I have been running these systems for a few years now and I am just very happy with them. I just wanted to share the manual that I have created for upgrades and other things. Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I always use the hardware I do not need anymore.
Important:
I want to point out that al actions below will destroy all your data on your hard drive, you have been warned!
I have used this manual on FreeBSD 6.2 and now I am rewriting it for FreeBSD 8.1 -- there are some slight changes. The original of this article is in Dutch, so please forgive me for translation problems. Okay! Enough mumbo-Jumbo! Let's start this 100+ steps manual.
A word from the FreeBSD hoodMy BSD02 Server is a big tower from 1995 (modified, of course) with a motherboard: Compaq: Compaq Deskpro EN (933 Mhz). My dad taught me to use the saw on metal, and the power drill.
The first time I encountered to following error:
Fatal trap 12: page fault while in kernel mode
fault virtual adress = 0x1
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc06a6b14
stack pointer = 0x28:0xcbf3b670
frame pointer = 0x28:0xcbf3b670
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2 (g_event)
trap number = 12
panic: page fault
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
Select allOpen in new window
What a drag... and more time to listen to some more music.
I just did this:
Disable all power options in the BIOS Who needs them anyway? Just like cars, burn as much as you can!
And then the keyboard responded 50% of the time intermitted:
>Number: 105368
>Category: kern
>Synopsis: geli passphrase prompt malfunctioning when mounting encrypted fs at boot time
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 10 10:10:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Jost Menke
>Release: 6.2-BETA3, also tested 6.1-RELEASE
>Organization:
>Environment:
FreeBSD 6.2-BETA3 FreeBSD 6.2-BETA3 #0: Mon Oct 30 22:04:37 UTC 2006 root at o
pus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
When running FreeBSD 6.2-BETA3 or 6.1-RELEASE in a VMware session with encrypted root filesystem, the geli password prompt does not work when the root fs is mounted at boot time. I put kern.geom.eli.visible_passphrase=1 into /boot/loader.conf to see what's wrong, result: the keyboard doesn't work at all. When kbdmux is deactivated by putting hint.kbdmux.0.disabled="1" into /boot/device.hints, the behaviour changes: Keyboard partly works, but about 90% of all keystrokes are lost. The problem only seems to occur when mounting encrypted volumes at boot time. Other people on the mailing list report similar problems running FreeBSD on real hardware.
>How-To-Repeat:
- Install 6.2-BETA3 or 6.1-RELEASE with encrypted root fs in VMware player
- Put kern.geom.eli.visible_passphrase=1 into /boot/loader.conf
- Also try to put hint.kbdmux.0.disabled="1" into /boot/device.hints
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
The solution to all this grief is:
Stop: hint.kbdmux.0.disabled="1"
in
/mnt/boot/device.hints is the solution. Also I put dcons_load=”NO” in
/mnt/boot/loader.conf Configure future Harddisk
The harddisk that you are going to use to boot from in the future- 1
Configuring hdd as Primary hdd
Of course, at home, I use cheapass hardware. Put your hdd that you are going to use as boot drive on the primary controller as Master and make sure the BIOS starts from a working CD-ROM drive.
Tip: Keep in mind that some hard drive with a special jumper setting will be seen as single hard drive.
- 2
Start FreeBSD installation
Start the FreeBSD Installation from CD/dvd
Choose your country, mine is Netherlands
Choose the standard installation
- 4
You will be send to a FDISK-alike program
You will be send to a Fdisk alike program
Choose
ad0 to configure.
- 6
Make a 12000 MB (becomes ad0s1)
Make a 12000 MB (this becomes ad0s1)
Fill up the empty space on your hdd (becomes ad0s2)
Standard FreeBSD configures the following:
Part - Mount - Size - Newfs
ad0s1a - / - 512MB - UFS2 - Y
ad0s1b - swap - 732MB - SWAP -
ad0s1d - /var - 1390MB - UFS2+S - Y
ad0s1e - /tmp - 512MB - UFS2+S - Y
ad0s1f - /usr - Rest - UFS2+S - Y
1:
2:
3:
4:
5:
6:
Select allOpen in new window
The numbers above are just to low for today's needs, so I change them to:
Part - Mount - Size - Newfs
ad0s1a - / - 2000MB - UFS2 - Y
ad0s1b - swap - 1000MB - SWAP -
ad0s1d - /var - 2000MB - UFS2+S - Y
ad0s1e - /tmp - 1000MB - UFS2+S - Y
ad0s1f - /usr - Rest - UFS2+S - Y
1:
2:
3:
4:
5:
6:
Select allOpen in new window
if you need more you can fondle around with these values.
Choose Q (Quit)
Choose BootMgr
Don't choose the first options I will always get an error
Invalid partition table
Choose OK
- 12
Time to setup separate partitions
Now it is Time to setup separate partitions, Choose ad0s1 (with your arrow keys)
Listen to: Listen to: Body Movin'
Choose A for Defaullts
Part: Mount: Size: Newfs
ad0s1a / 512MB UFS2
ad0s1b swap 486MB SWAP
ad0s1d /var 1267MB UFS2+S
ad0s1e /tmp 512MB UFS2+S
ad0s1f /usr 1221MB UFS2+S
1:
2:
3:
4:
5:
6:
Select allOpen in new window
If you got a bigger hdd than 10GB, change
ad0s1a to 10GB
ad0s1b to 3GB
ad0s1D to 10GB
ad0s1E to 10GB
ad0s1f to (the rest that is left)
(And yes you can just enter 10GB)
Drink it up!
Press Q to Leave
- 17
User (binaries and doc only)
Choose User (binaries and doc only)
Then choose your documentation language, I use en English Documentation
- 18
Say [NO] on FreeBSD ports selection, choose [OK]
Say [NO] on FreeBSD ports selection, choose [OK]
- 19
Choose Install from a FreeBSD CD/DVD
Choose Install from a FreeBSD CD/DVD
Choose [OK]
Are you sure? [YES] (File system is written, and installation started)
Please wait until all is installed
- 22
Configure Ethernet or SLIP/PP network devices?
Configure Ethernet or SLIP/PP network devices? [NO]
- 23
function as a network gateway?
function as a network gateway? [No]
- 24
configure inetd and the network services that it provides?
configure inetd and the network services that it provides? [No]
- 25
like to enable SSH login? [YES]
like to enable SSH login? [YES] (Always handy to change configurations with SSH from a working machine)
- 26
Do you want anonymous FTP access?
Do you want anonymous FTP access? [No] (Never do this or the software kiddies will get you)
NFS Server? [NO]
BFS Client [NO]
- 29
customize your system console settings? ]NO]
customize your system console settings? ]NO]
Time Zone? [YES]
- 31
28. CMOS clock set to UTC… [NO]
28. CMOS clock set to UTC… [NO]
Choose 8. Europe (Or another continent, you will figure this out)
My country is Netherlands
CET reasonable? [YES]
- 35
enable Linux binary compatibility? [NO]
enable Linux binary compatibility? [NO] (I like to keep it as stable as possible)
- 36
PS/2, serial or BUS mouse? [NO]
PS/2, serial or BUS mouse? [NO] (Hardcore people use the keyboard)
- 37
FreeBSD package collection? [NO]
FreeBSD package collection? [NO] (We will install this on the encrypted partition later)
- 38
additional accounts to the system? [YES]
additional accounts to the system? [YES]
Add a user with the details you want
Set password for Root.
Remark! Use a different root password in the unencrypted part (this part) than on the encrypted part.
Type your password {ENTER}
Type it again {ENTER}
Visit the general configuration menu for a chance to set any last options? [No]
[X] Exit install. {ENTER}
Are you sure you wish to exit? The system will reboot [Yes]
CD will be ejected
[Ok]
Power down the machine as soon as the bios screen is visible.
Configurate temporary Harddisk
The harddisk that you are going to use for one or time Turn the computer off, disconnect the harddisk from the steps above and connect the other Temporary hdd as primary master slave.
Boot from the FreeBSD cdrom that you have used in the above steps.
Do not use a different FreeBSD version, there are differences in the versions!- 46
Choose standard installation
Choose standard installation
- 47
You will be send to Fdisk
You will be sent to a fdisk a like program. Create one slice [C], choose the default value (Whole harddisk). (If you are using a harddisk that is a bit broken, make this slice smaller).
Press [Q] to leave.
Select Boot Manager and choose [OK]
Part - Mount - Size - Newfs
ad0s1a - / - 2000MB - UFS2 - Y
ad0s1b - swap - 1000MB - SWAP -
ad0s1d - /var - 2000MB - UFS2+S - Y
ad0s1e - /tmp - 1000MB - UFS2+S - Y
ad0s1f - /usr - Rest - UFS2+S - Y
1:
2:
3:
4:
5:
6:
Select allOpen in new window
Press Q to leave Fdisk
Select 6 User Average user.....
Select en English Documentation
- 53
No FreeBSD ports selection
Select [No] FreeBSD ports selection
Select CD/DVD - Install from a FreeBSD CD/DVD
Select [Yes] to install
Wait a moment for FreeBSD to do the installation
- 56
Configure Ethernet or SLIP/PP network devices? [NO]
Configure Ethernet or SLIP/PP network devices? [NO]
- 57
function as a network gateway? [NO]
function as a network gateway? [NO]
- 58
configure inetd and the network services that it provides? [NO]
configure inetd and the network services that it provides? [NO]
- 59
like to enable SSH login? [YES]
like to enable SSH login? [YES]
- 60
Do you want anonymous FTP access? [NO]
Do you want anonymous FTP access? [NO]
NFS Server? [NO]
NFS Client [NO]
- 63
customize your system console settings? ]NO]
customize your system console settings? ]NO]
Time Zone? [YES], Is this machine's CMOS clock set to UTC? [No]
Select 8. Europe
34. Netherlands, Does the abbreviation `CEST` look reasonable? [Yes]
- 67
FreeBSD package collection
FreeBSD package collection [No]
- 68
additional accounts to the system? [YES]
Additional accounts to the system? [YES]
Enter the credentials for the extra user
[X] Exit
Set root password, do not enter the same root password as the one you are going to use for the encrypted part.
- 71
Visit general configuration menu for a change to set any last options? [NO]
Visit general configuration menu for a change to set any last options? [NO]
[X] Exit install, Are you sure you wish to exit? The system will reboot [Yes]
- 73
Are you sure you wish to exit
Are you sure you wish to exit [Yes], Sure to remove media from the drive: [Ok]
- 74
Turn off system when you see the BIOS screen
Turn off system when you see the BIOS screen
Make the encryption partition
=======================
- 75
Connect both harddisks to the system
Connect both harddisks to the system
Don't forget to set the harddisk to Master, if this harddisk has a separate setting for single harddisk.
Enter the BIOS and disable booting from CDROM and make sure that you boot from harddisk temporary harddisk.
Log in under Root
Check your devices
Type:
Check if you see /ad0s2 (Hard disk 0 Slice 2). In some cases the device where you want to install your encrypted Freebsd can be /ad1s2, ad2s2 or even ad6s2. Be sure to check for s2.
- 79
Initialize the partition for encryption
Initialise the partition for encryption
Type:
{ENTER}
Keep in mind that this can be different on your system, mostly my code will work without any problems
You will be asked:
Enter a long password for the encrypted partition that nobody knows.
You need to enter this everytime you start your system!- 81
Enter your passphrase a second time
Enter your passphrase a second time, if everything is ok you will be prompted:
if not, enter the command again and try again.
Yes encryption is native
- 82
Attach the drive to FreeBSD
Attach the drive to FreeBSD
Type:
You can find the device (/dev/ad0s2) in /dev directory- 83
Enter passphrase 1 time
Enter the passphrase that you have entered before to unlock the encrypted partition.
When everything goes well you will see:
- 84
Arrange the partitions on the encrypted hdd
It's time to arrange the encrypted slice with partitions for the operating system.
{ENTER}
{ENTER}
Remember that ad0s2 can be something different on other systems, especially with IDE and Sata onboard- 85
Edit partitions in slice with vi
An Editor will be started (
vi)
Enter the following!
# /dev/ad0s2.eli:
8 partitions:
# size offset fstype [fsize bsize bps/cpg]
a: 500000 0 4.2BSD 0 0
b: 236328 500000 swap 0 0
c: ?????? 0 unused 0 0 # don’t edit
d: 618164 736328 4.2BSD 0 0
e: 250000 1354492 4.2BSD 0 0
f: * 1604492 4.2BSD 0 0
1:
2:
3:
4:
5:
6:
7:
8:
9:
Select allOpen in new window
I=Insert [ESC=end Insert], x = remove one characterDon't remove the character C, but MOVE the character cArrange everything with TABs to get it underneath each other
Press [ESC] to release insert, press
:w to write the file, and then press
:q to quit.
When no error appears all is well!
- 87
Check if the encrypted devices are made
To Check if the encrypted devices are made and visible to the system type:
And search for ad0s2.eli, ad0s2.elia, ad0s2.elib, ad0s2.elid, ad0s2.elie, ad0s2.elif
- 88
Format the new encrypted partitions
It's time to format those new encrypted partitions
You will see some data over your devices and how many
inodes your partition will have.
/dev/ad0s2.elia: 488.3 MB (1000000 sectors) block size 16384, fragment size 4096
using 4 cylinder groups of 122.08MB, 7813 blks, 31296 inodes.
super-block backups (for fsck –b #) at:
160, 250176, 500192, 750208
1:
2:
3:
4:
Select allOpen in new window
The switch -i 1024 will make it possible to write a lot of small files
- 89
Don't format swap, but the next
We don't need to format the swap partition, this is just a scratch disc so the next command will be:
After the /var we are going to format the /tmp partition:
- 91
format elif (the rest of the slice)
Format .elif, with this partition it is also very important to write a lot of files, especially because we are going to install the FreeBSD Ports collection.
Now your screen will fill up with a lot of numbers (This is formatting under linux, it gives me peace of mind)
- 92
Installing the OS encrypted style
Now all encrypted partitions are formatted we are going to install the OS, again use the same OS version as used on all the other partitions.
The first step, make a directory:
We can use this directory to mount the encrypted partition- 93
Connect encrypted partition
We are going to connect the encrypted partition
- 94
Create directorys for the OS
Create all the directory's that are needed for FreeBSD
- 95
Mount all partitions for OS
Mount all the OS partitions:
Copy FreeBSD OS to encrypted partition.
Set the directory and switch from command-line shell
Insert the FreeBSD install cd/dvd and mount it
Go to the FreeBSD release directory
- 99
Are you sure to write to /fixed
You are about to extract the base distribution into /fixed/ - are you SURE you want to do this over your installed system (y/n)?
when it says /fixed/ [Y]
- 0
STEPS 100 and higher begin here.
The kernel files need to be installed separately
We need some info, so we install the help pages
Arrows up and down do the same as under MS-DOS, you can scroll through your commands
- 3
Mount the future boot drive
Mount the drive where we are going to boot from:
Copy the boot directory to the unencrypted partition:
The files will roll over your screenTo speed up the boot process we will get the 2 files that are needed to boot:
- 6
Boot from encrypted partition please
Now we are going to tell FreeBSD to boot from the encrypted partition.
Change the fstab file to the following (Mostly change s1? to s2.eli?):
# Device Mountpoint Fstype Options Dump Pass#
/dev/ad0s2.elib none swap sw 0 0
/dev/ad0s2.elia / ufs rw 1 1
/dev/ad0s2.elie /tmp ufs rw 2 2
/dev/ad0s2.elif /usr ufs rw 2 2
/dev/ad0s2.elid /var ufs rw 2 2
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
1:
2:
3:
4:
5:
6:
7:
Select allOpen in new window
In fstab you can tell FreeBSD what to mount at bootup, be careful!! One mistake and you need to fix it in safe mode. I don't like that!
If you have a floppy drive in your system, you can add:
/dev/fd0 /fdd ufs rw,noauto 0 0 to fstab To save and close fstab, press [ESC], :w [ENTER], :q [ENTER]
- 9
Optional fdd mount directory
- 10
Mount directory for cdrom
Make a mount directory for the cdrom
- 11
Copy fstab to the encrypted part
Copy fstab to the encrypted partition
Prevent problems by disabling "kbdmux", on my compaq my keyboard would only respond 50% of the time.
Kbdmux is responsible for caching FireWire
- 13
Get password request at bootup
Tell FreeBSD to ask for the password of the encrypted partition at bootup:
ALL STEPS DONE!!!????? Shutdown the machine
Remove the power from the machine and disconnect the slave drive.
- 17
Start machine and goto Bios
Power on the machine and make sure the BIOS starts from your hard drive with the encrypted partition on it.
If everything goes right there will be asked for a password for ad0s2, Enter the password that you have provided to ELI and press Enter.
You have 3 changes to enter the correct code, if you fail 3 times you cannot acces your encrypted partition anymore. Instead just power off the machine and try again
Attention If you have a PS/2 connection for your keyboard use a PS/2 Keyboard, USB will be initialized when you can login with your user name.
When you login as root and you don't need to enter a password you are on the encrypted hdd.
For FreeBSD systems I always use Rocket Raid cards, these are always recognized by FreeBSD
I mainly use the FreeBSD server for storing files, at this time I have an Array of 8 TB, so I want to attach and encrypt this also.
First step go to the /dev directory to check for devices
Look for da0 or ar0
- 20
Make the big array encrypted
Encrypt your big drive also
Enter the passphrase for this array twice.
If all goes well you will be told where you can find the metadata backup.
Lets attach this big encrypted array:
Enter your Passphrase that you have provided.
If all goes well there will be printed:
Make partitions on the encrypted slice:
- 23
Change unused behind a:
[x] to delete characters, Press {I} to edit/insert, Change unused behind a: to 4.2BSD, [ESC], :w, :q
A lot of numbers will come by.
My highest number is: 15626930752 ;-)
Create a directory so we can mount the big array:
Type the following command to mount the big array:
- 27
Check the size of your hdd
Once I head a RocketRaid card that would not go higher than 2TB, and I found out after a copy job of 1 week. So be sure to NOT make this mistake, check the harddives:
You will see the partition size, how much is avaiable and the percentage that is used.
Now that we are sure all harddisk space is correct, change the fstab file so the array will be mounted on startup.
Add the following at the bottom of the fstab file:
- 29
Copy fstab to unencrypted
Mount and copy to the unencrypted part of the drive:
At startup you will be asked for the passphrase twice, one for ad0s2 and one for the da0
Enter the passphrases and login as root, further in this manual we will not login as root. I know this is not best practice.
Activate the Network
=================
- 32
Check name of network device
We got to know the name of the network device, so we look at the file: messages
Look for Ethernet address (You can search with /keyword), note the name, mine is: vr0To activate the network card type:
Choose
Configure Choose
Networking Choose
Interfaces In my case I choose vr0
Ipv6? No, DHCP [No].
- 39
Enter Network configuration
I use the following credentials:
Host: BSD0x
Ipv4 Gateway: 10.30.0.100
Nameserver: 10.30.0.100
Ipv4 Adress: 10.30.0.x
- 40
Bring xl0 interface up right now?
Bring xl0 interface up right now? [Yes]
Press [X], [ENTER], Press [X], [ENTER], [X]
Creating Users and Groups
======================
To add a user type:
Enter all fields, and use the default settings.
This is my list:
david:*:1001:
mariska:*:1002:
mysql:*:1003:rsync
ftp:*:1004:david
richard:*:1005:
speciaal:*:1006:david
locatedb:*:1007:
install:*:1008:rsync,locatedb.makelist
rsync:*:1009:
fotos:*:1010:david,mariska,rsync,locatedb,bezoeker,MCX1,tessa,makelist
readwww:*:1011:david,mariska,rsync,locatedb,MCX1,makelist
sound:*:1012:david,locatedb,rsync,makelist
emulator:*:1013:david,locatedb,rsync,makelist
bezoeker:*:1014:
copycopy:*:1015:
MCX1:*:1016:
tessa:*:1017:
bewoner:*:1018:david,mariska,rsync,locatedb,MCX1,makelist
makelist:*:1020:
copycop:*:1021:
rootmail:*:1022:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
Select allOpen in new window
When all users have been made, add the groups:
To edit the user groups use:
It will look like this:
bewoner:*:1018:david,maris
ka,rsync,l
ocatedb,MC
X1,makelis
t
After 1018: you can enter the user names that must have acces to that group.
Activate SSH
===========
Goto Sysinstall:
- 47
Configure, Networking, sshd
Configure, Networking, sshd, [OK], Exit, [Exit Install]
- 48
Check for ssh parameter
Edit rc.conf
Seach for
sshd_enable="YES"If it is not present add it yourself.
- 49
Reboot to make fingerprint
Reboot so FreeBSD make the fingerprint for SSH
After this reboot I usually login with ssh, don't forget to add a username to the Wheel group. FreeBSD does not accept external root acces.
Install Rsync (Synchronise data between systems)
=========================================
To install rsyncd insert the FreeBSD cd/DVD in your drive.
Type:
Choose Configure -> Packages -> CD/DVD
Choose Net -> rsync-x.x.x_x, place an X in front of it en choose [OK] and then [Install], [OK]
Leave sysinstall
Edit the file to edit the RsyncDEAMON
# rsyncd.conf - Example file, see rsyncd.conf(5)
#
# Set this if you want to stop rsync daemon with rc.d scripts
pid file = /var/run/rsyncd.pid
# Edit this file before running rsync daemon!!
uid = rsync
gid = rsync
use chroot = no
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid
#auth users =david, speciaal, copycop, copycopy
#secrets file = /usr/local/etc/rsyncd.secrets
[test]
path = /encrypt_a/tmp
comment = Test to sync the samba tmp directory
[encrypt_a]
path = /encrypt_a
[encrypt_a]
path = /encrypt_a
comment = Shared Directory Tree
auth users = copycop
hosts allow = 10.30.0.2
secrets file = /usr/local/etc/rsyncd.secrets
#[ftp]
# path = /var/ftp/pub
# comment = whole ftp area (approx 6.1 GB)
#[sambaftp]
# path = /var/ftp/pub/samba
# comment = Samba ftp area (approx 300 MB)
#[rsyncftp]
# path = /var/ftp/pub/rsync
# comment = rsync ftp area (approx 6 MB)
#[sambawww]
# path = /public_html/samba
# comment = Samba WWW pages (approx 240 MB)
#[cvs]
# path = /data/cvs
# comment = CVS repository (requires authentication)
# auth users = tridge, susan
# secrets file = /usr/local/etc/rsyncd.secrets
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
Select allOpen in new window
Change the rights of the configuration file:
- 57
Make a new password file
Make a password file for rsyncd:
Enter username:password
- 58
Edit the rights for secrets file
Also make this file not readable to the outisde world:
When an error appears "Auth failed at module…. " Than the rights for the configuration file and/or secrets file are wrong. Or check if you did not make a typo in the configuration file to the secrets file.
- 59
Enter this in rc.conf if there is data
When you have data on your disc, you can add the following line to /etc/rc.conf:
Sync your time with NTP
Since FreeBSD it is not needed to install NTP anymore, just open the file /etc/rc.conf.
- 61
Make file /etc/ntp.conf
Make the file: /etc/ntp.conf
File the NTP configuration file with:
# This is the configuration file for NTP
# (Network Time Protocol). More info at
# www.NTP.org
# This computer will act as a stratum 2 time
# server, by referencing the following 4 or
# more stratum 1 time servers:
server nl.pool.ntp.org iburst # Netherlands
server be.pool.ntp.org iburst # Belgium
server de.pool.ntp.org iburst # Germany
server fr.pool.ntp.org iburst # France
server es.pool.ntp.org iburst # Spain
# Since the clock on most PCs drifts around
# significantly, let's use a file to
# keep track of that drift and compensate
# for it:
driftfile /etc/ntp.drift
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
Select allOpen in new window
For alternate time servers visit:
http://www.pool.ntp.org/en/
Edit welcome Message
==================
- 63
Change the welcome message
Yes I like to know where I log in with my machine, so we change the welcome message. Open the motd
- 64
Empty the original message
Press
dd real quick to delete a line.
I add the following:
FreeBSD 8.1-RELEASE (BSD03) - 2010 /Node:3 (Original file:/etc/motd.bak)
Running:
- Apache2, Php 5, Mysql 5
- Pure-FTPd, SSH
- Samba 3
- NFS
IP: 10.30.0.4 / Gateway: 10.30.0.100
- FreeBSD Handbook: http://www.FreeBSD.org
- Use sysinstall to install additional Packages
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
Select allOpen in new window
Save it and it's done!
Install NFS to copy data
===================
To copy data the fastest way I use NFS, this is for FreeBSD the most efficient way.
Choose [Configure] -> [Networking], put an X in front of NFS client & NFS server.and select [OK].
There follows a warning that you have to configure: /etc/exports to allow hosts.
The configuration file will be opened, add the following line at the bottom:
- 72
Check if NFS is startup at startup
Type:
There should be two lines with NFS in it.
Try to mount the NFS share from another (FreeBSD) machine.
To copy file use the following command:
Remark The parameters: –Rpv will copy the owner and the date.
Want to be absolutely sure that all data is copied? Copy it twice with the command:
Remark The option "n" will prevent overwriting files that already exist.
When everything is copied, I advise you to place a hashtag "#" in front of the share in the file /etc/exports
Install Samba
==========
Install Samba so your window machine's can read the shares of FreeBSD.
I do not have much experience with samba 4, and there is not enough documentation about it, so this time I will choose samba3.
First we need to install the FreeBSD ports collection.
- 78
Start sysinstall for the ports collection
Type:
Choose Configure -> Distributions and place an "X" in front of Ports and select ok.
Choose cd/dvd and wait a moment to let the install complete the task.
- 80
Start samba installation
I assume that you have your network cable plugged in and have internet.
Type:
- 81
Choose the following options
LDAP
CUPS
WINBIND
SWAT
SYSLOG
POPT
Choose [OK]
- 82
(optional) pkg_delete tdb-1.2.0
I had a warning when I try to install Samba 34, I had to execute the command:
To delete a conflicting package.
Wait for FreeBSD to finish.
There will be asked if you would like to install LIBSIGSEGV, I did not place an X.
There will be asked to install a cups client, there is already an X and just leave it that way.
CUPS is for print services.
You will be asked to install openldap-client, standard SASL is off and FETCH is on, leave it that way.
You will get a notification that Samba is installed.
This port has installed the following startup scripts which may cause these network services to be started at boot time.
/usr/local/etc/rc.d/samba- 88
Edit the samba configuration file
- 89
Fill in the following parameters
After workgroup: Your workgroup name, I use Wayward
After Server string: The description of your server, I use BSD04 Samba Server
Add the string: time server = yes
After host allow: Add the ip adresses that have acces, I use: 10.30.0. 127. (So machine's with 10.30.0.x have acces and the localhost has acces)
To make shares you have to add the following lines:
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /encrypt_a/tmp
writeable = no
public = yes
1:
2:
3:
4:
5:
6:
Select allOpen in new window
Every user gets his own drive:
# Private-drives
#
[private]
comment = Eigen Prive directory op de Server
path = /encrypt_a/Private/%U
public = no
writeable = yes
browseable = no
1:
2:
3:
4:
5:
6:
7:
8:
Select allOpen in new window
On the Appz drive force the right directory rights:
[appz]
comment = Programma's, Games en dergelijke.
path = /encrypt_a/Appz
public = no
writeable = yes
browseable = no
force create mode = 0775
force directory mode = 0775
1:
2:
3:
4:
5:
6:
7:
8:
Select allOpen in new window
With the drive we share, I only want acces level user and group:
[ons]
comment = Gezamelijke schijf
path = /encrypt_a/Ons
public = no
writeable = yes
browseable = no
force create mode = 0770
force directory mode = 0770
1:
2:
3:
4:
5:
6:
7:
8:
Select allOpen in new window
and add the following lines:
- 91
Configure the user that may acces samba
You will be asked to enter the password for this user twice.
- 92
To only change the password drop -a parameter
Drop de
-a parameter to change the password of that user.
I always use the same usernames that I made in FreeBSD, so the usernames will be attached to the files the user save in the shares.
This was kinda new to me, an error while accessing the drives from a windows machine. The error:
getpeername failed. Error was Socket is not connectedA fast searched, and you just need to put the following line in /usr/local/etc/smb.conf:
Also a need error about Cups, I changed these lines in my smb.conf:
To make everything clear, here is a full dump of my smb.conf:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = Wayward
# server string is the equivalent of the NT Description field
server string = BSD03 Samba Server
## Samba Time Server?
#
time server =yes
## getpeername failed. Error was socket is not connected, solution:
#
smb ports = 139
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = user
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 10.30.0. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = no
# you may wish to override the location of the printcap file
printcap name = /dev/null
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
printing = bsd
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba34/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
; realm = MY_REALM
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/local/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# Charset settings
; display charset = koi8-r
; unix charset = koi8-r
; dos charset = cp866
# Use extended attributes to store file modes
; store dos attributes = yes
; map hidden = no
; map system = no
; map archive = no
# Use inherited ACLs for directories
; nt acl support = yes
; inherit acls = yes
; map acl inherit = yes
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba34
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
#-=-=-=-=-=-=-=-=-= My Shares =-=-=-=-=-=-=-=-=-=-
#################################################
# All drives on the backup server are read only
#
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /encrypt_a/tmp
writeable = no
public = yes
# Log share
#
[log]
comment = Log files of BSD03
path = /var/log
public = yes
writeable = no
browseable = no
# Private-drives
#
[private]
comment = Eigen Prive directory op de Server
path = /encrypt_a/Private/%U
public = no
writeable = yes
browseable = no
# Appz Drive
#
[appz]
comment = Programma's, Games en dergelijke.
path = /encrypt_a/Appz
public = no
writeable = yes
browseable = no
force create mode = 0775
force directory mode = 0775
# Special Drive
#
[special]
comment = Special Drives for: Ftp, Images, Sound, Apache
path = /encrypt_a/Special
public = no
writeable = yes
browseable = no
force create mode = 0775
force directory mode = 0775
# Media
#
[media]
comment = Media Audio, Video, Multimedia
path = /encrypt_a/Media
public = no
writeable = yes
browseable = no
force create mode = 0775
force directory mode = 0775
# Ons
#
[ons]
comment = Gezamelijke schijf
path = /encrypt_a/Ons
public = no
writeable = yes
browseable = no
force create mode = 0770
force directory mode = 0770
# Startup With batch files for connecting to BSD03
#
[startup]
comment = Batch files to connect to the BSD03 FreeBSD Server
path = /encrypt_a/Startup
public = yes
writeable = no
browseable = yes
# Share to dump all the Ghost images from dos
[image]
comment = Drive to dump all the Ghost image's to
path = /encrypt_a/Images
public = no
writeable = yes
browseable = yes
force create mode = 0775
force directory mode = 0775
# Shares for the Media Center
#
[video]
comment = Video Files for the media center
path = /encrypt_a/Media/movies
writeable = yes
browseable = yes
force create mode = 0775
force directory mode = 0775
[TV]
comment = Alle the tv programs we like to keep
path = /encrypt_a/Media/TV
writeable = yes
browsable = yes
force create mode = 0775
force directory mode = 0775
[pictures]
comment = All our pictures
path = /encrypt_a/Media/pictures
writeable = yes
browseable = yes
force create mode = 0775
force directory mode = 0775
[audio]
comment = All our avaible audio
path = /encrypt_a/Media/audio
writeable = yes
browseable = yes
force create mode = 0775
force directory mode = 0775
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
Select allOpen in new window
Install Pure FTPd (Php5, MySQL4.1, Apache22)
=====================================
The first step will be to install MySql 4.1 (PureFTPd cannot handle MySQL5).
- 97
Make the temp directory writable
- 0
STEPS 200 and higher begin here.
- 1
Select the following options
PRIVSEP
PERUSERLIMITS
THROTTLING
BANNER- 2
Start the installation of PureFTPd
Add PureFTPd to /etc/rc.conf to run it at startup.
- 6
Go to the directory with the example file
Go to the directory where an example file of pure-ftpd is.
- 8
Get the file for Mysql Needs
- 9
Edit the Pureftp conf file
- 10
Edit the following line
Search the following line and edit it
Username: ftp and fill in the rest of the questions.
You can always stop Pureftp with: /usr/local/etc/rc.d/pure-ftpd stop
Choose the standard options
- 14
Start apache at startup
Add the following lines at the bottom:
Select [APACHE], and then [OK]
Add the following two lines:
Search for /DirectoryIndex
And replace it with:
Save the configuration file.
- 19
Install php5 extensions
Select: MySQL, Posix, Session, and type:
Select UTF-8 Support and then [OK].
- 21
Restart the machine and check Apache
Restart the machine:
Check in a browser on the network by typing the ip adress of the FreeBSD server.
Your very own encrypted FreeBSD machine is ready for use.
