00:57:19 Hoping that someone had some insight that might get me unstuck here. FreeBSD 15 working with openldap and sssd2. When I am using pam_ldap I can authenticate ldap users, however when I swap in pam_sss, I'm getting this error. login[3327]: Request to sssd failed. Unexpected format of the server credential message. 03:21:11 heston76: is that it for logs? 03:38:28 is there a way to get the fn+up arrow/fn+down arrow brightness controls to work on commandline? 03:58:24 bz, For the text vt console? For X Windows? (I build this feature myself on my Devuan laptop. For both.) 04:00:56 vt console 04:01:22 i have a dell latitude 3180 laptop 04:02:28 i just installed freebsd 15 on it the other day most stuff is working so far, just had to set hint.sdhci_pci.0.disabled="1" in /boot/device.hints to get around a boot loop problem caused by the microsd card reader 04:02:45 and theres a bunch of weird acpi warnings that ive just been ignoring 04:03:20 i think ive always had issues getting volume and brightness keys to work on regular vt console in the past i just forget what i did to fix it in the past 04:03:25 I run FreeBSD headless on most machines but I have not personally run it on laptops. But... 04:03:28 on both linux and bsd 04:03:37 My understanding is that there is a backlight driver. https://man.freebsd.org/cgi/man.cgi?query=backlight&apropos=0&sektion=8 04:03:49 its gotten a lot better with laptop support over the years 04:03:59 definitely improved since the last time i tried running it on a laptop 04:04:19 I don't have /dev/backlight/* so I assume a kernel module needs to be loaded for it. 04:04:32 yeah i can set the backlight with the backlight command so the driver works fine, its just the fn key combinations on the keyboard dont work 04:04:45 maybe i have to manually bind them somehow 04:06:57 i think the fn key in general is not working 04:07:11 when i run show key and press fn or any fn key combinations nothing appears 04:07:56 might need to enable usbhid 04:16:51 rtprio: I turned up the debug logs and this is what I can gather from the pam logs. https://pastebin.com/wmk4KVBy 04:20:13 bz, My network dropped out entirely between then and now. Usually those are ACPI events. I don't know how that works on FreeBSD but I wrote this article for use on Devuan/Debian. https://www.proulx.com/~bob/doc/thinkpad-x220-laptop-keys/thinkpad-x220-laptop-keys.html 04:20:32 I am not saying that will help directly. But maybe some ideas from there can be applied and then doing it on FreeBSD. 04:37:41 https://termbin.com/i1gb 04:37:45 heres my dmesg output 04:37:59 i think im missing some firmware but im not sure what to install 06:37:55 heston76: that is not that helpful eh 06:38:29 i would turn to wireshark, if it were my system 06:38:47 probably a lot quicker than the logs 11:36:13 So I added “scrub in all” to my pf rules, I added it below “set skip on lo0” and above all my pass and block rules. But its giving me a syntax error that “Rules must be in order”. But it seems like they are in order? 11:49:59 hi. i have a question about the "tabs" utility. i _think_ it doesn't comply with posix, specifically for the form "tabs n1,n2...", for instance with this command line: tabs 8; printf '\tx\tx\tx\n'; tabs 8,16,24,32; printf '\tx\tx\tx\n' 11:51:28 "tabs 8" resets it to normal every 8 chars, then it prints "x" 3 times, then sets the tabs with these values, then tries it again. as far as i can tell, according to posix the two lines should print the "x"s at the same columns, but they're not. 11:52:26 ncurses seems to behave the same, and as far as i can tell freebsd's tabs and ncurses ones are independent of eachother. 11:54:03 tabs was added to freebsd in 2002, to conform with SUSv3 from 2001. the spec then looks identical to today (i do have the susv3 pdf's). today it's: https://pubs.opengroup.org/onlinepubs/9799919799/utilities/tabs.html 11:54:33 note specifically the note "The phrase "tab-stop position N" shall be taken to mean that, from the start of a line of output, tabbing to position N shall cause the next character output to be in the (N+1)th column position on that line." 11:55:22 and the spec for the argument n1,n2,... is: "A single command line argument that consists of one or more tab-stop values (n) separated by a separator character (sep) which is either a or a character." 11:55:31 which uses they same language of "tab stops" 11:56:36 correction, the first command at my example above should have been "tabs -8" or just "tabs" (both reset it to every 8 columns, but "tabs 8" sets a single tab stop) 11:59:17 "ncurses seems to behave the same" <-- ie "tabs" which ships with ncurses, which was tested on ubuntu. 12:07:02 rtprio: Yeha, not much, and the tcpdump will just show me what we know. It's not happy with the credintial format that pam_ldap has no issues with. Same format that is documented https://sssd.io/docs/ldap/ldap-introduction.html & https://docs.freebsd.org/en/books/handbook/network-servers/#network-ldap . I may end up looking at going kerberos for pam. I've got nss configured to use sss and lookups with id user are bringing back valid results from the d 12:09:37 avih: tabs(1) "This uses the terminfo clear_all_tabs and set_tab capabilities." so I guess it depends on your terminal emulator and the ncurses version can only use the same interface 12:11:38 nimaje: thanks. mind checking it with your terminal? also, mind reading the spec and tell me what you think that command should do? it's possible i'm misinterpreting the spec... 12:15:42 it is a valid point though that the freebsd tabs does end up using ncurses, so they're not completely separate. another hypothesis i had is that today's terminal emulators don't interpret "st" correctly. 12:16:19 but first thing first: someone to reproduce my results, and second opinion on whether these result do or don't comply with posix 12:18:50 nimaje: do you know whether frebsd uses up to date ncurses from invisible-island? or does it maintain its own version? 12:18:55 +e 12:21:58 ok, tabs -d shows that it doesn't behave like posix specifies 'The phrase "tab-stop position N" shall be taken to mean that, from the start of a line of output, tabbing to position N shall cause the next character output to be in the (N+1)th column position on that line.' for the explicite tablist case, it puts the markers on the Nth position, instead of on the (N+1)th position 12:23:05 huh, your tabs supports -d? i tried with freebsd 12 which doesn't support it (on ubuntu it is supported) 12:26:42 and yeah, assuming by "tabd -d" you mean "tabs -d 8,16,..." then yeah, that's what i mean, and on ubuntu which has -d it does show too 12:26:47 tabs* 12:29:59 nimaje: fwiw, another hypothesis i had is that the language in susv2 is less clear, and it doesn't doesn't have that (N+1)th comment, but it does say that column count starts at 1. so i'm thinking maybe someone implemented it according to susv2 rather than susv3, and no one tested it for conformance or noticed it since then? 12:47:26 well, the language in susv2 IS less clear. I do have the pdf. the hypothesis is that they implemented it without looking at susv3 12:48:31 the earliest susv3 copy i have is from december 2001, and it already has the N+1 comment. 12:57:19 rtprio: Well, I found machting symptoms here, last issue on the list. https://sssd.io/troubleshooting/ldap_provider.html Added ldap_id_use_start_tls = true and restarted, but no change. The tcpdump was also interesting, in that it demonstrated that there was no attempt to connect to ldap when trying to authenticate. 13:39:20 GoSox: before scrub only X=... and then set ... ? is the error pointing to the scrub-line? does the config work without the scrub-line? 15:24:37 GoSox, Typical pfctl error message emit this message: Rules must be in order: options, ethernet, normalization, queueing, translation, filtering 15:24:51 Interesting that it does not mention Macros nor Tables there. 17:07:34 perhaps those are just shell expansions that need to come anytime before they are referred to 17:08:51 at the top of my /etc/pf.conf, i put: ## macros -> tables -> options -> traffic normalization -> queueing -> translation (NAT) -> packet filtering 17:09:53 scrub is in the traffic normalization section, after set skip on lo, and before nat and rdr rules 17:54:44 heston76: the ldap server is freebsd? 19:12:53 rtprio: Yeah, openldap FreeBSD 15 as well 19:13:50 I know it's got to be something simple that I am just overlooking. 21:27:10 what happened to the intel-backlight package? 21:27:49 im still trying to get the brightness keys to work in console mode on this dell laptop 21:28:00 also the screen doesn't blank or go to sleep when i close the laptop lid 21:28:27 i figure it has something to do with the acpi errors i saw in dmesg, probably missing firmware of some kind but im not sure what to look for 22:18:07 ridcully: yes the error does point to the scrub line and it does work fine with the scrub line commented out. Maybe its the tables, the tables are defined after the scrub, ill try rearranging that 22:24:37 GoSox, Post your pf.conf file to a pastebin for us to review? 22:33:22 It would appear I somehow botched my 15.0 upgrade of this machine such that I get `ld-elf.so.1: Shared object "libssl.so.35" not found, required by "openssl"` Is there a simple way to just untar a new userland set of binaries and libraries onto the volume 22:34:56 i.e. fetching `https://download.freebsd.org/releases/amd64/15.0-RELEASE/base.txz` 22:41:48 rtyler, you were updating your 15 install or you were upgrading to *15*? 22:42:00 upgrading to 15 22:42:16 what does freebsd-update do? 22:42:21 hm 22:42:48 it complains xD because it needs libssl, surprisingly fetch was able to fetch base.txz from HTTPs so that must be statically linked 22:44:21 hmm, i don't know what would be the best to do, sorry 22:44:24 I just did a zfs snapshot, I think I'm gonna give unpacking base.txz a try :) 22:44:43 _what could possibly go wrong_ 22:45:21 good luck, hehe 22:45:29 i wonder if snapshot would be as good as a boot environment 22:46:11 that seems to have put the missing files into the right place for at least `freebsd-update fetch` to run correctly now 22:46:23 i see 22:47:14 basically `tar -k -C / -zxvf base.txz` 23:03:26 is there a preferred pastebin fo rthis sub? 23:08:22 hmmm, http://pkg0.syd.freebsd.org/FreeBSD:15:amd64/latest/ = 403 23:08:58 rwp and anyone else who is interested, these are my firewall rules: 23:08:59 https://pastebin.com/zGmdAa9j 23:09:14 line 3, the ‘scrub in all’ is commented out because it complains about order 23:09:28 also line 13 is commented out but thats unrelated 23:09:57 i’m not on the servers right now but based on what ive seen, it might just be a matter of putting the tables above the scrub line 23:23:18 nope putting the tables above the scrub still gives the order error. What does the “set skip on lo0” line actually do? 23:25:19 the google says its needed for network function, guess ill try putting scrub above that 23:26:54 nope still complaining about the order. I have no idea where this thing wants the scrub rule to go