From mikael at tinysofa.org Wed Jan 3 10:34:59 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Wed, 3 Jan 2007 11:34:59 +0100 Subject: [Classic-discuss] to tinysofa mirror administrators Message-ID: <200701031134.59471.mikael@tinysofa.org> Hi, As you all may have noticed, we had to move the master repository to another machine. I have tried to collect the IP addresses of all the official mirror servers to add to our firewall, but I'm unsure if I have got them all. So if you're an administrator of an official mirror, then please send me a private email with the IP address or IP address rage I need to open in our firewall so that you can rsync the tinysofa repository. Please also state the name and location of the mirror you are the administrator of. Others who feel the need of having a local copy of the tinysofa repository should for now use the rsync options from "Brisbane - PlanetMirror" or "North Carolina - ibiblio". Details found here: http://www.tinysofa.org/download/ TIA, Mikael Bak From mikkel at t48.dk Fri Jan 5 09:09:23 2007 From: mikkel at t48.dk (Mikkel Robin Nielsen) Date: Fri, 5 Jan 2007 10:09:23 +0100 Subject: [Classic-discuss] Sqlgrey Message-ID: <000001c730a9$3151d000$93f57000$@dk> Hi all! Has anyone got sqlgrey running on a TS. I have problems with, DBD::mysql, Calc::Date and some other small problems. Regards Mikkel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.tinysofa.org/pipermail/classic-discuss/attachments/20070105/4ef9a1b2/attachment.html From mikael at tinysofa.org Fri Jan 5 09:19:18 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Fri, 5 Jan 2007 10:19:18 +0100 Subject: [Classic-discuss] Sqlgrey In-Reply-To: <000001c730a9$3151d000$93f57000$@dk> References: <000001c730a9$3151d000$93f57000$@dk> Message-ID: <200701051019.18623.mikael@tinysofa.org> On Friday 05 January 2007 10:09, Mikkel Robin Nielsen wrote: > > Has anyone got sqlgrey running on a TS. I have problems with, DBD::mysql, > Calc::Date and some other small problems. > Hi, The most important problem is the version of postfix currently in tinysofa classic. The current version does not support postfix policy service, which is essential to get greylisting work. At least version 2.1 of postfix is needed if my memory doesn't fail me. HTH, Mikael From mikkel at t48.dk Mon Jan 8 13:00:51 2007 From: mikkel at t48.dk (Mikkel Robin Nielsen) Date: Mon, 8 Jan 2007 14:00:51 +0100 Subject: [Classic-discuss] Postfix In-Reply-To: <200701051019.18623.mikael@tinysofa.org> References: <000001c730a9$3151d000$93f57000$@dk> <200701051019.18623.mikael@tinysofa.org> Message-ID: <002001c73325$06c1d000$14457000$@dk> We have build a test RPM of Postfix version 2.3.6 with MySQL support. You can download the package from http://netwatch.dansupport.dk/tinysofa/ Regards Mikkel From mikael at tinysofa.org Mon Jan 8 13:16:11 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Mon, 8 Jan 2007 14:16:11 +0100 Subject: [Classic-discuss] Postfix In-Reply-To: <002001c73325$06c1d000$14457000$@dk> References: <000001c730a9$3151d000$93f57000$@dk> <200701051019.18623.mikael@tinysofa.org> <002001c73325$06c1d000$14457000$@dk> Message-ID: <200701081416.12143.mikael@tinysofa.org> On Monday 08 January 2007 14:00, Mikkel Robin Nielsen wrote: > We have build a test RPM of Postfix version 2.3.6 with MySQL support. > > You can download the package from http://netwatch.dansupport.dk/tinysofa/ > > Regards Mikkel Hi, Great! Would you mind providing a link to the srpm too? TIA, Mikael From TPE at dansupport.dk Mon Jan 8 14:00:28 2007 From: TPE at dansupport.dk (Torben Petersen Egmose) Date: Mon, 8 Jan 2007 15:00:28 +0100 Subject: [Classic-discuss] Postfix References: <000001c730a9$3151d000$93f57000$@dk><200701051019.18623.mikael@tinysofa.org><002001c73325$06c1d000$14457000$@dk> <200701081416.12143.mikael@tinysofa.org> Message-ID: <79A898AFA801A44996A19542AECD5B0E8640A2@gandalf.dansupport.dk> We didn't make one. We used the checkinstall program to generate a RPM, because we needed the package for testing. -----Original Message----- From: classic-discuss-bounces at tinysofa.org [mailto:classic-discuss-bounces at tinysofa.org] On Behalf Of Mikael Bak Sent: 8. januar 2007 14:16 To: classic-discuss at tinysofa.org Subject: Re: [Classic-discuss] Postfix On Monday 08 January 2007 14:00, Mikkel Robin Nielsen wrote: > We have build a test RPM of Postfix version 2.3.6 with MySQL support. > > You can download the package from http://netwatch.dansupport.dk/tinysofa/ > > Regards Mikkel Hi, Great! Would you mind providing a link to the srpm too? TIA, Mikael _______________________________________________ Classic-discuss mailing list Classic-discuss at tinysofa.org http://lists.tinysofa.org/mailman/listinfo/classic-discuss From rdeenen at home.nl Sun Jan 21 15:50:34 2007 From: rdeenen at home.nl (Rolf Deenen) Date: Sun, 21 Jan 2007 16:50:34 +0100 (CET) Subject: [Classic-discuss] user login through ldap Message-ID: <38572.10.1.1.112.1169394634.squirrel@greenleaf.homeip.net> Hello list, I am trying to use ldap for a number of services on my freshly installed tinysofa 2.0 update 6 machine. This is new thing for me and i am trying to learn from it by doing things step-by-step. I learned that to let users log in (through ssh) on the machine their ldap object needs at least the attribute uidNumber (and more but i am allready stuck here). I first tried to add it to my test-account. It failed. I read some more about it and found out i need to use the nis.schema schema included in the server configuration to be able to add it. So i uncommented the line saying: include /etc/openldap/schema/nis.schema and restarted the daemon using "service ldap restart". It still doesn't work. When in LDAP Browser\Editor i try to add the objectClass "posixAccount" it says it requires attribute 'uidNumber'. But when i try to add attribute 'uidNumber' it says : attribute 'uidNumber' not allowed. Am i missing something here? The nis.schema file says it depends on core.schema and cosine.schema. Cosine.schema is included when starting the server but when i try to add core.schema the ldap-daemon won't start claiming: Starting OpenLDAP: /etc/openldap/schema/core.schema: line 37: Duplicate attributeType: "2.5.4.2" Can anybody tell me, based on the provided information, what i am doing wrong here? Does anybody here have a simular setup and is he/she willing to share the slapd.conf file? I've followed some tutorials but they seem to describe exactly what i am doing, but in their case it works :-) . Thanks in advance, Rolf Deenen From mikael at tinysofa.org Mon Jan 22 12:00:32 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Mon, 22 Jan 2007 13:00:32 +0100 Subject: [Classic-discuss] user login through ldap In-Reply-To: <38572.10.1.1.112.1169394634.squirrel@greenleaf.homeip.net> References: <38572.10.1.1.112.1169394634.squirrel@greenleaf.homeip.net> Message-ID: <200701221300.32893.mikael@tinysofa.org> On Sunday 21 January 2007 16:50, Rolf Deenen wrote: > Hello list, > > I am trying to use ldap for a number of services on my freshly installed > tinysofa 2.0 update 6 machine. ... > [snip] > Can anybody tell me, based on the provided information, what i am doing > wrong here? Does anybody here have a simular setup and is he/she willing to > share the slapd.conf file? I've followed some tutorials but they seem to > describe exactly what i am doing, but in their case it works :-) . > The relevant parts of my /etc/openldap/slapd.conf : # include /etc/openldap/schema/core.schema # The following schemas are included in the package: #include /etc/openldap/schema/corba.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema #include /etc/openldap/schema/java.schema #include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema On this machine I only use LDAP to authenticate ftp-users. I have no idea if you need different setup for ssh. On the other hand I think PAM authentication is disabled for ssh by default, and that may cause troubble for you. HTH, Mikael From rdeenen at home.nl Tue Jan 23 08:31:48 2007 From: rdeenen at home.nl (Rolf Deenen) Date: Tue, 23 Jan 2007 09:31:48 +0100 (CET) Subject: [Classic-discuss] user login through ldap In-Reply-To: <200701221300.32893.mikael@tinysofa.org> References: <38572.10.1.1.112.1169394634.squirrel@greenleaf.homeip.net> <200701221300.32893.mikael@tinysofa.org> Message-ID: <51084.195.35.224.250.1169541108.squirrel@greenleaf.homeip.net> Hello Mikael, Thanks very much for the effort. Last evening i have compared your config with mine. They were identical. But i did notice that core.schema is already in the configuration, it's just a little above the other schema definitions. That's one thing i could cross out. So the problem was not the slapd.conf file. Just tinkering along with it, it seems I have found the problem. I had already created an object with the inetorgperson objectclass. I wanted to add to this object the posixaccount objectclass. Now I have found out this is not possible. I was in the assumption one could just add objectclasses as one saw fit. It seems however that the inetorgperson and the posixaccount objectclass can not both be used on the same object. Rolf Deenen > On Sunday 21 January 2007 16:50, Rolf Deenen wrote: >> Hello list, >> >> I am trying to use ldap for a number of services on my freshly installed >> tinysofa 2.0 update 6 machine. ... >> > [snip] > >> Can anybody tell me, based on the provided information, what i am doing >> wrong here? Does anybody here have a simular setup and is he/she willing to >> share the slapd.conf file? I've followed some tutorials but they seem to >> describe exactly what i am doing, but in their case it works :-) . >> > > The relevant parts of my /etc/openldap/slapd.conf : > > # > include /etc/openldap/schema/core.schema > > # The following schemas are included in the package: > #include /etc/openldap/schema/corba.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > #include /etc/openldap/schema/java.schema > #include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > > On this machine I only use LDAP to authenticate ftp-users. I have no idea if > you need different setup for ssh. On the other hand I think PAM > authentication is disabled for ssh by default, and that may cause troubble > for you. > > HTH, > Mikael > _______________________________________________ > Classic-discuss mailing list > Classic-discuss at tinysofa.org > http://lists.tinysofa.org/mailman/listinfo/classic-discuss > From mikael at tinysofa.org Tue Jan 23 10:15:24 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Tue, 23 Jan 2007 11:15:24 +0100 Subject: [Classic-discuss] user login through ldap In-Reply-To: <51084.195.35.224.250.1169541108.squirrel@greenleaf.homeip.net> References: <38572.10.1.1.112.1169394634.squirrel@greenleaf.homeip.net> <200701221300.32893.mikael@tinysofa.org> <51084.195.35.224.250.1169541108.squirrel@greenleaf.homeip.net> Message-ID: <200701231115.25227.mikael@tinysofa.org> On Tuesday 23 January 2007 09:31, Rolf Deenen wrote: > Just tinkering along with it, it seems I have found the problem. I had > already created an object with the inetorgperson objectclass. I wanted to > add to this object the posixaccount objectclass. Now I have found out this > is not possible. I was in the assumption one could just add objectclasses > as one saw fit. It seems however that the inetorgperson and the > posixaccount objectclass can not both be used on the same object. > I think for "normal" unix authentication a posixaccount should be enough. I may be wrong. I'm not an LDAP expert at all. HTH, Mikael From rdeenen at home.nl Tue Jan 23 11:15:46 2007 From: rdeenen at home.nl (Rolf Deenen) Date: Tue, 23 Jan 2007 12:15:46 +0100 (CET) Subject: [Fwd: Re: [Classic-discuss] user login through ldap] Message-ID: <34277.195.35.224.250.1169550946.squirrel@greenleaf.homeip.net> Yes, i suppose. But i also want to create an address book including (amongst others) the users who should be able to login. For this i want to be able to add more information to the user, hence the inetorgperson. I think however that is beyond the scope of this list since it's more ldap related than tinysofa. I'll look further for information about this. Thanks. Rolf Deenen ------------------------------- Original Message ------------------------------- Subject: Re: [Classic-discuss] user login through ldap From: "Mikael Bak" Date: Tue, January 23, 2007 11:15 To: classic-discuss at tinysofa.org -------------------------------------------------------------------------------- On Tuesday 23 January 2007 09:31, Rolf Deenen wrote: > Just tinkering along with it, it seems I have found the problem. I had > already created an object with the inetorgperson objectclass. I wanted to > add to this object the posixaccount objectclass. Now I have found out this > is not possible. I was in the assumption one could just add objectclasses > as one saw fit. It seems however that the inetorgperson and the > posixaccount objectclass can not both be used on the same object. > I think for "normal" unix authentication a posixaccount should be enough. I may be wrong. I'm not an LDAP expert at all. HTH, Mikael _______________________________________________ Classic-discuss mailing list Classic-discuss at tinysofa.org http://lists.tinysofa.org/mailman/listinfo/classic-discuss From mikael at tinysofa.org Thu Jan 25 15:32:56 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Thu, 25 Jan 2007 16:32:56 +0100 Subject: [Classic-discuss] typo in openldap srpm Message-ID: <200701251632.56982.mikael@tinysofa.org> Hi, There's a small but annoying typo in the /etc/sysconfig/ldap file. The variable name used when running openldap in TLS mode should be "LDAP_TLS_H". Now it's called "LDAP_TSL_H". It took me sevreral hours of debugging before I realized why I was unable to start openldap in secure mode. Maybe this saves hours for somebody. Regards, Mikael From jh at tinysofa.org Thu Jan 25 15:56:47 2007 From: jh at tinysofa.org (Jaakko Heinonen) Date: Thu, 25 Jan 2007 17:56:47 +0200 Subject: [Classic-discuss] typo in openldap srpm In-Reply-To: <200701251632.56982.mikael@tinysofa.org> References: <200701251632.56982.mikael@tinysofa.org> Message-ID: <20070125155647.GA1210@ws64.jh.dy.fi> On 2007-01-25, Mikael Bak wrote: > There's a small but annoying typo in the /etc/sysconfig/ldap file. Fixed in svn. -- Jaakko From mikael at tinysofa.org Thu Jan 25 16:51:26 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Thu, 25 Jan 2007 17:51:26 +0100 Subject: [Classic-discuss] typo in openldap srpm In-Reply-To: <20070125155647.GA1210@ws64.jh.dy.fi> References: <200701251632.56982.mikael@tinysofa.org> <20070125155647.GA1210@ws64.jh.dy.fi> Message-ID: <200701251751.26288.mikael@tinysofa.org> On Thursday 25 January 2007 16:56, Jaakko Heinonen wrote: > On 2007-01-25, Mikael Bak wrote: > > There's a small but annoying typo in the /etc/sysconfig/ldap file. > > Fixed in svn. Thanks Jaakko, I found another typo in the same file. The hosts should be inside appostrophes otherwise only the first host definition will be listened to. I'm not shure this is an error in the config file or rather in slapd, because the man file does not say I need to set appostrophes when having more host definitions. Should be like this: LDAP_TLS_H="'ldaps://195.38.113.24/ ldap://127.0.0.1/'" Please note there's first quotation marks and inside them I have a pair of appostrophes. Not sure this is the right way to solve it, but it was the only way I could make openldap listen on both host definitions. HTH, Mikael From rdeenen at home.nl Tue Jan 30 22:23:46 2007 From: rdeenen at home.nl (Rolf Deenen) Date: Tue, 30 Jan 2007 23:23:46 +0100 (CET) Subject: [Classic-discuss] ldap: local login works but ssh doesn't Message-ID: <58907.10.1.1.100.1170195826.squirrel@greenleaf> Hello list, I am trying to use ldap for as many as possible services as possible on my tinysofa classic homeserver. I am a complete newbe to the subject but have managed to get ldap authentication working using ldap (looking back it wasn't that difficult. I wished i had noticed authconfig earlier :-) ). However, i mostly access the machine through ssh and i have been unable to authenticate through ldap. I have used authconfig to configure the machine to use ldap. When i try to login though ssh it keeps giving me "permission denied" with the same account i can use to login locally using ldap authentication. When i start the server manually using /usr/sbin/slapd -d 1 (for debugging) i DO see a lot of action going on when i try to log in. Does this mean that my pam/nss setup is ok? Are there common pitfalls to logging in with ssh using ldap? If is could be an pam/nss issue, can someone with the same setup share me his or her /etc/pam.d/sshd file? I have been googling around for the subject but have not been able to detect an error in my setup. Thanks in advance, Rolf Deenen From mikael at tinysofa.org Wed Jan 31 10:08:57 2007 From: mikael at tinysofa.org (Mikael Bak) Date: Wed, 31 Jan 2007 11:08:57 +0100 Subject: [Classic-discuss] ldap: local login works but ssh doesn't In-Reply-To: <58907.10.1.1.100.1170195826.squirrel@greenleaf> References: <58907.10.1.1.100.1170195826.squirrel@greenleaf> Message-ID: <200701311108.57270.mikael@tinysofa.org> On Tuesday 30 January 2007 23:23, Rolf Deenen wrote: > Hello list, > > I am trying to use ldap for as many as possible services as possible on my > tinysofa classic homeserver. I am a complete newbe to the subject but have > managed to get ldap authentication working using ldap (looking back it > wasn't that difficult. I wished i had noticed authconfig earlier :-) ). > However, i mostly access the machine through ssh and i have been unable to > authenticate through ldap. I have used authconfig to configure the machine > to use ldap. When i try to login though ssh it keeps giving me "permission > denied" with the same account i can use to login locally using ldap > authentication. When i start the server manually using /usr/sbin/slapd -d 1 > (for debugging) i DO see a lot of action going on when i try to log in. > Does this mean that my pam/nss setup is ok? Are there common pitfalls to > logging in with ssh using ldap? If is could be an pam/nss issue, can > someone with the same setup share me his or her /etc/pam.d/sshd file? > > I have been googling around for the subject but have not been able to > detect an error in my setup. > Hi, Here's the relevant part of "man 5 sshd_config" : UsePAM ? Enables the Pluggable Authentication Module interface. ?If set to "yes" this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types. Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication. If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. ? The default is "no". HTH, Mikael