, if a security hole is announced. Contorting the system in the fashion you describe gives little security benefit. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to open /dev/io
- Original Message - From: Jerry McAllister [EMAIL PROTECTED] To: Mark [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 1:20 AM Subject: Re: Unable to open /dev/io Earlier, I had asked a question on how to write a byte to the parallel port. And Daan Vreeken was kind enough to point me to a litle c-source that uses /dev/io. Unfortunately, as I just found out, when I raise kern.securelevel to 2 (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means I can no longer use this method; because there is no way I will allow my production server to run at kern.securelevel lower than 2. Which means I am back to square one. :( Sigh. Is there then no way to write a simple 0 or 1 to the parallel port, without compromizing the security of the server at large? Do you really need to set the secure level to 2? Yes. :) Because, as the man-pages say, This level precludes tampering with filesystems by unmounting them. Besides, even on securelevel 1 you can no longer open /dev/io for writing. So, that would mean I'd have to drop all the way to securelevel 0; and that is a steep fall. What for? I may not run the Pentagon, but I maintain certain security standards. :) One of them is, that I do not lower the entire server to Insecure mode just so I can side-step a certain problem. If I start taking short-cuts like that, I might as well quit tomorrow. - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing among jails
On Sat, Jul 26, 2003 at 11:29:06AM -0700, User KATRINA wrote: I was wondering if there's a way I can share my main /usr/ports directory with the jails I'm running. I thought this would save me a LOT of space. I just NFS export /usr/ports and then mount it either inside the jail, or on the host system. Best wishes, -lewiz. -- NEWS FLASH!! Today the East German pole-vault champion became the West German pole-vault champion. -| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |- pgp0.pgp Description: PGP signature
Re: Mozilla Thunderbird under Linux compatibility?
On Sat, 2003-07-26 at 13:44, David Gerard wrote: David Gerard ([EMAIL PROTECTED]) [030724 06:05]: I'm trying to run a current Thunderbird build for Linux under compatibility. It's quitting with: [EMAIL PROTECTED]:~ $ ./thunderbird/thunderbird ./thunderbird/thunderbird-bin: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory [EMAIL PROTECTED]:~ $ I have installed linux_base-6.1, linux_base-6.1_1 and linux_base-7.1_3. The last of these was enough to make Mozilla Firebird work properly ... Anyone else gotten Thunderbird to work? It turns out that Thunderbird for Linux is compiled against gtk2. My machine has native gtk2, but evidently it wants a Linux gtk2; and there is no linux-gtk port for 2, only for 1.2. How annoying! Looks like I'll have to build it myself. Perhaps someone willl do a port or package for Thunderbird 0.1, which is coming soon ... As soon as a tarball is released, I plan on doing a port to accompany mozilla-firebird. Joe - d. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: imapd for squirrelmail is not found
On Sat, 2003-07-26 at 16:43, David Banning wrote: On Sat, Jul 26, 2003 at 12:55:18PM -0500, Kirk Strauser wrote: At 2003-07-26T17:46:44Z, David Banning [EMAIL PROTECTED] writes: I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? Smart-aleck answer: Why, imap! Anyway, how did you install Squirrelmail? Manually or via ports? Do you have an IMAP daemon installed? No. I am in the process of installing Cyrus-imapd but it seems very complicated. Especially when you consider openwebmail just installs and runs, without out any imap requirement, seemingly. Is there anyway around this long and complicated syrus imap install? Maybe a smaller simpler one? While I may get flamed for this, I use uw-imap, and it works quite well for me. It's extremely simple to install and setup (/usr/ports/mail/imap-uw). Joe ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: imapd for squirrelmail is not found
On Saturday 26 July 2003 07:58 pm, Joe Marcus Clarke wrote: On Sat, 2003-07-26 at 16:43, David Banning wrote: On Sat, Jul 26, 2003 at 12:55:18PM -0500, Kirk Strauser wrote: At 2003-07-26T17:46:44Z, David Banning [EMAIL PROTECTED] writes: I am attempting to run squirrelmail and during login it is attempting to run; inetd[20151]: cannot execute /usr/local/libexec/imapd what exactly is missing here? Smart-aleck answer: Why, imap! Anyway, how did you install Squirrelmail? Manually or via ports? Do you have an IMAP daemon installed? No. I am in the process of installing Cyrus-imapd but it seems very complicated. Especially when you consider openwebmail just installs and runs, without out any imap requirement, seemingly. Is there anyway around this long and complicated syrus imap install? Maybe a smaller simpler one? While I may get flamed for this, I use uw-imap, and it works quite well for me. It's extremely simple to install and setup (/usr/ports/mail/imap-uw). Joe I also have uw-imap installed on one of my student servers. It's configured to allow only imaps and pop3s connections, supports imp and squirrelmail just fine. And compared to cyrus (which is a terrific imapd/pop3d server) it is a snap to install/configure. Tim Kellers CPE/NJIT http://www.njit.edu/publicinfo/newsroom/beastie.php ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: imapd for squirrelmail is not found
On Sat, Jul 26, 2003 at 03:53:28PM -0500, Kirk Strauser wrote: At 2003-07-26T20:43:55Z, David Banning [EMAIL PROTECTED] writes: Is there anyway around this long and complicated syrus imap install? Maybe a smaller simpler one? As it just so happens, I wrote a HOWTO on installing Cyrus on FreeBSD: http://subwiki.honeypot.net/cgi-bin/view/Freebsd/SendMailAndCyrus Well thanks for this Kirk, but I'm afraid for me it just isn't that easy. I followed your howto but got stuck in the following places; -There was no sasl.sh anywhere. There was not *.sh.example in /usr/local/etc/rc.d either. I did start imapd.sh, but here are the errors; Jul 26 20:38:10 3s1 ctl_mboxlist: ctl_mboxlist -r is deprecated: use ctl_cyrusdb -r instead Jul 26 20:38:10 3s1 ctl_mboxlist[169]: running mboxlist recovery y 22 10:59:53 EDT 2003) standalone mode STARTUP Jul 26 20:38:12 3s1 ctl_mboxlist[169]: done running mboxlist recovery Jul 26 20:38:13 3s1 master[166]: unable to bind socket for service lmtpunix: Add ress already in use Jul 26 20:38:13 3s1 master[166]: unable to create lmtpunix listener socket: Addr ess already in use Jul 26 20:38:13 3s1 master[166]: ready for work Jul 26 20:38:13 3s1 ctl_deliver[215]: duplicate_prune: pruning back 3 days Jul 26 20:38:13 3s1 ctl_mboxlist: ctl_mboxlist -c is deprecated: use ctl_cyrusdb -c instead Jul 26 20:38:13 3s1 ctl_deliver[215]: duplicate_prune: purged 0 out of 0 entries Jul 26 20:38:13 3s1 ctl_mboxlist[216]: checkpointing mboxlist When I attempted the cyradm localhost I got the following errors; Jul 26 20:39:13 3s1 imapd[284]: OTP unavailable because can't read/write key dat abase /etc/opiekeys: Permission denied Jul 26 20:39:16 3s1 imapd[284]: no user in db Jul 26 20:39:16 3s1 imapd[284]: no user in db Jul 26 20:39:16 3s1 imapd[284]: no secret in database Jul 26 20:39:16 3s1 imapd[284]: badlogin: localhost[127.0.0.1] DIGEST-MD5 [SASL I attempted to put 127.0.0.1 255.255.255.255 in the opieaccess file but it makes not difference. Anything clear to you from the above? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cannot change password?
Hi list! After upgrading a test-box I have from a fine working 4.8-REL to a 5.1-REL, I seem to be unable to change passwords from the commandline: severe# passwd nivo Changing local password for nivo severe# no password prompt, no nothing. When a user tries to change his own password, the same thing happens. Could anyone give me a hint where to start searching, in order to enable this again ? Grtz, Nils. -- Simple guidelines to happiness: Work like you don't need the money, love like your heart has never been broken and dance like no one can see you. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New Laptop
[Format recovered--see http://www.lemis.com/email/email-format.html] Long/short syndrome. On Saturday, 26 July 2003 at 15:13:41 -0800, Thanjee Neefam wrote: I am considering buying a new laptop (my current one is a Dell Inspiron PII-233 without a CD Drive (it broke :( )) I just simply want to know if there is a particluar range of laptops that work better with FreeBSD. ie: they use totally standard quality hardware, no panic on installs, also good value for money. I have had all good experiences with my Dell Inspiron regarding FreeBSD, but the time has come to improve my hardware. I have also had a number of Dell laptops and have been relatively satisfied, so when the time came to buy a new one, I bought an Inspiron 5100. I have just got it (3 days ago), and I've spent all the intervening time trying to set it up. Problems include: - The onboard Ethernet chip (Broadcomm 4400) isn't supported. A driver is under development, but the current version is very flaky. - Out of the box, the system will freeze up if you put in any PCMCIA card. You can fix this one with the following entry in your /boot/loader.conf: hw.pci.allow_unsupported_io_range=1 This problem also affects the Inspiron 5150. - I can't get X to start. This problem does not affect the Inspiron 5150. It appears to be a problem mapping the video BIOS, and I'm currently working on it. - It's missing a lot of the legacy connectors, like serial and parallel ports and a PS/2 keyboard connector. This means that if I want to use an external mouse or keyboard, I have to buy a USB one, and I can't do remote kernel debugging with it. It also has no floppy, which is only a problem if you can't get the network to work :-) On the plus side, the price is good, and it has firewire as well as USB. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers pgp0.pgp Description: PGP signature
Re: laptop question for this or the mobile group?
On Thursday, 24 July 2003 at 21:47:23 -0700, Karl Agee wrote: I am having problems getting X set up properly on a laptop. Should I post the question here or on the mobile list? Start here, but give some details. If this is a Dell Inspiron 5100, I'm working on it. Greg -- See complete headers for address and phone numbers pgp0.pgp Description: PGP signature
linux-sun-JDK13 stopped working with netscape 7.1
Hello I had linux-sun-JDK13 working perfectly with netscape 7.02 and now I installed netscape 7.1 using the port and the java plugin doesn't work any more, it gives me this error: LoadPlugin: failed to initialize shared library /usr/local/linux-sun-jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so [/usr/local/linux-sun-jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so: undefined symbol: __vt_17nsGetServiceByCID] linux: 'ipc' typ=258 not implemented Any ideas? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot change password?
On Sun, Jul 27, 2003 at 03:13:24AM +0200, Nils Vogels wrote: Hi list! After upgrading a test-box I have from a fine working 4.8-REL to a 5.1-REL, I seem to be unable to change passwords from the commandline: severe# passwd nivo Changing local password for nivo severe# no password prompt, no nothing. When a user tries to change his own password, the same thing happens. Could anyone give me a hint where to start searching, in order to enable this again ? Did you run mergemaster after making world? Check whether you have a stale /etc/pam.conf file (this is not used in 5.x) Kris pgp0.pgp Description: PGP signature
ipfw intricacies?
Hi, I have a fbsd box that runs its own firewall.. and tonight I learned my lesson about trying to configure it remotely :) Anyways, I'm trying to find some better documentation. The manpage says nothing about what options it can take in this example: 00903 allow igmp from any to any 00904 allow udp from any to any dst-port 520 I found out that I can allow igmp becuse I just tried it and it worked... and as you can see on the next line, I'm allowing RIP by the port because allow rip doesn't work. I have not been able to find a list of commands that it can take, so I was hoping someone had a link :) #2: I converted to stateful filtering. If anyone sees anything wrong with my config, I'd be grateful for some feedback. Basically, I'm trying to allow anything out of this box, and allow anything in below port 1024, with the few exceptions show below. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00800 check-state 00900 allow ip from any to any out xmit fxp0 keep-state 00901 allow ip from any to any via fxp0 established 00902 allow pim from any to any 00903 allow igmp from any to any 00904 allow udp from any to any dst-port 520 01001 allow icmp from any to any 01002 allow ip from any to any in dst-port 1-1024 keep-state 01003 allow ip from my.block.0.0/16 to any dst-port 2049 07000 deny tcp from any to any dst-port 6001 08000 deny udp from any to any dst-port 1985 3 deny log ip from any to any whining One weirdness that really drove me crazy was when I tried to keep my allow rule in place like this: [ normal rules go here, without the 3 deny ] 6 allow log ip from any to any keep-state My purpose was to log anything that actually hit that rule, and try to figure out what I wasn't covering above (before actually using the 'deny' rule). I put the keep-state on there so I could see what was happening with `ipfw -d show`. BAD idea :) It seems the check-state will skip all other rules and first look for any limit or keep-state rules? Very odd. When I removed the keep-state, it started working as I'd hoped, and rule 6 was never hit. I really don't fully understand what was happening there. IP filter on my home firewall seemed much simpler for some reason. /whining --Charlie ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sharing among jails
On Sat, 26 Jul 2003, BSD wrote: IMHO, the best way would be to use mount_union or mount_null (I still can't figure out what's the difference between them...) of the ports directory. However, that said, I tried that myself about a year back, and accesses in the jail caused my FreeBSD machine to lock up solid. So I guess the warnings in the BUGS section of the mount_union and mount_null man pages are still in full effect. *Alot* has changed in a year ... I use UNIONFS to share between 60 jails on one server right now, and the server has been purring *knock on wood* up 19+08:28, 0 users, load 10.66, 11.52, 10.17 As for the difference between UNION and NULL ... and someone more knowledge will hopefully correct me, but based on my experience ... If you UNIONfs a file system over top of another, you can use NULLfs to seperate the two ... as an example, if you UNIONFS /usr/ports under /jail/usr/ports and do a du of /jail/usr/ports, you will get everything ... if you NULLFS mount /jail/usr/ports to /null/usr/ports, and do /null/usr/ports, you will get only those files that are *on* /jail/usr/ports ... Basically, NULLFS gives the same result as if you unmounted the UNIONFS and looked at /jail/usr/ports ... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to open /dev/io
On Sun, 27 Jul 2003 07:19, Mark wrote: Earlier, I had asked a question on how to write a byte to the parallel port. And Daan Vreeken was kind enough to point me to a litle c-source that uses /dev/io. Unfortunately, as I just found out, when I raise kern.securelevel to 2 (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means I can no longer use this method; because there is no way I will allow my production server to run at kern.securelevel lower than 2. Which means I am back to square one. :( Sigh. Is there then no way to write a simple 0 or 1 to the parallel port, without compromizing the security of the server at large? I also responded to your original enquiry suggesting that you might also look at accessing the parallel port via /dev/ppi0 which can set the data port using an ioctl() call -- man page ppi(4) I believe this has less restrictions than /dev/io opening the whole device port area. This might circumvent your problem. Thanks, - Mark Malcolm Kay ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/dev/psm0
I recently installed fbsd on my Sony Vaio. I am unable to get my trackpad mouse to work under X. I noticed that the device psm0 is not on the system under /dev. How do I get a trackpad mouse to work? DJ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
