date: 4:19:23, July 21, 2024
my ip: (
your ip: ()
CCBot/2.0 (
Welcome, my name is Emmanuel Roberto Richiardone, this is my place on the web.

You can contact me at e(AT)

My PGP/GPG public key
More about me here

  Docs, Tips & tricks
  Freebsd tips
  GNU/Linux tips

Outside links:
  Photos on Smugmug

Other links:


RSS feed enabled!

  July 2024  
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

search with google
all the web

. o .
. . o

go to page: 1     single page
Upgrading FreeBSD with openldap backend switch dbd to mdbFri, 3 Apr 15
As pointed in UPDATING, on August 2014 the bdb backend of openldap24-server has been deprecated and is no longer supported. The new default backend to use should be mdb, and data should be migrated. In order to migrate the daba, I followed those steps.
Stop the service
# service slapd stop
Make a backup of the database location (the default path is /var/db/openldap-data)
# cp -R /var/db/openldap-data /tmp/openldap-data.bdb
Export the LDAP database in LDIF format file
# slapcat -l ldif
Upgrade the openldap server
# pkg install openldap24-server
Edit the configuration file
# vi /usr/local/etc/openldap/slapd.conf
Comment out bdb and enable mbd

moduleload    back_mdb
#moduleload     back_bdb

database        mdb
#database       bdb

Import the LDIF file
# ldapadd -D 'cn=root,dc=example,dc=local' -W -x -f ldif
In case your LDIF file contains structural informations that cannot be edited, you get this error:
adding new entry "dc=example,dc=local"
ldap_add: Constraint violation (19)
        additional info: structuralObjectClass: no user modification allowed
As pointed here, you have to filter out the offending lines. Create the filter
# cat >slapcat_filter <<EOF
/^creatorsName: /d
/^createTimestamp: /d
/^modifiersName: /d
/^modifyTimestamp: /d
/^structuralObjectClass: /d
/^entryUUID: /d
/^entryCSN: /d
Apply the filter
# cat ldif | sed -f slapcat_filter > filtered.ldif
Import the filtered LDIF file
# ldapadd -D 'cn=root,dc=example,dc=local' -W -x -f filtered.ldif
Restart the openldap server daemon
#service slapd start
Setting FreeBSD desktopSat, 2 Jun 12
Step by step guide to set up a FreeBSD desktop PC with KDE4: How to install and configure a FreeBSD 8 Desktop with Xorg and KDE?
Grub2 and FreeBSDSun, 3 Apr 11
The version 2 of GRUB bootloader (present in Ubuntu) has introduced a new way of been configured. You don't have to manually edit a file configuration (the old menu.lst), but it comes with a program (update-grub) that detect partitions and automatically writes the settings.
Problem arises when you are using a FreeBSD boot partition, as the update-grub utility doesn't find it. To solve you have from GNU/Linux (ie. Ubuntu) to make some steps:
  1. Launch
    $ sudo parted /dev/sda print
    for your sda drive and write down the Number of your FreeBSD partition
  2. Edit the file
    and add the following text where hd0 is the sda drive and ,2 is the number as read above:
    menuentry "FreeBSD" {
     set root=(hd0,2)
     chainloader +1
  3. Run
    $ sudo update-grub
    it will not display the entry but after a reboot you should find the "FreeBSD" entry.
GDM change background imageSun, 14 Mar 10
How to use the same background image in GDM as your wallpaper?
Using gconftool to get the file path of the image:
 # gconftool-2 --get /desktop/gnome/background/picture_filename
Then set the new image file:
 # gconftool-2 --set --type string --set /desktop/gnome/background/picture_filename /path/to/your/background/image.png
FreeBSD + HAL fightingsSun, 31 Jan 10
Troubles with HAL and nautilus on FreeBSD?
Every time I burn something I have severe problems with this "intelligent" service. But this HAL faq can resolve quite any matters. Also explain how to start a non-aware HAL utility using hal-lock
PS: other Gnome 2.28 tips at FreeBSD Upgrading FAQ.
xorg without display managerMon, 18 Jan 10
On a low performance computer I wanted to start as quick as possible a graphical interface with FreeBSD. So I was looking for a way to auto-logon the system and start a Xorg program. The system doesn't have a keyboard, and I doesn't really care about security issue. But keep in mind that this procedure let anyone to launch command as the user logged in.
First step, add in /etc/gettytab the auto-login feature for the user someuser adding at the end a line like this:
Also modify in /etc/ttys the line for the first console ttyv0 to load autologin configuration:
ttyv0   "/usr/libexec/getty autologin"           cons25  on  secure
Secondly, go to the home of the user someuser and add in TCSH starting script (/home/someuser/.cshrc) the startx command:
if ( $tty == "ttyv0" ) then
And add the line to launch somecommand in the Xorg initialization /home/someuser/.xinitrc:
exec /usr/local/bin/somecommand
FreeBSD versionThu, 22 Jan 09
Want to know what is the version of your src tree you have in /usr/src? Type the following command as any user:
# awk 'BEGIN{FS="\""} /TYPE=/{a=$2} /REVISION=/{b=$2} /BRANCH=/{print a " " b "-" $2; exit}' < /usr/src/sys/conf/
geli full encrypted systemSun, 30 Dec 07
Here is a guide I made for myself in trying the freebsd geli encryption layer. For more info about geli, see handbook and geli (8).

This howto require a computer (obviously), an usb pendrive (to store keys), and a freesbie licecd (needed for install).
At the end of this guide, you'll have a full-encrypted system with AES at 256 bit, swap with blowfish, key for root as passphrase and keys for other slices (/usr, /var...) splitted in keys in root and keys onto pendrive. So without pendrive you can't boot, either without passphrase; obviously you may change at your needs this configuration.
start computer with the cdrom; when you reach console, open it as root:
# su -
and start sysinstall
# sysinstall
In sysinstall choose "custom install".

Options -> modify "Media Type" to point to your nearest ftp server (if you 
are using dhcp, the network is already set up, if not in second console use ifconfig)
Also modify "Install Root" to "/mnt".

Partition -> allocate space for one bsd partition (retain the disk name, like 
'ad10'), quit and install boot manager

(note: my sata drive is called ad10 by the kernel (you will see it in the 
partitioning process) but the boot loader found it as disk1 (you read it at 
the booting process))
 Label -> create following slice scheme:
 100MB / ad10s1a (ignore warning)
 400MB /boot ad10s1d
 1024MB swap ad10s1b
 5120MB /tmp ad10s1e
 5120MB /var ad10s1f
 remaining /usr ad10s1g

(the following step is necessary to fool sysinstall as he doesn't allow you 
to put in slice 'a' anything else than / )
Before continuing you have to change mount points names:
 / will be /boot, and /boot will be / 

The final scheme have to be like this:
 100MB /boot ad10s1a
 400MB / ad10s1d
 1024MB swap ad10s1b
 5120MB /tmp ad10s1e
 5120MB /var ad10s1f
 remaining /usr ad10s1g
(note: set size of swap, /tmp, /var and /usr at your needs. You maybe want a
 separate /home. If you want one big / , set ad10s1d to be large for entire 
disk minus the swap space)
Finish editing slices if you are sure that /boot is on slice 'a'.

Distribution -> select smallest system possible:
- select Custom
- select base, kernels, man

And finally commit.
Once he have done, exit sysinstall and return to the console

Mount the newly created system in the live system:
# mount /dev/ad10s1d /mnt

Place booting files in /mnt/mntboot/boot/ and create a link:
# cd /mnt/
# rmdir boot
# mkdir mntboot
# mount /dev/ad10s1a /mnt/mntboot
# cd mntboot
# mkdir tmp
# mv * tmp
# mv tmp boot
# cd /mnt/
# ln -s mntboot/boot boot

Make a backup of our minimal /tmp, /var and /usr:
# cd /mnt
# mount /dev/ad10s1e tmp
# mount /dev/ad10s1f var
# mount /dev/ad10s1g usr
# tar cf back.tar tmp var usr
# umount /mnt/tmp /mnt/var /mnt/usr

Plug in usb pendrive for storing key, it should appear as /dev/da0
# mkdir /mnt/etc/geli
# newfs_msdos -F32  /dev/da0
# mount_msdosfs /dev/da0 /mnt/mnt

Create key-files and initiate encrypted slices for /tmp, /var and /usr
# dd if=/dev/random of=/mnt/etc/geli/TAYGETA_tmp.key1 bs=64 count=1
# dd if=/dev/random of=/mnt/mnt/TAYGETA_tmp.key2 bs=64 count=1
# dd if=/dev/random of=/dev/ad10s1e bs=1m
# cat /mnt/etc/geli/TAYGETA_tmp.key1 /mnt/mnt/TAYGETA_tmp.key2 | \
   geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1e
# cat /mnt/etc/geli/TAYGETA_tmp.key1 /mnt/mnt/TAYGETA_tmp.key2 | \
   geli attach -p -k - /dev/ad10s1e
# newfs -O2 -U /dev/ad10s1e.eli
# mount /dev/ad10s1e.eli /mnt/tmp

# dd if=/dev/random of=/mnt/etc/geli/TAYGETA_var.key1 bs=64 count=1
# dd if=/dev/random of=/mnt/mnt/TAYGETA_var.key2 bs=64 count=1
# dd if=/dev/random of=/dev/ad10s1f bs=1m
# cat /mnt/etc/geli/TAYGETA_var.key1 /mnt/mnt/TAYGETA_var.key2 | \
   geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1f
# cat /mnt/etc/geli/TAYGETA_var.key1 /mnt/mnt/TAYGETA_var.key2 | \
   geli attach -p -k - /dev/ad10s1f
# newfs -O2 -U /dev/ad10s1f.eli
# mount /dev/ad10s1f.eli /mnt/var

# dd if=/dev/random of=/mnt/etc/geli/TAYGETA_usr.key1 bs=64 count=1
# dd if=/dev/random of=/mnt/mnt/TAYGETA_usr.key2 bs=64 count=1
# dd if=/dev/random of=/dev/ad10s1g bs=1m
# cat /mnt/etc/geli/TAYGETA_usr.key1 /mnt/mnt/TAYGETA_usr.key2 | \
   geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1g
# cat /mnt/etc/geli/TAYGETA_usr.key1 /mnt/mnt/TAYGETA_usr.key2 | \
   geli attach -p -k - /dev/ad10s1g
# newfs -O2 -U /dev/ad10s1g.eli
# mount /dev/ad10s1g.eli /mnt/usr

Randomize swap slice:
# dd if=/dev/random of=/dev/ad10s1b bs=1m

Edit file for correct booting process:
# ee /mnt/boot/loader.conf

currdev="disk1s1a" # current slice containing /boot
rootdev="disk1s1d" # slice containing / in a way that loader understand
vfs.root.mountfrom="ufs:ad10s1d.eli" # slice containing / in a way that 
kernel understand

Populate directories:
# cd /mnt
# tar xf back.tar
# rm back.tar 
# umount /mnt/tmp /mnt/var /mnt/usr /mnt/mnt /mnt/mntboot

Make a backup of the root
# cd /mnt
# mount /dev/ad10s1e.eli /mnt2
# tar cf /mnt2/back.tar *

And encrypt it. Don't forget the passphrase you will be asked for!
# cd /
# umount /mnt
# geli init -e AES -l 128 -s 4096 -b /dev/ad10s1d
# geli attach /dev/ad10s1d 
# newfs -O2 -U /dev/ad10s1d.eli
# mount /dev/ad10s1d.eli /mnt
# cd /mnt
# tar xf /mnt2/back.tar
# rm /mnt2/back.tar
# umount /mnt2

Finally edit important files to correctly load system:
# ee /mnt/etc/fstab
/dev/ad10s1a	/mntboot	ufs	ro	1	1
/dev/ad10s1b.eli	none	swap	sw	0	0
/dev/ad10s1d.eli	/	ufs	rw	1	1
/dev/acd0	/cdrom	cd9660	ro,noauto	0	0
/dev/ad10s1e.eli    /tmp   ufs rw  1   1
/dev/ad10s1f.eli    /var  ufs rw  1   1
/dev/ad10s1g.eli    /usr   ufs rw  1   1

Edit /mnt/etc/rc.conf
# ee /mnt/etc/rc.conf
[add the following line]
geli_swap_flags="-e Blowfish -l 256 -d"

Manually change /etc/rc.d/geli (change "da0" with your pendrive partition)
# ee /mnt/etc/rc.d/geli

[in "geli_start()" add before "for provider in ${devices}"]

       while(true); do
                /sbin/mount_msdosfs /dev/da0 /mnt > /dev/null
                if [ $? -eq 0 ]; then
                echo "Pendrive missing!"
                sleep 3;
        echo "Pendrive found, initializing slices."

        /bin/cat /etc/geli/TAYGETA_tmp.key1 /mnt/TAYGETA_tmp.key2 | \
                /sbin/geli attach -p -k - /dev/ad10s1e
        /bin/cat /etc/geli/TAYGETA_var.key1 /mnt/TAYGETA_var.key2 | \
                /sbin/geli attach -p -k - /dev/ad10s1f
        /bin/cat /etc/geli/TAYGETA_usr.key1 /mnt/TAYGETA_usr.key2 | \
                /sbin/geli attach -p -k - /dev/ad10s1g

        /sbin/umount /dev/da0 /mnt

[and comment out the rest of geli_start() function]

# umount /mnt
# exit

Reboot computer and remove freebsd cdrom. And make a pendrive copy to put in safe place, maybe bank or more secure :D

top   go to page: 1     single page
apache php i prefer firefox W3C html 4.0 compliant W3C css compliant
This website uses only essential technical cookies.
Emmanuel Roberto Richiardone (e AT richiardone DOT eu)

All contents, where applicable and except otherwise specified, are present under GPLv2 or GFDL licenses.
E. Richiardone (e AT richiardone DOT eu)

page viewed 6294 times and generated in 0.00304 s