Re: [OpenIndiana-discuss] OpenIndiana Intro questions

[Gary Gendel]

Lonnie,

The suspension was for OmniOS support and development from OmniTI.  The project 
is active as a community supported product called OmniOS CE.  I've never tried 
to run X-windows in a zone but you can ask on the omnios mailing list:

omnios-disc...@lists.omniti.com

Gary

On 10/23/2017 01:20 PM, Lonnie Cumberland wrote:
> Thanks for the information on OmniOS, Gary.
>
> Just looked at it and it seems that operations were suspended on April 21,
> 2017.
>
> In the past, I can already use something like Hyper-V, Proxmox, and others
> to run a GUI application in a container and then remote into it with RDP
> and VNC, for example from another machine. My twist on the project is that
> I would like to use one of the IllumOS dialects such that I could have one
> of the zones/containers have an X-Server that would passthrough to the
> actual video hardware so that I could use a VNC viewer, for example, on the
> same system as the other containers that are running so that I could remote
> into them as needed all from a single system. I did not want to have one
> system for the running containers/zones and another for the remote viewer,
> if at all possible.
>
> Just some thoughts, though.
> Cheers,
> Lonnie
>
> On Mon, Oct 23, 2017 at 1:00 PM, Gary Gendel <g...@genashor.com> wrote:
>
>> Lonnie,
>>
>> One distro that may work for you is OmniOS CE: https://www.omniosce.org/
>>
>> Like SmartOS, it can run LX (Linux) zones and uses pkgsrc which provides
>> basic x-windows support from that.  (I've run apps like xterm etc. from a
>> remote desktop).  Unlike OpenIndiana, native desktop functionality is
>> limited.
>>
>> Gary
>>
>>
>> On 10/23/2017 12:35 PM, Lonnie Cumberland wrote:
>>> Thanks for responding to my inquiry about OpenIndiana.
>>>
>>> Basically, I really like the small footprint of SmartOS and its ability
>> to
>>> be a good hypervisor (Linux and Windows) but for a desktop project, I
>>> wanted to be able to have a minimal OS that basically just run the
>>> containers/zones and then have one of the containers have a X-Server such
>>> that the base OS does not have applications installed in it. Then the GUI
>>> zone could be passed through to the video driver thus all of the X-Server
>>> stuff is also in a container.
>>>
>>> This was an idea that I have been playing around with for some time as
>> was
>>> going to look into possibly using SmartOS, but it is really not set up
>> for
>>> this and which is where I started digging into Illumos and subsequently
>>> OpenIndiana to see if something like this might make a good starting
>> point
>>> for this work.
>>>
>>> Thanks again,
>>> Lonnie
>>>
>>> On Mon, Oct 23, 2017 at 12:00 PM, Alexander Pyhalov <a...@rsu.ru> wrote:
>>>
>>>> On 10/23/17 06:21 PM, Lonnie Cumberland wrote:
>>>>
>>>>> Greetings All,
>>>>>
>>>>> I have recently been playing around a little with SmartOS for running
>>>>> containers and hypervizing VM's for which it seems to work pretty well,
>>>>> and
>>>>> wanted to also investigate the desktop side of things as well so I hope
>>>>> that someone on the list will answer a few rudimentary questions to
>> get me
>>>>> going with my OI explorations.
>>>>>
>>>>> I know that SmartOS can be a hypervisor to run the Linux, and Windows
>> OS's
>>>>> as VM's in zones, but I was wondering if OpenIndiana was able to
>> hypervize
>>>>> these OS's as well?
>>>>>
>>>> Yes, it can. illumos-kvm is not a part of illumos-gate, but is a
>> separate
>>>> codebase, developed mainly by Joyent. We compile and deliver it, but KVM
>>>> benefits from several system features (the one which comes to my mind is
>>>> VND), which are available in SmartOS, but not in other distributions
>>>> (AFAIK). OI can run KVM guests on modern Intel hardware, but SmartOS
>> can be
>>>> more efficient, for example, in network virtualization.
>>>> --
>>>> Best regards,
>>>> Alexander Pyhalov,
>>>> system administrator of Southern Federal University IT department
>>>>
>>> ___
>>> openindiana-discuss mailing list
>>> openindiana-discuss@openindiana.org
>>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>
>> ___
>> openindiana-discuss mailing list
>> openindiana-discuss@openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana Intro questions

[Gary Gendel]

Lonnie,

One distro that may work for you is OmniOS CE: https://www.omniosce.org/

Like SmartOS, it can run LX (Linux) zones and uses pkgsrc which provides basic 
x-windows support from that.  (I've run apps like xterm etc. from a remote 
desktop).  Unlike OpenIndiana, native desktop functionality is limited.

Gary


On 10/23/2017 12:35 PM, Lonnie Cumberland wrote:
> Thanks for responding to my inquiry about OpenIndiana.
>
> Basically, I really like the small footprint of SmartOS and its ability to
> be a good hypervisor (Linux and Windows) but for a desktop project, I
> wanted to be able to have a minimal OS that basically just run the
> containers/zones and then have one of the containers have a X-Server such
> that the base OS does not have applications installed in it. Then the GUI
> zone could be passed through to the video driver thus all of the X-Server
> stuff is also in a container.
>
> This was an idea that I have been playing around with for some time as was
> going to look into possibly using SmartOS, but it is really not set up for
> this and which is where I started digging into Illumos and subsequently
> OpenIndiana to see if something like this might make a good starting point
> for this work.
>
> Thanks again,
> Lonnie
>
> On Mon, Oct 23, 2017 at 12:00 PM, Alexander Pyhalov  wrote:
>
>> On 10/23/17 06:21 PM, Lonnie Cumberland wrote:
>>
>>> Greetings All,
>>>
>>> I have recently been playing around a little with SmartOS for running
>>> containers and hypervizing VM's for which it seems to work pretty well,
>>> and
>>> wanted to also investigate the desktop side of things as well so I hope
>>> that someone on the list will answer a few rudimentary questions to get me
>>> going with my OI explorations.
>>>
>>> I know that SmartOS can be a hypervisor to run the Linux, and Windows OS's
>>> as VM's in zones, but I was wondering if OpenIndiana was able to hypervize
>>> these OS's as well?
>>>
>> Yes, it can. illumos-kvm is not a part of illumos-gate, but is a separate
>> codebase, developed mainly by Joyent. We compile and deliver it, but KVM
>> benefits from several system features (the one which comes to my mind is
>> VND), which are available in SmartOS, but not in other distributions
>> (AFAIK). OI can run KVM guests on modern Intel hardware, but SmartOS can be
>> more efficient, for example, in network virtualization.
>> --
>> Best regards,
>> Alexander Pyhalov,
>> system administrator of Southern Federal University IT department
>>
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] 22 inventions of Ukrainians who are known to the world

[Gary Gendel]

+1

It's too easy to react with knee-jerk, non-constructive ways.  I couldn't have 
said it better.

Gary


On 08/18/2017 06:53 AM, Nikola M wrote:
> On 08/18/17 10:19 AM, Alexander Lesle wrote:
>>> P.S. This doesn't mean that I care (or don't care) about
>>> Russian-Ukrainian relationships, this means exactly one thing. This ML
>>> is a WRONG PLACE to discuss things, unrelated to OI or illumos.
>> +1
>> One more political statements here from this user please ban
>> him immediately.
>
> All is already said.
> Yet, there is one thing that is said that is true in the message and > IS 
> related to OI and illumos..
>
> It is for sure true that operating systems, e.g. Free software is > meant for 
> all the people.
> (Does not matter is different countries legislation actually recognize > and 
> protect copyleft policies, it is available to use for everyone)
>
> So rules of free software (as in freedom) use are not meant for just > some 
> people, that someone might like, and not meant for those that > someone might 
> not like..
> So the requests to "please ban _this_ or _that_ user" is invalid.
>
> Requests to explain simple rules of being on topic are always valid.
> Because people forget , because new people come and it is always > better to 
> explain and help, then to prosecute.
>
> So that said, personal prosecution is also off topic. :)
> (As is in private conversations if one is an civilized human). > 
> Unfortunately this one is not always followed in the community..
>
>
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] real facts

[Gary Gendel]

John,

Happens to all of us at some point.  Even my wife who is paranoid about 
signing up for anything.  This was too obvious a spam that I just 
trashed it as soon as I saw it.


Gary


On 6/18/2016 12:28 PM, John Carr wrote:
Hey, all - I apologize. Something got ahold of either my Sent Items or 
my Inbox a few months back and has been spamming out as my address 
every days through various mail servers.


On 06/16/2016 10:45 PM, Ray Crane wrote:

Hi,

I've read some interesting facts that may interest you too, these are 
only real facts, I was s surprised, you can read'em here 



Warm regards, Ray Crane

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Support for 10 TB HDD SATA / SAS

[Gary Gendel]

Handojo,

I can't comment on 10TB drives but I've been running ST5000NM0024-1HT, 
5TB drives for awhile without issue.


Gary

On 05/17/2016 12:16 PM, Handojo via openindiana-discuss wrote:

Hi...

The last update I knew, is that ZFS runs fine at 2TB HDD but having some 
problems on 3TB ( Correct me if I'm wrong or not up to date ).

Now we have HGST and Seagate providing 10TB Helium Filled HDD.

Anyone tried ?

Regards,

Handojo

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OI Hipster 2016.04 snapshot

[Gary Gendel]

On 05/02/2016 03:12 PM, Nikola M wrote:

On 05/ 2/16 08:45 PM, Tim Mooney wrote:
In regard to: Re: [OpenIndiana-discuss] OI Hipster 2016.04 snapshot, 
Nikola...:



New location is http://pkg.openindiana.org/hipster


Does IPS not support TLS?

It just strikes me as weird every time I see URLs for repos that aren't
https.  That should really be the default, if not only, option these 
days.


Huh, that is a good question.
Actually IPS does and even allows you to make your own publisher with 
your issued keys where packages can be accessible only to those having 
private keys issued. (if one want to distribute packages only to 
specific users)


Regarding OI's publishers of having https:// it is in the process of 
deciding what CA/issuer to use for openindiana.org.


I've been using letsencrypt.org.  Certificates are free and renewals can 
be totally automated.  I use the bash client via a weekly cron job that 
auto-renews it when it gets less than 30 days until expiration.  This 
way I get 3 or four tries in before it actually expires (just in case 
there is  a network issue).  You can do it as often as you want since it 
is a lightweight check.  I love that it's a setup and forget system.


Gary

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] The mailing list is dead

[Gary Gendel]

As much as I would love to do this, currently Spamdyke relies on qmail 
to deliver mail. Sam is working on changing this in the next version.  
It also doesn't support IPV6, which is also being worked on.  Once these 
are in place I'll be glad to set it up for oi-userland.


On 12/15/2015 6:19 PM, Aurélien Larcher wrote:

Hullo,

Strange, this is exactly why IMAP was created. I run my own mail server

using spamdyke for SMTP and dovecot for IMAP.  I have a dozen of mobile and
desktop devices that read and send mail and don't have an issue.  I have
been running for many years without a single change to the configuration
files.  I used to have my own spam control software since I ran a SunOS
server, once I discovered spamdyke I never looked back.  Stellar spam
control and always stable.  The developer runs several cpu-days of
regressions before releasing a new version.


That would certainly be interesting to have such stack in oi-userland if
you can share some recipes.
Best regards

Aurelien
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] The mailing list is dead

[Gary Gendel]

On 12/15/2015 5:37 PM, David Brodbeck wrote:

On Sun, Dec 13, 2015 at 10:01 AM, Nikola M  wrote:


I think that having your own mail server/domain these days it dirty cheap
and everyone should have one :D


It's cheap in terms of money but costs a LOT of time.

In a previous job I managed a mail server and I probably spent a third of
my working hours just dealing with tuning spam filters and trying to keep
the system usable and secure under the deluge of spam and abuse.

I also used to run my own home email server, but I found it ate way too
much of my free time; also, IMAP isn't really a good solution when you have
three or four different devices, and none of the open-source web UIs worked
well for me.
Strange, this is exactly why IMAP was created. I run my own mail server 
using spamdyke for SMTP and dovecot for IMAP.  I have a dozen of mobile 
and desktop devices that read and send mail and don't have an issue.  I 
have been running for many years without a single change to the 
configuration files.  I used to have my own spam control software since 
I ran a SunOS server, once I discovered spamdyke I never looked back.  
Stellar spam control and always stable.  The developer runs several 
cpu-days of regressions before releasing a new version.



Even the central IT department where I work has come to the same conclusion
-- they no longer run their own email servers, but contract out to Google
and Microsoft for it.
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Enable network interface from the start

[Gary Gendel]

ipadm is used to set up temporary and permanent IP v4 and V6 static and 
dynamic addresses with an interface.


On 12/07/2015 12:37 PM, luisa sd wrote:

Hello guys,

I want to know, because i am using a text only server,and i need to enable
the netwrok interface everytime i reboot, i want to know how can i do this
automatically?

thank you
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OI roadmap (for production)

[Gary Gendel]

On 12/04/2015 11:06 AM, Dmitry Kozhinov wrote:

Alexander, and Predrag,

Thank you for the information. Currently I am using OI 151a9 for a 
web/ftp/mail server exposed to Internet. I am satisfied with the 
stability but concerned that this branch is not supported. I will 
consider hipster next time when I need to setup a server (it may be an 
intranet database server or something like a backend for an online 
service). I think that hipster is stable enough and hope that some 
future update will not beak everything :)


Best regards,
Dmitry.

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


I moved to OmniOS because I was unable to upgrade hipster at one point 
as it broke the bge driver (in a very frustrating way as it looked like 
all packets were being filtered).  I tried several times as new releases 
were available without success.  Eventually decided to go to OmniOS as 
it met my needs and had stable and LTS versions. I still think that 
OpenIndiana via hipster is really good and would use it for a desktop or 
laptop when applicable, but having an X-server wasn't a necessity for my 
server setup.  OmniOS has a minimal footprint and can use pkgsrc 
(supported by Joyent) to bring in lots of supported and latest packages 
you may need.


Gary


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Broken zpool

[Gary Gendel]

On 11/09/2015 01:55 PM, David Brodbeck wrote:

On Sat, Nov 7, 2015 at 12:55 PM, Philip Robar 
wrote:


Please correct me if I'm wrong, but the thing that both Jerry's
administrator friend and David are missing is that ZFS data redundancy
isn't just a "sexy" form of reliability. It is also provides data
integrity, i.e. with redundancy ZFS will not just notice that a file is
corrupt, with redundancy it can fix the problem. With a single drive ZFS
pool you give up that integrity and there's a good chance that any data
corruption will then be passed on to your backup before ZFS flags it
resulting in the loss of that data.


Redundant is always better than non-redundant.  In general, though, I don't
see a lot of people losing files due to data corruption.  Most losses I've
seen are due to hardware failure, unrepairable levels of filesystem
corruption, or operator error (overwriting files, deleting the wrong
files.)  I think this is probably because if the hardware is so marginal
that it's writing corrupted data, it will rapidly corrupt the filesystem
beyond repair, too. I have yet to see a data checksum error during a scrub
of an otherwise healthy pool.

Basically, I think redundancy has some data safety benefits, but I think
the best solution to your scenario is to keep more than one backup at
different points in time -- especially since zfs streams are pretty fragile
as a backup format.

Operator error is actually by far the most common way to lose data, in my
experience, and it's one where redundancy won't help you.  It's also hard
to protect against unless you keep multiple backups, since you may not
realize what happened for a while.

I run a small SOHO setup and do a bit of both.  I have mirrored pools 
with nightly backups of important data (along with backups of Linux/Unix 
desktops using dirvish) to an "archive" pool (also mirrored).  The zfs 
mirrors prevent data corruption and I can still recover from the archive 
pool in the event of an error.



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Installing GO in OI

[Gary Gendel]

I made the attempt to build it on OmniOS using pkgsrc.  I spent a lot of 
time but was never able to figure this out.  I think the easiest would 
be to build gccgo but I didn't have success there either.


On 10/21/2015 2:23 AM, Nikola M wrote:

On 10/21/15 01:42 AM, Mohamed Khalfella wrote:

Hi,

I want to run GO in OI.
Any ideas where I can install/bootstrap golang in OI?
Does cgo work in OI?


I guess you are thinking not about gnugo game, but of go language
Following GDA's reccomendations, ha? :)

I might be interested in theis too, don't know if there is already an 
package somewhere,
but since GDA mentioned it, meybe he knows it it's there somewhere for 
illumos.


Or probably make it install from source and then contribute package to 
OI, since it is a good ide?
http://hipster.openindiana.org:8080/ , hipster.openindiana.org , it's 
all on Github for oi-userland (and there is also SFE project with IPS 
publisher for hipster: (http://sfe.opencsw.org/localhostoih/) , 
sfe.opencsw.org



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Who is trying to break in ?

[Gary Gendel]

Google Authenticator has a PAM module. I haven't tried it but I know 
it's available for several Linux distros.  I'm not sure how difficult it 
would be to port to OI.


http://www.tecmint.com/ssh-two-factor-authentication/

On 07/01/2015 02:53 PM, David Brodbeck wrote:

On Wed, Jul 1, 2015 at 3:15 AM, Jim Klimov jimkli...@cos.ru wrote:


You can also boost security with no passwords allowed, keys only for ssh
auth ;)


True.  I do this with machines where I'm the only one who'll be logging
in.  With machines that have lots of other users it becomes too much of an
administrative hassle to distribute keys.

Does anyone know of a 2-factor auth system for SSH?  Being able to use
something like Google Authenticator would be nice.




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Who is trying to break in ?

[Gary Gendel]

With some investigation, it looks like SmartOS has a package for this:

http://everycity.co.uk/alasdair/2013/09/two-factor-authentication-google-authenticator-smartos/

Gary

On 07/01/2015 03:11 PM, Gary Gendel wrote:
Google Authenticator has a PAM module. I haven't tried it but I know 
it's available for several Linux distros.  I'm not sure how difficult 
it would be to port to OI.


http://www.tecmint.com/ssh-two-factor-authentication/

On 07/01/2015 02:53 PM, David Brodbeck wrote:

On Wed, Jul 1, 2015 at 3:15 AM, Jim Klimov jimkli...@cos.ru wrote:

You can also boost security with no passwords allowed, keys only for 
ssh

auth ;)


True.  I do this with machines where I'm the only one who'll be logging
in.  With machines that have lots of other users it becomes too much 
of an

administrative hassle to distribute keys.

Does anyone know of a 2-factor auth system for SSH?  Being able to use
something like Google Authenticator would be nice.




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Who is trying to break in ?

[Gary Gendel]

I use fail2ban on my OpenIndiana machine.  I opted to compile it because 
the one around for OI are pretty old.   There were no issues.  If I 
remember, I did use the svc files from one of these packages but I might 
have whipped up my own. I also moved my ssh port to 222 just because of 
the frequency ssh was getting hit.  I rarely see an attempt to connect 
from a bot.


Gary

On 6/29/2015 3:37 AM, Till Wegmüller wrote:

Brogyányi József schrieb am Sunday 28 June 2015 11.01:55:


/The last was strange a little bit because he wanted to switch of the
server. I think you have to change the 21 and 22 communication port.
I use the 443 port for ssh. I can reach the server easily from anywhere
because every company left it open that port.

I Advise Strongly against using a different port for SSH. Especially a port 
like 443 which by default is used by apache and other webservers. Some 
Webservers might refuse to launch depending on their configuration.


I've noticed some text output before shutting down the system.
It seems someone ( or bots ) are constantly trying to log in as root.

Yea there are some Chinese Bot nets that scan for open SSH Ports and try to log 
in with root. I have them on every SSH capable server which is Internet 
reachable. They don't only scan 22 but also 666 or 1337. But they only make 
tries with weak default passwords like 12345.

If you want to block them I suggest the Tool fail2ban. I use it on my Linux 
boxes and it works like a charm. There also seems to be a Port for snv_134 
https://github.com/jamesstout/fail2ban-0.8.4-OpenSolaris but I haven't tested 
that.

Greetings Till

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Marvell SATA controllers? Intel i210 GB ether

[Gary Gendel]

I'm still using an older Marvell 8-port sata PCI controller in my 
Sunfire V20z with the latest version of hipster.


pci11ab,11ab, instance #0
Driver properties:
name='sata' type=int items=1 dev=none
value=0001
Hardware properties:
name='scsi-binding-set' type=string items=1
value='spi'
name='initiator-interconnect-type' type=string items=1
value='SPI'
name='scsi-tag-age-limit' type=int items=1
value=0002
name='scsi-selection-timeout' type=int items=1
value=00fa
name='scsi-watchdog-tick' type=int items=1
value=000a
name='scsi-reset-delay' type=int items=1
value=0bb8
name='scsi-options' type=int items=1
value=00107ff8
name='scsi-enumeration' type=int items=1
value=
name='assigned-addresses' type=int items=10
value=83030810..fe10..0010.81030818.00$
name='reg' type=int items=15
value=00030800.....03030810.00$
name='compatible' type=string items=7
value='pci11ab,6081.11ab.11ab.9' + 
'pci11ab,6081.11ab.11ab' + 'pci$

name='model' type=string items=1
value='SCSI bus controller'
name='power-consumption' type=int items=2
value=0001.0001
name='66mhz-capable' type=boolean
name='fast-back-to-back' type=boolean
name='devsel-speed' type=int items=1
value=0001
name='interrupts' type=int items=1
value=0001
name='max-latency' type=int items=1
value=
name='min-grant' type=int items=1
value=
name='subsystem-vendor-id' type=int items=1
value=11ab
name='subsystem-id' type=int items=1
value=11ab
name='unit-address' type=string items=1
value='1'
name='class-code' type=int items=1
value=0001
name='revision-id' type=int items=1
value=0009
   name='vendor-id' type=int items=1
value=11ab
name='device-id' type=int items=1
value=6081
name='vendor-name' type=string items=1
value='Marvell Technology Group Ltd.'
name='device-name' type=string items=1
value='MV88SX6081 8-port SATA II PCI-X Controller'
name='subsystem-name' type=string items=1
value='unknown subsystem'
Interrupt Specifications:
Interrupt Priority=0x5 (ipl 5), vector=0xa (10)
Device Minor Nodes:
dev=(234,0)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:devctl
spectype=chr type=minor
dev=(234,1024)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:0
spectype=chr type=minor
dev_link=/dev/cfg/sata1/0
dev=(234,1025)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:1
spectype=chr type=minor
dev_link=/dev/cfg/sata1/1
dev=(234,1026)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:2
spectype=chr type=minor
dev_link=/dev/cfg/sata1/2
dev=(234,1027)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:3
spectype=chr type=minor
dev_link=/dev/cfg/sata1/3
dev=(234,1028)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:4
spectype=chr type=minor
dev_link=/dev/cfg/sata1/4
dev=(234,1029)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:5
spectype=chr type=minor
dev_link=/dev/cfg/sata1/5
dev=(234,1030)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:6
spectype=chr type=minor
dev_link=/dev/cfg/sata1/6
dev=(234,1031)
dev_path=/pci@0,0/pci1022,7450@b/pci11ab,11ab@1:7
  

Re: [OpenIndiana-discuss] HP Proliant Microserver N54L Upgrade

[Gary Gendel]

David,

I assume you have the 4 disks in some sort of RAID configuration. If you 
want to sweat it, you can pull one drive out and have it re-silver the 
replacement drive, repeat for the second drive, etc.  If you do this I 
would run a scrub before pulling each drive, just in case.  If you have 
some particularly important stuff I would copy it somewhere.


One other silly thing you might do is to get an external USB enclosure 
and use that.  You then mirror one of the drives and then shut down and 
swap them.  If it doesn't work then swap them back.  I haven't tried 
this so YMMV.


I have an 8-port sata controller but use 6 mirrored pairs (2 internal 
and 4 external in a 5-bay chassis) in my setup.  This allows me to add 
drives to a mirror and remove others with reduced anxiety. The setup is 
getting old (It's about 12 years running now) so I'm looking for a 
low-cost, low-powered replacement.


Gary


On 02/12/2015 05:36 AM, david allan finch wrote:

Hi all,

I was wondering if anyone had any ideas of what to do for an upgrade?

I have a HP Proliant Microserver N54L with 4x 2Tb drives which I have 
been happy with for more than a year but I have started to run out of 
disk space in my zfs pool. I have been pruning the snapshots and 
rubbish but filling it up now is inevitable.


What I would really like to do is to swap the disks out for larger one 
but I doubt that this is really practical as to make this work you 
need spare disk slots which I don't have.


Another option might be to add a SATA card and add more disk that way. 
But I have no idea of where to start with this, and even if this 
microserver can do that.


And a third is just to get a new server. I can't see any which have 
more than 4 drive bays do these exist (for reasonable money) or do you 
need to make your own? If so anyone got a recommendation?


Thanks
D



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] rpool defragmentation

[Gary Gendel]

# zpool list
NAME  SIZE  ALLOC   FREE  EXPANDSZ   FRAGCAP  DEDUP  HEALTH ALTROOT
rpool  68G  49.5G  18.5G -50%72%  1.00x  ONLINE -
users 928G  72.4G   856G - 1% 7%  1.00x  ONLINE -

# zfs list
NAMEUSED  AVAIL  REFER  MOUNTPOINT
rpool  48.9G  16.9G82K  /rpool
rpool/ROOT 44.9G  16.9G22K  legacy
rpool/ROOT/hipster-17  44.9G  16.9G  34.9G  /
rpool/dump 1.97G  16.9G  1.97G  -
rpool/export 32K  16.9G32K  /export
rpool/swap 2.01G  16.9G  2.01G  -
users  72.4G   827G  72.3G  /export/home

How does one defragment this?  I thought about creating a new BE and 
then sending the current BE to it, but there doesn't seem to be enough room.


Gary


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Chm viewer, xchm and Hipster

[Gary Gendel]

Just to interject my own feelings...

If it weren't for OI then I would have left OpenSolaris a long time 
ago.  I applaud the work done and understand the ongoing pain that 
moving towards a goal with so few people takes. In a SOHO environment, 
one machine does a lot of work, including building and testing GUI 
applications.  We don't develop products for [Open]Solaris anymore but 
you can't believe how powerful testing on different architectures helps 
find hidden flaws.  Our server side runs on Linux, but our clients (both 
GUI and command line) run on Windows, Linux, and Mac OS/X.  We run 
regressions on various flavors of these plus OpenIndiana.  It's amazing 
how many bad things Linux suppresses  that surfaces under OpenIndiana.  
As we move from Sun libraries to Gnu libraries this may be less 
important, but I still see a value in doing this for our products.


We currently use hipster and it's instability has never been a big 
problem for us as we upgrade and test.  If we see something important 
has gone awry, we report it and roll back.


Are there things that we feel are lacking?  Absolutely but we work 
around them.  When things break of are deprecated we install 
replacements.  For us, not supporting DHCPv6 PD is a drawback since this 
is the method our ISP uses to give us a block of IPV6 addresses.  I 
built the ISC dhcp server but I couldn't figure how to integrate it into 
illumos so it functioned correctly, so I resorted to a 4-to-6 tunnel 
using Hurricane Electric.  The good side was that I was able to put the 
ISC dhcp client into poi-userland before the sun dhcp meltdown.


I contribute the little I can but find my sore spots don't jive with 
most of the illumos community, however OpenIndiana is fairly close.  I 
don't need an overblown window management system and I long for the days 
when the whole X11 infrastructure (including WM) only took about 12Megs 
overhead to run on the Sparc IPC (xfwm). Tribblix is an alternative, but 
I haven't bought into Peter's vision yet as it is still a moving 
target.  I consider it as stable as hipster so there is no impetus to 
jump ship.


I just jumped in to make it known that there are some people that really 
appreciate the work going into hipster.


Gary

On 12/26/2014 07:47 AM, Евгений Парфенов wrote:
And i think admin have to balance between human resources and machine 
resources.

If IT have not economic effective than why they need company?
Im trying to say that if operating system will be more usable 
(effectivly from command line) than more IT specialist will use this 
operationg system.

And question is not about how many administrators will be use it.
The question is how many peple will use it and when project will die?.
Open source not for system administrators only.

26.12.2014 21:40, Dmitry Kozhinov пишет:

gui uses more resources than server have to


Server admin should use less human resources, not a machine.

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[Gary Gendel]

The current maintainer says it's been in bash for ~20 years, why it's 
not in Solaris 10 is a mystery.


On 9/26/14, 7:41 PM, Nemo wrote:

On 26 September 2014 17:02, Harry Putnam rea...@newsguy.com wrote:

Gary Gendel g...@genashor.com writes:


I believe we mostly skirt the issue because, unlike Linux, the default
shell (/bin/sh) is ksh93 not bash.  This means that under normal
conditions we shouldn't have an issue.  Only if your cgi scripts
actually request bash will apache be a problem.  As for ssh, it
depends upon the login shell for the user.

So, do you mean that ksh93 does not have the vulnerability?

Whence does the OI bash source originate?  On the bash that comes with
Solaris 10,
the vulnerability is not present:

[~]= bash --version
GNU bash, version 3.00.16(1)-release (sparc-sun-solaris2.10)
Copyright (C) 2004 Free Software Foundation, Inc.
[~]= env X=() { :;} ; echo busted /bin/sh -c echo completed
completed


N.

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[Gary Gendel]

I believe we mostly skirt the issue because, unlike Linux, the default 
shell (/bin/sh) is ksh93 not bash.  This means that under normal 
conditions we shouldn't have an issue.  Only if your cgi scripts 
actually request bash will apache be a problem.  As for ssh, it depends 
upon the login shell for the user.


On 09/25/2014 01:04 PM, Tim Mooney wrote:
In regard to: Re: [OpenIndiana-discuss] Bash bug issue, Bob 
Friesenhahn...:


Unfortunately, 'dash' is not completely compatible with scripts 
written for 'bash'.  It is not clear to my why people write shell 
scripts targeting bash, but it seems to happen often.


Two reasons:

- It's the all the world's a VAX syndrome for the current generation.

- bash (and ksh) do provide some handy features that traditional Bourne
  shell does not, and for a large portion of inexperienced programmers,
  convenience/laziness trumps portability

Both things drive me crazy, but they've been going on for my entire
career in computing, so I have no reason to expect that either are going
to ever disappear.

Tim



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] [developer] 4174 - Removal of Sun DHCP server from gate

[Gary Gendel]

I did the port into oi-userland of ISC-DHCP but I haven't updated it for 
awhile.  I've been using it successfully ever since Sun DCHP broke the 
first time.  I've been playing with the IPV6 stuff in the hope of using 
DHCPv6 PD when connecting to my ISP, but I gave up and have been using 
an IPV4-IPV6 tunnel instead.


On 09/24/2014 01:52 PM, Bob Friesenhahn wrote:

On Wed, 24 Sep 2014, Alexander Pyhalov via illumos-developer wrote:


On 09/24/2014 21:27, Bart Coddens via illumos-developer wrote:

What do you think guys ?
Push for RTI ?



Hello.

As it in any case has stopped working at recent illumos builds and 
nobody volunteered to fix it I don't see reasons to keep it in its 
current state.


I know that SRSS works with it, but it also can be configured with 
ISC DHCP server.


Is there an ISC DHCP server package included in the last OpenIndiana 
release (a8/a9 and not hipster)?  OpenIndiana SFE no longer seems to 
be supported so if it was provided via OpenIndiana SFE then that can't 
be considered.


I use Sun DHCP on a Solaris 10 system and lack of stable support for 
DHCP service in OpenIndiana (e.g. claims of not working and going 
poof) is cause for concern when one thinks about transitioning.


Bob



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Replacing an unavailable hd...

[Gary Gendel]

On 06/16/2014 05:05 AM, John Doe via openindiana-discuss wrote:

From: Jim Klimov jimkli...@cos.ru

If you are uncertain if the HDD device has really failed, you can also
try to take apart the computer and remove-replug the power and signal
cables, perhaps a few times. This may cleanse them of oxydation and
repair the storage - happened to me dozens of times on both home-made
rigs and brand servers (though rarely on the latter).

Also, while you're near the box taken apart, you can listen to the
disk if it squeaks and vibrates when powered on, or no longer works
mechanically indeed.

In fact, recently we've had a power outage that rebooted a couple of
old servers who had a dead and unresponsive HDD each (the poor boxes
waited for replacements to be purchased and received), and now the
disks are back online - several scrubs found no problems (that is,
after the initial resilver/scrub which complained a lot due to lots
of stale data). So there was even no mechanical replugging, just a
power cycle.

Hum... the server is a bit less than 2 years old, and all disks are
plugged on the same back-plane, so I would be surprised if it was a
cabling issue.  And, since I have spares, I prefer to replace the
suspect disk to be safe and test it later...  If it is indeed a
cabling issue, the new disk will also look failed I guess.

If it helps, cfgadm -alv says:
sata0/2  disconnected unconfigured failed

I did not yet go onsite to witness if there is any red led.

After a moving the server to temporary quarters, I had a similar 
situation. I was able to bring the disk back up remotely (several hours 
drive away) with the following commands:


cfgadm -cunconnect dev
cfgadm -cconnect dev
cfgadm -cconfigure dev

This situation kept happening (failing between a day and a week later), 
even when I finally moved it to new quarters.  I then re-seated the 
controller card and cables.  It's been running for several months 
without a complaint.  I did see that sometimes when the disk failed it 
would even show up as not connected.


I tried rebooting for awhile which sometimes worked, but I was much more 
successful with the above commands and it didn't require bringing the 
machine offline.


Even without the move, there is enough vibration to cause problems with 
marginal connections so I concur with Jim that it could occur.


Gary


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] NTP trouble and 123 port

[Gary Gendel]

On sort of the same topic.  I've set up ntpd as a client, similar to 
what you described but I can't seem to get it to work.  ntpq -p always 
shows all the peers in INIT state with a stratum of 16.  (That's not 
exactly true, every once in a while I get an ipv6 peer through my 4to6 
tunnel to initialize but that's a rare occurrence).


To make matters more confusing, ntpdate works as expected with any of 
the peers on my server list.  Because of this, I've disabled nptd and 
use ntpdate using cron but I was wondering if anyone had a clue to why 
ntpd would fail while ntpdate succeeds or how to debug this.


Gary

On 04/25/2014 09:23 AM, Gary Mills wrote:

On Fri, Apr 25, 2014 at 11:15:31AM +0200, Jozsef Brogyanyi wrote:

I have trouble with 123 port. I wanted to set a NTP client not a server.
I received an e-mail my ISP with a complain. Someone use my server 123 port.

I'll bounce you the message I sent to this mailing list in February.
It explains how to avoid the NTP amplification exploit that your ISP
complained about.


My NTP settings is the next:

cp /etc/inet/ntp.client /etc/inet/ntp.conf
nano /etc/inet/ntp.conf

Insert these lines. May be the these are not good.

server 0.hu.pool.ntp.org iburst
server 1.hu.pool.ntp.org iburst
server 2.hu.pool.ntp.org iburst
server 3.hu.pool.ntp.org iburst

I don't know what `iburst' means, but `man ntpd' describes it
partially.  I don't use it.


svcadm enable ntp
svcs ntp
svcs -x ntp
ntpq -p
How can I solve this problem if I need the NTP client?

Here are the non-comment lines from my ntp.conf:

  $ egrep -v '^#|^$' /etc/inet/ntp.conf
  restrict default kod nomodify notrap nopeer noquery
  restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap nopeer
  restrict 127.0.0.1
  restrict -6 ::1
  server 0.pool.ntp.org
  server 1.pool.ntp.org
  server 2.pool.ntp.org
  server 3.pool.ntp.org
  driftfile /var/ntp/ntp.drift
  statsdir /var/ntp/ntpstats/
  filegen peerstats file peerstats type day enable
  filegen loopstats file loopstats type day enable

You likely won't need the `192.168.0.0' line.  That's for my private
network.

It works:

  $ ntpq -p
   remote   refid  st t when poll reach   delay   offset  jitter
  ==
  +time.netspectru 208.90.144.523 u  489  512  377   34.1300.809   0.739
  *penguin.hopcoun 209.51.161.238   2 u  140  512  377   31.1450.683   1.324
  -mongrel.ahem.ca 208.81.2.13  2 u  144  512  377   24.124   -9.238   4.130
  +mirror.mountain 200.98.196.212   2 u  508  512  377   31.8671.559   2.638





___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] fail2ban for sshd

[Gary Gendel]

Fail2ban seems to randomly miss ssh matches.  I've been hacking at the 
filter but nothing I seem to do works.  What regex are others using that 
works? The line that should catch the ones missed is:


^%(__prefix_line)s\[.*\] Failed 
(?:password|publickey|none|keyboard-interactive) for .* from HOST\s*$


But it missed the following sequence:

Apr 23 02:10:07 phoenix sshd[24164]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 47526 ssh2

Apr 23 02:10:07 phoenix last message repeated 1 time
Apr 23 02:10:07 phoenix sshd[24164]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:10 phoenix sshd[24168]: [ID 800047 auth.info] Illegal user 
teamspeak from 94.23.167.219
Apr 23 02:10:10 phoenix sshd[24168]: [ID 800047 auth.info] 
input_userauth_request: illegal user teamspeak
Apr 23 02:10:10 phoenix sshd[24168]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 56338 ssh2
Apr 23 02:10:11 phoenix sshd[24168]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:13 phoenix sshd[24176]: [ID 800047 auth.info] Illegal user 
git from 94.23.167.219
Apr 23 02:10:13 phoenix sshd[24176]: [ID 800047 auth.info] 
input_userauth_request: illegal user git
Apr 23 02:10:13 phoenix sshd[24176]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 49509 ssh2
Apr 23 02:10:13 phoenix sshd[24176]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:16 phoenix sshd[24180]: [ID 800047 auth.info] Illegal user 
openvpn from 94.23.167.219
Apr 23 02:10:16 phoenix sshd[24180]: [ID 800047 auth.info] 
input_userauth_request: illegal user openvpn
Apr 23 02:10:16 phoenix sshd[24180]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 40390 ssh2
Apr 23 02:10:16 phoenix sshd[24180]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:19 phoenix sshd[24184]: [ID 800047 auth.info] Illegal user 
scan from 94.23.167.219
Apr 23 02:10:19 phoenix sshd[24184]: [ID 800047 auth.info] 
input_userauth_request: illegal user scan
Apr 23 02:10:19 phoenix sshd[24184]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 52773 ssh2
Apr 23 02:10:19 phoenix sshd[24184]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:22 phoenix sshd[24188]: [ID 800047 auth.info] Illegal user 
user1 from 94.23.167.219
Apr 23 02:10:22 phoenix sshd[24188]: [ID 800047 auth.info] 
input_userauth_request: illegal user user1
Apr 23 02:10:22 phoenix sshd[24188]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 51324 ssh2
Apr 23 02:10:22 phoenix sshd[24188]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:24 phoenix sshd[24192]: [ID 800047 auth.info] Illegal user 
dave from 94.23.167.219
Apr 23 02:10:24 phoenix sshd[24192]: [ID 800047 auth.info] 
input_userauth_request: illegal user dave
Apr 23 02:10:24 phoenix sshd[24192]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 49466 ssh2
Apr 23 02:10:25 phoenix sshd[24192]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:27 phoenix sshd[24196]: [ID 800047 auth.info] Illegal user 
redmine from 94.23.167.219
Apr 23 02:10:27 phoenix sshd[24196]: [ID 800047 auth.info] 
input_userauth_request: illegal user redmine
Apr 23 02:10:27 phoenix sshd[24196]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 51089 ssh2
Apr 23 02:10:27 phoenix sshd[24196]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:30 phoenix sshd[24200]: [ID 800047 auth.info] Illegal user 
test3 from 94.23.167.219
Apr 23 02:10:30 phoenix sshd[24200]: [ID 800047 auth.info] 
input_userauth_request: illegal user test3
Apr 23 02:10:30 phoenix sshd[24200]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 43856 ssh2
Apr 23 02:10:30 phoenix sshd[24200]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:33 phoenix sshd[24204]: [ID 800047 auth.info] Illegal user 
admin from 94.23.167.219
Apr 23 02:10:33 phoenix sshd[24204]: [ID 800047 auth.info] 
input_userauth_request: illegal user admin
Apr 23 02:10:33 phoenix sshd[24204]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 43481 ssh2
Apr 23 02:10:33 phoenix sshd[24204]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:36 phoenix sshd[24208]: [ID 800047 auth.info] Illegal user 
admin1 from 94.23.167.219
Apr 23 02:10:36 phoenix sshd[24208]: [ID 800047 auth.info] 
input_userauth_request: illegal user admin1
Apr 23 02:10:36 phoenix sshd[24208]: [ID 800047 auth.info] Failed 
password for invalid username from 94.23.167.219 port 39561 ssh2
Apr 23 02:10:36 phoenix sshd[24208]: [ID 800047 auth.info] Connection 
closed by 94.23.167.219
Apr 23 02:10:38 phoenix sshd[24212]: [ID 800047 auth.info] User root not 
allowed 

Re: [OpenIndiana-discuss] fail2ban for sshd

[Gary Gendel]

Oscar,

Thanks for the tip.   I'd have to figure out how to do the 
__prefix_line substitution using fail2ban-regex.  I tried your filter 
and it caught all the ones that were missed before.


Now I know if things slip through that it's not the fault of the filter.

Gary

On 04/24/2014 11:43 AM, Oscar del Rio wrote:


On 04/24/14 06:43 AM, Gary Gendel wrote:
Fail2ban seems to randomly miss ssh matches.  I've been hacking at 
the filter but nothing I seem to do works.  What regex are others 
using that works? The line that should catch the ones missed is:


^%(__prefix_line)s\[.*\] Failed 
(?:password|publickey|none|keyboard-interactive) for .* from HOST\s*$



Did you test the rules with the fail2ban-regex command?

The following works fine for us:

failregex = (?:error: PAM: )?[aA]uthentication (?:failure|error) for 
.* from HOST( via \S+)?\s*$
(?:error: PAM: )?User not known to the underlying 
authentication module for .* from HOST\s*$

Failed \S+ for .* from HOST(?: port \d*)?(?: ssh\d*)?\s*$
ROOT LOGIN REFUSED.* FROM HOST\s*$
[iI](?:llegal|nvalid) user .* from HOST\s*$
Did not receive identification string from HOST\s*$
User .+ from HOST not allowed because not listed in 
AllowUsers\s*$
User .+ from HOST not allowed because listed in 
DenyUsers\s*$

User .+ from HOST not allowed because not in any group\s*$
refused connect from \S+ \(HOST\)\s*$
User .+ from HOST not allowed because a group is listed 
in DenyGroups\s*$
User .+ from HOST not allowed because none of user's 
groups are listed in AllowGroups\s*$




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] logadm timestamp file

[Gary Gendel]

Hi,

I noticed that, when I remove an entry in the logadm.conf file, the 
corresponding information in /var/logadm/timestamps is never removed so 
logadm still tries to test that directory.  I had removed the directory 
for this entry but when logadm runs, it generates an error because that 
entry is in the timestamps file.


Is there a mechanism to clean up the timestamps file or do I need to 
continue to do this manually?  Is this something I should report as a 
bug and, if so, where?


Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Hardware advice on cheap homeserver

[Gary Gendel]

On 02/19/2014 06:50 AM, Jim Klimov wrote:

On 2014-02-17 23:54, alka wrote:

I would prefer a mainboard based on an Intel serverchipset
with 4 better 8 GB ECC RAM together with an i3 (Xeon as an option 
then for napp-in-one)


If you look at 
http://www.supermicro.nl/products/motherboard/Xeon3000/#1150
you get such boards that are perfect for ZFS and widely used with OI 
and OmniOS.


Given the modifications typically done to HP N40L/N54L boxes in
the ZFS community, I'd crowd-ask some other company that currently
makes hardware spec'ed to the demand in considerable volume to make
a barebone model similar to N54L, but with:
* 6-8*3.5 bays for data pool HDD so raidz3 can be a viable option
  to reduce the no-redundancy window in case of pool rebuilds with
  modern huge disks
* 2-4-6*2.5 bays for SSD/laptop HDD for OS/cache/fast scratch pool
* at least 16Gb ECC RAM officially supported
* HDDs not included, at least in barebones model; maxed RAM may be :)
* IPMI with KVM and dedicated LAN (preferably also with a small local
  storage to flash the Live Media onto for repairs/upgrades/initial
  setup)
* 2 or more GBit links
* LSI controller on board (8-16 internal ports) since many N**L rigs
  use them anyway instead of the MoBo ports, and they can be better
  monitored, and open the way for SAS disks to be used if one desires
* eSATA/eSAS port(s) for possible expansion, as well as USB2/3 ports
  (USB2 is a must for illumos now :) )
* Low-power and quiet, to the extent of passive cooling, and sensibly
  cheap :)

Or perhaps the experienced list members might just publish some
well-tested shopping list for such setup :)

As is, the HP N**L lineup does need the enthusiast to work on it quite
a bit with a hammer and chisel (at least figuratively speaking), and
many pieces are unused or thrown away (the default small HDD and RAM,
maybe the MoBo SATA ports if an LSI card is used instead, etc.)

I'd love to retire my aging V20z with an external disk cabinet. This 
sounds like a perfect replacement, just plug in my 6 disks and go. :)




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] denyhosts IPS package?

[Gary Gendel]

On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:

Hi there,

is there a denyhosts package available? I'd like to more effectively ban 
dictionary attackers from my systems and looking at 
https://www.illumos.org/issues/228#note-8 a package was at least in discussion.

@Ken: can you comment on this?

Cheers
  Stefan.


Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido 
Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


Stefan,

Assuming you use ssh for remote login then I have updated sshguard so it 
works on OpenIndiana.  It will monitor log files to identify attacks and 
then uses ipfilter to block them.  I had to change the check for ssh 
invalid password to properly match OpenIndiana/Solaris ssh messages and 
updated the ipfilter insertion statement to match my ipfilter setup 
(specify which interface and add group tag). I also put together a 
rudimentary SMF file to make it a proper service.


I personally prefer sshguard over fail2ban because it is so 
lightweight.  Once it started blocking brute force attacks on my server 
(which was often) they suddenly stopped.  Sshguard also can do the same 
for various MTA and other application logins but ssh is the only one 
I've tested.  Let me know if you want what I've done.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] denyhosts IPS package?

[Gary Gendel]

Stefan,

Exactly right.  It does have hooks for some IMAP clients, see 
http://www.sshguard.net/docs/reference/attack-signatures/ but I haven't 
tested them.  I suspect that they will work since these messages 
shouldn't be modified for OpenIndiana.


I reported the changes I made to the sshguard team but I haven't heard 
back from them so I expect that Solaris/OpenIndiana support is not high 
on their priority list. :(


The executable is only around 400k on my system (not stripped) and I've 
never even seen it in top/prstat.


Gary

On 01/15/2014 09:20 AM, Stefan Müller-Wilken wrote:

Hi Gary,

haven't looked at sshguard so far and it is definitely worth a look. 
'Lightweight' sounds quite attractive. :-) Ultimately I'd also like to secure 
IMAP (I haven't dared opening to the world for the missing dictionary attack 
protection) etc. but maybe that's a second step. So, if I understand you right, 
sshguard currently requires manual installation but will work as a first class 
SMF citizen afterwards?

Cheers
  Stefan


Von: Gary Gendel [g...@genashor.com]
Gesendet: Mittwoch, 15. Januar 2014 14:30
An: openindiana-discuss@openindiana.org
Betreff: Re: [OpenIndiana-discuss] denyhosts IPS package?

On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:

Hi there,

is there a denyhosts package available? I'd like to more effectively ban 
dictionary attackers from my systems and looking at 
https://www.illumos.org/issues/228#note-8 a package was at least in discussion.

@Ken: can you comment on this?

Cheers
   Stefan.


Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido 
Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Stefan,

Assuming you use ssh for remote login then I have updated sshguard so it
works on OpenIndiana.  It will monitor log files to identify attacks and
then uses ipfilter to block them.  I had to change the check for ssh
invalid password to properly match OpenIndiana/Solaris ssh messages and
updated the ipfilter insertion statement to match my ipfilter setup
(specify which interface and add group tag). I also put together a
rudimentary SMF file to make it a proper service.

I personally prefer sshguard over fail2ban because it is so
lightweight.  Once it started blocking brute force attacks on my server
(which was often) they suddenly stopped.  Sshguard also can do the same
for various MTA and other application logins but ssh is the only one
I've tested.  Let me know if you want what I've done.

Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido 
Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] aide IDS and hipster

[Gary Gendel]

The recent update of hipster broke aide IDS (which I compile locally) 
which crashed while processing.  It looked like it was a problem in 
libmhash.so.2 but after a bunch of fruitless efforts to track down the 
problem (the traceback stack was always partially corrupted) I wasn't so 
sure.


Bottom line is that I got it working by adding -std=c99 to the gcc 4.7 
CFLAGS.  I tried this by shear dumb luck because I was also trying to 
compile an alternative which needed this option.  This not only produced 
a working version, but the executable size is 17% smaller as well.  The 
whole thing is bizarre but I figure I'd pass it along.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] XStream Desktop beta EA1

[Gary Gendel]

Gabriel,

Seems that the link is somewhat broken.  I get a ResultSet not 
positioned properly, perhaps you need to call next.


Gary

On 12/17/2013 05:19 PM, Gabriele Bulfon wrote:

Hi,
anyone interested can download the first early access release of XStream 
Desktop, illumos based.
Please read the instructions for virtualized environements (vbox an vmware):
http://www.sonicle.com/index.jsp?pagename=xstreamos-desktopparent;productslanguage=en
We will be very pleased to receive any feedback, comments and/or requests you 
may provide,
by registering and using the mailing list stated at the end of the page.
We've been already told that the SF mailman is not exactly a good place.
We will be setting up our own installation of GNU mailman and notify about the 
change.
Feel free to suggest a different solution for this.
Next step, other than fixing and adding features, will be to publish the 
sources repository.
Hope you enjoy it!
Gabriele.


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Hipster Packagemanager

[Gary Gendel]

Sorry to hijack this thread but I just updated my hipster and 
packagemanager still crashes as it has for awhile.  However, I notice 
that we have different illumos builds and I wonder why?


uname says mine is illumos-40ccc6a and yours shows illumos-bb411a0.  
Yours matches Alan's packagemanager bug comments so I'm very confused.


$ pkg publisher
PUBLISHER TYPE STATUS   URI
openindiana.org   origin   online 
http://pkg.openindiana.org/hipster/
sfe  (non-sticky) origin   online 
http://pkg.openindiana.org/sfe/
sfe-encumbered   (non-sticky) origin   online 
http://pkg.openindiana.org/sfe-encumbered/


Gary

On 12/04/2013 10:30 AM, Paolo Marcheschi wrote:

No It doesn't.

but the error change:

pollsys(0x0896EF78, 6, 0x, 0x)= 1
read(14,  G I O P01020101 $\0\0\0, 12)= 12
read(14, 80 i04\b\0\0\0\001\0\0\0.., 36)= 36
writev(14, 0x082B5770, 3)= 3104
pollsys(0x0896EF78, 6, 0x, 0x)= 1
read(14,  G I O P01020101 $\0\0\0, 12)= 12
read(14, D0 n04\b\0\0\0\001\0\0\0.., 36)= 36
writev(14, 0x082B5770, 3)= 3096
pollsys(0x0896EF78, 6, 0x, 0x)= 1
read(14,  G I O P01020101 $\0\0\0, 12)= 12
read(14,  0 o04\b\0\0\0\001\0\0\0.., 36)= 36
writev(14, 0x082B5770, 3)= 3124
pollsys(0x0896EF78, 6, 0x, 0x)= 1
read(14,  G I O P01020101 $\0\0\0, 12)= 12
read(14, B0 [04\b\0\0\0\001\0\0\0.., 36)= 36
time()= 1386170930
clock_gettime(4, 0x08045F9C)= 0
Incurred fault #6, FLTBOUNDS  %pc = 0xFECDB680
  siginfo: SIGSEGV SEGV_MAPERR addr=0xFECDB680
Received signal #11, SIGSEGV [default]
  siginfo: SIGSEGV SEGV_MAPERR addr=0xFECDB680

bash-4.2$ uname -a
SunOS openindiana 5.11 illumos-bb411a0 i86pc i386 i86pc Solaris

Paolo
On 12/ 4/13 03:46 PM, Jonathan Adams wrote:

does it work if you LC_ALL=C packagemanager ?


On 4 December 2013 14:29, Paolo Marcheschi paolo.marches...@ftgm.it 
wrote:



Hi
I cannot start packagemanager anymore, I think it is a locale related
problem,
If I truss it:
...
  stat64(/usr/share/locale/en_US.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0)
Err#2 ENOENT
stat64(/usr/share/locale/en_US/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2
ENOENT
stat64(/usr/share/locale/en.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0) 
Err#2

ENOENT
stat64(/usr/share/locale/en/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2 
ENOENT

stat64(/usr/share/locale/en_US.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0)
Err#2 ENOENT
stat64(/usr/share/locale/en_US/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2
ENOENT
stat64(/usr/share/locale/en.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0) 
Err#2

ENOENT
stat64(/usr/share/locale/en/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2 
ENOENT

stat64(/usr/share/locale/en_US.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0)
Err#2 ENOENT
stat64(/usr/share/locale/en_US/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2
ENOENT
stat64(/usr/share/locale/en.UTF8/LC_MESSAGES/pkg.mo, 0x080451D0) 
Err#2

ENOENT
stat64(/usr/share/locale/en/LC_MESSAGES/pkg.mo, 0x080451D0) Err#2 
ENOENT

time()= 1386167231
clock_gettime(4, 0x080450CC)= 0
 Incurred fault #6, FLTBOUNDS  %pc = 0xFECDB680
   siginfo: SIGSEGV SEGV_MAPERR addr=0xFECDB680
 Received signal #11, SIGSEGV [default]
   siginfo: SIGSEGV SEGV_MAPERR addr=0xFECDB680

Have you introduced something with the new upgrade of hipster ?

Paolo





___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] pulseaudio

[Gary Gendel]

Jon,

Did you get the NX server running on Solaris/OpenIndiana?  I was almost 
successful but couldn't get all the components compiled and running.


Gary

On 10/14/2013 05:11 AM, Jonathan Adams wrote:

The best alternative for light-weight sessions from Solaris was FreeNX, but
I haven't found a good Solaris NX Client, still looking.

When I get enough time I think I will try to recompile it again on hipster,
or at least try to streamline the thing to re-use the native drivers again
... I really had to kick the sh*t out of it to get it to compile last time
(2011).

Jon


On 11 October 2013 23:40, Ivar Janmaat ijanm...@xs4all.nl wrote:


Totally agree!
I looked at Xspice as an alternatief to ALP but you need a 10 Gbps network
if people want to use youtube.
The Sun Ray is really light-weight for simple multimedia and even works
well over WAN connections.

As for pulsaudio. Xspice also needs pulsaudio to be able to transfer audio
to the client.
Xspice is still in developement.

Kind regards,

Ivar

Jonathan Adams schreef:

  SunRays aren't easily replaced. they're a very cheap, reliable and

versatile system.

SunRays all support high resolutions out of the box. They all support
smart
card technology to connect to the correct session.  They are a true
thin-client, a SunRay client uses less electricity than my set of LED
fairy
lights, that I hang in the office at Christmas. The protocol they use is
exceptionally light-weight, possibly even better than RDP, orders of
magnitude better than VNC.

We've looked around for replacements to our system, but because we
hot-desk
(it's a laboratory, people walk about all day) most other clients just
don't do what we need.  We've taken to buying up other peoples SunRays
when
they sell them off.

They're one of the greatest systems/protocols that Sun produced, but
because the margin was small, their sales guys just weren't interested in
pushing them, except in the 1000s, and because of this they didn't know
what they did, in order to push them in the market ... and with no profit
coming from the line, Oracle dropped the product.

Just my 2cents.

Jon





__**_
OpenIndiana-discuss mailing list
OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org
http://openindiana.org/**mailman/listinfo/openindiana-**discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] pulseaudio

[Gary Gendel]

Jon,

I'd be happy to test what you've done.

Gary

On 10/14/2013 08:36 AM, Jonathan Adams wrote:

Okay, I just compiled opennx to get a client (which involved compiling
nxssh as well) but it did work, and I've just connected to myself and it's
still working ... wonders will never cease :)


in which case I can probably just tar up the /usr/NX directory and get you
to test it at your end?

Jon


On 14 October 2013 12:01, Jonathan Adams t12nsloo...@gmail.com wrote:


long time ago (2011) ... I've got a tar of it, but OI has changed a lot in
that time, I haven't actually tried to connect to it in a while

I said (a while back) that I would have a go and see if I can a compile of
the latest version when I had time, and it kinda got forgotten about.

It was a real hack though, I manually modified the Makefiles and ran some
of the compile lines by hand to make sure it picked up the system
libraries, I wanted to spend time getting it to work with less effort.

Jon


On 14 October 2013 11:39, Gary Gendel g...@genashor.com wrote:


Jon,

Did you get the NX server running on Solaris/OpenIndiana?  I was almost
successful but couldn't get all the components compiled and running.

Gary


On 10/14/2013 05:11 AM, Jonathan Adams wrote:


The best alternative for light-weight sessions from Solaris was FreeNX,
but
I haven't found a good Solaris NX Client, still looking.

When I get enough time I think I will try to recompile it again on
hipster,
or at least try to streamline the thing to re-use the native drivers
again
... I really had to kick the sh*t out of it to get it to compile last
time
(2011).

Jon


On 11 October 2013 23:40, Ivar Janmaat ijanm...@xs4all.nl wrote:

  Totally agree!

I looked at Xspice as an alternatief to ALP but you need a 10 Gbps
network
if people want to use youtube.
The Sun Ray is really light-weight for simple multimedia and even works
well over WAN connections.

As for pulsaudio. Xspice also needs pulsaudio to be able to transfer
audio
to the client.
Xspice is still in developement.

Kind regards,

Ivar

Jonathan Adams schreef:

   SunRays aren't easily replaced. they're a very cheap, reliable and


versatile system.

SunRays all support high resolutions out of the box. They all support
smart
card technology to connect to the correct session.  They are a true
thin-client, a SunRay client uses less electricity than my set of LED
fairy
lights, that I hang in the office at Christmas. The protocol they use
is
exceptionally light-weight, possibly even better than RDP, orders of
magnitude better than VNC.

We've looked around for replacements to our system, but because we
hot-desk
(it's a laboratory, people walk about all day) most other clients just
don't do what we need.  We've taken to buying up other peoples SunRays
when
they sell them off.

They're one of the greatest systems/protocols that Sun produced, but
because the margin was small, their sales guys just weren't interested
in
pushing them, except in the 1000s, and because of this they didn't know
what they did, in order to push them in the market ... and with no
profit
coming from the line, Oracle dropped the product.

Just my 2cents.

Jon





___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@**openindi**ana.org http://openindiana.org
OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discusshttp://openindiana.org/**mailman/listinfo/openindiana-**discuss
http://openindiana.**org/mailman/listinfo/**openindiana-discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss
  __**_

OpenIndiana-discuss mailing list
OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org
http://openindiana.org/**mailman/listinfo/openindiana-**discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss



__**_
OpenIndiana-discuss mailing list
OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org
http://openindiana.org/**mailman/listinfo/openindiana-**discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Some questions

[Gary Gendel]

MIchelle,

I would take a look at serviio, http://www.serviio.org.  It's a java app 
that does a nice job of providing DLNA.  It has a control program that 
integrated into GNOME desktop.  I haven't used it for quite a while, but 
it was pretty simple to set up and use on OpenIndiana.


Gary

On 09/11/2013 03:58 PM, Michelle Knight wrote:

Hi Folks,

I had to move away from OI a while back because of issued mounting CIFS
on Linux after Ubuntu went up to version 13.04.

I am sat here, on the side lines, looking to come back to OI, and was
wondering if that issue has been resolved ... indeed I wasn't actually
sure where the problem was; whether it was with OI or Ubuntu.

I'd be grateful for some guidance.

Also, as I'm not a system programmer, I wasn't sure how to compile DLNA
so that I could publish my small video collection to the home network;
is there a chance that someone has found a noddy guide to installing
DLNA on OI please?

Many thanks for any advice,

Michelle.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] zfs question

[Gary Gendel]

When I reboot my machine, fmstat always shows 12 counts for zfs-* 
categories.  fmdump and fmdump -e don't report anything and I don't see 
anything in the logs of the current or previous BE (when applicable).  
I'm at a bit of a loss to figure out what happened.


Two of the drives are on the internal controller on my Sun Fire v20z, 
the rest are on a marvell88sx based controller.  I've tried both WD and 
Seagate drives with the same result so I think I can rule out the drives 
causing the problem.  That said, my tests were not really rigorous in 
this respect (for example, I didn't swap drives on the internal drives 
which have my rpool).  I'm not really concerned about this issue because 
I've never had issues after a reboot so I just reset these counts so I 
can easily check for new errors, but I'd rather not do that.  It would 
just be nice to know what is going on.


BTW, I use init 6 to do the reboot.  Is this the wrong way to reboot 
on OI?


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Updating ZFS capabilities on OI

[Gary Gendel]

Yes, it's part of hipster.  Just keep in mind that hipster is a work in 
progress and things may break but later be fixed.  I've been on hipster 
since the beginning and I am impressed with the speed that it's 
evolving.  It has been reasonably stable but some issues remain.


On 07/23/2013 01:09 PM, Jason Lawrence wrote:

I'm trying to understand what would be necessary to add LZ4 support to my OI 
installation without creating too much of a headache. Is this something 
available in hipster, or should I look into creating a fresh illumos-gate build 
along with the userspace tools and grub? There's very little (obvious) 
documentation about the current state of OI aside from the mailing lists…

(Sorry if this is a repeat, I hadn't subscribed the first time I sent this 
email)
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] migrating zfs pools

[Gary Gendel]

Hi,

I have a pool, archive, with zfs files:

/archive
/archive/gary
/archive/dani
/archive/ian
and so on...

I want to replace this with a new set of disks along with the 
appropriate properties set (smb sharing, etc.).


Basically, I want to copy the complete pool to a new pool and then 
import that pool as the original.  The goal is to retire the original 
pool configuration. Sounds like something that many have done before so 
I wanted to tap on the experts who can provide direction and caveats.


Thanks,
Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] migrating zfs pools

[Gary Gendel]

Jim,

Lots of great info here, thanks.

I was thinking about adding/removing the disks as mirrors.  My first 
concern was the different disk capacities, geometries and 4k vs. 512 
byte block sizes.  Then I realized that the end result reduces number of 
mirrored disk sets by one.  Since there is no way to downsize the number 
of mirror sets in a pool, it looks like that approach is not feasible.  
Zfs send/receive it is. :)


Thanks for the super help.  The new disks arrive this weekend so I'll 
give it a go when I can.


Gary

On 07/18/2013 02:07 PM, Jim Klimov wrote:

On 2013-07-18 19:50, Gary Gendel wrote:

Hi,

I have a pool, archive, with zfs files:

/archive
/archive/gary
/archive/dani
/archive/ian
and so on...

I want to replace this with a new set of disks along with the
appropriate properties set (smb sharing, etc.).

Basically, I want to copy the complete pool to a new pool and then
import that pool as the original.  The goal is to retire the original
pool configuration. Sounds like something that many have done before so
I wanted to tap on the experts who can provide direction and caveats.


This seems like a job for recursive ZFS send, which with replication
options should also transfer your datasets' attributes (such as share
definitions). One thing I'd suggest for the migration would be to
import the newly created pool with an alternate mountpoint (-R /a)
so that when your replicated filesystems begin mounting, they don't
conflict with originals (/archive - /a/archive), but when you retire
your old pool and import the new without an altroot - paths to new
data would become the same as they were in the old setup.

While doing this, you might also want to use some different data
allocation policies (copies, compression, dedup if your huge RAM
permits, etc.) From my practice, this is best done by assigning the
policies to original datasets, then snapshotting and sending them.
You can also change attributes on destinations during the zfs recv
but this may be or not be convenient (i.e. different policies would
be applied to blocks written before you make the switch, though
this doesn't break anything from readers' perspective).

Possibly, it might make sense to send all historical data highly
compressed (i.e. gzip-9) and then re-set your new datasets to the
compression algos you'd need for performance, if applicable (i.e.
to lz4, lzjb, zle, off and so on). Note that I am still vague on
whether *reading* gzip-9 or lz4 yields any speed benefits to
either side (i.e. is decompression speed CPU-bound, and how much
for the two winning options).

Since you're speaking of retiring the pool configuration, I shouldn't
assume that you have something that can be simple expanded onto new
disks in the ways of mirroring (mirrors, raid10 - attach new disks
for increased redundancy, wait for resilver, detach old disks, expand
pool)? Eh, here, for completeness I've said it :)

Also, do you plan to retire old disks or reuse them later in the
new pool? At some risk to data integrity, you can create a pool
with missing devices (i.e. using a lofs device over a sparse file
for a component, then destroying it) - this would make your new
pool degraded, until you are done migrating data and place the old
disks into those missing positions. I wouldn't risk this with
single-redundancy setups, but for raidz2/raidz3 this trick might
make sense - NO WARRANTIES though :)

HTH,
//Jim Klimov


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] packagemanager core dumps

[Gary Gendel]

After an update from hipster, packagemanager core dumps.  The trace-back is:

Core was generated by `/usr/bin/python2.6 /usr/bin/packagemanager'.
Program terminated with signal 11, Segmentation fault.
[New process 67755]
#0  0xfecfb660 in PyString_Format (format=0x84e14c0, args=0x80aeb3c)
at 
/data/jenkins/jobs/oi-userland/workspace/components/python/python26/Python-2.6.8/Objects/stringobject.c:5051
5051 
/data/jenkins/jobs/oi-userland/workspace/components/python/python26/Python-2.6.8/Objects/stringobject.c: 
No such file or directory.
in 
/data/jenkins/jobs/oi-userland/workspace/components/python/python26/Python-2.6.8/Objects/stringobject.c


pkg works fine, so it seems to be something specific to the GUI 
wrapper.  The left-hand pane is displayed but it crashes before 
populating the right-hand pane.


Regards,
Gary

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Switching from lzjb to lz4 compression

[Gary Gendel]

Hi,

Can I switch from one algorithm to another on the fly?  I assume that 
only newly written data will be affected, but can the system deal with a 
mixed compression pool?


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Switching from lzjb to lz4 compression

[Gary Gendel]

On 06/26/2013 04:16 PM, Jim Klimov wrote:

On 2013-06-26 22:01, Gary Gendel wrote:

Hi,

Can I switch from one algorithm to another on the fly?  I assume that
only newly written data will be affected, but can the system deal with a
mixed compression pool?


I believe it should be same as other compression algorithms
(though may be more complicated due to use of feature flags).
It was generally true that compression, checksums, copies and
such write-time attributes are basically applied per-block at
the time of write (i.e. if you zfs-send an uncompressed dataset
and zfs-receive it into a compressed target dataset, the newly
written blocks will be compressed).

It is not a problem to have different algorithms (including
none/off values) to be mixed in a single dataset, and of
course quite possible to mix them in a pool.

Another matter is the rpool dataset - it should use those algos
which are added into GRUB support so it can mount the root.
I believe LZ4 is among these (for source code versions of the
illumos-gate which offer LZ4 integration altogether).

HTH,
//Jim Klimov

Jim,

Thanks.  That was what I thought based upon my recollection but I just 
couldn't find it documented.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Sun Fire

[Gary Gendel]

I have a possibility of picking up a decommissioned X4340 (thumper) w/o 
disks to replace my aging V20z ( and multiple external drive stacks 
cheap.  It looks like it should be supported by looking at the HCL.


Is there any gotchas I should be aware of before I commit to purchase?  
Is there something more modern I should be looking at instead?


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Sun Fire

[Gary Gendel]

On 06/21/2013 11:56 AM, Peter Tribble wrote:

On Fri, Jun 21, 2013 at 1:58 PM, Gary Gendel g...@genashor.com wrote:


I have a possibility of picking up a decommissioned X4340 (thumper)


Hm. An X4340 is some sort of power transfer unit.

Thumper = X4500

Thor = X4540


Whoops, it's the X4540




w/o disks


That's the killer. These boxes are very fussy about the drives that work;
the
real value of them now is for the disks they contain, you're going to have
trouble getting drives (and it's going to cost).
Interesting.  I thought they used the same Marvell MV88SX6081 8-port 
controllers I picked up for the v20z.  I've been using that for modern 
WD and Seagate SATA drives without issue.




to replace my aging V20z ( and multiple external drive stacks cheap.  It
looks like it should be supported by looking at the HCL.

Is there any gotchas I should be aware of before I commit to purchase?  Is
there something more modern I should be looking at instead?


Probably look at something more modern, and something sized to suit.
It really needs to be full of 48 drives, only a couple of models are
supported,
and they're all getting a bit old.
Just looking for something cheap and big enough for at least 8 drives.  
I currently have two 5-drive external cases.  Since I haven't gotten the 
sata multiplexers to work, I have all 8 sata cables running out of the 
marvell controller directly to each drive, my own personal octopus.  
Can't get much more of a kludge than that.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] IPNAT redirection.

[Gary Gendel]

Jon,

I redirect ports fine using nat.  I'm trying to understand what's 
different between your and my setup.  For example in my ipnat.conf file 
I have:


rdr bge0 0.0.0.0/0 port 2022 - 10.101.1.9 port 22 tcp/udp

Where bge0 is my external nic (bge1 is my internal nic).  BTW, I use 
0.0.0.0/0 so it automatically picks up my external nic's ip address 
(I've have pseudo-dynamic IP from my ISP).


Gary

On 04/19/2013 05:22 AM, Jonathan Adams wrote:

Actually in the real system I am trying to forward a port from an external
address (on the internet, the address I hid) to an internal RDP server
(port 3389 tcp) ... but for testing I forwarded to an internal IMAP server

iprb0 is the external interface, bge0 is the internal.

I added bge0 to see if it was a problem with my external connection.

I enabled the telnet server on the local machine and used ipnat to redirect
143 to 23 and that worked ... I was just surprised that I couldn't connect
to any port on another host.

Anyway, to cut your explanation down, you are basically saying that I
cannot do port forwarding with ipnat?

Jon
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] IPNAT redirection.

[Gary Gendel]

We've all been there. :(

On 04/19/2013 08:08 AM, Jonathan Adams wrote:

ignore me, i'm just being stupid!

on the accelerated host I needed to add the route to the external server :(


On 19 April 2013 12:58, Jonathan Adams t12nsloo...@gmail.com wrote:


On 19 April 2013 11:45, Gary Gendel g...@genashor.com wrote:


Jon,

I redirect ports fine using nat.  I'm trying to understand what's
different between your and my setup.  For example in my ipnat.conf file I
have:

rdr bge0 0.0.0.0/0 port 2022 - 10.101.1.9 port 22 tcp/udp

Where bge0 is my external nic (bge1 is my internal nic).  BTW, I use
0.0.0.0/0 so it automatically picks up my external nic's ip address
(I've have pseudo-dynamic IP from my ISP).



I originally used 0.0.0.0/0 but was wondering if it was capturing packets
coming through so limited to the external IP address ...

I use ipnat happily on another machine for transparent proxying:

# redirect all port 80 transactions to squid
rdr internal2 any port 80 - 192.168.0.82 port 3128

# NAT all port 443 (https) to the external address directly.
map external2 from any to 83.138.182.145 port = 443 - 94.136.227.100/32

and that works a charm.

I modified ipf.conf to allow and log everything ... then lines from ipmon
are:

19/04/2013 12:53:30.895801 iprb0 @0:2 p n.n.180.45,46135 -
192.168.0.12,143 PR tcp len 20 40 -R IN NAT
19/04/2013 12:53:30.895818 bge0 @0:1 p n.n.180.45,46135 -
192.168.0.12,143 PR tcp len 20 40 -R OUT
19/04/2013 12:53:32.799328 iprb0 @0:2 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:32.799344 bge0 @0:1 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S OUT
19/04/2013 12:53:36.176407 iprb0 @0:2 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:36.176423 bge0 @0:1 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S OUT
19/04/2013 12:53:42.239530 bge0 @0:1 p 192.168.0.20,138 -
192.168.0.255,138 PR udp len 20 267 IN mbcast
19/04/2013 12:53:42.935736 iprb0 @0:2 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:42.935752 bge0 @0:1 p n.n.180.45,46607 -
192.168.0.12,143 PR tcp len 20 52 -S OUT

but if I snoop from 192.168.0.12 there are no packets coming in.

strange ... I'm sure I'm just missing something little.

Jon


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Anyone using OpenIndiana in production?

[Gary Gendel]

James,

I have a similar situation in a home office.  I've got a Sun V40Z 
running 151a7 with 2 internal and 6 external mirrored zfs drives to give 
me 14 TB of storage.  It runs my mail, dns, web, dhcp, router, 
multi-media streaming, nightly backup, networked storage and other 
(several Mac, Linux and Windows machines) services.  I also use it to 
run regression testing of the software I develop, probably the only 
thing that pushes it in any way. If it wasn't for the flaky electric 
grid system it would have been running for at least a year.  However, 
blackouts lasting several days caused me to shut it down a few times in 
the past year.  Currently, it's been up for 40 days. Since it's the 
router between my ISP and my internal network, it is critical that it is 
stable.  It hasn't failed me yet (knock on wood).


I should take a picture and show it with it's 8 sata cables draping out 
the back connected to 2 disk cabinets, it's quite a DIY sight.  I wish I 
could find a less power-hungry and quieter machine to replace the v40z 
at a reasonable price.  Being able to put the disks in the same cabinet 
would be a plus. :)


Gary

On 03/28/2013 11:35 PM, James Dickens wrote:

Guess I have to add in my N40L story, use it for my home used for both NFS
and CIFS, rsync, ftp, and scp file transfers, and dns no issues what so
ever serving isos via nfs to my esxi hosts, have a few vmware guests using
nfs for datastore on esxi. patched it a few months ago and never rebooted,
to get the latest bits. 2x 2TB drives mirrored and 250GB sata drive for
rpool. routinely see 60-80MB/s filetransfers over all file transfer
protocols. Yes home file servers can be classified when 2 adult children at
home with computers, and wife (netbook) plus me doing telecommuting 5 days
a week down time gets annoying.

OpenIndiana (powered by illumos)SunOS 5.11oi_151a7October 2012
n40l:~$ uname -a
SunOS n40l 5.11 oi_151a7 i86pc i386 i86pc
n40l:~$ uptime
  10:28pm  up 608 day(s), 22:22,  1 user,  load average: 0.26, 0.36, 0.26
n40l:~$

James
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] DLNA server

[Gary Gendel]

Michelle,

I've had luck with serviio, a java-based DLNA server from 
http://www.serviio.org/.  I had it running recently, streaming to a Moxi 
PVR, but I'm currently using XBMC on an old mac mini I decommissioned 
for work instead.  I remember reading a thread where they had to upgrade 
libffmpeg on OpenIndiana to get the latest version running.  I believe 
this library has been upgraded in 151a7.


I've also been able to bring up MediaTomb in the past using vlc to 
transcode, but I haven't worked with that for quite a while.


The biggest drawback for the DLNA servers I tried was that I was only 
able to play, pause, and stop.  Rewind and Fast-forward wasn't possible 
from the PVR on the DLNA stream.


Good luck,
Gary

On 03/07/2013 02:19 PM, Michelle Knight wrote:

Hi Folks,

I'm not turning up much on a web search, so I'm hoping someone will be
able to help me sort this out.

I have an OI server with various media on ZFS which is shared by
password protected SMB shares. I'm fairly sure it is 151a5, built late
last year.

Recently I bought one of these -
http://www.humaxdirect.co.uk/product.asp?ProdRef=10095cat=stb

When I tell it to search the network, it can't find anything and there
is no option to give it any SMB details.

It looks like I'm going to have to install something on the server to
publish the video directories in DLNA, which I've got no experience of.

I do have another machine always on, which is running Ubuntu 12.04, so
there could, presumably, be a work around by mapping the SMB share to
the Linux box and then re-publishing a DLNA share from that ... but
that is a bit messy.

I did read up something called Coherence but before I potentially risk
damaging my file server, I thought I'd seek knowledgeable help first.

I'd be grateful for any guidance.

Many thanks in advance for any help.

Michelle Knight

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] DLNA server

[Gary Gendel]

Michelle,

I seem to remember you can configure it using the console remotely using 
the property serviio.remoteHost but I've never tried it.


Gary

On 03/07/2013 04:26 PM, Michelle Knight wrote:

Hi Gary,

I've had a shot with Serviio.  It seems to need a graphics console in
order to configure it, and my server is text only.

I couldn't find any instructions on manual config file settings either
in the serviio structure or in my home directory, so I'm currently a
bit stuck.

Michelle.

On Thu, 07 Mar 2013 14:37:23 -0500
Gary Gendel g...@genashor.com wrote:


Michelle,

I've had luck with serviio, a java-based DLNA server from
http://www.serviio.org/.  I had it running recently, streaming to a
Moxi PVR, but I'm currently using XBMC on an old mac mini I
decommissioned for work instead.  I remember reading a thread where
they had to upgrade libffmpeg on OpenIndiana to get the latest
version running.  I believe this library has been upgraded in 151a7.

I've also been able to bring up MediaTomb in the past using vlc to
transcode, but I haven't worked with that for quite a while.

The biggest drawback for the DLNA servers I tried was that I was only
able to play, pause, and stop.  Rewind and Fast-forward wasn't
possible from the PVR on the DLNA stream.

Good luck,
Gary

On 03/07/2013 02:19 PM, Michelle Knight wrote:

Hi Folks,

I'm not turning up much on a web search, so I'm hoping someone will
be able to help me sort this out.

I have an OI server with various media on ZFS which is shared by
password protected SMB shares. I'm fairly sure it is 151a5, built
late last year.

Recently I bought one of these -
http://www.humaxdirect.co.uk/product.asp?ProdRef=10095cat=stb

When I tell it to search the network, it can't find anything and
there is no option to give it any SMB details.

It looks like I'm going to have to install something on the server
to publish the video directories in DLNA, which I've got no
experience of.

I do have another machine always on, which is running Ubuntu 12.04,
so there could, presumably, be a work around by mapping the SMB
share to the Linux box and then re-publishing a DLNA share from
that ... but that is a bit messy.

I did read up something called Coherence but before I potentially
risk damaging my file server, I thought I'd seek knowledgeable help
first.

I'd be grateful for any guidance.

Many thanks in advance for any help.

Michelle Knight

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Vnc to mimic SunRay behaviour, how??

[Gary Gendel]

Jon,

You're a better man than I.  I tried but got stuck somewhere.  I 
remember getting many of the pieces working, but not all.


Gary

On 02/27/2013 12:32 PM, Jonathan Adams wrote:

you cannot really use VNC do do that ... you would be better off using
something similar to freeNX ... it doesn't have a client for Solaris,
but there are lots of clients for most other platforms.

I have compiled freeNX this in the past, and got it all working, I
even tar'd the file up somewhere if you want it ... but you might be
best off seeing if you can get it to work yourself.

Jon

On 27 February 2013 15:23, Hans J. Albertsson
hans.j.alberts...@branneriet.se wrote:

I'm pretty comfy with the way SunRays work: you login to a remote server
with a full graphical UI.
When you're due for lunch, you pull your card, and go get yer grub. In the
lounge area, you plug yer card into a sunray on a temp desk, and just
continue in the session you left behind. Performance was OK for what we used
them for 5-8 years ago.

Alas, SunRays are a thing of the past for most of us. Oracle's price tag is
just way too hefty for most people. Also, next SW and HW upgrade  we want
better performance for medium-complexity graphics, so what to do instead?

Initial tests with GB net and modern fanless media PCs indicate that VNC
might just be good enough for the next 5 years or so. But, as far as I can
see, using Xvnc in OI151a7 leaves you with but two choices, open-for-all
possibly passwordprotected persistent preassigned sessions or non-persistent
but automatically assigned sessions.

Could one fiddle around with options and other things to simulate SunRay
sessions in a better way??

I'd like to avoid having to preconfigure a set of logical displays for each
of my over 200 users...

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] 151a7 smnpd core dump

[Gary Gendel]

Every once in a while the snmpd daemon core dumps. When I run dbx on it 
it tells me that the checksum doesn't match the executable.


(dbx) proc -map
Loadobject mappings for current core file:
0x0040 /usr/sbin/amd64/snmpd
  Warning: checksum in file(845c) doesn't match image(dd35)

It's not clear what I should do to get a good traceback.  Right now, 
this is what I get:


(dbx) where
=[1] memcpy(0x0, 0x6b3a40, 0x6b3a40, 0x0, 0x118, 0x0), at 
0xfd7fff165f8b
  [2] netsnmp_access_systemstats_entry_update_stats(0x0, 0x0, 0x0, 0x0, 
0x0, 0x0), at 0xfd7ffeb9b4b9
  [3] netsnmp_access_systemstats_entry_update(0x0, 0x0, 0x0, 0x0, 0x0, 
0x0), at 0xfd7ffeb9b5e6
  [4] _check_for_updates(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 
0xfd7ffeb8e93b
  [5] netsnmp_binary_array_for_each(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 
0xfd7ffe990b12

  [6] _ba_for_each(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffe99140f
  [7] ipSystemStatsTable_container_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), 
at 0xfd7ffeb8ee5e

  [8] _cache_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb8ddd5
  [9] _cache_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffec8a7c8
  [10] _timer_reload(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffec89675
  [11] run_alarms(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffe9658de
  [12] 0x4061a2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4061a2
  [13] 0x4061a2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4061a2
  [14] 0x4056b1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4056b1
  [15] 0x402f7c(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x402f7c

Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Any oi software to stream video to androids?

[Gary Gendel]

I've been using a Java based server successfully:

http://www.serviio.org/

Gart

On 1/4/13 5:18 PM, Paolo Marcheschi wrote:

I think Llink can be useful to you.
more here:

http://goo.gl/5TKd4

Paolo
Il 1/4/13 8:43 PM, Ray Arachelian ha scritto:

I'm looking for something to stream video that to android devices.  Can
subsonic do this?

Thanks.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Any oi software to stream video to androids?

[Gary Gendel]

Ray,

I used the one in sfe-encumbered in package pkg:/video/ffmpeg@1.0-0.151.1.6

Gary

On 1/4/13 6:08 PM, Ray Arachelian wrote:

On 01/04/2013 05:53 PM, Gary Gendel wrote:

I've been using a Java based server successfully:

http://www.serviio.org/

Thanks.  What did you do to get ffmpeg going? I tried pkg install
ffmpeg, but doesn't seem to exist.  Did you compile from source?

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Anti-Virus strategy

[Gary Gendel]

Michelle,

The first thing I would do for performance is to limit your scans to
user home directories unless you're really paranoid.  Then you can use
one of the intrusion detectors to make sure none of the system files
were touched.  For me, validating that the system files haven't been
tampered with is much more critical. I was hit hard with a root-kit on a
SunOS machine back in the 80s and had no choice but to wipe everything
clean and reinstall since there was no clear way to determine what was
compromised.  The only good thing was that my firewall prevented the
root kit from getting the command/control connection to do whatever
nefarious work that was intended.

I've never had a successful attack since, but I still remember the
horror and pain that that caused.  If they didn't have a small bug in
their installation that caused a peculiar error message that I happened
to catch flying by during a boot, I would not have started the
investigation that finally uncovered it.  I happen to use aide and run
it nightly using the reference database stored on a read-only device for
added security.

The only downside is that after installing, updating, or removing a
package you have to take the time to bless the changes reported by
such a system.  On the plus side, it saved me a few times when I
accidentally overwrote things (one of those Oh-No! situations).  I could
easily generate a report of what was changed so I could pull back the
original files from backup.

Gary

On 12/26/2012 11:13 AM, Michelle Knight wrote:
 Hi Folks,

 Up until now, I've been using Clam on a linux client to remotely scan my
 ZFS volumes overnight every few days; primarily as I don't know anything
 about running anti-viru direclty on the OI box.

 However, the number of (especially small ) files has been increasing so
 I'm facing installing and configuring an anti-virus scan on the OI box
 itself.

 I've done some search engine reading, but it is all at a higher level
 and I haven't been able to learn enough to put together a solid
 strategy.

 I don't really suffer viruses; thanks to some hard lessons learned in
 the past. However I'm human and something could still catch me a blind
 side some day, so another gate keeper won't hurt.

 Has anyone got any advice and links to instructions please?

 Many thanks,

 Michelle.

 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] freenx

[Gary Gendel]

Jon,

Thanks, that got me past the problem.  BTW, I tried your package which
gave me the same results as mine.  In addition, when I log in to user nx
your installation complains about embedded newlines in strings.

I can almost taste this now.

gary@abby:~ ssh -X phoenix /usr/NX/bin/nxnode --agent :1001

*** Is below a problem? The mode /tmp is 1777 so I'm not sure why it's
complaining: ***

NX-:1001 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
NX 716 Starting NX Agent ...
_XSERVTransmkdir: ERROR: Mode of /tmp/.X11-unix must be set to 1777
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 9
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

NXAGENT - Version 3.5.0

Copyright (C) 2001, 2011 NoMachine.
See http://www.nomachine.com/ for more information.

Info: Agent running with pid '12218'.
Session: Starting session at 'Thu Dec 20 07:48:27 2012'.
Info: Using alpha channel in render extension.
Info: Not using local device configuration changes.
Session: Session started at 'Thu Dec 20 07:48:27 2012'.
Session: Terminating session at 'Thu Dec 20 07:48:45 2012'.
Session: Session terminated at 'Thu Dec 20 07:48:45 2012'.

*** And the new fonts entry does this: ***

FreeFontPath: FPE /usr/openwin/lib/X11/fonts/misc/ refcount is 2,
should be 1; fixing.
NX 716 NX Agent exited with status: 0
NX-:1001 1001 Bye.

Gary

On 12/20/2012 05:55 AM, Jonathan Adams wrote:
 I got it working on Solaris 10, and OpenSolaris ... my steps are on my
 Google drive

 https://docs.google.com/open?id=0B6o_jmGQm0dWSGV6UGE2RExnUU0
 https://docs.google.com/open?id=0B6o_jmGQm0dWeW45SjhfbklFVlE

 Add to /usr/X11/lib/X11/fonts/misc/fonts.alias

 fixed -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1

 Jon

 On 20 December 2012 02:46, dormitionsk...@hotmail.com
 dormitionsk...@hotmail.com wrote:
 If you get it working, would you please post the steps you took to install 
 and get it working?

 I'd really appreciate it.

 This is one of those pieces of software that I'd like to use, but haven't 
 had a chance to even try installing it.



 On Dec 19, 2012, at 7:27 PM, Gary Gendel wrote:

 I'm real close to getting freeNX working.  However, I'm stumped by the 
 error I'm getting:

 $ ssh -X phoenix /usr/NX/bin/nxnode --agent :1000
 NX-:1000 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
 NX 716 Starting NX Agent ...
 NXAGENT - Version 3.5.0

 Copyright (C) 2001, 2011 NoMachine.
 See http://www.nomachine.com/ for more information.

 Info: Agent running with pid '2688'.
 Session: Starting session at 'Wed Dec 19 21:05:09 2012'.
 Info: Using alpha channel in render extension.
 Info: Not using local device configuration changes.
 Error: Aborting session with 'Could not open default font 'fixed''.
 Session: Aborting session at 'Wed Dec 19 21:05:09 2012'.
 Session: Session aborted at 'Wed Dec 19 21:05:09 2012'.
 NX 716 NX Agent exited with status: 1
 NX-:1000 1001 Bye.

 This error happens even if I try to log in from the local OpenIndiana host. 
  I turned on using the font server, and I tried putting in a font path, but 
 it still fails with the same error.

 Anyone have success getting freeNX working?

 Gary


 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss


 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss
 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] freenx

[Gary Gendel]

custom.conf contains:

[xdmcp]
Enable=true

and svcs gdm shows it online.  BTW, I can vnc to this machine and get
the gdm chooser but I'd prefer NX.  Do you get the complaint about /tmp?

Gary

On 12/20/2012 08:19 AM, Jonathan Adams wrote:
 hmm ... this works for me ...

 have you run gdmsetup and enable XDMCP ?

 On 20 December 2012 12:58, Gary Gendel g...@genashor.com wrote:
 Jon,

 Thanks, that got me past the problem.  BTW, I tried your package which
 gave me the same results as mine.  In addition, when I log in to user nx
 your installation complains about embedded newlines in strings.

 I can almost taste this now.

 gary@abby:~ ssh -X phoenix /usr/NX/bin/nxnode --agent :1001

 *** Is below a problem? The mode /tmp is 1777 so I'm not sure why it's
 complaining: ***

 NX-:1001 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
 NX 716 Starting NX Agent ...
 _XSERVTransmkdir: ERROR: Mode of /tmp/.X11-unix must be set to 1777
 _XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 9
 _XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

 NXAGENT - Version 3.5.0

 Copyright (C) 2001, 2011 NoMachine.
 See http://www.nomachine.com/ for more information.

 Info: Agent running with pid '12218'.
 Session: Starting session at 'Thu Dec 20 07:48:27 2012'.
 Info: Using alpha channel in render extension.
 Info: Not using local device configuration changes.
 Session: Session started at 'Thu Dec 20 07:48:27 2012'.
 Session: Terminating session at 'Thu Dec 20 07:48:45 2012'.
 Session: Session terminated at 'Thu Dec 20 07:48:45 2012'.

 *** And the new fonts entry does this: ***

 FreeFontPath: FPE /usr/openwin/lib/X11/fonts/misc/ refcount is 2,
 should be 1; fixing.
 NX 716 NX Agent exited with status: 0
 NX-:1001 1001 Bye.

 Gary

 On 12/20/2012 05:55 AM, Jonathan Adams wrote:
 I got it working on Solaris 10, and OpenSolaris ... my steps are on my
 Google drive

 https://docs.google.com/open?id=0B6o_jmGQm0dWSGV6UGE2RExnUU0
 https://docs.google.com/open?id=0B6o_jmGQm0dWeW45SjhfbklFVlE

 Add to /usr/X11/lib/X11/fonts/misc/fonts.alias

 fixed -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1

 Jon

 On 20 December 2012 02:46, dormitionsk...@hotmail.com
 dormitionsk...@hotmail.com wrote:
 If you get it working, would you please post the steps you took to install 
 and get it working?

 I'd really appreciate it.

 This is one of those pieces of software that I'd like to use, but haven't 
 had a chance to even try installing it.



 On Dec 19, 2012, at 7:27 PM, Gary Gendel wrote:

 I'm real close to getting freeNX working.  However, I'm stumped by the 
 error I'm getting:

 $ ssh -X phoenix /usr/NX/bin/nxnode --agent :1000
 NX-:1000 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
 NX 716 Starting NX Agent ...
 NXAGENT - Version 3.5.0

 Copyright (C) 2001, 2011 NoMachine.
 See http://www.nomachine.com/ for more information.

 Info: Agent running with pid '2688'.
 Session: Starting session at 'Wed Dec 19 21:05:09 2012'.
 Info: Using alpha channel in render extension.
 Info: Not using local device configuration changes.
 Error: Aborting session with 'Could not open default font 'fixed''.
 Session: Aborting session at 'Wed Dec 19 21:05:09 2012'.
 Session: Session aborted at 'Wed Dec 19 21:05:09 2012'.
 NX 716 NX Agent exited with status: 1
 NX-:1000 1001 Bye.

 This error happens even if I try to log in from the local OpenIndiana 
 host.  I turned on using the font server, and I tried putting in a font 
 path, but it still fails with the same error.

 Anyone have success getting freeNX working?

 Gary


 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss
 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss
 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] freenx

[Gary Gendel]

If I use the ssh running nxnode to test it, I get a black window and it
responds to resizing with the appropriate messages.  Unfortunately,
using the nxclient fails without trying to bring up a window. It gets as
far as Downloading session data and then it reports Session startup
failed.

On 12/20/2012 08:21 AM, Jonathan Adams wrote:
 actually I can't find gdmsetup ... have you enabled gdm in some way though?

 On 20 December 2012 13:19, Jonathan Adams t12nsloo...@gmail.com wrote:
 hmm ... this works for me ...

 have you run gdmsetup and enable XDMCP ?

 On 20 December 2012 12:58, Gary Gendel g...@genashor.com wrote:
 Jon,

 Thanks, that got me past the problem.  BTW, I tried your package which
 gave me the same results as mine.  In addition, when I log in to user nx
 your installation complains about embedded newlines in strings.

 I can almost taste this now.

 gary@abby:~ ssh -X phoenix /usr/NX/bin/nxnode --agent :1001

 *** Is below a problem? The mode /tmp is 1777 so I'm not sure why it's
 complaining: ***

 NX-:1001 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
 NX 716 Starting NX Agent ...
 _XSERVTransmkdir: ERROR: Mode of /tmp/.X11-unix must be set to 1777
 _XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 9
 _XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

 NXAGENT - Version 3.5.0

 Copyright (C) 2001, 2011 NoMachine.
 See http://www.nomachine.com/ for more information.

 Info: Agent running with pid '12218'.
 Session: Starting session at 'Thu Dec 20 07:48:27 2012'.
 Info: Using alpha channel in render extension.
 Info: Not using local device configuration changes.
 Session: Session started at 'Thu Dec 20 07:48:27 2012'.
 Session: Terminating session at 'Thu Dec 20 07:48:45 2012'.
 Session: Session terminated at 'Thu Dec 20 07:48:45 2012'.

 *** And the new fonts entry does this: ***

 FreeFontPath: FPE /usr/openwin/lib/X11/fonts/misc/ refcount is 2,
 should be 1; fixing.
 NX 716 NX Agent exited with status: 0
 NX-:1001 1001 Bye.

 Gary

 On 12/20/2012 05:55 AM, Jonathan Adams wrote:
 I got it working on Solaris 10, and OpenSolaris ... my steps are on my
 Google drive

 https://docs.google.com/open?id=0B6o_jmGQm0dWSGV6UGE2RExnUU0
 https://docs.google.com/open?id=0B6o_jmGQm0dWeW45SjhfbklFVlE

 Add to /usr/X11/lib/X11/fonts/misc/fonts.alias

 fixed -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1

 Jon

 On 20 December 2012 02:46, dormitionsk...@hotmail.com
 dormitionsk...@hotmail.com wrote:
 If you get it working, would you please post the steps you took to 
 install and get it working?

 I'd really appreciate it.

 This is one of those pieces of software that I'd like to use, but haven't 
 had a chance to even try installing it.



 On Dec 19, 2012, at 7:27 PM, Gary Gendel wrote:

 I'm real close to getting freeNX working.  However, I'm stumped by the 
 error I'm getting:

 $ ssh -X phoenix /usr/NX/bin/nxnode --agent :1000
 NX-:1000 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
 NX 716 Starting NX Agent ...
 NXAGENT - Version 3.5.0

 Copyright (C) 2001, 2011 NoMachine.
 See http://www.nomachine.com/ for more information.

 Info: Agent running with pid '2688'.
 Session: Starting session at 'Wed Dec 19 21:05:09 2012'.
 Info: Using alpha channel in render extension.
 Info: Not using local device configuration changes.
 Error: Aborting session with 'Could not open default font 'fixed''.
 Session: Aborting session at 'Wed Dec 19 21:05:09 2012'.
 Session: Session aborted at 'Wed Dec 19 21:05:09 2012'.
 NX 716 NX Agent exited with status: 1
 NX-:1000 1001 Bye.

 This error happens even if I try to log in from the local OpenIndiana 
 host.  I turned on using the font server, and I tried putting in a font 
 path, but it still fails with the same error.

 Anyone have success getting freeNX working?

 Gary


 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss
 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss
 ___
 OpenIndiana-discuss mailing list
 OpenIndiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] freenx

[Gary Gendel]

I'm real close to getting freeNX working.  However, I'm stumped by the 
error I'm getting:


$ ssh -X phoenix /usr/NX/bin/nxnode --agent :1000
NX-:1000 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: 3.5.0)
NX 716 Starting NX Agent ...
NXAGENT - Version 3.5.0

Copyright (C) 2001, 2011 NoMachine.
See http://www.nomachine.com/ for more information.

Info: Agent running with pid '2688'.
Session: Starting session at 'Wed Dec 19 21:05:09 2012'.
Info: Using alpha channel in render extension.
Info: Not using local device configuration changes.
Error: Aborting session with 'Could not open default font 'fixed''.
Session: Aborting session at 'Wed Dec 19 21:05:09 2012'.
Session: Session aborted at 'Wed Dec 19 21:05:09 2012'.
NX 716 NX Agent exited with status: 1
NX-:1000 1001 Bye.

This error happens even if I try to log in from the local OpenIndiana 
host.  I turned on using the font server, and I tried putting in a font 
path, but it still fails with the same error.


Anyone have success getting freeNX working?

Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] ZFS remote receive

[Gary Gendel]

On 10/23/12 8:23 AM, Doug Hughes wrote:

On 10/23/2012 7:52 AM, Sebastian Gabler wrote:

Hi,

I am facing a problem with zfs receive through ssh. As usually, root 
can't log on ssh; the log on users can't receive a zfs stream (rights 
problem), and pfexec is disabled on the target host (as I understand 
it is nowadays default for OI151_a...)


What are the suggestions to solve this? I tried several approaches 
with sudo, and su to no avail. I had tried to enable pfexec on the 
target system, too and couldn't do it.


you can run it over any tcp transport. Do it yourself options include 
using ttcp or netcat as a transport, but almost anything will do. It 
requires a little bit more synchronization to do it this way since the 
receiver must be running (piped into zfs recv) before the transmitter 
is started or the transmitter will abort.
In the end, though, you need to run the zfs recv as root somehow. If 
that's the crux of the problem and not the inability to ssh as root, 
you'll have to figure out a fix to get root at least for the zfs recv 
process.
I had the same issue with rsync over ssh.  I finally decided to make 
root a user and restrict login access.




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Slow ssh login?

[Gary Gendel]

I think I found it...

https://www.illumos.org/issues/1983

So far, so good.  Logged in and out a dozen times with no lag.

Gary

On 10/21/12 5:00 AM, Jim Klimov wrote:

2012-10-21 9:40, Alex Smith (K4RNT) wrote:

Perhaps setting UseDNS to no in sshd_config could help. :)



Also, if you only access the system from one or few external
hosts, you can add their names to /etc/hosts (and give it
priority in /etc/nsswitch.conf).



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Slow ssh login?

[Gary Gendel]

Well, my problem seems to be exactly opposite.  If I restart sshd, I get 
really good response at first and then it deteriorates to a several 
second login delay. dig and dig -x is always fast. I even disabled 
reverse DNS on sshd with no difference.  Every once in a while I get 
fast response.  The sshd debug output doesn't show anything 
interesting.  This has been a real head-scratcher.


On 10/19/12 7:02 PM, Richard Elling wrote:

On Oct 19, 2012, at 3:51 PM, Dan Swartzendruber dswa...@druber.com wrote:


Hi, all.  I've got an issue that is bugging me.  I've got an OI 151a7 VM and
ssh to it takes 15 seconds or so, then I get a prompt.  It's not the usual
reverse dns or gssapi stuff, since my backup node is also OI 151a7 and it
responds instantly to the ssh request.

15 seconds is a magic number -- the default timeout for a DNS lookup.
Use getent to verify that lookups (forward and reverse) are fast. Use nscd -i
to make sure the cached name lookups are flushed.

Another quick test, if the first ssh takes a while, but soon afterwards a second
completes quickly, then the nscd cache is working properly.
  -- richard



  Google has not turned up anything
useful except for the usual suspects that are innocent in this case.  The
only hint I can see is if I give '-v' on the client, I see this:

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to nas [10.0.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/dswartz/.ssh/id_rsa type -1
debug1: identity file /home/dswartz/.ssh/id_rsa-cert type -1
debug1: identity file /home/dswartz/.ssh/id_dsa type -1
debug1: identity file /home/dswartz/.ssh/id_dsa-cert type -1
debug1: identity file /home/dswartz/.ssh/id_ecdsa type -1
debug1: identity file /home/dswartz/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.5
debug1: no match: Sun_SSH_1.5
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
(the delay is here)
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-client aes128-ctr hmac-md5 none
debug1: kex: client-server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 8c:78:a0:17:6b:17:1b:bf:83:69:a3:bf:59:df:18:07
debug1: Host 'nas' is known and matches the RSA host key.
debug1: Found key in /home/dswartz/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/dswartz/.ssh/id_rsa
debug1: Trying private key: /home/dswartz/.ssh/id_dsa
debug1: Trying private key: /home/dswartz/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive

Any thoughts where to look?  It's got to be something that is different
between the two OI hosts, but offhand, I'm not sure where to look.
Thanks...
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

--

richard.ell...@richardelling.com
+1-760-896-4422



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Archive for unsupported machines

[Gary Gendel]

Hi,

Does anyone know if firmware updates from devices (in my case SunFire 
v20z I've had since the late 90s) are available somewhere? I've been 
able to find a lot of archives for the old Sun pages, but the download 
links for these packages fail.


I had tried but failed to update this box many years ago and gave up.  I 
decided to give it a try again as it doesn't recognize that OI is 
running anymore and does an immediate power-down if I tell it to power 
off rather than shut things down gracefully.  On the good side, I had a 
package saved and upgraded with a more recent bios than the creaky old 
one that was there but it's far from the latest.  Also, I've been unable 
to upgrade SP from that package.  SP connects to the update server and 
goes into the installing phase. Then it reboots SP without downloading 
or installing the update.


This kind of information might be useful for others that are running OI 
on unsupported Sun boxes. Sorry if this is inappropriate for this list.


Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] killing graphical login

[Gary Gendel]

 That would be great.

On 10/ 2/12 12:01 PM, Alex Smith (K4RNT) wrote:

You may also want to look into FreeNX, I believe I requested it, and I
thought they closed the ticket saying they were adding it to one of the
community repos, not 100% sure though.

On Tue, Oct 2, 2012 at 8:29 AM, Jim Klimovjimkli...@cos.ru  wrote:


2012-10-02 9:15, Roel_D пишет:

  Hmz.. You can't disable gdm when you want to use vnc as far as i know

I won't vouch for that if you're so certain, because our
machines use our own brew of TightVNC with a lightweight
twm window manager. That certainly works even in the absence
of not only gdm, but GNOME altogether.

I really do not know if the co-bundled vncserver requires
gdm or can be configured to serve other desktop environments.
It likely can, however, be brought up on admin request as
a temporary SMF service enablement for a service kept off
by default, and won't be a resource hog all the time.

//Jim


__**_
OpenIndiana-discuss mailing list
OpenIndiana-discuss@**openindiana.orgOpenIndiana-discuss@openindiana.org
http://openindiana.org/**mailman/listinfo/openindiana-**discusshttp://openindiana.org/mailman/listinfo/openindiana-discuss







___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OI stopped booting after 151a6 update.

[Gary Gendel]

Milan,

Please contact me directly if you need me to run some experiments or 
collect some data.  I tried Richard Palo's workaround but it only worked 
in the current session; a reboot brought it back and wouldn't go away 
with a re-applied fix.


I blew a6 away, but I can put it back if you tell me what you want me to 
try.  BTW, this is on a Lenovo Thinkpad T61p.


Gary

On 9/13/12 10:40 AM, Milan Jurik wrote:

Hi,

it would be nice if people affected by this are active on that issue. 
Currently I have only one reporting person who wrote that the problem 
seems to be visible only in case that hald is daemonized. Ongoing 
investigation. I cannot reproduce it on my system (yet).


Best regards,

Milan

On 13.09.2012 13:55, Dmitry Kozhinov wrote:

Yes, it's the same. Production server affected... I am stick to 151a5
for a while.

On 07.09.2012 18:23, Richard PALO wrote:
It's possibly the same as a couple of us have suffered: 
https://www.illumos.org/issues/3150


Le 07/09/12 14:20, Dmitry Kozhinov a écrit :

Thank you, Andrey, for pointing me into right direction.
Now I have figured out that it does not hang, but stops at console 
login
prompt. GUI not loads for some reason. Graphics card is ATI Radeon 
9600.

How do I inspect a boot log (if any)?

Maybe the reason of the glitch is that online updates not always go
smoothly, especially when there was many incremental updates 
already for

given system. I remember that I already had similar problem, and fresh
install did resolve it (cannot remember OSol or OI). Maybe I will
reinstall the whole system at next week. Though it is a production
server, there is not much to configure. Apache, vsftpd, and content
files. Downtime is not critical.

Though reinstall may help, it would be useful to find out what went 
wrong.


On 07.09.2012 1:03, Andrey Sokolov wrote:

Hi,

Where does OI hang? Use -v option for kernel and boot without 
progress

bar

2012/9/6 Dmitry Kozhinov d...@desktopfay.com


Hi all,

I have a quite old machine running OI: ASUS A7N8X-X motherboard,
Athlon XP
1150Mhz CPU, 1GB RAM. Everything worked fine until the 151a6 
update. Now

the boot process hangs (progress bar is moving, no HDD activity,
nothing).
Previous 151a5 BE boots fine.

Any advices appreciated.




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] SPARC-OpenIndiana Screenshots

[Gary Gendel]

I've got an enterprise 450 (Sparc II), with a PGX graphics card and a 
bum HME nic so I use a fiberchannel card currently running Solaris 10 
using zfs root.  I'll pitch in to test openindiana if I can create a 
separate BE rather than blow Solaris 10 away (which I actually use to 
build and test products for my company).  I do have some extra disks 
that I can swap with the Solaris boot disks if needed.


On 9/10/12 10:18 AM, Alex Smith (K4RNT) wrote:

I have a Sun Blade 2500 (red, XVR-1200 graphics) available for testing, and
I may be able to convince one of my colleagues to fire up a Sun Fire V240
that I gave him to try with this as well, if you like, Martin. There is
still plenty of sun4u hardware out there that would love to test OI on. :)

On Mon, Sep 10, 2012 at 8:14 AM, Martin Bochnig mar...@martux.org wrote:


Dear SPARC fellows,



I apologize the repeated delays.
If you fix a, b and c you forget that this breaks d.
SMF complicated life (instead of making it easier).

And let's not talk about IPS   ...


Here some screenshots from just now.
One of the recent annoying stoppers is or was, that JDS would _almost_
load fully, but then crash itself and therefore cause openXsun to
stop.
Some problem with the gnome-keyring daemon somehow not willing to
communicate with dbus, although dbus is running fine, even svcs says
that!


Now I took 10 versions of solaris.zlib from a week ago and tried to
nfs-mount it over /usr the the booted LiveDVD's ramdisk. And after
some hours I found now one version, that works. But now Firefox loads,
but you cannot enter any URL.
And another problem: If I simply take a week-old version of
solaris.zlib (/usr), then this removes the other workarounds from
/usr, that I put in place durin the week.
And creating a new 10GB solaris and gzip-9 compress it to 3GB  takes 6
hours (and I consider this quick).


The complexity of such an OS is quite deep.
If you want all these bugs, rather that sill wait, pls. let me know.
Then I can offer the current instable alpha version via dyndns.


Screenshot.png (image/png) 590K
Screenshot-1.png (image/png) 359K
Screenshot-2.png (image/png) 364K



p.s. I will not allow, that OI dies!
If nobody else wants to keep it alive, I will ensure that we can run
the servers from my home.

Can switch from 20MBit to VDSL 50MBit.
If illumos wants another reference distro, I do not care.
We here will keep OI alive, okay?   ;-)





___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] isc-dhcp client

[Gary Gendel]

Actually, since I'm only interested in prefix delegation, I tried an 
experiment.


My external nic is bge0 and my internal nic is bge1.

I have ipfilter set up currently to allow everything on ipv6:

pass in on any all
pass out on any all

When I start dhclient to get the address block from the DHCPv6 server:

dhclient -6 -P -v bge0

I fail with a No route to host message.  The full output is:

Internet Systems Consortium DHCP Client 4.2.4-P1
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

execve (/sbin/dhclient-script, ...): No such file or directory
Bound to *:546
Listening on Socket/bge0
Sending on   Socket/bge0
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_PD 3d:13:03:a3
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on bge0, interval 1010ms.
send_packet6: No route to host
dhc6: send_packet6() sent -1 of 52 bytes

It fails on a sendmsg() call to a socket that's opened for broadcast.

Is this something I'm doing wrong in ipfilter or am I missing something 
else? For example, do I need to set up a logical or virtual nic on bge0?


Gary

On 9/6/12 10:23 AM, Gary Mills wrote:

On Thu, Sep 06, 2012 at 10:06:15AM -0400, Gary Gendel wrote:

Whoops! Make that I was wondering if I should include the client.

I guessed that was it.  I'd expect the client to be in a separate
package since it should replace `dhcpagent' and possibly `dhcpinfo'
and `in.ndpd', and might require changes to the SMF services that
start them.  As well, all OI machines will require the client but only
a few will require the server.




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] isc-dhcp client

[Gary Gendel]

Jon,

Oracle is deprecating the Sun dhcp server and replacing it with ISC 
based upon what I've been reading. It's one of the reasons that Oracle 
pushed changes to the ISC source.  Regardless, I have no reason to 
replace the server since it has everything I need in a dhcp server. 
Others don't agree.


That said, the Oracle client is missing IPV6 prefix delegation which is 
a hole for me and will become for more people that have ISPs that use 
this feature to assign blocks of ipv6 IPs.  Without this, you will only 
get a single IP address from these ISPs. Since ipv6 does not support NAT 
there is no alternative if you want to use OpenIndiana as a 
firewall/router.  There are firewall/router boxes that do perform this 
function. DD-WRT and similar do have an implementation but it is very buggy.


I currently get around this by using an ipv6 over ipv4 tunnel to HE, but 
this not a good final solution.


Gary

On 9/6/12 9:13 AM, Jonathan Adams wrote:

On 6 September 2012 02:51, Bob Friesenhahn bfrie...@simple.dallas.tx.us wrote:

On Wed, 5 Sep 2012, Gary Gendel wrote:

snip

If the answer is that I should be able to replace it, the next question is
if anyone has done this before and how difficult this would be to do.


I assume you are talking about the client and not the server?  If you are
talking about the client, then it seems possible to do this via an upgrade.

If you are talking about the server, unless the ISC version is truely a
drop-in replacement, it would be best to make it an add-on package using
different directories so that it is possible to migrate from one to the
other and not crater users networks due to an update.  As Gordon Ross
mentions, the Sun dhcp server has nice integration with a dhcpmgr GUI (which
I use under Solaris 10).

(All following comments are about the DHCP server)

I happened to hate the GUI that came with the DHCP server, and always
relied on the dhtadm and pntadm commands ...

I assume that the ISC version will not use these commands, and will
probably not be able to talk to the same datastores as the Sun version
...

if the commands are different, or the datastores are not
accessible/convertible then I would advise against replacing the Sun
server with the ISC server, but look instead to changing the
svc:/network/dhcp-server:default to svc:/network/dhcp-server:oracle
and creating a new ISC svc:/network/dhcp-server:isc or something
similar.

If the ISC is not a drop in replacement and someone upgrades they will
find that their server no longer works, and being a DHCP server will
find that their network also no longer works.

Jon

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] isc-dhcp client

[Gary Gendel]

Au contraire mon frere. :)

I packaged the server up and I'm waiting for the thumbs up to push it 
into the main branch.  I was wondering if I should include the server.


As for the client on Solaris, my interpretation of the text tells me 
that it may work but since it exists on Solaris they don't include the 
client.  This is why I asked if anyone had attempted it or knew why it 
wouldn't work.  I'd have to dig into the dhcp client code to see what 
would it take to make it compatible.  I might be enticed to do this if 
others have a similar need.  The alternative is to implement prefix 
delegation in the existing client which I've already been told would be 
difficult.


Gary

On 9/6/12 9:42 AM, Gary Mills wrote:

It likely hasn't been packaged yet.



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] isc-dhcp client

[Gary Gendel]

Hi,

Anyone know if there is a fundamental reason why we can't wholesale 
replace the Sun/Oracle dhcp client with the ISC one?  If we don't get 
any updates downstream from Oracle we will never get features like ipv6 
prefix delegation.  This feature is becoming important as some big ISPs 
(i.e. Comcast) are using this to delegate IPV6 blocks to their 
business/personal customers.


If the answer is that I should be able to replace it, the next question 
is if anyone has done this before and how difficult this would be to do.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana lead Alasdair Lumsden resigns

[Gary Gendel]

On 9/2/12 7:23 AM, Dave Koelmeyer wrote:

On 2/09/12 02:48 AM, Bob Friesenhahn wrote:

On Sat, 1 Sep 2012, Robin Axelsson wrote:


I'm fully aware of the power of the command line and it is the 
command line that really makes me like Unix based OSes (including 
Linux). But making OI look well-polished with a fancy and easy to 
administer web-admin GUI that would encourage the average-Joe to use 
it as a home-NAS / virtual server is not a bad thing. That way OI 
would reach a higher penetration with a larger user-base and most 
importantly; it will get _free advertising_. To some extent the old 
adage A good product markets itself has some truth in it. But it 
must not only be good, it has to /look/ good so that even a less 
versed person will understand how good it is.


Focusing on issues like this would be putting the cart before the 
horse.  It is more important to be able to easily build everything 
and incorporate updates than to have a fancy configuration GUI. OI 
popularity should come second to correct functionality and having an 
organization (of volunteers and corporate entities) to sustain it. If 
OI is worthy, popularity will follow, even if only from people who 
already preferred Solaris.


+1. Precisely.

I totally agree.  However, I selfishly want an X-windows server and 
window manager on my server.  I personally would prefer a simple window 
manager over a the heavyweight Gnome/KDE camps but there are reasons to 
go with these.


I develop GUI based applications and have just about one of every 
Linux/Unix/Mac/Windows OS and version running to do build and test 
sitting in the home office on the opposite coast.  Our clients still 
have a large investment with Solaris 9/10 so it is important that this 
builds and runs on a Solaris variant.  Some of the apps can launch 
external programs, so it determines whether it should use gnome-open, 
etc. to choose the appropriate application.


I telecommute, so when I make code changes I like to first build and 
test it on a cross section of platforms locally so I don't ship it out 
to the build farm broken and make everyone unhappy.


I run router/firewall/file-share/backup/web/imap,web,smtp mail services 
on an old V20z.  I have over 10 TB of mirrored zfs storage on which 
stores mail for each user  With all of this, I seldomly tax it's 
resources.  I do, however use this to build and test to make sure that 
it properly compiles and runs my applications.  This has saved me 
countless of re-spins do to compiler or library issues. Without 
X-windows and some WM, I would no longer be able to use this machine 
that way and would have to take the hit for breaking Solaris builds.


I recently picked up an Enterprise 450 when I heard of the OI Sparc 
efforts.  However, it came with the internal NIC and the DVD drive 
broken.  It also has that funky PXE graphics card.  I got around the NIC 
by putting a fiberchannel card in and a SX to TX converter, and picked 
up a replacement DVD drive.  I was hoping to not only use it for 
testing, but to use it to help the SPARC OI efforts but it still 
requires X-windows and WM to be useful for me.


I can't believe that I'm the only one that uses OI to do GUI product 
development.


Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana lead Alasdair Lumsden resigns

[Gary Gendel]

This assumes that there will never be remote user access (vnc, etc.) to 
do development work that uses a GUI interface.  So you can't have SunRay 
type capabilities or even do simple things like web page development on 
that box (without gimp or some other graphics capability).  Basically 
all development would require a non-illumos box.  I currently can do 
this with VNC using my tablet or laptop which has saved my tail a number 
of times when I'm on the road since I'm not allowed to have proprietary 
data with me when I travel.


On 9/2/12 11:47 AM, Michael Stapleton wrote:

Would not webmin be a good fit? Develop good modules for webmin to
manage OI with.

Mike

On Sun, 2012-09-02 at 17:02 +0200, Open Indiana wrote:


It's not that OI doesn't have to have a GUI, it's only that not all settings
have to be set OVER a GUI.
Of course it needs a decent GUI, but that doesn't imply that you can
change/alter anything without getting deeper and into the commandline.



-Original Message-
From: Gary Gendel [mailto:g...@genashor.com]
Sent: zondag 2 september 2012 16:53
To: Discussion list for OpenIndiana
Subject: Re: [OpenIndiana-discuss] OpenIndiana lead Alasdair Lumsden
resigns

On 9/2/12 7:23 AM, Dave Koelmeyer wrote:

On 2/09/12 02:48 AM, Bob Friesenhahn wrote:

On Sat, 1 Sep 2012, Robin Axelsson wrote:

I'm fully aware of the power of the command line and it is the
command line that really makes me like Unix based OSes (including
Linux). But making OI look well-polished with a fancy and easy to
administer web-admin GUI that would encourage the average-Joe to use
it as a home-NAS / virtual server is not a bad thing. That way OI
would reach a higher penetration with a larger user-base and most
importantly; it will get _free advertising_. To some extent the old
adage A good product markets itself has some truth in it. But it
must not only be good, it has to /look/ good so that even a less
versed person will understand how good it is.

Focusing on issues like this would be putting the cart before the
horse.  It is more important to be able to easily build everything
and incorporate updates than to have a fancy configuration GUI. OI
popularity should come second to correct functionality and having an
organization (of volunteers and corporate entities) to sustain it. If
OI is worthy, popularity will follow, even if only from people who
already preferred Solaris.

+1. Precisely.


I totally agree.  However, I selfishly want an X-windows server and window
manager on my server.  I personally would prefer a simple window manager
over a the heavyweight Gnome/KDE camps but there are reasons to go with
these.

I develop GUI based applications and have just about one of every
Linux/Unix/Mac/Windows OS and version running to do build and test sitting
in the home office on the opposite coast.  Our clients still have a large
investment with Solaris 9/10 so it is important that this builds and runs on
a Solaris variant.  Some of the apps can launch external programs, so it
determines whether it should use gnome-open, etc. to choose the appropriate
application.

I telecommute, so when I make code changes I like to first build and test it
on a cross section of platforms locally so I don't ship it out to the build
farm broken and make everyone unhappy.

I run router/firewall/file-share/backup/web/imap,web,smtp mail services on
an old V20z.  I have over 10 TB of mirrored zfs storage on which stores mail
for each user  With all of this, I seldomly tax it's resources.  I do,
however use this to build and test to make sure that it properly compiles
and runs my applications.  This has saved me countless of re-spins do to
compiler or library issues. Without X-windows and some WM, I would no longer
be able to use this machine that way and would have to take the hit for
breaking Solaris builds.

I recently picked up an Enterprise 450 when I heard of the OI Sparc efforts.
However, it came with the internal NIC and the DVD drive broken.  It also
has that funky PXE graphics card.  I got around the NIC by putting a
fiberchannel card in and a SX to TX converter, and picked up a replacement
DVD drive.  I was hoping to not only use it for testing, but to use it to
help the SPARC OI efforts but it still requires X-windows and WM to be
useful for me.

I can't believe that I'm the only one that uses OI to do GUI product
development.

Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss

[OpenIndiana-discuss] Some Howto pointers?

[Gary Gendel]

I'd like to contribute ISC 4.2.4 dhcp as a package to OpenIndiana. Using 
the following configure options, it compiles and runs the self-tests 
cleanly:


CC=cc ./configure --enable-use-sockets --enable-ipv4-pktinfo 
--sysconfdir=/etc/inet --sbindir=/usr/lib/inet --bindir=/usr/sbin 
--prefix=/usr


I also have the ISC 4.1 SMF stuff (and I believe some packaging 
information) downloaded from Oracle's site but I'm not sure what goes 
where and what needs to be modified for 4.2.4.


Questions:

1) How do I package this stuff so it can be deployed by pkg?
2) Do I support a 64 and 32 bit installation, or should it just be 
32-bit? If it's a combination, how do I resolve the installation 
conflicts (bin placement, etc).


3) Anyone have a HOWTO on going from the current dhcp server packages 
with ISC dhcp or do I just have to wade through the ISC docs?


BTW, with 4.2.4 comes a complete implementation of DHCPv6.  If this is 
true then those of us using Comcast (and some other ISPs) can get a 
static /64 block of ipv6 addresses.  It would be fun to kick the ipv6 tires.


Regards,
Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] DHCPv6-PD

[Gary Gendel]

Does OpenIndiana support this protocol?  If so, does anyone have a basic 
howto written that will step me though setting up my OI server to do 
IPV6 routing via Comcast.  So far, I have only been able to get a single 
/128 address, but with DHCPv6-PD it should get a /64 address.  Thanks.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] DHCPv6-PD

[Gary Gendel]

On 7/27/12 11:02 AM, James Carlson wrote:

Gary Gendel wrote:

Does OpenIndiana support this protocol?  If so, does anyone have a basic
howto written that will step me though setting up my OI server to do
IPV6 routing via Comcast.  So far, I have only been able to get a single
/128 address, but with DHCPv6-PD it should get a /64 address.  Thanks.

I know that when I wrote the code, I didn't add support for RFC 3633
Prefix Delegation.  It wasn't part of the customer request Sun received
that started the project.

I don't know if anyone's added it since, but I doubt it.  I think it's
unlikely to be useful unless there's also a DHCPv6 server component that
can read the delegated prefixes and do something intelligent with them,
but last I checked, OI doesn't have a DHCPv6 server.

For what it's worth, Prefix Delegation has nothing to do with the
configuration of the on-link addresses.  If you're seeing a /128 where
you expect a /64, the problem is that you're not getting a proper IPv6
Router Advertisement for that prefix.

DHCPv6 works in a rather different manner from IPv4 DHCP.  In
particular, DHCPv6 *DOES NOT* include the prefix information in the
assigned address data.  Instead, the DHCPv6 client is expected to get
the prefix information using the standard Router Discovery mechanism
that's always used in IPv6 to get prefixes from IPv6 routers.

Seeing /128 means that something in that fundamental mechanism has
broken down.  Either in.ndpd has been somehow disabled or the upstream
router is not providing complete information.


It's the latter.  From my conversation with Comcast:

For ipv6 to work natively with Comcast you need DHCPv6-PD in your 
router. Then Comcast will assign you a /64 prefix. If you plug in a 
computer directly they'll assign you a single ipv6 address. Native ipv6 
won't work any other way.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Virtualisation in OI 151

[Gary Gendel]

John,

There are a few ways to run jailed VMs in OpenIndiana.  I would look to 
see if zones meets your needs as it is a very lightweight way to have 
jailed Virtual Machines.  As long as you don't care that you're running 
OpenIndiana machines, this is very easy to set up and use.  There are 
some branded zones that will allow you to run different versions of 
Solaris and Linux, but I never found them to be supported well.


I would start from here:

http://wiki.openindiana.org/oi/7.+Virtualization

But if you do some googling, you can find a lot of howto information on 
zones.


Gary

On 7/19/12 9:58 AM, John McQuay wrote:

Hi Folks

  


I'm very much a newbie to OpenIndiana and would like to ask about
Virtualisation.

  


My server is at the moment running only as a file server but the plan is to
virtualise a web server and an FTP server separately in their own zones.

  


Is this feasible, and is there any point?  My theory (which may be quashed
shortly) is that by virtualising the servers which would be accessible from
the outside world I would have huge gains in security.  I don't have the
space for multiple servers and want to remain slightly green by using only
one if I can get away with it.

  


In this situation, what would your recommendations be?  Does anyone have
experience with configuring zones and could you throw me a couple of
pointers?

  


Many thanks and all the best, John.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Help, please! Starting to use postfix in an OI151_a5 environment, from scratch

[Gary Gendel]

Hans,

You have the basics right.  The problem is that there is no clean way to 
replace sendmail in OI yet.  When you install postfix, it will overwrite 
/usr/lib/sendmail.  I actually have two replacements for sendmail, I use 
Qmail for non-authorized access on port 25 because of it's superior spam 
capabilities using the spamdyke front-end.  I do have spamassassin on 
the backend to catch the few emails that get through, but that requires 
a patched version of Qmail.  I use Postfix for authorized access on port 
587 (submission) for users which has no spam checking and allows relaying.


BTW, the only bad thing about using Qmail this way is that it rejects 
mail to non-existent users later on in the process using a bounce 
message. This opens the door for backscatter spam (using the bounce to 
send spam). Spamdyke reduces this possibility, but hasn't implemented a 
true block for this (reject bad users before accepting mail) yet. This 
is in the works.


What I do is to take the time to backup the /usr/lib/sendmail for all 
three programs and then do a symbolic link to the one needed (in my case 
it's postfix).  The reason I do this is that, since sendmail is part of 
the consolidation, this binary is sometimes overwritten when you upgrade 
OI.  There is a plan somewhere to handle wholesale replacement of 
sendmail with another MTA better, but I don't know what the current 
state is.


Besides disabling sendmail, you need to disable sendmail-client as 
well.  The refresh on postfix should cause it to reload the 
configuration file.


As for dovecot (and qmail), I've been using that for so long (starting 
with SunOS), that I always compiled and installed it myself.  Some day 
I'll replace dovecot with the SFE version, but I'm in no rush.


Gary

On 7/16/12 7:58 AM, Hans J. Albertsson wrote:
I am in the process of starting up a mailserver for about a thousand 
mail users.


This is on an OI151_a5 server.

I will use postfix, dovecot and spamassassin, possibly clamav.

I am right now doing a test setup, sort of a proof of concept.

My problem is that all the documentation for dovecot and postfix is 
NOT very specific to an OI installation, so I need some help in 
understanding

where OI differs from what postfix and dovecot docs assume.

Today's first question: OI has the SMF stuff: this confuses some issues.
I assume I'm first supposed to configure the various params for 
postfix, like myhostname, myorigin, mydomain plus many more.


Then I'm supposing I should do

# svcadm disable sendmail
# svcadm enable postfix

(consider #  as the root prompt)

Is this correct?

Will this do postfix start for me, and will svcadm refresh postfix 
(or restart) do postfix reload?


Anything else you might want to add as advice for me at this point?

I'm basically trying to do the simple single domain server as in 
Chapter 3 in The Book Of Postfix by Hildebrandt and Koetter.


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Some help with ipadm

[Gary Gendel]

Albert,

Yes, I still have the hostname.xxx files in /etc.  What is the 
appropriate replacement for this mechanism?


Gary

On 7/14/12 1:19 PM, Albert Lee wrote:

On Thu, Jul 12, 2012 at 11:16 AM, Gary Gendel g...@genashor.com wrote:

I had things configured originally via ifconfig and then unplumbed the
interface and recreated it using ipadm but after a reboot, things went weird
on me.  I figure that it's some remnant left over from my original manual
configuration after disabling nwam years ago.

I created two persistent interfaces using ipadm:
bge0/v4
bge0/v6

what I ended up after reboot was:

# ipadm show-addr
ADDROBJ   TYPE STATEADDR
lo0/v4static   ok   127.0.0.1/8
lo0/_astatic   ok   127.0.0.2/32
bge0/?dhcp ok   98.221.143.25/21
lo0/v6static   ok   ::1/128
bge0/v4dhcp disabled ?
bge0/v6   addrconf disabled ::

Why did it create bge0/? and why are the persistent addresses I created
disabled? Also, ipadm delete-addr bge0/v6 says that the object doesn't exist
if that helps.

I've resorted to removing them manually from ipadm.conf, unplumbing the bge0
interface and then recreated them using ipadm again and I'm back to where I
should be:

# ipadm show-addr
ADDROBJ   TYPE STATEADDR
lo0/v4static   ok   0.0.0.6/8
lo0/_astatic   ok   127.0.0.2/32
bge0/v4   dhcp ok   98.221.143.25/21
lo0/v6static   ok   ::1/128
bge0/v6   addrconf ok   fe80::209:3dff:fe13:3a3/10
bge0/v6   addrconf ok 2001:558:6026:8c:44f2:de61:c396:e2f8/128

Any advice would be appreciated.

Thanks,
Gary


Do you still have old hostname or dhcp files in /etc?

-Albert

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Help, please! Starting to use postfix in an OI151_a5 environment, from scratch

[Gary Gendel]

Hans,

Unfortunately, many programs expect /usr/bin/sendmail to work. That 
means that you either have to keep sendmail running, or replace 
/usr/lib/sendmail with the sendmail.postfix version.  If you do the 
latter, then any upgrade that includes sendmail will replace whatever 
you put in /usr/lib/sendmail with what it expects.


I made a symbolic link from /usr/lib/sendmail to sendmail.postfix so 
these programs work. Then I check to make sure this symbolic link wasn't 
over-written when I upgrade OI. Most time it doesn't replace the 
symbolic link, but occasionally it does.


I run aide to validate that non of the system files have changed, so I 
can scan that after an update to see if any of my hacks need to be re-done.


Gary

On 7/16/12 8:47 AM, Hans J. Albertsson wrote:

Will the SFE postfix package actually REPLACE sendmail??

In my system, using the SFEpostfix package, there's a
/usr/sbin/sendmail.postfix
that's an executable, and
/usr/sbin/sendmail
which is a symlink to /usr/lib/sendmail.

There's also a symlink /usr/lib/sendmail.postfix that points to 
/usr/sbin/sendmail.postfix


sum /usr/lib/sendmail is different from sum /usr/sbin/sendmail.postfix
so I assume your statement is only true for some other form of postfix 
installation??


On 2012-07-16 14:31, openindiana-discuss-requ...@openindiana.org wrote:

Message: 8
Date: Mon, 16 Jul 2012 08:31:40 -0400
From: Gary Gendelg...@genashor.com
To: Discussion list for OpenIndiana
openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] Help, please! Starting to use
postfix in an OI151_a5 environment, from scratch
Message-ID:500409ac.1030...@genashor.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hans,

You have the basics right.  The problem is that there is no clean way to
replace sendmail in OI yet.  When you install postfix, it will overwrite
/usr/lib/sendmail.


Thanks for the below pointer. I actually missed that.


Besides disabling sendmail, you need to disable sendmail-client as
well.  The refresh on postfix should cause it to reload the
configuration file.



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] DHCP server for IPV6

[Gary Gendel]

Moving from IPV4 to IPV4/IPV6 on my home network is like peeling an 
onion, so I'm taking it one step at a time. :(


Currently I only see the old Solaris dhcp server for OI.  Can this 
handle ipv6? I couldn't find any examples but ipv6 support was 
superficially mentioned in some documents I came across.  Is there a 
howto document available?  If not, do we have a supported install 
package for ISC DHCP now that it's gone from SFE?


Regards,
Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] DHCP server for IPV6

[Gary Gendel]

On 6/7/12 12:17 PM, James Carlson wrote:

Gary Gendel wrote:

Moving from IPV4 to IPV4/IPV6 on my home network is like peeling an
onion, so I'm taking it one step at a time. :(

Currently I only see the old Solaris dhcp server for OI.  Can this
handle ipv6?

No.  DHCPv6 is really a very different protocol from IPv4 DHCP.

(Are you really sure you need DHCPv6 ... ?)
My ISP provides me with both an IPV4 and an IPV6 address. My OI box 
currently does IPV4 firewall/routing/NAT and provides DHCP service for 
my internal network.  I'm trying to replicate this in IPV6 in parallel 
with IPV4.



I couldn't find any examples but ipv6 support was
superficially mentioned in some documents I came across.  Is there a
howto document available?  If not, do we have a supported install
package for ISC DHCP now that it's gone from SFE?

When I was designing and testing the DHCPv6 client in OpenSolaris, I
used the WIDE-DHCPv6 server for much of the ad-hoc testing.  The patches
I needed to make it work on OpenSolaris are still available:

http://www.workingcode.com/dhcpv6/wide-dhcpv6-20061016.small.gdiff

I haven't really kept up with it since 2006, so things may well have
changed.

Thanks.  I probably should move to ISC DHCP since that's where Oracle is 
headed as well.  Should I get the sources and build from there or will 
it be available as a package in the near future?


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] How to deal with IPV4/6 as a router

[Gary Gendel]

My Home OI box currently serves as my router/gateway to my ISP.

Under IPV4 I have

Cable Modem - bge0 - ipfilter/nat - bge1 - network.

My ISP has turned on IPV6 and I can get as many addresses as I want.  
However, some of my devices aren't ipv6 capable so I have to deal with a 
mix of ipv4 and ipv6 addresses until these are retired.


I turned on ipv6 on bge0 and have both an ipv4 and ipv6 address.  I also 
can run the ipv6 test (test-ipv6.com) perfectly.


The question is: How do I set up things so it works with my internal 
devices?  It seems that All I want to do is to leave the ipv4 setup as I 
have it now and pass all ipv6 packets (discovery, etc.) from bge0 to 
bge1 (and visa versa).  This way my ISP will provide ipv6 addresses to 
those devices that ask for one.


Or should I provide a private ipv6 address space for my LAN?  This 
doesn't seem to be in the spirit of ipv6, but it will provide me more 
firewall control of traffic in and out of the network and provide 
static addresses to my hosts.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Root as role vs. user and rsync

[Gary Gendel]

I finally decided to take the bullet and make root a role instead of a 
user.  All went well except for my nightly backup.


I have a backup server that rsyncs my various collection of Linux, 
OpenIndiana, Windows, and Mac machines nightly. Without root as a user, 
how do I set up rsync to ssh onto the machine and retrieve the root 
system files on OpenIndiana?


Thanks,
Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

On 4/26/12 10:53 PM, Christopher Chan wrote:

On Thursday, April 26, 2012 08:30 PM, Gary Gendel wrote:

On 4/26/12 5:01 AM, Christopher Chan wrote:

On 26/04/12 12:17 AM, Gary Gendel wrote:


That isn't what spamdyke is trying to accomplish here. This checks to
see if the sender is trying to spoof the MTA. What spamdyke is 
trying to

do is to blacklist emails based upon the ip address embedded in the
sending domain name. For example:

If I get mail from 208.1.48.3 and it's reverse domain lookup 
resolves to

customer.208.001_48.3.sample.com and sample.com is on my list it is
blocked.



Again, it's available with the following configuration parameter:

   check_reverse_client_hostname_access type:table

Table should have key sample.com and RHS = REJECT, blah

Table details:

http://www.postfix.org/access.5.html

Chris, I'm still unclear on how to do this.  How could you write a 
regular express to check to see if the connecting ip address is 
buried in the reverse dns lookup.


In my example, spamdyke would reject 
customer.208.001_48.3.sample.com, but 
customer.108.001_48.3.sample.com would not be rejected because it 
doesn't match the ip address of the sending MTA.  This prevents 
rejecting reverse dns names with strings of arbitrary numbers in them.


Gary,

I am sorry, but things are a bit unclear here. Is it don't block 
misconfigured clients but do block clients with proper rdns in this 
domain?


What do you mean by customer.108.001_48.3.sample.com would not be 
rejected because it doesn't match the ip address of the sending MTA? 
That customer.108.001_48.3.sample.com A would not map back to the ip 
of server whose PTR record points to customer.108.001_48.3.sample.com?


This is the scenario...

I get a connection from ip address 1.2.3.4.  The reverse DNS lookup 
returns foo.001_002-3_4.example.com.


If I have .example.com in an ip-in-rdns-keyword-blacklist option list, 
spamdyke will scan the reverse domain looking for the ip address in the 
reverse domain list, find it, and reject the mail.  Notice that it does 
a contextual scan so it recognizes that 001 is the same as 1, the 
elements can be separated by various symbols, etc.


Now, if I have a connection 1.2.3.4 and the reverse DNS lookup returns 
foo.43.1.23.4.example.com spamdyke will let that pass since the specific 
ip address would not be found.


All I was saying is that using regular expressions, I can't see how you 
could do this distinction.  The worst case would be if I did something 
draconian like putting .net on the list. Regular expressions would 
reject anything with the appropriate sequence of arbitrary numbers and 
punctuation whereas Spamdyke would limit it to an sequence that matches 
the sending ip. Spamdyke has a option to automatically do this for 
domains that end in country codes.  A regular expression would be overly 
optimistic and potentially reject a lot of good sending MTAs.


I also have a honeypot set up.  Any email that is received by that does 
some analysis and automatically puts it in a spamdyke blacklist, where 
it will remain as long as it isn't renewed (sent to the honeypot) before 
an expiration time is met.


I have built up a lot of infrastructure using spamdyke that gives me a 
superior spam rejection with no reported false positives.  Bottom line 
is that I'm not ready to lose this capability until I have a replacement 
for spamdyke's menu of options, ease of configuration and performance.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

On 4/26/12 5:01 AM, Christopher Chan wrote:

On 26/04/12 12:17 AM, Gary Gendel wrote:


That isn't what spamdyke is trying to accomplish here. This checks to
see if the sender is trying to spoof the MTA. What spamdyke is trying to
do is to blacklist emails based upon the ip address embedded in the
sending domain name. For example:

If I get mail from 208.1.48.3 and it's reverse domain lookup resolves to
customer.208.001_48.3.sample.com and sample.com is on my list it is
blocked.



Again, it's available with the following configuration parameter:

   check_reverse_client_hostname_access type:table

Table should have key sample.com and RHS = REJECT, blah

Table details:

http://www.postfix.org/access.5.html

Chris, I'm still unclear on how to do this.  How could you write a 
regular express to check to see if the connecting ip address is buried 
in the reverse dns lookup.


In my example, spamdyke would reject customer.208.001_48.3.sample.com, 
but customer.108.001_48.3.sample.com would not be rejected because it 
doesn't match the ip address of the sending MTA.  This prevents 
rejecting reverse dns names with strings of arbitrary numbers in them.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

On 4/26/12 11:54 AM, låzaro wrote:


Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Mail number: 33
Date: Thu, Apr 26, 2012
In reply to: Gary Gendelg...@genashor.com

Chris, I'm still unclear on how to do this.  How could you write a
regular express to check to see if the connecting ip address is
buried in the reverse dns lookup.

In my example, spamdyke would reject
customer.208.001_48.3.sample.com, but
customer.108.001_48.3.sample.com would not be rejected because it
doesn't match the ip address of the sending MTA.  This prevents
rejecting reverse dns names with strings of arbitrary numbers in
them.

Gary

Gary, is very simple, is maked, you don have to do nothing, just tell
postfix do this

add this to you main.cf

smtpd_recipient_restrictions =
 reject_unknow_sender_domain

Postfix will make a reverse lookup and if the domain not found, it will
not allow get the mail.
This is a completely different check.  In spamdyke this would be a 
poor-man's reject-missing-sender-mx option.  I'm talking about the 
spamdyke ip-in-rdns-keyword-whitelist-file and 
ip-in-rdns-keyword-blacklist-file options which allow you to specify 
which domains you will or will not allow the connecting MTA's ip address 
to be embedded in.  This catches a LOT of bot spam from ISPs that return 
this format for all the ip addresses that have no domain assigned.  For 
example a bot in the comcast network may resolve to this:


c-98-221-123-33.hsl1.nj.comcast.net

So I can just add .comcast.net to my ip-in-rdns-keyword-blacklist-file 
file and any bot from the comcast.net domain will be rejected.  It's a 
very directed search as it won't reject an arbitrary number string in 
the sequence and deals with comcast's use of various dot levels in the 
domain returned based upon the subnet.


Also you can tell postfix who request to the remote server if that
sender is a valid user, if it not exist i the remote server, the mail
will not pass.
This is a problematic thing to do as many servers do not support this 
functionality.  I gave that approach up years ago because it adds delays 
for non-deterministic benefits.


Gary

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] ntp woes

[Gary Gendel]

I could use a bit of advice. My OpenIndiana machine can not update it's 
time from the ntp servers.  I noticed that the time was off by a couple 
of minutes.


The machine has two nics:

bge0 - wan
bge1 - lan

and serves as a router for my lan.  All the machines on my lan that use 
ntp, make requests and get results happily except this machine:


$ ntpupdate us.pool.ntp.org
26 Apr 12:29:30 ntpdate[13172]: no server suitable for synchronization found

However, with snoop I see the ntp request and a good response coming 
back from the server.

NTP:  - Network Time Protocol -
NTP:
NTP:  Leap= 0x0 (OK)
NTP:  Version = 4
NTP:  Mode= 4 (server)
NTP:  Stratum = 2 (secondary reference)
NTP:  Poll= 3
NTP:  Precision = 234 seconds
NTP:  Synchronizing distance   = 0x.02f4  (0.011536)
NTP:  Synchronizing dispersion = 0x.0b11  (0.043228)
NTP:  Reference clock = 64.113.32.5 (nist.netservicesgroup.com)
NTP:  Reference time = 0xd343f237.4edb0b45 (2012-04-26 12:11:35.30803)
NTP:  Originate time = 0xd343f710.0f35701d (2012-04-26 12:32:16.05941)
NTP:  Receive   time = 0xd343f70d.8134a6ad (2012-04-26 12:32:13.50471)
NTP:  Transmit  time = 0xd343f70d.81369de0 (2012-04-26 12:32:13.50474)

$ ntpupdate -d us.pool.ntp.org
spews what looks like a good response from the server.

$ ntpq -p
aways shows all servers in .INIT. state.

My drift file hasn't been updated since July 2011!

I tried binding ntpd to only bge0 and then tried binding it to only bge1 
but that did not change things (I used the -I interface option).


Anyone have a clue what to look at next?  My guess it's a conflict 
between my NAT setup and this service running on the same host, but I'm 
stumped what to do next.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] ntp woes

[Gary Gendel]

On 4/26/12 12:55 PM, James Carlson wrote:

Gary Gendel wrote:

I could use a bit of advice. My OpenIndiana machine can not update it's
time from the ntp servers.  I noticed that the time was off by a couple
of minutes.

The machine has two nics:

bge0 - wan
bge1 - lan

and serves as a router for my lan.  All the machines on my lan that use
ntp, make requests and get results happily except this machine:

$ ntpupdate us.pool.ntp.org
26 Apr 12:29:30 ntpdate[13172]: no server suitable for synchronization
found

At a guess, you have a filter configured that's breaking UDP traffic on
port 123.  Try:

ntpdate -u us.pool.ntp.org

If that works, then you'll probably want to go looking at your firewall
configuration.

Thanks for the -u option.  That worked fine so now I have to figure out 
what's going on.  Since the other machines work fine, it means that 
indeed it's because I'm on the same host as the router.  I don't want to 
set port 123 to route specifically to this machine because that would 
break all the other machines ntp requests.


This one is tricky.

Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

Chris,

I've replaced my qmail chain for SASL delivery with postfix. It took me 
a few rounds to get all the bits I needed working, but I'm good with the 
results.


The non-SASL chain will be a big nut to crack.  There are a lot of 
useful spam features in spamdyke that I haven't found an equivalent for 
in postfix.  For example, spamdyke can find an ip address buried in the 
fqdn and check if it matches the sending MTA's ip address. This can be 
done for the domains you specify.  I have the one spamdyke option turned 
on to do this against all country code domains.  I also have a list of 
about 60 other domains to do this against.


If it weren't for spamdyke, I wouldn't have an issue but Sam Clippinger 
did an impressive job at making an open source anti-spam tool 
specifcally for qmail that beats anything else I've seen.


As for the dot-qmail stuff.  I've moved away from that quite awhile ago 
except for my mailing lists which I don't have a problem shutting down.


Gary

On 4/25/12 10:42 AM, Christopher Chan wrote:

On 24/04/12 09:30 PM, Gary Gendel wrote:


The pipeline architecture of qmail has been instrumental at making
third-party additions incredibly simple. You can easily plug in special
debugging modules, and even tee off things so you can test new modules
in parallel with real operations. Before spamdyke was available, I had
developed a number of homebrew modules for spam analysis and control.
That said, qmail isn't 100% sendmail compatible, so occasionally I ran
into issues with unhandled sendmail options (until patched). I don't
know whether postfix suffers from the same issue yet.


postfix will be fine with sendmail options. postfix also support 
milters and you can use something like mimedefang to do the same 
although you will have write from scratch or go hunting.




Since my Qmail based system does not inherently support IPV6 and would
require significant patching I'm committed to move to Postfix before
this becomes necessary. However, Postfix configuration is far more
complex if you are someone that likes to understand the purpose of each
option and it's impact to other options. I will also miss the simplicity
of making a split-horizon caching DNS service via dnscache/tinydns when
I need to go to IPV6 which is an important piece of any email system in
a private networked LAN.


postfix configuration is only complex because it offers more than 
qmail. If someone were to look at your setup, it would be complex for 
them too in the beginning.


djbdns has a ipv6 patch available. Unless you need dnssec, i don't see 
why one needs to move off djbdns. But qmail or any patched ones is 
another story. Just the need to stop qmail-send to do any queue 
management is reason enough not to use qmail for incoming.




Gary

On 4/24/12 8:44 AM, låzaro wrote:

anyway... postfix is the better today :D

I saw using Qmail long time ago, I like it, but is obsolete

Also, I have my compiled Qmail and configured just as personal email
museum

Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Mail number: 17
Date: Tue, Apr 24, 2012
In reply to: Christopher Chanchristopher.c...@bradbury.edu.hk

On Monday, April 23, 2012 08:44 PM, låzaro wrote:

in Qmail, the security is patch-maked in postfix is by-design-maked

NO, that is not accurate. security where it means anti-spam, DJB
did not bother because as far as he is concerned, the way things
are, things are just broken. Too bad his idea of how email should
work never took off. So any anti-spam features are provided by
THIRD-PARTIES. It is not 'patch-maked'. There is zero anti-spam.

As for postfix, 'by-design-maked' just means Wietse put in the time
to develop postfix unlike DJB who stopped in 1998.


for example, smtp auth, SASL, TLS and soon. Also postfix is more
modular. You can use it with someSQL LDAP and all thats cute things.

There is a qmail fork that does both sql and ldap too. postfix is
only better because its developer continued to work on the code and
keep up with the times and he built a good reputation while at it.

No qmail fork has ever managed that because of DJB's stand on
licensing but now that qmail is public domain, maybe in the future
one of these forks might.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

On 4/25/12 11:38 AM, Christopher Chan wrote:

On 25/04/12 11:06 PM, Gary Gendel wrote:

Chris,

I've replaced my qmail chain for SASL delivery with postfix. It took me
a few rounds to get all the bits I needed working, but I'm good with the
results.

The non-SASL chain will be a big nut to crack. There are a lot of useful
spam features in spamdyke that I haven't found an equivalent for in
postfix. For example, spamdyke can find an ip address buried in the fqdn
and check if it matches the sending MTA's ip address. This can be done
for the domains you specify. I have the one spamdyke option turned on to
do this against all country code domains. I also have a list of about 60
other domains to do this against.


...piece of cake...

http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

That provides what you want to check fqdn-ip = client ip


That isn't what spamdyke is trying to accomplish here.  This checks to 
see if the sender is trying to spoof the MTA.  What spamdyke is trying 
to do is to blacklist emails based upon the ip address embedded in the 
sending domain name. For example:


If I get mail from 208.1.48.3 and it's reverse domain lookup resolves to 
customer.208.001_48.3.sample.com and sample.com is on my list it is blocked.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

With all this discussion about Postfix vs. Qmail, I started looking at 
what it would take to replace my Qmail installation with Postfix.  I 
started looking at what it would take to replace spamdyke with postfix 
functionality.  Most things have a direct correlation.  One case so far, 
greylisting, requires running an independent email proxy for postfix 
where it is incorporated in spamdyke.  I'm still working through the 
list but many of the configuration options need more detailed 
documentation or I'll have to work through the code to see exactly what 
it's trying to accomplish.  For example, it took me quite awhile to dig 
out how postfix handles CIDR notation.


The pipeline architecture of qmail has been instrumental at making 
third-party additions incredibly simple. You can easily plug in special 
debugging modules, and even tee off things so you can test new modules 
in parallel with real operations.  Before spamdyke was available, I had 
developed a number of homebrew modules for spam analysis and control.  
That said, qmail isn't 100% sendmail compatible, so occasionally I ran 
into issues with unhandled sendmail options (until patched).  I don't 
know whether postfix suffers from the same issue yet.


Since my Qmail based system does not inherently support IPV6 and would 
require significant patching I'm committed to move to Postfix before 
this becomes necessary.  However, Postfix configuration is far more 
complex if you are someone that likes to understand the purpose of each 
option and it's impact to other options.  I will also miss the 
simplicity of making a split-horizon caching DNS service via 
dnscache/tinydns when I need to go to IPV6 which is an important piece 
of any email system in a private networked LAN.


Gary

On 4/24/12 8:44 AM, låzaro wrote:

anyway... postfix is the better today :D

I saw using Qmail long time ago, I like it, but is obsolete

Also, I have my compiled Qmail and configured just as personal email
museum

Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Mail number: 17
Date: Tue, Apr 24, 2012
In reply to: Christopher Chanchristopher.c...@bradbury.edu.hk

On Monday, April 23, 2012 08:44 PM, låzaro wrote:

in Qmail, the security is patch-maked in postfix is by-design-maked

NO, that is not accurate. security where it means anti-spam, DJB
did not bother because as far as he is concerned, the way things
are, things are just broken. Too bad his idea of how email should
work never took off. So any anti-spam features are provided by
THIRD-PARTIES. It is not 'patch-maked'. There is zero anti-spam.

As for postfix, 'by-design-maked' just means Wietse put in the time
to develop postfix unlike DJB who stopped in 1998.


for example, smtp auth, SASL, TLS and soon. Also postfix is more
modular. You can use it with someSQL LDAP and all thats cute things.

There is a qmail fork that does both sql and ldap too. postfix is
only better because its developer continued to work on the code and
keep up with the times and he built a good reputation while at it.

No qmail fork has ever managed that because of DJB's stand on
licensing but now that qmail is public domain, maybe in the future
one of these forks might.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OT postfix v.s Qmail

[Gary Gendel]

Låzaro,

Thanks for the pointer.  Policy-light is much closer to spamdyke's 
capabilities than postfix is.  The big difference is that qmail uses 
process chaning and passes information via environment variables where 
postfix uses a database to provide the information and proxies to the 
modules.  As it hasn't reached version 1 yet, the system is still in flux.


The advantage of qmail's approach is that the work is partitioned by 
executing functionality as needed and the chain is completely segregated 
from other sessions.  Postfix requires executing auxiliary services 
which requires either a proliferation of smaller databases or one large 
database with access locks.


The advantage of postfix's approach is the single arbitrator of what is 
going on so the modules are stateless.  Qmail relies on the handoff 
continue where the previous one left off.  If they read from the socket 
(which is connected to stdin), then they must convey this information 
(using stdout) to the next in the sequence. Thus it must store this 
information if required.  This becomes an issue when dealing with a 
module like SpamAssassin.  In this case, the interface, saves the 
necessary information into a file, let's spamassassin process it, and 
then replay the file to the next item in the chain.  On the other hand, 
postfix's modules rely on postfix to collect all the information they 
need to do their job apriori.


This is been a very useful side discussion for me.  We all have our 
biases, mine is based upon familiarity but I can see the writing on the 
wall so this is just an intellectual discussion.


Gary

On 4/24/12 10:52 AM, låzaro wrote:

due my response, the subject will by a OT

Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Mail number: 20
Date: Tue, Apr 24, 2012
In reply to: Gary Gendelg...@genashor.com

With all this discussion about Postfix vs. Qmail, I started looking
at what it would take to replace my Qmail installation with Postfix.
I started looking at what it would take to replace spamdyke with
postfix functionality.  Most things have a direct correlation.  One
case so far, greylisting, requires running an independent email
proxy for postfix where it is incorporated in spamdyke.  I'm still
working through the list but many of the configuration options need
more detailed documentation or I'll have to work through the code to
see exactly what it's trying to accomplish.  For example, it took me
quite awhile to dig out how postfix handles CIDR notation.

The pipeline architecture of qmail has been instrumental at making
third-party additions incredibly simple. You can easily plug in
special debugging modules, and even tee off things so you can test
new modules in parallel with real operations.  Before spamdyke was
available, I had developed a number of homebrew modules for spam
analysis and control.  That said, qmail isn't 100% sendmail
compatible, so occasionally I ran into issues with unhandled
sendmail options (until patched).  I don't know whether postfix
suffers from the same issue yet.

Fight with the spam is easy and part of the system to

I paste my full defense here:

smtpd_recipient_restrictions =
 reject_unlisted_sender,
 reject_unlisted_recipient,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 reject_unverified_recipient,
 reject_invalid_hostname,
 reject_unauth_pipelining,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client sbl.spamhaus.org,
 #check_policy_service inet:127.0.0.1:12525,
 reject_unauth_destination

the line reject_rbl_client consult directly the DNS black list

Also the comented line #check_policy_service is a super simply Balck
lis consultating app. At my blog (sorry: in spanish) you can see how to
make it work. Just look at the commands, not see the explaniation, is
not so necesary if follow the step.

http://otherlinuxblog.blogspot.com/2012/01/policyd-light-y-posftix.html


Note:

The reject_rbl_client reject the conection in the moment when the
spammer say MAIL FROM: only with reject_rbl_client you can be quite sure.




Since my Qmail based system does not inherently support IPV6 and
would require significant patching I'm committed to move to Postfix
before this becomes necessary.  However, Postfix configuration is
far more complex if you are someone that likes to understand the
purpose of each option and it's impact to other options.

hard to understand is Exim, postfix is just diferent but is full
docuemnted. If you wanna shot yourself in the foot just put in google
postfix shoot myself in the foot The configuration is simple (not
easy) but simple and logic (as Qmail)

As you can see, if read carefully the reject_ lines, it form at the name
explicity good.


  I will
also miss the simplicity of making a split-horizon caching DNS
service via dnscache/tinydns when I need to go to IPV6 which is an
important piece of any email system in a private networked LAN.

well, 

Re: [OpenIndiana-discuss] OMNIOS

[Gary Gendel]

Sounds like a minimal system, closer to SmartOS than OpenIndiana, but 
since most of their links were broken so it's hard to compare.


On 4/23/12 9:27 AM, paolo marcheschi wrote:

HI

I see that there is a variant of opensolaris known as Omnios:

http://omnios.omniti.com/

Is that related with Openindiana ?, Are there any advantages with it ?

Thank you

Paolo

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

Which brings us back to qmail.  I've been using it flawlessly starting 
on a Sparc IPC running SunOS before Postfix was a gleam in Wietse 
Venema's eye.  The darn thing is rock solid, secure, lightweight, and 
fast.  That said, I have nothing against Postfix other that I've never 
had a reason to look further than qmail.


Gary

On 4/22/12 8:26 AM, Christopher Chan wrote:

On 22/04/12 12:50 AM, Magnus Hedemark wrote:

If we're going out on limbs, Haraka might be worth a look.

http://haraka.github.com/



One still needs a proper mta on a later stage with haraka if used for 
incoming...


Sounds more like a smtp proxy with filtering/authentication capabilities.

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?

[Gary Gendel]

Chris,

There are no packages for Qmail that I am aware of.  However, it's 
pretty trivial to build and install since it's dependencies are 
extremely small.  I wrote some SMF scripts so I could use svcadm.


I have two chains for incoming email. The first is on the standard port 
25 and has no relaying and gobs of spam checking.  The second is at port 
587 and does SSL/TLS authorization so users can use it to relay mail.


The sending engine is stock qmail-send unpatched.

The authorized incoming engine is a chain of sslserver, and smtp-front 
(mailfront) and uses cvm for SASL login.  Mailfront replaces the qmail 
front-end so I believe it will work with the stock qmail.


The non-authorized incoming engine is a chain of tcpserver and 
spamdyke.  I believe that spamdyke will work without qmail modifications 
but I'd have to check.


If there are any qmail patches, the only one I believe is necessary is 
the qmail queue patch so you can hook spamassassin to it.


Gary

On 4/19/12 9:00 PM, Christopher Chan wrote:

Hi Hans,

May I ask why you would want to use qmail? It has pretty weak 
anti-spam facilities, if at all, and so would not really be an mta you 
want for incoming use. If you only want to use it for outgoing then I 
can understand.


Christopher

On Friday, April 20, 2012 03:40 AM, Hans J. Albertsson wrote:
I'm considering setting up qmail rather than sendmail or postfix on 
my openindiana 151-a3 systems.


Is there a ready-made package available for openindiana or must I 
compile it from scratch?


Will Qmail integrate well with Webmin, or even at all?

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Need a PCI e-sata card for OI151a

[Gary Gendel]

Dan,

I can't give you specifics, but I went through a lot of pain early on 
until I found cards from LSI that worked really well.  At the time, the 
best supported chipset was from Marvell.  The Silicon Image chipsets 
worked unreliably and needed firmware reflashing to turn off RAID 
support.  I contributed to a few fixes in the Silicon Image drivers, but 
the code was not completely finished the last time I looked.  I would 
stay away from sata multiplexers.  Since then, I believe that the Intel 
chipset has gotten the most attention but I have never tried them.


Gary

On 3/27/12 9:10 AM, Dan Swartzendruber wrote:

Here's my situation: m1015 with 6 sata drives for pool tank.  7th port has
15K 73GB SAS drive as cache device.  8th port currently connected to e-sata
connector on front panel of case for monthly backups.  160GB sata drive on
one of the 4 motherboard sata ports (supermicro pdsmi+).  I have a 64GB
crucial m4 I want to use as a log device, but plugging it into the
motherboard seems to only yield sata1 speed (in addition to the fact that OI
apparently refuses to even go to the grub menu and just hangs - sigh...)
Even when I didn't have that issue (e.g. just switched from nexenta back to
OI), I discovered the motherboard ports apparently do NOT support hot-plug,
so switching the M4 and the e-sata connector is a no-go (unless I want to
have to boot with the e-sata drive plugged in and turned on - LOL).  My
motherboard only has one pcie slot (x8) which is where the m1015 resides.
So the plan is to get a pci card with e-sata connector.  I've found a couple
of cheap rosewill cards on newegg, that indicate the sil3512 chipset, but
I'm having trouble finding out if that is supported or not.  Any help
appreciated!

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Routing and avahi questions

[Gary Gendel]

I have my OpenIndiana box providing wan/lan routing with firewall/nat.  
I was having some really slow wan performance so I started digging in.  
The performance issue was a compromised user account and a machine on 
the internet downloading everything from the account, pegging my upload 
bandwidth quota.


However, in my investigations, I've noticed a few things that was 
wondering about...


Using snoop, I'm seeing a steady flood of ARP request broadcast from my 
ISP.  As I only have one IP address/MAC allowed does it make sense to 
filter out the not-for-me requests or doesn't it really matter?  Is 
there even a way to do this without breaking the WAN-side?


The second question is that I noticed that Avahi has bound itself to 
both my WAN and LAN nics.  Is there a way to limit this to the LAN nic?  
Does mdns have a similar issue?  I discovered this by running bssh and 
seeing the service both on my bge0 (WAN) and bge1 (LAN) nics.


I know that these are not necessarily OpenIndiana issues, but I haven't 
been able to google anything useful on these topics.  I was hoping that 
I could get some insights here.


Regards,
Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Metacity core dumps

[Gary Gendel]

Found an associated log file.  It looks like the client may be 
misbehaving but it still shouldn't cause gdm and metacity to crash.


On 3/25/12 7:59 AM, Gary Gendel wrote:
I have a vnc client that I was configuring and I noticed that metacity 
was core dumping.  All I did was to get the login screen to display 
and then close the client's session. I've enclosed the pstack output 
for a core file.  The pstack output is the same for the other core dumps.


Let me know if there is something I should try to give better 
information.  Is this a know issue or should I make a bug report?


BTW, I'm using oi_151a2 on a V20z (64-bit AMD).

Regards,
Gary



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


_IceTransmkdir: Owner of /tmp/.ICE-unix should be set to root

** (gnome-settings-daemon:6924): WARNING **: Call to screen_info_new is too 
frequent, skipping...

** (gnome-settings-daemon:6924): WARNING **: Call to screen_info_new is too 
frequent, skipping...

** (gnome-settings-daemon:6924): WARNING **: Call to screen_info_new is too 
frequent, skipping...

** (gnome-settings-daemon:6924): WARNING **: Call to screen_info_new is too 
frequent, skipping...

(gnome-settings-daemon:6924): atk-bridge-WARNING **: AT_SPI_REGISTRY was not 
started at session startup.

(gnome-settings-daemon:6924): atk-bridge-WARNING **: IOR not set.

(gnome-settings-daemon:6924): atk-bridge-WARNING **: Could not locate registry
** (unknown:6927): DEBUG: Client registered with session manager: 
/org/gnome/SessionManager/Client1
Window manager warning: Failed to read saved session file 
/var/lib/gdm/.config/metacity/sessions/101214946a7899eaa913326310729823270069090004.ms:
 Failed to open file 
'/var/lib/gdm/.config/metacity/sessions/101214946a7899eaa913326310729823270069090004.ms':
 No such file or directory
** (process:6932): DEBUG: Greeter session pid=6932 
display=:::127.0.0.1:10.0 
xauthority=/tmp/gdm-auth-cookies-sCaifd/auth-for-gdm-PCaifd/database

** (gnome-power-manager:6931): WARNING **: DBUS error: Could not get owner of 
name 'org.gnome.ScreenSaver': no such name
** (gnome-power-manager:6931): DEBUG: proxy is NULL, maybe the daemon 
responsible for org.gnome.ScreenSaver is not running?
Xlib:  extension DPMS missing on display :::127.0.0.1:10.0.

** (gnome-power-manager:6931): WARNING **: ERROR: Caller doesn't possess 
required privilege to change the governor: Syslog might give more information
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a 
timestamp of 0 for 0x1a00029 (Login Wind)
Window manager warning: meta_window_activate called by a pager with a 0 
timestamp; the pager needs to be fixed.
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a 
timestamp of 0 for 0x1a00029 (Login Wind)
Window manager warning: meta_window_activate called by a pager with a 0 
timestamp; the pager needs to be fixed.
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a 
timestamp of 0 for 0x1a00029 (Login Wind)
Window manager warning: meta_window_activate called by a pager with a 0 
timestamp; the pager needs to be fixed.
The application 'gnome-settings-daemon' lost its connection to the display 
:::127.0.0.1:10.0;
most likely the X server was shut down or you killed/destroyed
the application.
Window manager warning: Fatal IO error 131 (Connection reset by peer) on 
display ':::127.0.0.1:10.0'.
The application 'gnome-session' lost its connection to the display 
:::127.0.0.1:10.0;
most likely the X server was shut down or you killed/destroyed
the application.
gdm-simple-greeter: Fatal IO error 131 (Connection reset by peer) on X server 
:::127.0.0.1:10.0.
gnome-power-manager: Fatal IO error 131 (Connection reset by peer) on X server 
:::127.0.0.1:10.0.
unknown: Fatal IO error 131 (Connection reset by peer) on X server 
:::127.0.0.1:10.0.
Window manager warning: Could not find display for X display 81a4f10, probably 
going to crash
Bug in window manager: IO error received for unknown display?
gdm-simple-greeter: Fatal IO error 131 (Connection reset by peer) on X server 
:::127.0.0.1:10.0.
gnome-power-manager: Fatal IO error 131 (Connection reset by peer) on X server 
:::127.0.0.1:10.0.
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Setting up sendmail with SSL support

[Gary Gendel]

My setup is a bit more complicated, but I've been running this setup 
(with tweaks and changes) since the early 90s on a sparc IPC.


Dovecot, qmail (with patches), mailfront, spamdyke, spamassassin, 
sslserver, tcpserver.  I use two interfaces...  port 25 with full spam 
control, and port 587 with ssl and login authorization with minimal spam 
control.


I wouldn't recommend this as an easy thing to setup, but it is highly 
efficient and flexible.


Gary

On 2/27/12 5:28 AM, Jonathan Adams wrote:

I use sendmail with procmail and dovecot on our systems, although I
don't specifically do ssl because I only allow mail to be delivered to
local users from untrusted networks.

Jon

On 26 February 2012 01:13, Claus Assmann
ml+openindiana-disc...@esmtp.org  wrote:

On Sat, Feb 25, 2012, Hans J. Albertsson wrote:

Is there some simple doc to hand to an unwary man with useful
(windows mostly) computer experience but little OpenIndiana
exposure, that will guide him thru setting up sendmail, preferably
using SSL authentication?

This might help:

http://www.sendmail.org/~ca/email/starttls.html

These instructions are not specific to OpenIndiana,
but should work on any Unix OS.

You can also go to www.openbsd.org and check the man page for
STARTTLS.


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Sendmail dependencies

[Gary Gendel]

Hi,

I tried to start up smtp-notify, but it failed because sendmail-client 
wasn't running.  This is a problem because I have a sendmail replacement 
(qmail) running.  Once I modified the dependencies using svccfg to 
exclude sendmail-client and include qmail-smtp (which provides the 
sendmail equivalent) it ran fine.


However, this bring up the question of how to deal with an MTA 
replacement for sendmail functionality in general.  I'm sure that others 
will be using postfix, qmail, etc. instead of sendmail.  We should 
figure a way that a MTA replacement doesn't break functionality of 
services like smtp-notify.


Gary


___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss