Re: OpenVPN Setup
On 5/10/2011 3:55 PM, Bill Tillman wrote: I have a FreeBSD-8.2-STABLE server running OpenVPN. What I'm trying to do is to be able to access my LAN with my M$ Windows laptop using a M$ compatible client. I read the manpage and it basically sets forth examples in which there will be two (2) OpenVPN servers. In my case I will only have one OpenVPN server and my laptop out there on the road. And of course I won't know the IP address of my laptop until I connect out there somewhere. Can anyone recommend how to do this or where I can read more about how to use OpenVPN with only one server? There's a client for Windows from the OpenVPN folks available under http://openvpn.net/index.php/open-source/downloads.html If you're on Windows 7, Install is by running it as administrator, and configure the shortcut to run the client itself as administrator. You should then have a nice roaming setup. -- Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Does NAT require DNS (named)?
Gary Dunn wrote: Continuing the saga of building a wireless access point, what is the best way to provide DNS service to the dowstream network? Seems like all I need is a simple pass-through. For that named seems like overkill. Anyone have an /etc/named/named.conf that does that? I normally run a copy of djbdns on the private IP, having private clients use that for DNS. Alternately, the private clients could just use your ISP's caching servers, which should work without any other configuration (possibly an allowance on the firewall). - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSHD/Kerberos on FreeBSD 7 STABLE
Ansar Mohammed wrote: Is sshd compiled with Kerberos support on freebsd 7.0? Yup: ldd /usr/sbin/sshd: ... libgssapi.so.9 = /usr/lib/libgssapi.so.9 (0x28124000) libkrb5.so.9 = /usr/lib/libkrb5.so.9 (0x2812b000) ... Otherwise, you should be able to use PAM, with /etc/pam.d/sshd having the line authsufficient pam_krb5.so before authrequiredpam_unix.so - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo, LDAP, and Kerberos
I'm setting up a centralized Kerberos/LDAP authentication system and trying to get sudo to use a) Kerberos for the password, and b) LDAP for a non-local user's group. Locally on a client system /etc/sudoers specifies %sysadmin to be able to sudo to root. I don't need to move sudoers to LDAP just yet. I've had success on some machines compiling sudo from source with --enable-kerb5 and --enable-ldap. But on many other systems sudo segfaults, or returns bus errors, and overall gave me nothing but grief. So I'm looking for alternate ways of supplying sudo with a user's group. Is it possible to compile sudo (without kerberos and ldap support) and configure a pam.d file (/etc/pam.d/sudo) to interact with kerberos and LDAP? I created a sudo file with authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_krb5.so warn try_first_pass ... and running sudo (compiled with only a ./configure, no other options) as a non-local user I successfully authenticate, but then sudo has no idea of the group this user belongs to and says not in the sudoers file. Is it possible to use PAM as a go-between for sudo and the remote LDAP system to provide sudo with the user's group info? How has everyone else set up a central auth system? Seems to me sudo's configure script has some flaws and I don't want to rely on it. Maybe there's a better way, but aside from sudo acting up, the above would be a fine set up for me. Any pointers appreciated. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LDAP user authentication?
Jon Theil Nielsen wrote: I have googled for a very long time, but I haven't found any useful howto on this issue. Well, there is http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html but that seems to be a bit confusing an not up-to-date. I guess it _should_ be possible - and indeed very useful (especially combinde with Samba PDC and an easily maintainlable mail server). So please, if you have any experiences or knowledge of a useful description..! Regards, Jon Theil Nielsen At the risk of a thread-jack... how are home directories handled? Will 'user' have a home dir on the local system? I suppose once LDAP is set up properly, you can then create the home dir, then chown it 'user', with 'user' not being a local user and not in passwd/master.passwd files. So when you chown/chgrp, those commands go through pam/nss/ldap to retrieve the proper id and name from the LDAP server? For anyone that runs such a system, is there a delay when logging in or 'ls -l'ing an LDAP user's files, etc? Or is it unnoticeable if the network between them is resonably responsive? - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Integrating Postfix + Amavisd-new + Clamav + DSpam + DBmail
Tek Bahadur Limbu wrote: Since I am very new to database terminology, how scalable is a database in terms of the data storage size. I mean suppose, we have 2 users each with a quota of 1 GB. What will eventually happen if they all used up their quotas. That will be about 20 TB in size!! Thanking you... You should also consider that DSPAM, fully trained, can grow very large. I use a single username for a dozen email boxes, and the database is 3.5GB. Though you can trim it by dropping tokens that aren't as accurate, or aren't as frequently used, it could still become big, especially with a lot of users. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 6.X and postfix/postmap - corrupt maps
Hi there, I am unable to use the 'postmap' program under 6.0- or 6.1-RELEASE. Instead of building a valid hash map, it puts in various data from what appears to be my /etc/master.passwd file, complete with crypted password. I believe that this is some type of a library issue. I'm doing this with postfix-2.3.2 downloaded right off the website, but the same happened with earlier releases, as well as an install from the ports. As an example, I use the file 'transport' which contains # cat /etc/postfix/transport * smtp:[192.168.0.1]:25 The syntax is correct as I use it on 5.4 and 5.5 boxes (I've had to downgrade to that to be able to use postfix). # uname -a FreeBSD some.host.name 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Fri Jul 14 13:43:37 EDT 2006 darek@:/usr/src/sys/i386/compile/SOME_KERNEL i386 # /usr/sbin/postmap transport On a system where postmap works fine, this is what I get: # strings /etc/postfix/transport * smtp:[192.168.22.29]:25 Please scroll down to APPENDIX_1 to see the 'strings' output on a 6.1 box. I tried this on 6.0 and 6.1 installed on a number of different machines, all with the same result, so I don't think that this is a memory or hardware issue. I also tried this on 6.x, 4.10, 4.11, 5.4 and 5.5 on the same system, and only the 6.x installs failed in this way. Also, scroll down to APPENDIX_2 for an strace of the postmap execution. You will note that the open, read, and write calls often have weird info in them (I believe the filename part), with parts of strings, and random characters, like 'open(ΓΏ' I got a couple USB-only Dell towers for my SMTP boxes, and FreeBSD below 6 doesn't recognize the keyboard during install. So I'm forced to use 6.x with these. Unless someone knows how to use a USB keyboard in 5.5 installs... Thanks. APPENDIX_1 # strings transport.db darek *my encrypted password* User /home/darek /usr/local/bin/bash darek *my encrypted password* User /home/darek /usr/local/bin/bash 1darekdarek *my encrypted password* User /home/darek /usr/local/bin/bash darek *my encrypted password* User /home/darek /usr/local/bin/bash AdarekGdnscache User /home/Gdnscache /sbin/noshell Gdnscache User /home/Gdnscache /sbin/noshell nobody Unprivileged user /nonexistent /usr/sbin/nologin nobody Unprivileged user /nonexistent /usr/sbin/nologin Post Office Owner /nonexistent /usr/sbin/nologin 1poppop Post Office Owner /nonexistent /usr/sbin/nologin Apopbind Bind Sandbox /usr/sbin/nologin bind Bind Sandbox /usr/sbin/nologin bind Bind Sandbox /usr/sbin/nologin 5bind Bind Sandbox /usr/sbin/nologin kmem KMem Sandbox /usr/sbin/nologin kmem KMem Sandbox /usr/sbin/nologin Tty Sandbox /usr/sbin/nologin Tty Sandbox /usr/sbsmtp:[192.168.0.1]:25 APPENDIX_2 # mount -t procfs proc /proc # /usr/local/bin/strace /usr/sbin/postmap transport execve(0xbfbfe720, [0xbfbfec10], [/* 0 vars */]) = 0 mmap(0, 3608, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28082000 munmap(0x28082000, 3608)= 0 __sysctl([...], 0x2807e998, 0xbfbfe9c4, NULL, 0) = 0 mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0x28082000 issetugid(0)= 0 open(/etc/libmap.conf, O_RDONLY) = -1 ENOENT (No such file or directory) open(/var/run/ld-elf.so.hints, O_RDONLY) = 3 read(3, DUMP_REL_PRE\0LD_DUMP_REL_POST\0__..., 128) = 128 lseek(3, 128, SEEK_SET) = 128 read(3, /lib:/usr/lib:/usr/lib/compat:/u..., 60) = 60 close(3)= 0 access(/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or directory) access(/usr/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or directory) access(/usr/lib/compat/libpcre.so.0, F_OK) = -1 ENOENT (No such file or directory) access(/usr/X11R6/lib/libpcre.so.0, F_OK) = -1 ENOENT (No such file or directory) access(/usr/local/lib/libpcre.so.0, F_OK) = 0 open(/usr/local/lib/libpcre.so.0, O_RDONLY) = 3 fstat(3, {st_mode=0, st_size=0, ...}) = 0 read(3, \177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\234\23..., 4096) = 4096 mmap(0, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_NOCORE, 3, 0) = 0x2808a000 mprotect(0x28099000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0 mprotect(0x28099000, 4096, PROT_READ|PROT_EXEC) = 0 mmap(0x2809a000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0x2809a000 close(3)= 0 access(/lib/libc.so.6, F_OK) = 0 open(/lib/libc.so.6, O_RDONLY)= 3 fstat(3, {st_mode=0, st_size=0, ...}) = 0 read(3, \177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\331\1..., 4096) = 4096 mmap(0, 884736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_NOCORE, 3, 0) = 0x280a1000 mprotect(0x2816, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0 mprotect(0x2816, 4096, PROT_READ|PROT_EXEC) = 0 mmap(0x28161000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xc) = 0x28161000 mmap(0x28166000, 77824, PROT_READ|PROT_WRITE,
Re: Low-cost, FreeBSD-compatible notebook
John Kimble wrote: Hello everyone. I am looking into buying a cheap notebook computer (sub $800, the cheaper the better). I have been playing around with FreeBSD for the last few months and have decided to make it my sole OS, so I really want a notebook that's as FreeBSD-compatible as possible. I know ThinkPad's the best for Linux (I would expect the same for FreeBSD), but as they are a little out of my price range ;) I was wondering if you guys had some other suggestions. Depends on what your budget is. I paid $1600 last year for a spiffy T42 with a great 14 SXGA LCD. The Express models on Lenovo's site are the cheaper versions You can score a T20, 21, 22 or 23 on eBay really cheap, and still get a decent CPU with X support, so don't assume they come at a premium cause you might miss out on a decent machine with the best keyboard around. I personally don't run FBSD on it as I have yet to see a successful implementation of sleep/hybernate. So far, only Ubuntu Linux seems to support it in a stable way, but I replaced Windows XP's explorer.exe with Blackbox4Windows and cygwin, so its almost like using a unix box with a decent window manager. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nologin: Attempted login by root on UNKNOWN
doug wrote: On Tue, 18 Jul 2006, Tuc at T-B-O-H wrote: Hi, All of a sudden today I'm getting : nologin: Attempted login by root on UNKNOWN on a server... Its happening QUITE a bit : Jul 18 13:16:01 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:16:01 asgard kernel: Jul 18 13:16:01 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:18:23 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:18:23 asgard kernel: Jul 18 13:18:23 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:19:25 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:19:25 asgard kernel: Jul 18 13:19:25 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:19:25 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:21:27 asgard kernel: Jul 18 13:19:25 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 13:30:56 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:30:56 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:55:11 asgard nologin: Attempted login by root on UNKNOWN Jul 18 13:55:11 asgard kernel: Jul 18 13:55:11 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 14:08:47 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:08:47 asgard kernel: Jul 18 14:08:47 asgard nologin: Attempted login b y root on UNKNOWN Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin: Attempted login b y root on UNKNOWN I'm not sure who/what/where to start looking. Ideas? I believe that I've seen this before. If I remember correctly, the UNKNOWN part happens because the connection was closed before sshd or the system got info on the client's host. This is probably not very accurate, but the overall result was that it was not cause for concern. The only thing that this shows is that ssh is open to anyone, so you might want to close it with a firewall, or within /etc/ssh/sshd_config with the AllowUsers directive. Also within that file, you probably should have PermitRootLogin set to no. Also look at the output of 'last' and 'last -f /var/log/wtmp.0 ... wtmp.N' just to make sure root didn't log in. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nologin: Attempted login by root on UNKNOWN
Tuc at T-B-O-H.NET wrote: Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN I'm not sure who/what/where to start looking. Ideas? Hey Darek, Good to hear from NYI. :) Heh, are you a customer, or just familiar with the company? SSH is TCPWrapper'd, and only *1* machine in the entire datacenter can access it (Typical jump box configuration). http://lists.debian.org/debian-wnpp/2006/05/msg00092.html Does root have /bin/nologin for the shell? If it does, then the UNKNOWN would refer to the terminal, Just the way the 'nologin' binary is set to log to syslog. Basically means that someone tried to log in as root, but before they could even provide a password, the nologin binary kicked them off. That's why the terminal type is set to UNKNOWN because it hadn't been set yet. You'll have to figure out how that person is getting access as apparently they are reaching the box. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Updating system's natd config from natd.conf
Hi there, What is the procedure to make active changes made to /etc/natd.conf? Sometimes, restarting the natd process with an HUP drops my connection. Other times the restart didn't seem to make any difference. The only way I've ever updated natd rules was to restart the server and never was able to find anything relating to this topic online. Any other options? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usernames with uppercase
Spades wrote: Hi, I tried to add a username ie. Bryan, but FreeBSD doesn't allow me to do so. It gives me illegal username error. Any idea how to go about adding usernames like 'Bryan-admin' etc. Please help. Thanks.. Bryan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] su-2.05a# pw useradd -n Darek -s /usr/local/bin/bash su-2.05a# cat /etc/passwd | grep Darek Darek:*:6672:6673:User :/home/Darek:/usr/local/bin/bash ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: A while ago you posted about qmail
Roland Giesler wrote: Hi all, I've installed qmail but for some or other reason I cannot log on to the pop3 service. I keeps saying authorisation failed. readproctitle reports: # ps -aux | grep readproc root 130 0.0 0.0 860 72 con- SWed05PM 2:07.15 readproctitle service errors: ...r directory\nhead: /var/qmail/control/me: No such file or directory\nhead: /var/qmail/control/me: No suc... Might want to check why that file doesn't exist. It is required by qmail. Run tail on /var/log/maillog while trying to log in. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]