authdaemond issues / breakage after upgrade to 8.0
I recently upgraded from FreeBSD 7.2 to 8.0. This resulted in a strange error with authdaemond (part of the Courier imap package, used to authenticate users) when used in conjunction with postfix; I've rebuilt all of the packages, but the config they're using has worked since the 6.0 days. I attempt to send a message using SASL and get the following in my logs (passwords and hashes have been consistently redacted; nothing else has been altered): Dec 1 14:49:06 alcatraz authdaemond: Authenticated: sysusername=, sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/, address=...@sequestered.net, fullname=Jay Chandler, maildir=sequestered.net/j...@sequestered.net/, quota=102400S, options= Dec 1 14:49:06 alcatraz authdaemond: Authenticated: clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1 Dec 1 14:49:06 alcatraz imapd-ssl: LOGIN, user=...@sequestered.net, ip=[166.191.99.147], port=[52341], protocol=IMAP Dec 1 14:49:07 alcatraz imapd-ssl: LOGOUT, user=...@sequestered.net, ip=[166.191.99.147], headers=0, body=0, rcvd=25, sent=699, time=1, starttls=1 Dec 1 14:49:08 alcatraz imapd-ssl: LOGIN, user=...@sequestered.net, ip=[166.191.99.147], port=[52342], protocol=IMAP Dec 1 14:49:08 alcatraz authdaemond: Authenticated: sysusername=, sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/, address=...@sequestered.net, fullname=Jay Chandler, maildir=sequestered.net/j...@sequestered.net/, quota=102400S, options= Dec 1 14:49:08 alcatraz authdaemond: Authenticated: clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1 Dec 1 14:49:11 alcatraz imapd-ssl: LOGIN, user=...@sequestered.net, ip=[166.191.99.147], port=[52343], protocol=IMAP Dec 1 14:49:11 alcatraz authdaemond: Authenticated: sysusername=, sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/, address=...@sequestered.net, fullname=Jay Chandler, maildir=sequestered.net/j...@sequestered.net/, quota=102400S, options= Dec 1 14:49:11 alcatraz authdaemond: Authenticated: clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1 It appears I'm authing correctly; in fact, authtest shows: alcatraz# authtest j...@sequestered.net omgponies Authentication succeeded. Authenticated: j...@sequestered.net (uid 1008, gid 1008) Home Directory: /usr/local/virtual/ Maildir: sequestered.net/j...@sequestered.net/ Quota: 102400S Encrypted Password: $1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp Cleartext Password: omgponies Options: wbnodsn=1 At this point I'm at a loss as to what else I can try. I've included saslfinger and postconf -n output below. saslfinger - postfix Cyrus sasl configuration Tue Dec 1 18:18:47 PST 2009 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.6.5 -- smtpd is linked to -- libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28114000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /usr/local/etc/postfix/mail.pem smtpd_tls_cert_file = /usr/local/etc/postfix/mail.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes -- listing of /usr/local/lib/sasl2 -- total 508 drwxr-xr-x 2 root wheel 1024 Dec 1 13:20 . drwxr-xr-x 22 root wheel 13312 Dec 1 16:50 .. -rw-r--r-- 1 root wheel 12652 Dec 1 13:20 libanonymous.a -rwxr-xr-x 1 root wheel957 Dec 1 13:20 libanonymous.la -rwxr-xr-x 1 root wheel 16078 Dec 1 13:20 libanonymous.so -rwxr-xr-x 1 root wheel 16078 Dec 1 13:20 libanonymous.so.2 -rw-r--r-- 1 root wheel 14866 Dec 1 13:20 libcrammd5.a -rwxr-xr-x 1 root wheel943 Dec 1 13:20 libcrammd5.la -rwxr-xr-x 1 root wheel 18370 Dec 1 13:20 libcrammd5.so -rwxr-xr-x 1 root wheel 18370 Dec 1 13:20 libcrammd5.so.2 -rw-r--r-- 1 root wheel 44016 Dec 1 13:20 libdigestmd5.a -rwxr-xr-x 1 root wheel966 Dec 1 13:20 libdigestmd5.la -rwxr-xr-x 1 root wheel 46792 Dec 1 13:20 libdigestmd5.so -rwxr-xr-x 1 root wheel 46792 Dec 1 13:20 libdigestmd5.so.2 -rw-r--r-- 1 root wheel 22040 Dec 1 13:20 libgssapiv2.a -rwxr-xr-x 1 root wheel 1038 Dec 1 13:20 libgssapiv2.la -rwxr-xr-x 1 root wheel 26726 Dec 1 13:20 libgssapiv2.so -rwxr-xr-x 1 root wheel 26726 Dec 1 13:20 libgssapiv2.so.2 -rw-r--r-- 1 root wheel 12978 Dec 1 13:20 liblogin.a -rwxr-xr-x 1 root wheel937 Dec 1 13:20 liblogin.la -rwxr-xr-x 1 root wheel 16431 Dec 1 13:20 liblogin.so -rwxr-xr-x 1 root wheel 16431 Dec 1 13:20 liblogin.so.2 -rw-r--r-- 1 root wheel 13170 Dec 1 13:20 libplain.a -rwxr-xr-x 1 root wheel937 Dec 1 13:20 libplain.la -rwxr-xr-x 1 root wheel 16489 Dec 1 13:20 libplain.so -rwxr-xr-x 1
Re: Wireless router?
Mel wrote: On Monday 22 December 2008 14:48:52 Corey Chandler wrote: Failing that, the Linksys WRT54GL isn't a half bad unit. Yes it is a half bad unit. Absolutely-- if you're running out of the box firmware. I use DD-WRT or Tomato specifically to get around the issues you describe. The reason I go for the GL is that it's a more robust platform than their standard wrt-54g, which for some ungodly reason they started stripping flash and processing power out of after their switch to VxWorks. --CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Wireless router?
Roger Olofsson wrote: Corey Chandler skrev: Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to "pass everything through" to the internal LAN that I already have. It's called "Bridge mode" on most APs-- it does exactly what you describe. Just make sure things like "DHCP server" are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Corey, I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - as well as ips to the FreeBSD gateway and dns. This is for the LAN part of the router - then another internal LAN ip for the wifi part. To examplify. Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 192.168.0.10 and 192.168.0.11. Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: how can i be certain that a file has copied exactly?
Gary Kline wrote: folks, is there a way i can be sure that my little C program has copied a dos/win file named, say, foo.htm\;7 to simply foo.htm? my program uses fopen/fgets/fputs to copy the markup files. of the several i have copied, no problem. unless i hack cmp or diff, i have to avoid the shell. any ideas? in other words, does anybody have a prefab cmp(oldfile, newfile) fn? gary http://www.daemonology.net/bsdiff/ seems to maybe do what you want-- essentially diff should solve your problem, although I'm not too clear on how that works on differently compiled binaries. I also seem to recall there was a test function that returned different results based on if the two files mentioned as arguments were identical, but I can't recall offhand quite what it was. -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Wireless router?
Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to "pass everything through" to the internal LAN that I already have. It's called "Bridge mode" on most APs-- it does exactly what you describe. Just make sure things like "DHCP server" are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Wireless router?
Roger Olofsson wrote: Nerius Landys skrev: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of "wireless server equiptment" if such a thing exists? Would a normal wireless card suffice? What model should I get? I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Nerius, I simply bought a standard wireless router, turned off all services in it except the access list and plugged it in the LAN. The access list filters on mac addresses and that level of security is fine where I live. The wireless router does have firewall, dhcp, port triggering and such but I disabled all of those since my FreeBSDs do all of that already. The wireless router has one port for internet and four ports as a normal switch, I don't use the internet port. I just plug in the ethernet cable in the switch part as uplink. I considered having a wifi nic as accesspoint in the FreeBSD main router, however, it was better for me to be able to place the wifi router for optimal range of the wifi. Turned out that the centre point for wifi is not the same as where the main router is Greetings /Roger This is definitely the route I'd go. I'm a BIG fan of the Buffalo wireless access points if they've re-entered the channel near you (a patent troll prevented their sale for the last 18 months, but that court case was just overturned), as they support DD-WRT. Failing that, the Linksys WRT54GL isn't a half bad unit. Custom firmware (dd-wrt, OpenWRT, Tomato) also give you a lot finer grained control over what happens on the AP. -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Snow in my Server
Glen Barber wrote: This may be kind of late to bring this up, but... I sincerely hope the OP did not have a real issue... Cheers. I dunno, the idea of some idiot sitting somewhere with his servers in a snowbank upset because dozens of people responded to his earnest plea for help with laughter... I'd like to say I have more faith in people than that, but... -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sed question
Gary Kline wrote: how can i delete, say, lines 8,9,and 10 from 200 files using sed? Is it sed '8,10d'< file> newfile or is there a better way? I'd stick it in a for loop using inplace editing, but yes. :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Snow in my Server
Gary Hartl wrote: Help, I'm in southern Ontario and I have 20cm of snow on my freebsd 7-release server. IT seems to be causeing some http outages. My FBSD 6-.0 doesn't seem to be affected thou. Any suggestions, Cheers, Gary Hi, Gary! Have you tried 'pkill xsnow'? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Which ISO do i need
Gary Hartl wrote: Hi all; Ok so I 'm going with the reinstall option me thinks and I'm gonna try 7.0. I want to do a install over ftp since my just too lazy to burn all those disks. Would I just need the bootonly.iso? I'm doing a sparc64 install. Thanks Gary If sparc64 has a bootonlyiso, that's all you need to do a network install... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"