Archive for the ‘BSD’ Category.

How to install and configure a FreeBSD 8 Desktop with Xorg and KDE?

FreeBSD X

I realize that PC-BSD exists, but sometimes, you need only FreeBSD without PBIs and you want it to do it all yourself because that is why you came to FreeBSD in the first place; to be an expert user and be able to set everything up yourself.

Requirements for Success
To consider the desktop a success, the user should be able to do the following after installation:

  1. Have a graphical login screen.
  2. Auto-mount CD/DVD and USB drives.
  3. Connect a USB drive and read and write to it.
  4. Browse the web with Firefox.
  5. Create a document with Open Office.
  6. Play an mp3.
  7. Play a DVD

Step 1 – Download the DVD and burn it

  1. To download the DVD, go here: http://www.freebsd.org/where.html
  2. Click on your platform type. You are probably going to want i386 for a 32 bit computer or amd64 for a 64 bit computer.
  3. Select the DVD and download it.
  4. Extract it as it is compressed into a zip file. Use gunzip on FreeBSD or 7zip on Windows.
  5. Use your favorite burning software to burn the ISO to disk.

Step 2 – Install FreeBSD and include Xorg and KDE4 as additional install packages.

  1. Insert the installation media and boot off it. Wait for it to boot.
  2. First select your Country.
  3. At Sysinstall’s Main Menu, choose Standard.
  4. Read the next screen and hit OK.
  5. Press A to select Use entire disk.
  6. Press Q to Finish.
  7. For the Boot Manager choose Standard and hit OK.
  8. Read the next screen and hit OK.
  9. Press A to select Auto Defaults.
  10. Press Q to Finish.
  11. For Distributions select Custom. (Don’t worry, the Custom is not that hard) and select the following distributions:
    Required – You must have the base system and a kernel. 

    • base
    • kernels | GENERIC

    Optional – You don’t have to select these but I am selecting them.

    • dict
    • doc | en (or you language).
    • games
    • man
    • src | All (Optional, if you plan on having the source so you can work on it an contribute some work back to FreeBSD.)
    • ports
  12. To get back to the Choose Distributions screen, either select Exit or OK.
  13. Hit OK to continue.
  14. At the Choose Installation Media screen choose CD/DVD.
  15. Read the next screen and choose Yes.
  16. Wait for the installations to complete.
  17. Read the Success screen and hit OK.
  18. Choose Yes to configuring an Ethernet network device.
  19. Select you network card type and hit OK. It is usually the top entry. Mine is em0.
  20. (Optional) You may want to say Yes to configure IPv6 these days. All my machines at home support IPv6 now since they are FreeBSD and Windows 7.
    It will try to detect a server, but probably won’t find one, that is just fine.
  21. Choose Yes to try DHCP. Assuming you have a DHCP server (any corporate network or home with an internet connection and router has one).
    The network configuration screen will open with your IP Address.
  22. Enter a computer name in the Host field.
  23. Choose No when prompted if you want the machine to function as a network gateway.
  24. Choose No when prompted if you want the machine to configure inetd.
  25. When prompted to enable SSH, choose Yes if you are going to connect via SSH remotely. Choose No otherwise. I am choosing Yes because I always find a reason to SSH in.
  26. Choose No to have anonymous FTP access to this machine.
  27. Choose No to for configuring this as an NFS server.
  28. Choose No to for configuring this as an NFS client (unless it is going to be and if it is going to be, you would no).
  29. Choose No to customizing the system console settings.
  30. Choose Yes to set the machines time zone now.
  31. Choose No when asked if the CMOS clock is set to UTC (unless you know for sure 100% that it is).
  32. Choose your Region.
  33. Choose your Country.
  34. Choose your Time Zone.
  35. If prompted if your Time Zone looks reasonable, choose Yes.
  36. When prompted if you have a PS/2, serial, or bus Mouse you need to understand that a mouse if almost always only PS2 or USB anymore. If USB choose No, otherwise choose Yes.
    If you choose Yes, then enable your mouse, test it and then exit that screen.
  37. Choose Yes when prompted about the FreeBSD Package collection and if you want to browse it now as this is where we are going to install Xorg and KDE.
  38. On the Package Selection screen, scroll down X11 and hit OK.
  39. On the X11 screen, scroll down and select KDE4. Notice that a lot of other packages are auto-selected as dependencies. This is normal.
  40. Continue scrolling down and select xorg-7.
  41. Now click Ok.
  42. You may want other packages such as bash. Choose them now.
  43. Choose Install and you will see the Package Targets screen. It will only list the packages your selected, not all the dependencies, but don’t worry, all the dependencies will install.
  44. Choose Ok.
  45. Wait for the installation of the packages to complete.
  46. When prompted for adding initial user accounts, choose Yes.
  47. On the User and Group Management Screen choose User and hit OK.
  48. Enter a user name under the Login ID field.
  49. Leave UID and GROUP as is.
  50. Enter a password and confirm the password.
  51. Enter your full name.
  52. In the Member Groups add these groups (without a space, only separated by a comma): wheel,operator
  53. Leave home directory as is.
  54. Leave the login shell as is. (Unless you installed bash and want to use it, then you can change it to /usr/local/bin/bash).
  55. Hit OK.
  56. Back at the User and group management screen choose Exit and hit OK. Feel free to add as many users as you need first, but don’t worry you can add more later.
  57. Read the next screen and hit OK, it is just an informational screen about the fact that you must set a root password.
  58. Enter the root password and hit enter and then enter it again and hit enter to confirm the password.
  59. When prompted to visit the configuration menu for a chance to set any last options, choose No.
  60. You are back at the Sysinstall Main Menu. Select Exit Install.
  61. When asked if you are sure you wish to exit, choose Yes.
  62. Read the next screen, and hit OK.
  63. Whilst rebooting, remove your DVD from the drive so you don’t boot off it (assuming it is first in your boot order otherwise you may not need to do this).

FreeBSD 8 is now installed with all the software needed to make a nice FreeBSD 8 Desktop, Xorg-7 and KDE4. However, there are a few more steps to get Xorg-7 and KDE4 configured.

Step 3 – Patch your new system
Update and patch your system. I already have steps to do this here:
What are the first commands I run after installing FreeBSD
Important: While the ports tree is already installed, don’t skip this step. Updating the ports tree is how you get the latest versions.

Step 4 – Configure Xorg Dependencies

  1. Login to the newly installed system with the username and password you created. Make sure you use the account that you added to the wheel and operators group.
  2. Once logged in, su to root by simply typing this command:
    $ su

  3. After typing su, you will be prompted for a password. Enter the root password.
  4. You now logged in as root. Your prompt should have changed from a $ to a NAME#. For example, I named my system FBSD8 so my prompt looks as follows:
    FBSD#

  5. Add dbus to /etc/rc.conf. Either use easy editor, or use the following shell command to add it without using and editor.
    FBSD# echo ‘dbus_enable=”YES”‘ >> /etc/rc.conf
  6. Enable dbus with this command.
    FBSD# /usr/local/etc/rc.d/dbus start

  7. Add hald to /etc/rc.conf. Either use easy editor, or use the following shell command to add it without using and editor.
    FBSD# echo ‘hald_enable=”YES”‘ >> /etc/rc.conf

  8. Enable hald with this command.
    FBSD# /usr/local/etc/rc.d/hald start

  9. Reboot by running this command:
    FBSD# reboot

    Note: It is also common to reboot using this command: (It doesn’t matter which command you use to reboot.)

    FBSD# init 6

  10. Once rebooted, log back in and su to root again.

Step 5 – Configure Xorg
Note 1: 1 and 2 are optional and you may skip them if you want. An xorg.conf file is not longer required. Usually most configurations work without it.
Note 2: If you are using VMWare, you may want to jump to this article and come back: How to install VMWare-tools on FreeBSD 8?

  1. Have Xorg automatically create an xorg.conf file using this command:
    FBSD# Xorg -configure /root/xorg.conf.new -retro

  2. Copy the xorg.conf.new to /etc/X11/xorg.conf
    FBSD# cp /root/xorg.conf.new /etc/X11/xorg.conf

  3. Type exit to logout as root. You should go back to the $ prompt.
  4. Create a file called .xinitrc in the users home directory. This file will contain one line.
    $ echo exec /usr/local/kde4/bin/startkde4 > ~/.xinitrc

  5. Run startx to launch Xorg-7 and KDE4.
    $ startx

    Note: If something goes wrong here, your xorg.conf may not have been generated correctly. Reboot (you may have to hit the power button or SSH in to reboot as you may not have console access anymore).

Xorg-7 and KDE4 should now be working.

Step 6 – Enable KDM (Optional) on FreeBSD
Instead of having to login in at a command prompt and run startx, you may prefer a GUI login screen. This can be done very easily with KDM. There is an old way and a new way. Just in case the new way isn’t available to you for some reason, I will leave both methods. Do NOT use both of them.

The new way.

  1. Add the following lines to /etc/rc.conf. Either use easy editor, or use the following shell command to add it without using and editor.
    FBSD#
    FBSD#
    echo ‘local_startup=”${local_startup} /usr/local/kde4/etc/rc.d”‘ >> /etc/rc.conf
    echo ‘kdm4_enable=”YES”‘ >> /etc/rc.conf

  2. Start kdm

The old way.

  1. If you are still in KDE, logout. Click the blue K icon at the bottom left of your screen and you can select Leave | Logout to exit KDE.
  2. Use su to login as root as you have done before.
  3. Open the following file with your favorite editor: /etc/ttys. I use Easy Editor or ee.
    FBSD# ee /etc/ttys

  4. Find the following line: (In ee, Page Down three times almost takes me right to this line.)
    ttyv8 “/usr/local/bin/xdm -nodaemon” xterm off secure
  5. Replace that line with this line:
    ttyv8 “/usr/X11R6/kde4/bin/kdm” xterm on secure
  6. Reboot to have the virtual consoles restart. (or make sure Xorg and KDE are not running and run: kill -HUP 1)

KDM should now be working and your system should reboot to a graphic login screen, which is handled by kdm.

Step 7 – Enable CD/DVD/USB mounting
FreeBSD is more secure by default, so something as simple as accessing a CD or DVD or USB drive is not actually allowed by default. You have enable this.

These steps assume that your user is a member of the operator group. Remember above during the installation, I mentioned to make your user a member of both the wheel and operator groups.

  1. Access a shell and su to root.
    Note: The easiest shell to access now that you are in KDE is Konsole. To access Konsole, click the K and go to Applications | System | Terminal. Also you can add the shell icon to your panel by right-clicking on the icon and choosing Add to Panel.
  2. Enable vfs.usermount.
    FBSD# sysctl -w vfs.usermount=1

  3. Configure vfs.usermount to be enabled on boot.
    FBSD# echo vfs.usermount=1 >> /etc/sysctl.conf

  4. Open the following file with an editor: /etc/devfs.conf
    FBSD# ee /etc/devfs.conf
  5. Add the following lines:
    # Commonly used by many ports
    link    acd0    cdrom
    link    acd0    dvd 

    # Allow all users to access CD’s
    perm /dev/acd0 0666
    perm /dev/acd1 0666
    perm /dev/cd0 0666
    perm /dev/cd1 0666

    # Allow all USB Devices to be mounted
    perm /dev/da0 0666
    perm /dev/da1 0666
    perm /dev/da2 0666
    perm /dev/da3 0666
    perm /dev/da4 0666

    # Misc other devices
    perm /dev/pass0 0666
    perm /dev/xpt0 0666
    perm /dev/agpart 0666
    perm /dev/uscanner0 0666

    Note: Yes, I copied these from a PC-BSD install’s version of this file.

    Note: Change to 0660 to only allow users in the operator group to mount drives.

  6. Also you need a devfs.rules file.  Lets create one.
    FBSD# ee /etc/devfs.rules
  7. Add the following lines.
    [Removable_Media]
    add path ‘ad*’ mode 666 group operator
    add path ‘acd*’ mode 666 group operator
    add path ‘cd*’ mode 666 group operator
    add path ‘pass*’ mode 666 group operator
    add path ‘xpt*’ mode 666 group operator
    add path ‘ugen*’ mode 666 group operator
    add path ‘usb*’ mode 666 group operator
    add path ‘lpt*’ mode 666 group cups
    add path ‘ulpt*’ mode 666 group cups
    add path ‘unlpt*’ mode 666 group cups
    add path ‘fd*’ mode 666 group operator

    Note: Again, I copied these from PC-BSD.

  8. Tell /etc/rc.conf about the rules section in /etc/devfs.rules
    FBSD# echo ‘devfs_system_ruleset=”Removable_Media”‘ >> /etc/rc.conf
  9. Edit the following file: /usr/local/etc/PolicyKit/PolicyKit.conf
    FBSD# ee /usr/local/etc/PolicyKit/PolicyKit.conf

  10. Change the xml’s config section from this…
    <config version="0.1">
        <match user="root">
            <return result="yes"/>
        </match>
        <define_admin_auth group="wheel"/>
    </config>
    

    …to this:

    <config version="0.1">
            <define_admin_auth group="operator"/>
            <match action="org.freedesktop.hal.storage.mount-removable">
                    <return result="yes"/>
            </match>
            <match action="org.freedesktop.hal.storage.mount-fixed">
                    <return result="yes"/>
            </match>
            <match action="org.freedesktop.hal.storage.eject">
                    <return result="yes"/>
            </match>
    </config>
    

    Note: Yes, again, I copied this straight from PC-BSD’s PolicyKit.conf.

  11. Edit the following file with ee: ee /etc/fstab
    FBSD# ee /etc/fstab

  12. Comment out or remove the line for your /cdrom. I usually just comment it out by adding a # sign as shown:
    #/dev/acd0 /cdrom cd9660 ro,noauto 0 0
  13. Restart the computer.

You should now be able to mount CD, DVD, and USB drives. You also should be able to both read and write to them, burn disks, write and format USB drives, etc…

Step 8 – Enable your sound card
I already have an article on this here and it is so very simple.
How to enable sound in FreeBSD 8?

Step 9 – Install Software

We are going to install the following software:

  • Firefox
  • Open Office
  • K3b

Binary Packages

  1. To browse the precompiled package lists, open a web browser to here:
    ftp://ftp.freebsd.org/pub/FreeBSD/ports//packages-8.0-release/Latest/ 

    My architecture is amd64 so the URL I use is this:
    ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.0-release/Latest/

    Hint: Some time in the future you may be on a different version or architecture. If you run this command, it will fail and the output may show you where to go.

    FBSD# pkg_add -r DoesNotExist

Firefox

  1. Access a shell and su to root as software should be installed as root.
  2. FreeBSD has a binary package for Firefox, so to install it you only have to run one command:
    FBSD# pkg_add -r firefox35

  3. Firefox 3.5 installation notes recommend adding a line to /boot/loader.conf, so use ee and add this line:
    sem_load=”YES”

Firefox is now installed.

Open Office
Note: Here I describe installing using ports, but there may be a package available. Read this post: http://forums.freebsd.org/showthread.php?t=8639

  1. Access a shell and su to root as software should be installed as root.
  2. To install Open Office, run the following commands:
    Note: There is not package as of this moment, so we have to compile from ports and this takes longer. You can check for a package if you want as there may be one sometime after I write this document.) 

    FBSD#
    FBSD#
    cd /usr/ports/editors/openoffice.org
    make install

  3. Wait…and wait…and wait…and wait…
  4. Ok, when it fails because you have to manually download some items for java, read and follow the instructions:
    IMPORTANT: To build the JDK 1.6.0 port, you should have at least
    2.5Gb of free disk space in the build area! 

    Due to licensing restrictions, certain files must be fetched manually.

    Please download the Update 3 Source from http://www.java.net/download/jdk6/6u3/promoted/b05/jdk-6u3-fcs-src-b05-jrl-24_sep_2007.jar and the Source Binaries from http://www.java.net/download/jdk6/6u3/promoted/b05/jdk-6u3-fcs-bin-b05-jrl-24_sep_2007.jar and the Mozilla Headers from http://www.java.net/download/jdk6/6u3/promoted/b05/jdk-6u3-fcs-mozilla_headers-b05-unix-24_sep_2007.jar.

    Please open http://java.sun.com/javase/downloads/index.jsp in a web browser and follow the “Download” link for “JDK US DST Timezone Update Tool – 1_3_21” to obtain the time zone update file, tzupdater-1_3_21-2009p.zip.

    Please download the patchset, bsd-jdk16-patches-4.tar.bz2, from http://www.eyesbeyond.com/freebsddom/java/jdk16.html.

    Please place the downloaded file(s) in /usr/ports/distfiles and restart the build.

  5. While you are at it, get the file from this prompt as well. I am not sure why it is not in the same prompt above, but it isn’t.

    Because of licensing restrictions, you must fetch the distribution manually.

    Please access http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd7-amd64-1.6.0_07-b02.tar.bz2 with a web browser and “Accept” the End User License Agreement for “Caffe Diablo 1.6.0”.

    Please place the downloaded file(s) in /usr/ports/distfiles.

  6. Make sure you followed the instructions, download the files, and placed them in /usr/ports/distfiles. Restart the build using the same command you ran before. If you didn’t know, you can probably press the up arrow on your keyboard to see command history so you don’t have to type it again.
  7. You will shortly be prompted with a license agreement. Please read ever word, pressing the space bar to scroll until the end, before typing yes.
  8. Now wait some more as Open Office and its dependencies continue compiling.
  9. No you haven’t waited long enough.
  10. Ok…no just kidding, wait a little more.
  11. No really. It takes a long time to compile Open Office so leave it running and skip to the next step.

When it is done, you will be able to write documents that are compatible with MS Office.

K3b

  1. Access a shell and su to root as software should be installed as root.
  2. FreeBSD has a binary package for K3b, so to install it you only have to run one command:
    FBSD# pkg_add -r k3b

  3. There are a lot of notes about postinstallation steps, so burning a CD is going to be for another day and another document.

Playing MP3s
As for paying I can play MP3s with juK the KDE4 Music player that is installed by default with KDE4.

You should now have the idea and can go installing software that you want.

Playing a DVD

Dragon Player didn’t play the a DVD for me. So I installed kmplayer-kde4. It didn’t play the DVD either. I installed Xine and it worked.

Keywords: FreeBSD X


Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to enable sound in FreeBSD 8?

FreeBSD doesn’t enable the sound by default. However it is simple to detect and enable your sound card.

Step 1 – Detect Your Sound Cound

  1. Install all sound kernel modules by running the following command:

    FBSD# kldload snd_driver

  2. Check which kernel module was able to bind to your sound card by running this command:

    FBSD# cat /dev/sndstat

    The output will be similar to this but of course you may have a different sound card:

    FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64)
    Installed devices:
    pcm0: at io 0x2040 irq 16 kld snd_es137x [MPSAFE] (2p:1v/1r:1v channels duplex default)
  3. Notice on the last line after kld there is a snd_. This is you sound card kernel module.

Step 2 - Enable the kernel module for your sound card

  1. Configure your the kernel module of your sound card to load at boot by adding it to the /boot/loader.conf as follows.

    FBSD# echo 'snd_es137x_load="YES"' >> /boot/loader.conf

    (Of course when you run the command, replace "es137x_" with the letters you see in the output for your sound card.)
    Note: If you look at the /boot/default/loader.conf you can find information on proper syntax exactly for your module and other modules.

Your sound card should now be working.

From the Fixit environment of a FreeBSD 8 install disk, how do I download a file using ftp?

From the Fixit environment of a FreeBSD 8 install disk, how do I download a file using ftp?

  1. Run ifconfig to find what ethernet controller you have. Mine was em0.
    fixit# ifconfig
  2. Now assign an IP address. Make sure to find an open IP Address that is not already in use.
    fixit# ifconfig em0 inet 192.168.0.25 netmask 255.255.255.0
  3. Run the following commands to enable ssh/sftp capability:

    Fixit#
    Fixit#
    mkdir /usr/bin
    ln -s /mnt2/usr/bin/ssh /usr/bin/ssh

You can now connect to a server on your same subnet using sftp. Feel free to add a default route if you need to connect to a remote server or add a DNS server if you need name resolution.

fixit# sftp user@192.168.0.10

Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to enable sshd from the FreeBSD 8 install’s fixit environment?

How to enable sshd from the FreeBSD 8 install’s fixit environemnt?

So there are lots of documents out there on how to do something in fixit and some times (most the time) those are long drawn out processes with a lot of typing.

What if you could copy and paste? Well, you can’t. But you could if you could ssh in right.

So lets boot to the FreeBSD 8 Installation DVD and see if we can enable sshd.

I just got it to work so let me document my steps:

  1. Run ifconfig to find what ethernet controller you have. Mine was em0.
    fixit# ifconfig
  2. Now assign an IP address. Make sure to find an open IP Address that is not already in use.
    fixit# ifconfig em0 inet 192.168.0.25 netmask 255.255.255.0

    That is it for configuring your IP address. You may be asking yourself, what about the DNS server and the default route? Well, you only need those if you are connecting from a different subnet and since you are booted to a fixit environment, I assume you are on the same subnet. Just in case you aren’t, you can enable DNS and give yourself a default route with these commands:

    fixit#
    fixit#
    echo nameserver 192.168.0.1 > /etc/resolv.conf
    route add default 192.168.0.1
  3. Create the directory where the default sshd configuration and keys are stored.
    fixit# mkdir /etc/ssh
  4. Copy the sshd_config to this directory.
    fixit# cp /dist/etc/ssh/sshd_config /etc/ssh
  5. Change the configuration file to allow root logins.
    fixit# echo PermitRootLogin yes >> /etc/ssh/sshd_config
  6. Create the rsa1, rsa, and dsa keys.
    fixit#
    fixit#
    fixit#
    ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ”
    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ”
    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ”
  7. Make sure that root can find a shell.
    fixit# ln -s /mnt2/bin/csh /bin/csh
  8. Make sure root has a home directory.
    fixit# mkdir /root
  9. Start the sshddaemon.
    fixit# /mnt2/usr/sbin/sshd
  10. Prepare the environment for login. We probably want similar environment variables, because the defaults won’t work, since most our binary files are in subdirectories of /mnt2.
    fixit#
    fixit#
    fixit#
    env > /root/env
    echo ‘setenv ENV $HOME/env’ > /root/.cshrc
    echo sh >> /root/.cshrc
  11. Now try to connect using ssh and the root user. There should be no password requested. If you need a windows ssh client, use PuTTY.Note: There may be some errors on setting the environment variables when you log in but they aren’t going to hurt anything and the ones you need should work.

Well, that was a lot easier than I thought it would be. Only took me a short time to figure out.

Hopefully if you search any search engine for this term, you will find this post:
freebsd fixit sshd


Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to configure ssh to allow certificate authentication to FreeBSD?

How to configure ssh to allow certificate authentication to FreeBSD?

So supposedly you can configure SSH so that you can connect without having to type in a user name and password, but instead authenticate with a certificate. Lets see if we can set this up..

Questions

  • Do I need to modify the /etc/sshd_config?
    No.

Here is what I had to do…

  1. Install FreeBSD and when prompted to enable SSH choose yes.
    How do I install FreeBSD?

    Ok, now you have a FreeBSD server.

    I had problems creating the key using PuTTYgen, (see this post) so I am going to create the keys on the server.

  2. Log in as a non-root user.
  3. Create the RSA keys with this command: (You can use dsa keys by replacing any instance of rsa with dsa.)
    ssh-keygen -t rsa

    Accept the default file locations and hit enter.

    In your home folder you now have two files:

    .ssh/id_rsa
    .ssh/id_rsa.pub
  4. Add the public key to the .ssh/authorized_keys file.
    cat .ssh/id_rsa.pub >> .ssh/authorized_keys

    You can delete the public key, .ssh/id_rsa.pub, now if you want from the FreeBSD server as it is stored in the .ssh/authorized_keys file.

  5. From the workstation that you want to connect to this machine with, use an sftp tool to copy the private key, the .ssh/id_rsa file, to the local workstation.

    Example 1 -If you are on windows, you could use WinSCP to connect to the FreeBSD server. Then you can use the key to connect. If you are using PuTTY, then also use PuTTYgen to load the key and save it in PuTTY’s format.

    Example 2 – If you are on another FreeBSD server or workstation, then copy the private key to the .ssh directory (with the same name id_rsa) for the user you want to automatically connect.

    Now you are done.
    If you have questions, this blog helped me a lot: How to set up SSH keys: Frustration with “Server refused our key”

    Just SSH in and you will not be prompted.


    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to install FreeBSD 8.0 using only ZFS partitions? (Newbie proof, I hope)

Ok, so I want to install the newly released FreeBSD 8.0 and only have ZFS partitions.

Questions I had that I am answering here for you:

  1. Does Sysinstall support ZFS?

    No. You have to install manually using Fixit.

  2. Can I boot off a ZFS partition?

    Yes, you can. Takes some effort to set it up though.

  3. Is it easy?

    No, it isn’t easy it is hard. Unless you have used FreeBSD for some time, then it is just tedious and not really easy or hard.

  4. Is there a guide?

    Yes, it is here:
    http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition
    But hopefully by the time I am done, the best guide will be this post.

Ok, so here it goes, I am following this guide: http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition
I am going to improve upon it and try to make it newbie proof and not skip steps in my guide when this guide skips steps. Why am I making it newbie proof? I don’t know, you would think if you are doing ZFS you aren’t a newbie, but who knows. Better safe than sorry.

Steps for How to install FreeBSD 8.0 using only ZFS partitions?
Step 1. Creating a bootable ZFS Filesystem

  1. Download the FreeBSD 8 DVD ISO from here: http://www.freebsd.org/where.html
    Ok, so this isn’t exactly a download link, but it takes you to where you choose your architecture. Click on the [ISO] link next to your Architecture type.
    If you are a newbie and don’t know your architecture, you probably want i386. If you just bought a new 64 bit machine then you want amd64.
    Ok, so the actually link you want is the one that looks as follows:
    For amd64 – 8.0-RELEASE-amd64-dvd1.iso.gz
    For i386 – 8.0-RELEASE-i386-dvd1.iso.gz

  2. Extract it as it is zipped.
  3. Burn the ISO to DVD disk (or if you are using VMWare just point your VM’s CD-ROM at the ISO).
  4. Boot off the FreeBSD 8 DVD and let it boot all the way up.
  5. Choose your country/region.
    You should now be at the Sysinstall Main Menu. Remember, we cannot use Sysinstall because it doesn’t yet support ZFS. (I am hoping for a new installer over fixing this old one.)

  6. Choose Fixit. You will be promted to Please choose a fixit option.
  7. Choose CDROM/DVD.
    You are now at a Fixit command prompt. And if you are following the wiki guide, you are only at that guide’s step 3. Create MBR disk

  8. Create an MBR disk by running the following command:
    gpart create -s mbr ad0

    However, what the guide assumes you already know is that ad0 is the name of your hard drive and can be different for each installation. I am installing on VMWare using SCSI and the name of my hard drive is da0. So I would run:

    gpart create -s mbr da0

    You can find out your by looking at a directory listing of /dev if you are familiar with common names, otherwise, you can start a Standard install and see what name is used when you get to the Disk label editor section of the install.

    I am going to use da0 or ad0 in the rest of my document interchangeably, so you need to remember to always use the correct disk name for your drive.

  9. Run the following command to show the information for your disk
    gpart show ad0

    There are two columns of numbers. The first column number is a start block for the slice and the second is the size in blocks for the slice. 63 is the start of every first slice. However, the end of a slice is variable depending on the size of your hard drive.

    A slice is not exactly a partition. On FreeBSD you first create a Slice and then you create your partitions on your slice. The next steps will show you have to do both.

  10. Create a new Slice using the entire disk.

    Obviously the guy who wrote the wiki I am following already had two slices for windows, so he must have been dual booting. I am assuming that you are not dual booting and that you are installing a new server and you plan to use the entire disk.

    To create a slice using the entire disk, run this command replacing the value after the -s with the value you saw when you ran the previous command.

    gpart add -b 63 -s 104857515 -t freebsd da0

    It will output something like “da0s1 added”. If you look at the da0s1 string, it makes sense. da0 (your disk name) s1 (slice 1 – the slice you just created).

  11. Now lets create our slice. No, I am not sure why you have to both add the slice and create the slice, but I am sure there is a good reason.
    gpart create -s BSD da0s1
  12. Lets make our slice the active slice. Sounds like this is only sometimes needed. Better to do it and not need it than to not do it an find out you need it.
    gpart set -a active -i 1 da0

    You can run the gpart show da0 command again to make sure it is set as active.

  13. Look at the slice.
    gpart show da0s1

    Again, you will have two rows of numbers. This time the first number is 0 and the second number is the size of the slice.

    We want at least two partitions, one for / and one as a swap partition. So we need to determine how much space we want for the swap partition. I want 3 GB.

    Now we have to convert the desired size from GB to sectors.

    1 kilobyte = 1024 bytes or 2 sectors (Sectors are normally 512 Bytes)
    1 megabyte = 1024 kilobytes
    1 gigabyte = 1024 megabytes

    So to get the number of sectors in 1 GB, we need to use the following equation:

    Gigabytes in Sectors = NumberOfGB * numberOfMBInAGB * NumberOfKBInAMB * NumberOfSectorsInAKB

    1 GB in sectors = 1 * 1024 * 1024 * 2 = 2097152
    3 GB in sectors = 3 * 1024 * 1024 * 2 = 6291456

    So take the total size of your slice in sectors and subtract 6291456 and you will have the size of your / partition. And our swap partition will be 6291456.

  14. Create your / partition.
    gpart add -i 1 -b 0 -s 98566059 -t freebsd-zfs da0s1
  15. Create the swap partition.
    gpart add -i 2 -b 98566059 -s 6291456 -t freebsd-swap da0s1
  16. Load the ZFS kernel module.
    kldload /mnt2/boot/kernel/opensolaris.ko
    kldload /mnt2/boot/kernel/zfs.ko
  17. Create your zpools.
    mkdir /boot/zfs
    zpool create zroot /dev/da0s1a
    zpool set bootfs=zroot zroot
  18. Install the boot manager.
    gpart bootcode -b /mnt2/boot/boot0 da0
  19. Install ZFS boot.
    zpool export zroot
    dd if=/mnt2/boot/zfsboot of=/dev/da0s1 count=1
    dd if=/mnt2/boot/zfsboot of=/dev/da0s1a skip=1 seek=1024
    zpool import zroot

Yeah we are done with step 1. Stay tuned for step 2 and step 3 coming.

… I am back for round 2…er uh…step 2 that is.

Step 2. Installing FreeBSD to the ZFS filesystem

Ok for those of you who skipped the details above, I am reading this wiki:
http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition

My intention is to make a more thorough and newbie proof version of this wiki. So here we go, diving into step 2.

  1. Create the ZFS hierarchy.

    Wow, this is going to be a lot of tedious typing. You know, while FreeBSD didn’t make an installer for all this, how hard would it have been to create a couple of scripts and include them on the CD so this would be easier.

    zfs set checksum=fletcher4 zroot

    zfs create -o compression=on -o exec=on -o setuid=off zroot/tmp
    chmod 1777 /zroot/tmp

    zfs create zroot/usr
    zfs create zroot/usr/home
    cd zroot ; ln -s /usr/home home

    zfs create -o compression=lzjb -o setuid=off zroot/usr/ports
    zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/distfiles
    zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/packages

    zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/usr/src

    zfs create zroot/var
    zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/var/crash
    zfs create -o exec=off -o setuid=off zroot/var/db
    zfs create -o compression=lzjb -o exec=on -o setuid=off zroot/var/db/pkg
    zfs create -o exec=off -o setuid=off zroot/var/empty
    zfs create -o compression=lzjb -o exec=off -o setuid=off zroot/var/log
    zfs create -o compression=gzip -o exec=off -o setuid=off zroot/var/mail
    zfs create -o exec=off -o setuid=off zroot/var/run
    zfs create -o compression=lzjb -o exec=on -o setuid=off zroot/var/tmp
    chmod 1777 /zroot/var/tmp

    cd /dist/8.0-RELEASE
    export DESTDIR=/zroot
    for dir in base catpages dict doc games info lib32 manpages ports; \
    do (cd $dir ; ./install.sh) ; done
    cd src ; ./install.sh all
    cd ../kernels ; ./install.sh generic
    cd /zroot/boot ; cp -Rlp GENERIC/* /zroot/boot/kernel/
    zfs set readonly=on zroot/var/empty

    chroot /zroot

    echo ‘zfs_enable=”YES”‘ > /etc/rc.conf
    echo ‘hostname=”zfs.mydomain.local”‘ >> /etc/rc.conf
    echo ‘ifconfig_em0=”DHCP”‘ >> /etc/rc.conf

    echo ‘zfs_load=”YES”‘ > /boot/loader.conf
    echo ‘vfs.root.mountfrom=”zfs:zroot”‘ >> /boot/loader.conf

    echo ‘LOADER_ZFS_SUPPORT=YES’ > /etc/src.conf

    mount -t devfs devfs /dev
    export DESTDIR=””

    cd /usr/src/sys/boot/
    make obj
    make depend
    make
    cd i386/loader
    make install

    passwd

    tzsetup

    cd /etc/mail
    make aliases
    umount /dev
    exit
    cp /boot/zfs/zpool.cache /zroot/boot/zfs/zpool.cache

Warning! There is only one line that might catch a newbie off-guard. Every other line you can type in as is but this one.

echo ‘ifconfig_em0=”DHCP”‘ >> /etc/rc.conf

On FreeBSD this is how you setup your network card to use FreeBSD. However, while my card is em0, not all cards are em0. Run the ifconfig command on FreeBSD to see your card type and replace em0 with the type for you card.

Step 3 – Finish

I followed the guide almost exactly except I had to do a cd / before unmounting. So I added that command where it needs to be, so this should be very newbie proof.

  1. Run these commands.
    cat < /zroot/etc/fstab # Device Mountpoint FStype Options Dump Pass# /dev/ad0s3b none swap sw 0 0 EOF export LD_LIBRARY_PATH=/mnt2/lib cd / zfs unmount -a zfs set mountpoint=legacy zroot zfs set mountpoint=/tmp zroot/tmp zfs set mountpoint=/usr zroot/usr zfs set mountpoint=/var zroot/var

I made some mistakes but finally got it to work.

I started using FreeBSD when it was at 4.x and now FreeBSD 8 released November 27, 2009

Wow, to think I started FreeBSD when it was at 4.x. I started using FreeBSD end of 2001, so at the end of 2008, I have used FreeBSD for almost 8 years.

FreeBSD 8 was released November 27, 2009.

Read about it here:
http://www.freebsd.org/releases/8.0R/pressrelease.html

I have some documents on FreeBSD, so I will have to make sure they are still valid.

A guide for analyzing the quality of an open source application?

Ok, so you want to evaluate and open source application?

What guidelines should you use? Here is a guideline. I will continue to update this as I find valid items to measure. If you have something I should add to the list, please let me know.

Obtaining the Software

  1. A top link in search engine when searching for open source app’s name?
  2. A quick download link?
  3. Clear description of different downloads per platform?

Installation of Open Source App

  1. Clear description of different downloads per platform?
    List of platforms:

  2. Ease of install score:
  3. Ease of initial configuration score:

Authentication

  1. Integration with Active Directory?
    Score:

  2. Integration with LDAP?
    Score:

  3. Database authentication?
    Explanation: Can authentication occur in a database such as Postgresql, MySQL, etc…
    Supported Database list:
    Score:

  4. Authentication to a 3rd party programs database?
    Explanation: So that if you have an application A with a database that hosts a username a password, can this open source application B use your database from application A to authenticate?
    Score:

Security

  1. How secure is this application?
  2. What security holes have been reported and fixed?
  3. What development designs were taken into consideration to enhance security?
  4. What security analysis tools such as Nessus has this open source application been analyzed with?

Documentation

  1. Install guide exists?
    Quality Score:

  2. Users guide exists?
    Quality Score:

  3. Admin guide exists?
    Quality Score:

  4. Developer’s guide exists?
  5. Compile/Debug guide on how to load in an IDE and compile and debug (Visual Studio 2008, Eclipse, KDevelop, other, etc…)
  6. Guide for submitting a bug or suggestion?
  7. Guide for contributing documentation?
  8. Ease of contribution Documentation?

Ease of Use

  1. Is the application easy to use?
  2. Can non-technical users use the application with minimal training?

Stability

  1. How stable is the application? Determine this from normal use for a period of time.
  2. How stable is the platform(s) and/or 3rd party dependencies the application runs/depends on?
  3. Does the application crash with normal use?
  4. Does the application crash with abnormal use?
  5. Does the application crash with prolonged use?
  6. Is the process for submitting a bug simple?
  7. Is the process for applying a patch simple?
  8. Does applying patches decrease stability?

Community Strength

  1. Is it being maintained by a strong community?
  2. Is there a high adoption rate for this application?
  3. What is the average turn around time for a bug in the community?
  4. Is there a forum? What is forums user base? How quick do questions get responses?
  5. Is there a mailing list?
  6. Is there an RSS feed?

Customization of Open Source Application

  1. What language is this written in?
  2. Ease of customization.
  3. Ease of contributing to project
  4. Ease of compiling/debugging?
  5. Ease of getting fixes committed to source?

Scalability

  1. Does the application scale well with increased usage?
  2. Does this application integrate with the two most used operating systems for desktops? Windows and OS X?

How to configure dotProject 2.1.2 to authenticate using Active Directory's LDAP?

So previously I released the following post:
How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

Now I am following up as promised with how to integrate this with Active Directory and AD’s LDAP. You need to know your LDAP Active Directory info. If you don’t, you need to get it. Or else maybe your domain is generic enough that looking at my examples will get you there.

  1. Log in to dotProject.
  2. Click on System Admin | Default User Preferences.

    We will make changes to the following sections:

    • User Authentication Settings
    • LDAP Settings

    These section are show in this screen shot. After this screen shot instructions on configuring these sections are provided.

  3. Scroll to the section called User Authentication Settings.
  4. Change the User Authentication Method setting to LDAP.
  5. Configure the LDAP Settings section.
    1. For LDAP Host, Enter the IP address of your Active Directory server.
    2. Do not change the LDAP Port or LDAP Version settings.
    3. On a default Active Directory installation, set the LDAP Base DN to the following:
      CN=Users,DC=YourDomain,DC=tld

      For example, the lab I am demoing this with is LD.Lab so it would be this:

      CN=Users,DC=ld,DC=lab
    4. For LDAP User Filter enter the following:
      (sAMAccountName=%USERNAME%)
    5. For the LDAP Search User, enter a domain user:
      CN=John Doe,CN=Users,DC=ld,DC=lab

      SUGGESTION: Create a service account on the domain with a really intense password and almost no rights, except of course the right to search LDAP so it can be an LDAP Search User.

    6. Obviously for the LDAP Search User Password, enter the password for the LDAP Search User.

      IMPORTANT! You must update this password here when the user’s changes in Active Directory (sorry for the “No duh” moment but it had to be said).

  6. Scroll down and on the bottom right of the Default User Preferences page, click Save.

Go ahead and try to login as a Domain User.

Note On Changing Permissions
Domain Users may appear to get the Administrator role, but this is not really the case. They only get the Anonymous role when they first login. See my forum post here:
How to make an LDAP user an administrator?

Also, it appears that if you want all users who login to get more permissions, then edit the Anonymous role or modify every user individually. (Yeah, so the project needs some features in this area…maybe you want to become a contributor and develop it yourself?)


Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to add color to your SSH sessions in FreeBSD so files of different types have different colors when using ls?

Hey this was really easy. Really, it is just a matter of aliasing your ls commands. However, it is only really easy if you know how to do it. When you forget, it is annoying. So here is another post to store the info I once knew but forgot and had to learn again.

Using sh, the default shell

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Logout and login and your shell should have colors when you use ls.

Using bash

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Copy the .profile file to .bash_profile.
    # cp /usr/home/username/.profile /usr/home/username/.bash_profile
  5. Edit the .bash_profile and add the following:
    # Source the .shrc
    source .shrc
  6. Logout and login and your bash shell should have colors when you use ls.

Using csh, the default shell for root

  1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

    Your home folder:

    # ee /usr/home/username/.cshrc

    Home folder for root:

    # ee /root/.cshrc
  2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
    alias ls ls -G
    alias la ls -aG
    alias lf ls -FAG
    alias ll ls -lAG

    The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Logout and login and your shell should have colors when you use ls.

bash and sh for all users

  1. Edit your .shrc file in your home folder:
    # ee /usr/home/username/.shrc
  2. Add/Change the alias commands as follows:
    alias ls=’ls -G’
    alias ll=’ls -laFoG’
    alias l=’ls -lG’

    The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Cat this file to /etc/profile.
    # cat /usr/home/username/.shrc > /etc/profile
  5. Logout and login and your shell should have colors when you use ls.

csh for all users

  1. As root, edit your .cshrc file in either your home folder or in the home folder for root:

    Your home folder:

    # ee /usr/home/username/.cshrc

    Home folder for root:

    # ee /root/.cshrc
  2. Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
    alias ls ls -G
    alias la ls -aG
    alias lf ls -FAG
    alias ll ls -lAG

    The first one I added, the others I only added the -G parameter to the already existing aliases for ls.

  3. Save and close the file.
  4. Cat this file to /etc/csh.cshrc.
    # cat /usr/home/username/.cshrc > /etc/csh.cshrc
  5. Logout and login and your shell should have colors when you use ls.

Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to remove the ^M characters in a file on FreeBSD?

How to remove the ^M characters in a file on FreeBSD?

This is simple:

There are multiple ways to do it. One is actually included in the FreeBSD-tips file:

tr -d \\r < file > newfile
— Originally by Dru

So if you installed the “games” distribution, you get tips every time you log in. And once in a while the above tip will show up.

I had never used that one however, I had always used this one (which I modified) that I found here: http://sed.sourceforge.net/sed1line.txt

sed -i.bak ‘s/^M$//’ filename # in bash/tcsh, press Ctrl-V then Ctrl-M

However, this one works with the sh, tcsh and bash but not with the csh shell.

This one worked on csh but I am not sure if it is recommended as it assumes every line ends with ^M.

sed -i.bak ‘s/.$//’ filename # assumes that all lines end with CR/LF

Anyway, I like how FreeBSD supports the -i parameter. Because if I am doing lots of files, I can have a script that does each file in a directory and then (of course I have a back up just in case) I can run sed -i.bak ‘s/.$//’ filename on each file and then do delete all .bak files so every file “appears to be” edited in place.

How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?

The basic overview.

  1. Install FreeBSD.
    How do I install FreeBSD?
  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD
  3. Then install Apache + SSL.
    Installing an Apache + SSL on FreeBSD using the ports tree
  4. Then install MySQL.
    How to install MySQL on FreeBSD 7.2 or on Red Hat 5.4?
  5. Configure MySQL to be Unicode.
    How to create a UTF-8 Unicode Database on MySQL and make UTF-8 Unicode the default?Note:
  6. Secure MySQL. I don’t have a post on this, but you can follow these MySQL pages.
    Securing the Initial MySQL Accounts
    General Security Guidelines

    Note: If you know what you are doing, you can go with any database that dotProject supports, such as Postgresql.

  7. Install PHP5and PHP5-Extensions and make sure to include the MySQL extensions and the LDAP extension.
  8. How to install PHP5 and PHP5 Extensions on FreeBSD?

  9. Then install DotProject

I have previous documents about installing each of the steps above installing dotProject. Once you have gone though the above documents, you will be ready for this document. This document will only cover dotProject.

Installing dotProject 2.1.2 from Ports

  1. Install dotProject from ports using one of the following commands (I use the first one when doing virtual hosts and the second one when just using sub directories of the web root).
    #
    #
    cd /usr/ports/www/dotproject
    make install

    Note: If you Apache directory is /usr/local/www/apache22/data you may want to use this make command:

    #
    #
    cd /usr/ports/www/dotproject
    make DOTPROJECTDIR=/usr/local/www/apache22/data/dotproject install

  2. Create a database in MySQL for dotProject. Name it whatever you want. For this example, I am going to name the database dotProjDB. If you have read the articles about MySQL that I referenced above, you should know how to log into to MySQL, but just in case you forgot, I will show you again.There are lots of ways to create a database in MySQL, and I am going to give you one example using the shell and the MySQL client.
    # mysql -u root -p

    Enter your password and you should be taken to a mysql prompt.

    mysql> create database dotprojdb

    Yes it is that simple. And at the same time no it is not that simple. There is a lot more to know such as where to put the database files and how fast of drives you need, whether you need faster read speed or faster write speed or both, but this will suffice for now.

  3. Create a mysql user account for this database. We don’t want to user the root account.
    See this page in the MySQL documentation for more information on this: Adding User Accounts

    mysql> CREATE USER ‘dpuser’@’localhost’ IDENTIFIED BY ‘P@sswd!’;
    Query OK, 0 rows affected (0.01 sec)
    mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON dotprojdb.* TO ‘dpuser’@’localhost’;
    Query OK, 0 rows affected (0.01 sec)

  4. Now open a web browser to your server’s site: http://yourserver/dotprojectYou will see the following page.

    No need to do anything on this page because it should redirect you after 5 second to a dotProject configuration web page.

    Now some of the items in red need to be taken care of. Not all of them, just some of them.

    The first group of items are “Requirements” and anything not with a pretty green check mark under the “Requirements” section needs to be fixed.

    However, under the “Database Connectors” section, there are lots of red Xs. We don’t need to fix these. We just need one database, so as long as the database you want to use (in this example it’s MySQL) has a pretty green check mark, you don’t need to do add more “Database Connectors”.

  5. Fix the first error: Session Save Path writable? X Fatal: session.save_path is not setTo do this, follow these steps:
    1. Change to the directory that contains the php.ini file. On FreeBSD that directory is here: /usr/local/etc
      # cd /usr/local/etc

    2. Now by default the PHP5 port on FreeBSD doesn’t install a php.ini file, but instead provides two example php.ini files: php.ini-recommended and php.ini-dist. So copy one of them to php.ini.
      # cp php.ini-recommended php.ini

    3. Edit the php.ini file and remove the comment from this line:
      ;session.save_path = “/tmp”

      I use ee which is the command to open Easy Editor. But you can use vi or whatever.

    4. Save the file and exit.
  6. The other issue is this one: Session AutoStart = ON? X Failed Try setting to ON if you are experiencing a WhiteScreenOfDeathOk. So this issue is fixed is in that same php.ini file. So repeat the steps only this time we don’t remove a comment, we change a setting from 0 to 1. Find the following line and change it from 0 to 1, as shown.
    session.auto_start = 1
  7. Restart apache. This is required and must be done before these settings will take effect.
    # /usr/local/etc/rc.d/apache22 restart

  8. Now you are ready to click the “Start Installation” button. So go ahead and click it. The following page should appear.
  9. Enter the details as shown in the page. Hopefully you have your own database user and password to use.
  10. Should you click the “User persistent connection?” option? Well, read this. http://www.php.net/manual/en/features.persistent-connections.phpI am not going to check it.
  11. Click “Install db and write config”. It should succeed and you should see this new page.
  12. Now go back to the dotproject home page: http://yourserver/dotprojectLogin with the default user name and password and you are ready to go.

    UPDATE:
    Check out my new update to this:
    How to configure dotProject 2.1.2 to authenticate using Active Directory’s LDAP?


Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to configure Bugzilla to Authenticate to Active Directory?

So I already have an article on installing Bugzilla. See it here:
How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

So I am not going to cover installing Bugzilla. Just how to get it to connect to Active Directory. Mostly the documentation was there, but there was not really a good example of actual implementation. If the documentation doesn’t provide an example (preferably multiple real world exmaples) then it is poor documentation. Yes, Bugzilla, you are free to take my documentation and put it in your manual, or link to this page.

  1. Gather the information from your production environment, especially the LDAP information for your Active Directory configuration: 
    • Bugzilla Server name: 
      http://myserver/bugzilla

       

    • The LDAP Servers (Active Directory servers):
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    • The LDAP Bind DN info of a user that can read Active Directory. (This can be any active directory user, as long as this user can read active directory’s users, which pretty much an user no matter how locked down can do.)So my username on the domain is JBarneck, but that is not what to use here. The LDAP Bind DN of my user name is like this (with company secret information changed).
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    • The LDAP Base DN, which is the LDAP information for the OU that your users are in.
      My LDAP Base DN for the OU I am in is this (again with company secret information changed). This is exactly what I pasted into my configuration, backslash and all. 

      OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld
    • The LDAPuidattribute, which is sAMAccountName and I don’t know if you can changed in Active Directory.
      sAMAccountName

       

    Note: I’ll be honest. I didn’t have access to a domain controller or Active Directory so I used a tool called LDAPWhoAmI.exe (with an accompanying ldapinfo.dll) that is included in LANDesk’s Management Suite software. I can’t give you these files. But if you wanted to do a trial of LANDesk Management Suite, you could download a Management Suite trial (which is a gig or so) and extract it and get these files. You don’t have to install, just extract and search for the two files. Copy them to a Windows workstation on your domain, then open a command prompt and change to the directory where LDAPWhoAmI.exe and ldapinfo.dll was copied and run LDAPWhoAmI.exe.

  2. Log into Bugzilla as an administrator. There is not default administrative user for Bugzilla. You should have created a user account as part of the install.
  3. Enable the LDAP module.
    1. Click on Administration from the top menu bar.
    2. Click on Parameters.
    3. Click on User Authentication on the left menu bar.
    4. Scroll down to the user_verify_class setting.
    5. Highlight LDAP and click the up arrow so that it is first in the list. I left DB enabled. I left Radius disabled.
    6. At the bottom of the web page (yes you have to scroll all the way to the bottom) click the Save Changes button.
  4. Configure LDAP to connect to Active Directory.
    1. Click on LDAP on the left menu bar.
    2. Under LDAPserver put your Active Directory servers.
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    3. Under LDAPbinddn put your user’s ldap info.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    4. Under LDAPBaseDN put your LDAP info for the OU with your users.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    5. Under LDAPuidattribute put sAMAccountName.

      sAMAccountName

       

    6. At the bottom of the web page click the Save Changes button.
  5. test Authentication.
    1. Either log out or use a different browser or a different machine and connect to your bugzilla url: 
      http://myserver/bugzilla

       

    2. Log in using an Active Directory account. I was unsure if I was supposed use an email or my username and it worked using my Domain user name, JBarneck, and my Domain password.

    I hope this helps all of you get Bugzilla to authenticate using Active Directory much faster than if you had to scour the web for problems.


    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com. 

How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?

Ok, so I want to have Subversion authentication work from a MySQL database. I am going to try to use Cyrus SASL for this.

I already have instructions for installing the necessary parts:

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion, however, one difference you need to make to the install instructions for subversion. You need to install with SASL2 support. When you run make install it is an option.
  4. How to install subversion 1.6.6 on FreeBSD 7.2

Ok, now that you have everything is installed, you are were I am and ready to try to get this configured.

Configuring Subversion to use SASL to Authenticate to a MySQL database

  1. Create a simple MySQL database. The following is a simple database creation script that creates a database with one table and two rows.
    CREATE DATABASE UserDB;
    USE UserDB;
    CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) )
    INSERT INTO users VALUES ('user1','pw1');
    INSERT INTO users VALUES ('user2@MyReal.com','pw2');
    INSERT INTO users VALUES ('user3@myemailaddress.com','pw3');
    

    Note: I use these accounts to show what works and what does not work because the idea of “realms” is confusing.

    You may be asking why I don’t have three rows, one for each item: User, Password, Realm.

    Well, if you really are creating a new database to handle SVN Users then that is how you should do it and here is it is.

    CREATE DATABASE UserDB;
    USE UserDB;
    CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) , 'realm' varchar(255))
    INSERT INTO users VALUES ('user1','pw1','realm');
    INSERT INTO users VALUES ('user2@MyReal.com','pw2','realm');
    INSERT INTO users VALUES ('user3@myemailaddress.com','pw3','realm');
    

    However, because I am assuming that you want to authenticate to users that are in an already existing database, realm won’t really exist. However, you may have usernames that are in email format, or not in email format an that makes a difference because Subversion splits the username at an @ symbol and the username is only what is before the @ symbol. See the troubleshooting realms section below.

  2. Edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    The following are the lines that should NOT be commented out.

    [general]
    anon-access = none
    auth-access = write
    realm = MyDomain.com

    [sasl]
    use-sasl = true

  3. Create and edit the following file:
    /usr/local/lib/sas2/svn.conf

    # ee /usr/local/lib/sas2/svn.conf

    The following are the lines that should NOT be commented out.

    [general]
    pwcheck_method: auxprop
    mech_list: plain
    auxprop_plugin: sql
    sql_hostnames: localhost
    sql_engine: mysql
    sql_user: root
    sql_passwd: pw
    sql_database: UserDB
    sql_select: SELECT password FROM users WHERE username='%u'

    Note: For debugging add log_level: 7 to this file and then watch the /var/log/debug file.

You should now be able to connect with a client such as TortoiseSVN and connect

Troubleshooting Realms

I found some issues with realms that were really confusing.

Change your /usr/local/lib/sas2/svn.conf file to look like this:

[general]
log_level: 7
pwcheck_method: auxprop
mech_list: plain
auxprop_plugin: sql
sql_hostnames: localhost
sql_engine: mysql
sql_user: root
sql_passwd: pw
sql_database: UserDB
sql_select: SELECT password FROM users WHERE username='%u' or username='%u@%r'

I added two changes:

  1. Turned on logging.
  2. Changes the sql statement to look for username='username' or username='username@realm'

I had to do this because if the user was using an email address, such as john@domain.tld, then it actually makes %u only equal John and seems to drop the @domain.tld and replace it with the name of the realm. However, if your username is John@domain.tld and your realm is domain.tld (so realm and domain are the same), then the code above works. If you domain and realm are not the same, I haven't been able to get this to work.

Go ahead and run this command:

# tail -f -n 30 /var/log/debug

And then try to authenticate using a client, such as TortoiseSVN. Test all three users. You will see the SQL Queries that are run. It should work to authenticate as user1 or User2, but it cannot authenticate user3 because it just doesn't work due to the way it handles realms. If you have users that don't have email address in your realm, then you need them to have username that are not email addresses.

Final Question
If the password is stored as an md5, sha1, sha256 hash in the database, how do I make this work?


Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to install subversion 1.6.6 on FreeBSD 7.2

How to install Subversion 1.6.6 on FreeBSD 7.2.
The basic overivew.

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion.

I have previous documents about installing each of the steps above installing Subversion. This document will only cover Subversion.

Installing Subversion on FreeBSD from ports

  1. Go to /usr/ports/devel/subversion and run make install.

    ServerName#
    ServerName#
    cd /usr/ports/devel/subversion
    make install

    NOTE: If you get a failure due to apr already being installed but not being built correctly, then uninstall apr and reinstall it with the default settings. Then go back and try to install subversion again.

    ServerName#
    ServerName#
    ServerName#
    cd /usr/ports/devel/apr
    make deinstall
    make BATCH=yes install

  2. Configure Subversion to start at bootup.

    #
    #
    echo # Subversion >> /etc/rc.conf
    echo 'svnserve_enable="YES"' >> /etc/rc.conf

  3. Create an svn user using the adduser command line wizard. This command will walk you through creating an svn user. Make sure to use the nologin shell and a random password so the user cannot login.

    # # adduser
    Username: svn
    Full name: svn
    Uid (Leave empty for default):
    Login group [svn]:
    Login group is svn. Invite svn into other groups? []:
    Login class [default]:
    Shell (sh csh tcsh nologin) [sh]: nologin
    Home directory [/home/svn]:
    Home directory permissions (Leave empty for default):
    Use password-based authentication? [yes]:
    Use an empty password? (yes/no) [no]:
    Use a random password? (yes/no) [no]: yes
    Lock out the account after creation? [no]:
    Username : svn
    Password :
    Full Name : svn
    Uid : 1002
    Class :
    Groups : svn
    Home : /home/svn
    Home Mode :
    Shell : /usr/sbin/nologin
    Locked : no
    OK? (yes/no): yes
    adduser: INFO: Successfully added (svn) to the user database.
    adduser: INFO: Password for (svn) is: /2CZct48a
    Add another user? (yes/no): no
    Goodbye!

  4. Make a repos directory in the svn user's home directory.

    # mkdir /home/svn/repos

  5. Create a repository.

    #
    #
    #
    #
    cd /home/svn
    mkdir repos
    cd repos
    svnadmin create MyApp

    This will create a MyApp folder and populate it with the files needed to start a repository.

    This is default subversion repository folder structure:

    /home/svn/repos/MyApp/README.txt
    /home/svn/repos/MyApp/format
    /home/svn/repos/MyApp/conf
    /home/svn/repos/MyApp/confauthz
    /home/svn/repos/MyApp/conf/passwd
    /home/svn/repos/MyApp/confsvnserve.conf
    /home/svn/repos/MyApp/db
    /home/svn/repos/MyApp/db/current
    /home/svn/repos/MyApp/db/format
    /home/svn/repos/MyApp/db/fs-type
    /home/svn/repos/MyApp/db/fsfs.conf
    /home/svn/repos/MyApp/db/min-unpacked-rev
    /home/svn/repos/MyApp/db/rep-cache.db
    /home/svn/repos/MyApp/db/revprops
    /home/svn/repos/MyApp/db/revs
    /home/svn/repos/MyApp/db/transactions
    /home/svn/repos/MyApp/db/txn-current
    /home/svn/repos/MyApp/db/txn-current-lock
    /home/svn/repos/MyApp/db/txn-protorevs
    /home/svn/repos/MyApp/db/uuid
    /home/svn/repos/MyApp/db/write-lock
    /home/svn/repos/MyApp/db/revprops/
    /home/svn/repos/MyApp/db/revprops/0
    /home/svn/repos/MyApp/db/revprops/0/0
    /home/svn/repos/MyApp/db/revs/
    /home/svn/repos/MyApp/db/revs/0
    /home/svn/repos/MyApp/db/revs/0/0
    /home/svn/repos/MyApp/db/transactions/
    /home/svn/repos/MyApp/db/txn-protorevs/
    /home/svn/repos/MyApp/hooks/
    /home/svn/repos/MyApp/hooks/post-commit.tmpl
    /home/svn/repos/MyApp/hooks/post-lock.tmpl
    /home/svn/repos/MyApp/hooks/post-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/post-unlock.tmpl
    /home/svn/repos/MyApp/hooks/pre-commit.tmpl
    /home/svn/repos/MyApp/hooks/pre-lock.tmpl
    /home/svn/repos/MyApp/hooks/pre-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/pre-unlock.tmpl
    /home/svn/repos/MyApp/hooks/start-commit.tmpl
    /home/svn/repos/MyApp/locks/
    /home/svn/repos/MyApp/locks/db-logs.lock
    /home/svn/repos/MyApp/locks/db.lock
  6. To configure a Repository and add users, edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    Uncomment lines below or just create a new svnserve.conf file with these lines:

    [general]
    anon-access = read
    auth-access = write
    password-db = /home/svn/userdb

    Now edit the following file:
    /home/svn/repos/MyApp/passwd

    # ee /home/svn/repos/MyApp/passwd

    Add users. For example, to add a user allen1 with a password of P@sswd! and another user jared with a password of My$ecre+1, the file would look like this:

    [users]
    allen1 = P@sswd!
    jared = My$ecre+1
  7. Now start the svn server.

    # /usr/local/etc/rc.d/svnserve start

  8. Now you should be able to connect to your repository with an svn client. TortoiseSVN is a popular windows tool that you can use to connect to your repository.

    Use the following to connect:

    svn://allen1:P@sswd!@ServerName/MyApp

Now i have to figure out a bunch more steps...
How to populate an SVN repository?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database where the password is stored in a hash? So you can have SVN share Bugzilla users?
How to get Tortoise SVN to connect to an SVN repository?
How to install WebSVN as a web interface to the SVN repository?


Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.