Rhyous

How to enable sshd from the FreeBSD 8 install’s fixit environemnt?

So there are lots of documents out there on how to do something in fixit and some times (most the time) those are long drawn out processes with a lot of typing.

What if you could copy and paste? Well, you can’t. But you could if you could ssh in right.

So lets boot to the FreeBSD 8 Installation DVD and see if we can enable sshd.

I just got it to work so let me document my steps:

1. Run ifconfig to find what ethernet controller you have. Mine was em0.
   fixit# ifconfig
2. Now assign an IP address. Make sure to find an open IP Address that is not already in use.
   fixit# ifconfig em0 inet 192.168.0.25 netmask 255.255.255.0

   That is it for configuring your IP address. You may be asking yourself, what about the DNS server and the default route? Well, you only need those if you are connecting from a different subnet and since you are booted to a fixit environment, I assume you are on the same subnet. Just in case you aren’t, you can enable DNS and give yourself a default route with these commands:

   fixit# fixit#

   echo nameserver 192.168.0.1 > /etc/resolv.conf route add default 192.168.0.1

3. Create the directory where the default sshd configuration and keys are stored.
   fixit# mkdir /etc/ssh
4. Copy the sshd_config to this directory.
   fixit# cp /dist/etc/ssh/sshd_config /etc/ssh
5. Change the configuration file to allow root logins.
   fixit# echo PermitRootLogin yes >> /etc/ssh/sshd_config
6. Create the rsa1, rsa, and dsa keys.

   fixit# fixit# fixit#

   ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ” ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ” ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ”

7. Make sure that root can find a shell.
   fixit# ln -s /mnt2/bin/csh /bin/csh
8. Make sure root has a home directory.
   fixit# mkdir /root
9. Start the sshddaemon.
   fixit# /mnt2/usr/sbin/sshd
10. Prepare the environment for login. We probably want similar environment variables, because the defaults won’t work, since most our binary files are in subdirectories of /mnt2.

    fixit# fixit# fixit#

    env > /root/env echo ‘setenv ENV $HOME/env’ > /root/.cshrc echo sh >> /root/.cshrc

11. Now try to connect using ssh and the root user. There should be no password requested. If you need a windows ssh client, use PuTTY.Note: There may be some errors on setting the environment variables when you log in but they aren’t going to hurt anything and the ones you need should work.

Well, that was a lot easier than I thought it would be. Only took me a short time to figure out.

Hopefully if you search any search engine for this term, you will find this post:
freebsd fixit sshd

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to configure ssh to allow certificate authentication to FreeBSD?

So supposedly you can configure SSH so that you can connect without having to type in a user name and password, but instead authenticate with a certificate. Lets see if we can set this up..

Questions

• Do I need to modify the /etc/sshd_config?
  No.

Here is what I had to do…

1. Install FreeBSD and when prompted to enable SSH choose yes.
   How do I install FreeBSD?

   Ok, now you have a FreeBSD server.

   I had problems creating the key using PuTTYgen, (see this post) so I am going to create the keys on the server.

2. Log in as a non-root user.
3. Create the RSA keys with this command: (You can use dsa keys by replacing any instance of rsa with dsa.)
   ssh-keygen -t rsa

   Accept the default file locations and hit enter.

   In your home folder you now have two files:

   .ssh/id_rsa
   .ssh/id_rsa.pub
4. Add the public key to the .ssh/authorized_keys file.
   cat .ssh/id_rsa.pub >> .ssh/authorized_keys

   You can delete the public key, .ssh/id_rsa.pub, now if you want from the FreeBSD server as it is stored in the .ssh/authorized_keys file.

5. From the workstation that you want to connect to this machine with, use an sftp tool to copy the private key, the .ssh/id_rsa file, to the local workstation.

   Example 1 -If you are on windows, you could use WinSCP to connect to the FreeBSD server. Then you can use the key to connect. If you are using PuTTY, then also use PuTTYgen to load the key and save it in PuTTY’s format.

   Example 2 – If you are on another FreeBSD server or workstation, then copy the private key to the .ssh directory (with the same name id_rsa) for the user you want to automatically connect.

   Now you are done.
   If you have questions, this blog helped me a lot: How to set up SSH keys: Frustration with “Server refused our key”

   Just SSH in and you will not be prompted.

   ---

   Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Ok, so I want to install the newly released FreeBSD 8.0 and only have ZFS partitions.

Questions I had that I am answering here for you:

1. Does Sysinstall support ZFS?
   

   No. You have to install manually using Fixit.

2. Can I boot off a ZFS partition?
   

   Yes, you can. Takes some effort to set it up though.

3. Is it easy?
   

   No, it isn’t easy it is hard. Unless you have used FreeBSD for some time, then it is just tedious and not really easy or hard.

4. Is there a guide?
   

   Yes, it is here:
   http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition
   But hopefully by the time I am done, the best guide will be this post.

Ok, so here it goes, I am following this guide: http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition
I am going to improve upon it and try to make it newbie proof and not skip steps in my guide when this guide skips steps. Why am I making it newbie proof? I don’t know, you would think if you are doing ZFS you aren’t a newbie, but who knows. Better safe than sorry.

Steps for How to install FreeBSD 8.0 using only ZFS partitions?
Step 1. Creating a bootable ZFS Filesystem

1. Download the FreeBSD 8 DVD ISO from here: http://www.freebsd.org/where.html
   Ok, so this isn’t exactly a download link, but it takes you to where you choose your architecture. Click on the [ISO] link next to your Architecture type.
   If you are a newbie and don’t know your architecture, you probably want i386. If you just bought a new 64 bit machine then you want amd64.
   Ok, so the actually link you want is the one that looks as follows:
   For amd64 – 8.0-RELEASE-amd64-dvd1.iso.gz
   For i386 – 8.0-RELEASE-i386-dvd1.iso.gz

2. Extract it as it is zipped.
3. Burn the ISO to DVD disk (or if you are using VMWare just point your VM’s CD-ROM at the ISO).
4. Boot off the FreeBSD 8 DVD and let it boot all the way up.
5. Choose your country/region.
   You should now be at the Sysinstall Main Menu. Remember, we cannot use Sysinstall because it doesn’t yet support ZFS. (I am hoping for a new installer over fixing this old one.)

6. Choose Fixit. You will be promted to Please choose a fixit option.
7. Choose CDROM/DVD.
   You are now at a Fixit command prompt. And if you are following the wiki guide, you are only at that guide’s step 3. Create MBR disk

8. Create an MBR disk by running the following command:
   gpart create -s mbr ad0

   However, what the guide assumes you already know is that ad0 is the name of your hard drive and can be different for each installation. I am installing on VMWare using SCSI and the name of my hard drive is da0. So I would run:

   gpart create -s mbr da0

   You can find out your by looking at a directory listing of /dev if you are familiar with common names, otherwise, you can start a Standard install and see what name is used when you get to the Disk label editor section of the install.

   I am going to use da0 or ad0 in the rest of my document interchangeably, so you need to remember to always use the correct disk name for your drive.

9. Run the following command to show the information for your disk
   gpart show ad0

   There are two columns of numbers. The first column number is a start block for the slice and the second is the size in blocks for the slice. 63 is the start of every first slice. However, the end of a slice is variable depending on the size of your hard drive.

   A slice is not exactly a partition. On FreeBSD you first create a Slice and then you create your partitions on your slice. The next steps will show you have to do both.

10. Create a new Slice using the entire disk.

    Obviously the guy who wrote the wiki I am following already had two slices for windows, so he must have been dual booting. I am assuming that you are not dual booting and that you are installing a new server and you plan to use the entire disk.

    To create a slice using the entire disk, run this command replacing the value after the -s with the value you saw when you ran the previous command.

    gpart add -b 63 -s 104857515 -t freebsd da0

    It will output something like “da0s1 added”. If you look at the da0s1 string, it makes sense. da0 (your disk name) s1 (slice 1 – the slice you just created).

11. Now lets create our slice. No, I am not sure why you have to both add the slice and create the slice, but I am sure there is a good reason.
    gpart create -s BSD da0s1
12. Lets make our slice the active slice. Sounds like this is only sometimes needed. Better to do it and not need it than to not do it an find out you need it.
    gpart set -a active -i 1 da0

    You can run the gpart show da0 command again to make sure it is set as active.

13. Look at the slice.
    gpart show da0s1

    Again, you will have two rows of numbers. This time the first number is 0 and the second number is the size of the slice.

    We want at least two partitions, one for / and one as a swap partition. So we need to determine how much space we want for the swap partition. I want 3 GB.

    Now we have to convert the desired size from GB to sectors.

    1 kilobyte = 1024 bytes or 2 sectors (Sectors are normally 512 Bytes)
    1 megabyte = 1024 kilobytes
    1 gigabyte = 1024 megabytes

    So to get the number of sectors in 1 GB, we need to use the following equation:

    Gigabytes in Sectors = NumberOfGB * numberOfMBInAGB * NumberOfKBInAMB * NumberOfSectorsInAKB

    1 GB in sectors = 1 * 1024 * 1024 * 2 = 2097152
    3 GB in sectors = 3 * 1024 * 1024 * 2 = 6291456

    So take the total size of your slice in sectors and subtract 6291456 and you will have the size of your / partition. And our swap partition will be 6291456.

14. Create your / partition.
    gpart add -i 1 -b 0 -s 98566059 -t freebsd-zfs da0s1
15. Create the swap partition.
    gpart add -i 2 -b 98566059 -s 6291456 -t freebsd-swap da0s1
16. Load the ZFS kernel module.
    kldload /mnt2/boot/kernel/opensolaris.ko
    kldload /mnt2/boot/kernel/zfs.ko
17. Create your zpools.
    mkdir /boot/zfs
    zpool create zroot /dev/da0s1a
    zpool set bootfs=zroot zroot
18. Install the boot manager.
    gpart bootcode -b /mnt2/boot/boot0 da0
19. Install ZFS boot.
    zpool export zroot
    dd if=/mnt2/boot/zfsboot of=/dev/da0s1 count=1
    dd if=/mnt2/boot/zfsboot of=/dev/da0s1a skip=1 seek=1024
    zpool import zroot

Yeah we are done with step 1. Stay tuned for step 2 and step 3 coming.

… I am back for round 2…er uh…step 2 that is.

Step 2. Installing FreeBSD to the ZFS filesystem

Ok for those of you who skipped the details above, I am reading this wiki:
http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition

My intention is to make a more thorough and newbie proof version of this wiki. So here we go, diving into step 2.

1. Create the ZFS hierarchy.

   Wow, this is going to be a lot of tedious typing. You know, while FreeBSD didn’t make an installer for all this, how hard would it have been to create a couple of scripts and include them on the CD so this would be easier.

   zfs set checksum=fletcher4 zroot

   zfs create -o compression=on -o exec=on -o setuid=off zroot/tmp
   chmod 1777 /zroot/tmp

   zfs create zroot/usr
   zfs create zroot/usr/home
   cd zroot ; ln -s /usr/home home

   zfs create -o compression=lzjb -o setuid=off zroot/usr/ports
   zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/distfiles
   zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/packages

   zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/usr/src

   zfs create zroot/var
   zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/var/crash
   zfs create -o exec=off -o setuid=off zroot/var/db
   zfs create -o compression=lzjb -o exec=on -o setuid=off zroot/var/db/pkg
   zfs create -o exec=off -o setuid=off zroot/var/empty
   zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/var/log
   zfs create -o compression=gzip -o exec=off -o setuid=off zroot/var/mail
   zfs create -o exec=off -o setuid=off zroot/var/run
   zfs create -o compression=lzjb -o exec=on -o setuid=off zroot/var/tmp
   chmod 1777 /zroot/var/tmp

   cd /dist/8.0-RELEASE
   export DESTDIR=/zroot
   for dir in base catpages dict doc games info lib32 manpages ports; \
   do (cd $dir ; ./install.sh) ; done
   cd src ; ./install.sh all
   cd ../kernels ; ./install.sh generic
   cd /zroot/boot ; cp -Rlp GENERIC/* /zroot/boot/kernel/
   zfs set readonly=on zroot/var/empty

   chroot /zroot

   echo ‘zfs_enable=”YES”‘ > /etc/rc.conf
   echo ‘hostname=”zfs.mydomain.local”‘ >> /etc/rc.conf
   echo ‘ifconfig_em0=”DHCP”‘ >> /etc/rc.conf

   echo ‘zfs_load=”YES”‘ > /boot/loader.conf
   echo ‘vfs.root.mountfrom=”zfs:zroot”‘ >> /boot/loader.conf

   echo ‘LOADER_ZFS_SUPPORT=YES’ > /etc/src.conf

   mount -t devfs devfs /dev
   export DESTDIR=””

   cd /usr/src/sys/boot/
   make obj
   make depend
   make
   cd i386/loader
   make install

   passwd

   tzsetup

   cd /etc/mail
   make aliases
   umount /dev
   exit
   cp /boot/zfs/zpool.cache /zroot/boot/zfs/zpool.cache

Warning! There is only one line that might catch a newbie off-guard. Every other line you can type in as is but this one.

On FreeBSD this is how you setup your network card to use FreeBSD. However, while my card is em0, not all cards are em0. Run the ifconfig command on FreeBSD to see your card type and replace em0 with the type for you card.

Step 3 – Finish

I followed the guide almost exactly except I had to do a cd / before unmounting. So I added that command where it needs to be, so this should be very newbie proof.

1. Run these commands.
   cat < /zroot/etc/fstab # Device Mountpoint FStype Options Dump Pass# /dev/ad0s3b none swap sw 0 0 EOF export LD_LIBRARY_PATH=/mnt2/lib cd / zfs unmount -a zfs set mountpoint=legacy zroot zfs set mountpoint=/tmp zroot/tmp zfs set mountpoint=/usr zroot/usr zfs set mountpoint=/var zroot/var

I made some mistakes but finally got it to work.

Wow, to think I started FreeBSD when it was at 4.x. I started using FreeBSD end of 2001, so at the end of 2008, I have used FreeBSD for almost 8 years.

FreeBSD 8 was released November 27, 2009.

Read about it here:
http://www.freebsd.org/releases/8.0R/pressrelease.html

I have some documents on FreeBSD, so I will have to make sure they are still valid.

Ok, so you want to evaluate and open source application?

What guidelines should you use? Here is a guideline. I will continue to update this as I find valid items to measure. If you have something I should add to the list, please let me know.

Obtaining the Software

1. A top link in search engine when searching for open source app’s name?
2. A quick download link?
3. Clear description of different downloads per platform?

Installation of Open Source App

1. Clear description of different downloads per platform?
   List of platforms:

2. Ease of install score:
3. Ease of initial configuration score:

Authentication

1. Integration with Active Directory?
   Score:

2. Integration with LDAP?
   Score:

3. Database authentication?
   Explanation: Can authentication occur in a database such as Postgresql, MySQL, etc…
   Supported Database list:
   Score:

4. Authentication to a 3rd party programs database?
   Explanation: So that if you have an application A with a database that hosts a username a password, can this open source application B use your database from application A to authenticate?
   Score:

Security

1. How secure is this application?
2. What security holes have been reported and fixed?
3. What development designs were taken into consideration to enhance security?
4. What security analysis tools such as Nessus has this open source application been analyzed with?

Documentation

1. Install guide exists?
   Quality Score:

2. Users guide exists?
   Quality Score:

3. Admin guide exists?
   Quality Score:

4. Developer’s guide exists?
5. Compile/Debug guide on how to load in an IDE and compile and debug (Visual Studio 2008, Eclipse, KDevelop, other, etc…)
6. Guide for submitting a bug or suggestion?
7. Guide for contributing documentation?
8. Ease of contribution Documentation?

Ease of Use

1. Is the application easy to use?
2. Can non-technical users use the application with minimal training?

Stability

1. How stable is the application? Determine this from normal use for a period of time.
2. How stable is the platform(s) and/or 3rd party dependencies the application runs/depends on?
3. Does the application crash with normal use?
4. Does the application crash with abnormal use?
5. Does the application crash with prolonged use?
6. Is the process for submitting a bug simple?
7. Is the process for applying a patch simple?
8. Does applying patches decrease stability?

Community Strength

1. Is it being maintained by a strong community?
2. Is there a high adoption rate for this application?
3. What is the average turn around time for a bug in the community?
4. Is there a forum? What is forums user base? How quick do questions get responses?
5. Is there a mailing list?
6. Is there an RSS feed?

Customization of Open Source Application

1. What language is this written in?
2. Ease of customization.
3. Ease of contributing to project
4. Ease of compiling/debugging?
5. Ease of getting fixes committed to source?

Scalability

1. Does the application scale well with increased usage?
2. Does this application integrate with the two most used operating systems for desktops? Windows and OS X?

So previously I released the following post:
How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

Now I am following up as promised with how to integrate this with Active Directory and AD’s LDAP. You need to know your LDAP Active Directory info. If you don’t, you need to get it. Or else maybe your domain is generic enough that looking at my examples will get you there.

1. Log in to dotProject.
2. Click on System Admin | Default User Preferences.

   We will make changes to the following sections:

   • User Authentication Settings
   • LDAP Settings

   These section are show in this screen shot. After this screen shot instructions on configuring these sections are provided.

   

3. Scroll to the section called User Authentication Settings.
4. Change the User Authentication Method setting to LDAP.
5. Configure the LDAP Settings section.
   1. For LDAP Host, Enter the IP address of your Active Directory server.
   2. Do not change the LDAP Port or LDAP Version settings.
   3. On a default Active Directory installation, set the LDAP Base DN to the following:
      CN=Users,DC=YourDomain,DC=tld

      For example, the lab I am demoing this with is LD.Lab so it would be this:

      CN=Users,DC=ld,DC=lab
   4. For LDAP User Filter enter the following:
      (sAMAccountName=%USERNAME%)
   5. For the LDAP Search User, enter a domain user:
      CN=John Doe,CN=Users,DC=ld,DC=lab

      SUGGESTION: Create a service account on the domain with a really intense password and almost no rights, except of course the right to search LDAP so it can be an LDAP Search User.

   6. Obviously for the LDAP Search User Password, enter the password for the LDAP Search User.

      IMPORTANT! You must update this password here when the user’s changes in Active Directory (sorry for the “No duh” moment but it had to be said).

6. Scroll down and on the bottom right of the Default User Preferences page, click Save.

Go ahead and try to login as a Domain User.

Note On Changing Permissions
Domain Users may appear to get the Administrator role, but this is not really the case. They only get the Anonymous role when they first login. See my forum post here:
How to make an LDAP user an administrator?

Also, it appears that if you want all users who login to get more permissions, then edit the Anonymous role or modify every user individually. (Yeah, so the project needs some features in this area…maybe you want to become a contributor and develop it yourself?)

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

Hey this was really easy. Really, it is just a matter of aliasing your ls commands. However, it is only really easy if you know how to do it. When you forget, it is annoying. So here is another post to store the info I once knew but forgot and had to learn again.

Using sh, the default shell

1. Edit your .shrc file in your home folder:
   # ee /usr/home/username/.shrc
2. Add/Change the alias commands as follows:
   alias ls=’ls -G’
   alias ll=’ls -laFoG’
   alias l=’ls -lG’

   The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

3. Save and close the file.
4. Logout and login and your shell should have colors when you use ls.

Using bash

1. Edit your .shrc file in your home folder:
   # ee /usr/home/username/.shrc
2. Add/Change the alias commands as follows:
   alias ls=’ls -G’
   alias ll=’ls -laFoG’
   alias l=’ls -lG’

   The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

3. Save and close the file.
4. Copy the .profile file to .bash_profile.
   # cp /usr/home/username/.profile /usr/home/username/.bash_profile
5. Edit the .bash_profile and add the following:
   # Source the .shrc
   source .shrc
6. Logout and login and your bash shell should have colors when you use ls.

Using csh, the default shell for root

1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

   Your home folder:

   # ee /usr/home/username/.cshrc

   Home folder for root:

   # ee /root/.cshrc
2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
   alias ls ls -G
   alias la ls -aG
   alias lf ls -FAG
   alias ll ls -lAG

   The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

3. Save and close the file.
4. Logout and login and your shell should have colors when you use ls.

bash and sh for all users

1. Edit your .shrc file in your home folder:
   # ee /usr/home/username/.shrc
2. Add/Change the alias commands as follows:
   alias ls=’ls -G’
   alias ll=’ls -laFoG’
   alias l=’ls -lG’

   The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

3. Save and close the file.
4. Cat this file to /etc/profile.
   # cat /usr/home/username/.shrc > /etc/profile
5. Logout and login and your shell should have colors when you use ls.

csh for all users

1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

   Your home folder:

   # ee /usr/home/username/.cshrc

   Home folder for root:

   # ee /root/.cshrc
2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
   alias ls ls -G
   alias la ls -aG
   alias lf ls -FAG
   alias ll ls -lAG

   The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

3. Save and close the file.
4. Cat this file to /etc/csh.cshrc.
   # cat /usr/home/username/.cshrc > /etc/csh.cshrc
5. Logout and login and your shell should have colors when you use ls.

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to remove the ^M characters in a file on FreeBSD?

This is simple:

There are multiple ways to do it. One is actually included in the FreeBSD-tips file:

So if you installed the “games” distribution, you get tips every time you log in. And once in a while the above tip will show up.

I had never used that one however, I had always used this one (which I modified) that I found here: http://sed.sourceforge.net/sed1line.txt

However, this one works with the sh, tcsh and bash but not with the csh shell.

This one worked on csh but I am not sure if it is recommended as it assumes every line ends with ^M.

Anyway, I like how FreeBSD supports the -i parameter. Because if I am doing lots of files, I can have a script that does each file in a directory and then (of course I have a back up just in case) I can run sed -i.bak ‘s/.$//’ filename on each file and then do delete all .bak files so every file “appears to be” edited in place.

How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

The basic overview.

1. Install FreeBSD.
   How do I install FreeBSD?
2. Update FreeBSD and download the ports tree.
   What are the first commands I run after installing FreeBSD
3. Then install Apache + SSL.
   Installing an Apache + SSL on FreeBSD using the ports tree
4. Then install MySQL.
   How to install MySQL on FreeBSD 7.2 or on Red Hat 5.4?
5. Configure MySQL to be Unicode.
   How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?Note:
6. Secure MySQL. I don’t have a post on this, but you can follow these MySQL pages.
   Securing the Initial MySQL Accounts
   General Security Guidelines

   Note: If you know what you are doing, you can go with any database that dotProject supports, such as Postgresql.

7. Install PHP5and PHP5-Extensions and make sure to include the MySQL extensions and the LDAP extension.

How to install PHP5 and PHP5 Extensions on FreeBSD?

8. Then install DotProject

I have previous documents about installing each of the steps above installing dotProject. Once you have gone though the above documents, you will be ready for this document. This document will only cover dotProject.

Installing dotProject 2.1.2 from Ports

1. Install dotProject from ports using one of the following commands (I use the first one when doing virtual hosts and the second one when just using sub directories of the web root).

   # #	cd /usr/ports/www/dotproject make install

   Note: If you Apache directory is /usr/local/www/apache22/data you may want to use this make command:

   # #	cd /usr/ports/www/dotproject make DOTPROJECTDIR=/usr/local/www/apache22/data/dotproject install

2. Create a database in MySQL for dotProject. Name it whatever you want. For this example, I am going to name the database dotProjDB. If you have read the articles about MySQL that I referenced above, you should know how to log into to MySQL, but just in case you forgot, I will show you again.There are lots of ways to create a database in MySQL, and I am going to give you one example using the shell and the MySQL client.

   #	mysql -u root -p

   Enter your password and you should be taken to a mysql prompt.

   mysql>

   create database dotprojdb

   Yes it is that simple. And at the same time no it is not that simple. There is a lot more to know such as where to put the database files and how fast of drives you need, whether you need faster read speed or faster write speed or both, but this will suffice for now.

3. Create a mysql user account for this database. We don’t want to user the root account.
   See this page in the MySQL documentation for more information on this: Adding User Accounts

   mysql>	CREATE USER ‘dpuser’@’localhost’ IDENTIFIED BY ‘P@sswd!’;
   Query OK, 0 rows affected (0.01 sec)
   mysql>	GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON dotprojdb.* TO ‘dpuser’@’localhost’;
   Query OK, 0 rows affected (0.01 sec)

4. Now open a web browser to your server’s site: http://yourserver/dotprojectYou will see the following page.

   No need to do anything on this page because it should redirect you after 5 second to a dotProject configuration web page.

   

   Now some of the items in red need to be taken care of. Not all of them, just some of them.

   The first group of items are “Requirements” and anything not with a pretty green check mark under the “Requirements” section needs to be fixed.

   However, under the “Database Connectors” section, there are lots of red Xs. We don’t need to fix these. We just need one database, so as long as the database you want to use (in this example it’s MySQL) has a pretty green check mark, you don’t need to do add more “Database Connectors”.

5. Fix the first error: Session Save Path writable? X Fatal: session.save_path is not setTo do this, follow these steps:
   1. Change to the directory that contains the php.ini file. On FreeBSD that directory is here: /usr/local/etc

      #	cd /usr/local/etc

   2. Now by default the PHP5 port on FreeBSD doesn’t install a php.ini file, but instead provides two example php.ini files: php.ini-recommended and php.ini-dist. So copy one of them to php.ini.

      #	cp php.ini-recommended php.ini

   3. Edit the php.ini file and remove the comment from this line:
      ;session.save_path = “/tmp”

      I use ee which is the command to open Easy Editor. But you can use vi or whatever.

   4. Save the file and exit.
6. The other issue is this one: Session AutoStart = ON? X Failed Try setting to ON if you are experiencing a WhiteScreenOfDeathOk. So this issue is fixed is in that same php.ini file. So repeat the steps only this time we don’t remove a comment, we change a setting from 0 to 1. Find the following line and change it from 0 to 1, as shown.
   session.auto_start = 1
7. Restart apache. This is required and must be done before these settings will take effect.

   #	/usr/local/etc/rc.d/apache22 restart

8. Now you are ready to click the “Start Installation” button. So go ahead and click it. The following page should appear.
9. Enter the details as shown in the page. Hopefully you have your own database user and password to use.
10. Should you click the “User persistent connection?” option? Well, read this. http://www.php.net/manual/en/features.persistent-connections.phpI am not going to check it.
11. Click “Install db and write config”. It should succeed and you should see this new page.
    
12. Now go back to the dotproject home page: http://yourserver/dotprojectLogin with the default user name and password and you are ready to go.

    UPDATE:
    Check out my new update to this:
    How to configure dotProject 2.1.2 to authenticate using Active Directory’s LDAP?

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

So I already have an article on installing Bugzilla. See it here:
How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

So I am not going to cover installing Bugzilla. Just how to get it to connect to Active Directory. Mostly the documentation was there, but there was not really a good example of actual implementation. If the documentation doesn’t provide an example (preferably multiple real world exmaples) then it is poor documentation. Yes, Bugzilla, you are free to take my documentation and put it in your manual, or link to this page.

1. Gather the information from your production environment, especially the LDAP information for your Active Directory configuration: 
   • Bugzilla Server name: 
     http://myserver/bugzilla

      

   • The LDAP Servers (Active Directory servers):
     dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

      

   • The LDAP Bind DN info of a user that can read Active Directory. (This can be any active directory user, as long as this user can read active directory’s users, which pretty much an user no matter how locked down can do.)So my username on the domain is JBarneck, but that is not what to use here. The LDAP Bind DN of my user name is like this (with company secret information changed).
     CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

      

   • The LDAP Base DN, which is the LDAP information for the OU that your users are in.
     My LDAP Base DN for the OU I am in is this (again with company secret information changed). This is exactly what I pasted into my configuration, backslash and all. 
     OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld
   • The LDAPuidattribute, which is sAMAccountName and I don’t know if you can changed in Active Directory.
     sAMAccountName

      

   Note: I’ll be honest. I didn’t have access to a domain controller or Active Directory so I used a tool called LDAPWhoAmI.exe (with an accompanying ldapinfo.dll) that is included in LANDesk’s Management Suite software. I can’t give you these files. But if you wanted to do a trial of LANDesk Management Suite, you could download a Management Suite trial (which is a gig or so) and extract it and get these files. You don’t have to install, just extract and search for the two files. Copy them to a Windows workstation on your domain, then open a command prompt and change to the directory where LDAPWhoAmI.exe and ldapinfo.dll was copied and run LDAPWhoAmI.exe.

2. Log into Bugzilla as an administrator. There is not default administrative user for Bugzilla. You should have created a user account as part of the install.
3. Enable the LDAP module.
   1. Click on Administration from the top menu bar.
   2. Click on Parameters.
   3. Click on User Authentication on the left menu bar.
   4. Scroll down to the user_verify_class setting.
   5. Highlight LDAP and click the up arrow so that it is first in the list. I left DB enabled. I left Radius disabled.
   6. At the bottom of the web page (yes you have to scroll all the way to the bottom) click the Save Changes button.
4. Configure LDAP to connect to Active Directory.
   1. Click on LDAP on the left menu bar.
   2. Under LDAPserver put your Active Directory servers.
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

   3. Under LDAPbinddn put your user’s ldap info.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

   4. Under LDAPBaseDN put your LDAP info for the OU with your users.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

   Under LDAPuidattribute put sAMAccountName.

   sAMAccountName

    

   5. At the bottom of the web page click the Save Changes button.
5. test Authentication.
   1. Either log out or use a different browser or a different machine and connect to your bugzilla url: 
      http://myserver/bugzilla

       

   2. Log in using an Active Directory account. I was unsure if I was supposed use an email or my username and it worked using my Domain user name, JBarneck, and my Domain password.

   I hope this helps all of you get Bugzilla to authenticate using Active Directory much faster than if you had to scour the web for problems.

   ---

   Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com. 

Ok, so I want to have Subversion authentication work from a MySQL database. I am going to try to use Cyrus SASL for this.

I already have instructions for installing the necessary parts:

1. Install FreeBSD.
   How do I install FreeBSD?

2. Update FreeBSD and download the ports tree.
   What are the first commands I run after installing FreeBSD

3. Then install Subversion, however, one difference you need to make to the install instructions for subversion. You need to install with SASL2 support. When you run make install it is an option.

How to install subversion 1.6.6 on FreeBSD 7.2

Ok, now that you have everything is installed, you are were I am and ready to try to get this configured.

Configuring Subversion to use SASL to Authenticate to a MySQL database

1. Create a simple MySQL database. The following is a simple database creation script that creates a database with one table and two rows.

   CREATE DATABASE UserDB;
   USE UserDB;
   CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) )
   INSERT INTO users VALUES ('user1','pw1');
   INSERT INTO users VALUES ('user2@MyReal.com','pw2');
   INSERT INTO users VALUES ('user3@myemailaddress.com','pw3');
   

   Note: I use these accounts to show what works and what does not work because the idea of “realms” is confusing.

   You may be asking why I don’t have three rows, one for each item: User, Password, Realm.

   Well, if you really are creating a new database to handle SVN Users then that is how you should do it and here is it is.

   CREATE DATABASE UserDB;
   USE UserDB;
   CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) , 'realm' varchar(255))
   INSERT INTO users VALUES ('user1','pw1','realm');
   INSERT INTO users VALUES ('user2@MyReal.com','pw2','realm');
   INSERT INTO users VALUES ('user3@myemailaddress.com','pw3','realm');
   

   However, because I am assuming that you want to authenticate to users that are in an already existing database, realm won’t really exist. However, you may have usernames that are in email format, or not in email format an that makes a difference because Subversion splits the username at an @ symbol and the username is only what is before the @ symbol. See the troubleshooting realms section below.

2. Edit the following file:
   /home/svn/repos/MyApp/conf/svnserve.conf

   #	ee /home/svn/repos/MyApp/conf/svnserve.conf

   The following are the lines that should NOT be commented out.

   [general]
   anon-access = none
   auth-access = write
   realm = MyDomain.com

   [sasl]
   use-sasl = true

3. Create and edit the following file:
   /usr/local/lib/sas2/svn.conf

   #	ee /usr/local/lib/sas2/svn.conf

   The following are the lines that should NOT be commented out.

   [general]
   pwcheck_method: auxprop
   mech_list: plain
   auxprop_plugin: sql
   sql_hostnames: localhost
   sql_engine: mysql
   sql_user: root
   sql_passwd: pw
   sql_database: UserDB
   sql_select: SELECT password FROM users WHERE username='%u'

   Note: For debugging add log_level: 7 to this file and then watch the /var/log/debug file.