neat, found a kernel panic in mac_do :-)

brb

ivy: quick fix it before anyone notices

kevans: this code looks surprisingly in depth so i am just going to make a pr :-p

trigged by this fwiw: sysctl security.max.do.rules='gid=5>uid=*'

triggered

so i made a fbsd jail to use as a "shell box" and it seems like sssd can't run because root is not root in the jail

Macer: that is not normal, sshd works fine in jails unless you've configured something oddly

sssd

i'm trying to join it to AD

oh, sssd. but still, that should also work in a jail

SSSD couldn't load the configuration database [1432158324]: File ownership and permissions check failed

although i have found sssd on freebsd rather... unreliable in the past

yeah i typically use samba and winbind

(for freebsd)

but i figured i'd give sssd a go.. but it seems to not agree with a jail. i wonder if there is an option for sssd.conf to turn that check off

i assume you checked the file permissions on sssd.conf etc.? does anything look strange there? root is still uid 0 in a jail, so it shouldn't be able to tell the difference

oh ok. that's my fault

i forgot to change nsswitch.conf

i guess that's kind of important lol

hm. ok.

so auth is telling me that the authorization was successful... but it's not letting me login still heh

authentication success... then pam error. wth

that didn't seem to work. let me try with samba/winbind

if i can unearth a blog on how to do that

worked

i think i know where i went wrong with sssd too

but i already have samba+winbindd working for it

belated: my sssd experience is entirely with Linux but over there it's kind of a pain if sssd isn't packaged right, you have to explicitly import sssd's pam modules or else absolutely no authentication will work no matter how many times the AD controller gives you the green

Looking at the issues you had here, Macer, it looks like that might have been the case

i've never actually got sssd working on freebsd, last time i tried it either wouldn't load a valid configuration or would randomly SEGV

but that was a while ago, maybe it's improved since then

yeah. i typically take the krb5/samba/winbind approach with fbsd.

now to find out why bastille won't bootstrap bookworm

i wanted to try out a linux jail

do people actually like sssd?

i still have nightmares from having to administer it in a past life

Last time we tested it at work it was two commands to setup.

kevans: on RHEL it works great, i have nothing against it

I heard people talking about sssd and I didn't think twice but ran away immediately. Not screaming but whimpering quietly.

rwp: you prefer winbind?

skered: yeah it's usually fairly simple in linux .. not so sure about fbsd.

although i think my last attempt i was just messing up the pam files

i think the sss.so should have been placed above unix.so

which i noticed when doing winbind

ivy, I prefer not dealing with ActiveDirectory. (shudder)

yo

wut is this traditional distribution sets vs packages in freebsd 15?

('^' )?

unwrapped_monad: Sets are part of the FreeBSD system, some of which are mandatory, others are optional. And packages are 3rd party (as in not maintained directly by the FreeBSD core dev team) software.

Different from Linux, where every piece of software is essencially a package.

ooh i see

Actually, in the case of FreeBSD, only "base" is mandatory, the rest is optional.

You can enable "ports" to also have a Gentoo-like experience in addition to a package manager, enable "kernel" and "src" if you want to have the full FreeBSD source code locally (for customization and tweaking if you really have to), "lib32" if you need 32-bit libraries, and "tests" for...I don't know.

unwrapped_monad, You are asking and so I will say that most likely you will install the FreeBSD base system in the /usr tree and then will use pkg to install precompiled binary pkgs to the /usr/local tree. Packages aka pkgs are precompiled "ports" and ports are source code for self compiled packages.

The base system (at this time) is upgraded with freebsd-update to upgrade the base system. Packages aka pkgs are upgraded using pkg upgrade. These are managed separately. This is good because the base system is a consistent thing and your system is almost always reliably able to boot. And then everything not in base is a port and installed on top of the reliable base system.

does anybody know how i create a helper for rclone for fbsd?

in linux you just ln clone to mount.rclone

linking it to mount_rclone doesn't seem to work in fbsd

Never heard of rclone before.

well then

got it. the md at the bottom of that did the trick

it has to be rclonefs linked in /usr/local/bin

i can mount it on the host just not in a jail. fuse still can't be used inside jails?

oh i guess you can.. not sure where to put this though

2/ws 11