Re: System hangs at GDM login or a bit later...
Well, I've been trying a couple of kernels, 6.1.0-17/11, and with both the system freezes sometime in the way explained below. I did a RAM test which was passed successfully, but I guess I should also make a GPU RAM test, something I really don't know how to do. For the usual RAM I used MEMTEST86+ as a live ISO. Now I'm trying kernel subsubsub version 16 since a couple of days ago and the system has not frozen yet. But I'm not very optimistic. Anyway, how can I test GPU memory? Best regards. Il giorno dom, 31/03/2024 alle 23.20 +0200, nimrod ha scritto: > On Wed, 2024-03-27 at 18:32 -0400, Jeffrey Walton wrote: > > On Wed, Mar 27, 2024 at 4:47 PM nimrod wrote: > > > > > > I'm having this annoying behaviour from GDM (or something > > > related). > > > > > > Quite ofter, after the GDM login screen appears, the host freezes > > > completely: every input device is unresponsive, no ssh connection > > > from another host is possible any more, no CTRL+ALT+CANC/F1-F6 is > > > working. > > > > > > But the same happens also while I'm typing the username or the > > > password, or after the login screen disappears because the login > > > was successful, or even a bit after the dash has appeared at the > > > bottom of the screen. > > > > > > Looking at boot.log, the last line before the next boot reads "[ > > > OK ] Started gdm.service - GNOME Display Manager". > > > > > > Looking at syslog instead, the lines are not always the same, but > > > usually there is something like this: > > > > > > 2024-03-27T17:57:25.479168+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > > session[1831]: (II) Initializing extension RECORD > > > 2024-03-27T17:57:25.479455+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > > session[1831]: (II) Initializing extension DPMS > > > 2024-03-27T17:57:25.479734+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > > session[1831]: (II) Initializing ext2024-03- > > > 27T17:58:25.469753+01:00 SW-GIULIANO systemd-modules-load[394]: > > > Inserted module 'lp' > > > 2024-03-27T17:58:25.469853+01:00 SW-GIULIANO kernel: [ 0.00] > > > microcode: microcode updated early to revision 0xf4, date = 2023- > > > 02-23 > > > > > > Please note how the third line suddenly ends with "ext", followed > > > immediately by the first line written by the next boot sequence. > > > > > > The"gdm-x-session" lines above are just the last of a very long > > > list. I can provide other logs if requested. > > > > > > Any hint would be veri appreciated. > > > > Can you boot to a previous kernel? Hold SHIFT when the BiOS hands > > off > > to Grub to get the Grub menu. > > I went back to 6.1.0-17 kernel a couple of days ago and the system > didn't freeze so far. It's not enough to say the problem is solved, > because it is very random, but two days without freezing is > encouraging indeed. > > I'll let you know how is going, thanks. > > > > > If not, then ... maybe a hardware problem. Start with a memory > > checker. Then move on to disabling the GPU. > > > > Jeff > > >
Re: System hangs at GDM login or a bit later...
On Wed, 2024-03-27 at 18:32 -0400, Jeffrey Walton wrote: > On Wed, Mar 27, 2024 at 4:47 PM nimrod wrote: > > > > I'm having this annoying behaviour from GDM (or something related). > > > > Quite ofter, after the GDM login screen appears, the host freezes > > completely: every input device is unresponsive, no ssh connection > > from another host is possible any more, no CTRL+ALT+CANC/F1-F6 is > > working. > > > > But the same happens also while I'm typing the username or the > > password, or after the login screen disappears because the login > > was successful, or even a bit after the dash has appeared at the > > bottom of the screen. > > > > Looking at boot.log, the last line before the next boot reads "[ OK > > ] Started gdm.service - GNOME Display Manager". > > > > Looking at syslog instead, the lines are not always the same, but > > usually there is something like this: > > > > 2024-03-27T17:57:25.479168+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > session[1831]: (II) Initializing extension RECORD > > 2024-03-27T17:57:25.479455+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > session[1831]: (II) Initializing extension DPMS > > 2024-03-27T17:57:25.479734+01:00 SW-GIULIANO /usr/libexec/gdm-x- > > session[1831]: (II) Initializing ext2024-03- > > 27T17:58:25.469753+01:00 SW-GIULIANO systemd-modules-load[394]: > > Inserted module 'lp' > > 2024-03-27T17:58:25.469853+01:00 SW-GIULIANO kernel: [ 0.00] > > microcode: microcode updated early to revision 0xf4, date = 2023- > > 02-23 > > > > Please note how the third line suddenly ends with "ext", followed > > immediately by the first line written by the next boot sequence. > > > > The"gdm-x-session" lines above are just the last of a very long > > list. I can provide other logs if requested. > > > > Any hint would be veri appreciated. > > Can you boot to a previous kernel? Hold SHIFT when the BiOS hands off > to Grub to get the Grub menu. I went back to 6.1.0-17 kernel a couple of days ago and the system didn't freeze so far. It's not enough to say the problem is solved, because it is very random, but two days without freezing is encouraging indeed. I'll let you know how is going, thanks. > > If not, then ... maybe a hardware problem. Start with a memory > checker. Then move on to disabling the GPU. > > Jeff >
System hangs at GDM login or a bit later...
Hi, I'm having this annoying behaviour from GDM (or something related). Quite ofter, after the GDM login screen appears, the host freezes completely: every input device is unresponsive, no ssh connection from another host is possible any more, no CTRL+ALT+CANC/F1-F6 is working. But the same happens also while I'm typing the username or the password, or after the login screen disappears because the login was successful, or even a bit after the dash has appeared at the bottom of the screen. Looking at boot.log, the last line before the next boot reads "[ OK ] Started gdm.service - GNOME Display Manager". Looking at syslog instead, the lines are not always the same, but usually there is something like this: 2024-03-27T17:57:25.479168+01:00 SW-GIULIANO /usr/libexec/gdm-x- session[1831]: (II) Initializing extension RECORD 2024-03-27T17:57:25.479455+01:00 SW-GIULIANO /usr/libexec/gdm-x- session[1831]: (II) Initializing extension DPMS 2024-03-27T17:57:25.479734+01:00 SW-GIULIANO /usr/libexec/gdm-x- session[1831]: (II) Initializing ext2024-03-27T17:58:25.469753+01:00 SW-GIULIANO systemd-modules-load[394]: Inserted module 'lp' 2024-03-27T17:58:25.469853+01:00 SW-GIULIANO kernel: [ 0.00] microcode: microcode updated early to revision 0xf4, date = 2023-02-23 Please note how the third line suddenly ends with "ext", followed immediately by the first line written by the next boot sequence. The"gdm-x-session" lines above are just the last of a very long list. I can provide other logs if requested. Any hint would be veri appreciated. Best regards.
Re: Winbind, wrong user mappings...
I answer to myself hoping to give a clue to someone. I realised I messed up the id mapping removing the files in /var/lib/samba/. Having kept a copy, I tried to recover them, but probably this must be done with the service smbd and windbind correctly stopped, which probably I didn't. So no help this way. The TDB backend I was using has some advantages, but the big disadvantage is that the mapping works quite like "first come, first served", so the id mapping must be kept in those files, otherwise the ids can be completely changed after the folowing login attempts. It seems this happened on my server. I then changed the id mapping from tdb to rid, just because I had to start over with all permission anyway. The RID backend, for me, has the advantage that the mapping is the same on every server, if it's configured in the same way, and the known disadvantages are not relevant to me. Since I was setting up a backup server, the RID was the only way, so this accident just forced me to do what I did very quickly, and with some disappoinment from a few users. But in the end nothing was lost and everything was ok just in a couple of days of work. On Mon, 2023-12-18 at 14:02 +0100, nimrod wrote: > Hi, > > apparently all of a sudden a member server running Debian Buster with > Winbind in an Active Directory environment started to map the domain > users in a weird way. > > Many users and group seem to have two or more names, but the same id. > But this is a problem when users try to access, because it seems they > are recognized with their right name, but the server seems instead to > expect a different wrong name. > > I tried to delete /var/cache/samba/netsamlogon_cache.tdb and restart > winbind, with no improvements. > > What the hell could have happened? > > Best regards.
Winbind, wrong user mappings...
Hi, apparently all of a sudden a member server running Debian Buster with Winbind in an Active Directory environment started to map the domain users in a weird way. Many users and group seem to have two or more names, but the same id. But this is a problem when users try to access, because it seems they are recognized with their right name, but the server seems instead to expect a different wrong name. I tried to delete /var/cache/samba/netsamlogon_cache.tdb and restart winbind, with no improvements. What the hell could have happened? Best regards.
Re: [SOLVED] Samba+Kerberos inside LXC container...
I've found a decent workaround for this issue. I set a public IP for the container and put it in the DNS with hostname "samba". Et voilà: $ smbclient //samba/dati -k WARNING: The option -k|--kerberos is deprecated! Try "help" to get a list of possible commands. smb: \> The share is also perfectly accessible from Windows and Linux machines in the same Active Directory domain without prompting for credentials, provided that the user has logged in the machine with domain credentials. That's exactly what I need. Assigning a public IP to an LXD container is a bit tricky, because you need to set up a specific profile, removing the default profile from the container and assign this new profile to it. But it works, that's enough for me. Hope this could help someone else. On Tue, 2023-09-19 at 14:50 +0200, nimrod wrote: > Hi, > > I'm running an LXC container on a Debian 12 host. The container, > named "samba", aims to share a directory in an Active Directory > environment (functional level 2016). > > The container is joined to the domain using the realm command. Inside > the container I can login with any domain user without any problem. > > I can also access the share with a command like: > > $ smbclient //dl560/dati -U someuser -W BNCRM > > and issuing the right credentials when prompted. > > What I cannot absolutely get working is access the same share with > Kerberos: > > $ smbclient -k //dl560/dati > > The above command is run as an authenticated user, who can perfectly > well access another share on a virtual Debian 10 server. If I issue > the above command with the -d10 option I get the long output below. > > I've mapped 445 port this way: > > $ lxc config device add samba port445 proxy listen=tcp:0.0.0.0:445 > connect=tcp:10.65.65.147:445 > > Any suggestionwould be very appreciated. I can try to provide any > missing information.giuli > > Best regards. > > - > $ smbclient -k //dl560/dati > WARNING: The option -k|--kerberos is deprecated! > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > Processing section "[global]" > doing parameter workgroup = WORKGROUP > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter logging = file > doing parameter panic action = /usr/share/samba/panic-action %d > doing parameter server role = standalone server > doing parameter obey pam restrictions = yes > doing parameter unix password sync = yes > doing parameter passwd program = /usr/bin/passwd %u > doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > doing parameter pam password change = yes > doing parameter map to guest = bad user > doing parameter usershare allow guests = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > added interface lxcbr0 ip=10.0.3.1 bcast=10.0.3.255 > netmask=255.255.255.0 > added interface lxdbr0 ip=10.190.52.1 bcast=10.190.52.255 > netmask=255.255.255.0 > added interface eno1 ip=192.168.0.77 bcast=192.168.1.255 > netmask=255.255.254.0 > Client started (ve
Re: Samba+Kerberos inside LXC container...
On Fri, 2023-09-22 at 00:27 +0200, Ulf Volmer wrote: > On 19.09.23 14:50, nimrod wrote: > > I'm running an LXC container on a Debian 12 host. The container, > > named > > "samba", aims to share a directory in an Active Directory > > environment > > (functional level 2016). > > > No really help, I have no AD here. > > $ smbclient -k //dl560/dati > > WARNING: The option -k|--kerberos is deprecated! The syntax is no problem, it works like a charm with another server, which is not in a container, just a vmWare virtual machine. > > > > Please read the smbclient man page regarding the --use-kerberos > parameter. > This new syntax avoids the warning, nothing more. > dns names here means the FQDN of the target host. I tried FQDN too, no help. > > > Bet regards > > Ulf > >
Re: Samba+Kerberos inside LXC container...
... it shouldn't be so difficult, but maybe I didn't make my point clear, English is not my language. On Tue, 2023-09-19 at 14:50 +0200, nimrod wrote: > Hi, > > I'm running an LXC container on a Debian 12 host. The container, > named "samba", aims to share a directory in an Active Directory > environment (functional level 2016). > > The container is joined to the domain using the realm command. Inside > the container I can login with any domain user without any problem. > > I can also access the share with a command like: > > $ smbclient //dl560/dati -U someuser -W BNCRM > > and issuing the right credentials when prompted. > > What I cannot absolutely get working is access the same share with > Kerberos: > > $ smbclient -k //dl560/dati > > The above command is run as an authenticated user, who can perfectly > well access another share on a virtual Debian 10 server. If I issue > the above command with the -d10 option I get the long output below. > > I've mapped 445 port this way: > > $ lxc config device add samba port445 proxy listen=tcp:0.0.0.0:445 > connect=tcp:10.65.65.147:445 > > Any suggestionwould be very appreciated. I can try to provide any > missing information.giuli > > Best regards. > > - > $ smbclient -k //dl560/dati > WARNING: The option -k|--kerberos is deprecated! > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > Processing section "[global]" > doing parameter workgroup = WORKGROUP > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter logging = file > doing parameter panic action = /usr/share/samba/panic-action %d > doing parameter server role = standalone server > doing parameter obey pam restrictions = yes > doing parameter unix password sync = yes > doing parameter passwd program = /usr/bin/passwd %u > doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > doing parameter pam password change = yes > doing parameter map to guest = bad user > doing parameter usershare allow guests = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > added interface lxcbr0 ip=10.0.3.1 bcast=10.0.3.255 > netmask=255.255.255.0 > added interface lxdbr0 ip=10.190.52.1 bcast=10.190.52.255 > netmask=255.255.255.0 > added interface eno1 ip=192.168.0.77 bcast=192.168.1.255 > netmask=255.255.254.0 > Client started (version 4.17.10-Debian). > Opening cache file at /run/samba/gencache.tdb > tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file > /run/samba/gencache.tdb: Permission denied > gencache_init: Opening user cache file > /home/someuser/.cache/samba/gencache.tdb. > sitename_fetch: No stored sitename for realm '' > internal_resolve_name: looking up dl560#20 (sitename (null)) > namecache_fetch: name dl560#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Connecting to 192.168.0.5 at port 445 > socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, > TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTV
Samba+Kerberos inside LXC container...
Hi, I'm running an LXC container on a Debian 12 host. The container, named "samba", aims to share a directory in an Active Directory environment (functional level 2016). The container is joined to the domain using the realm command. Inside the container I can login with any domain user without any problem. I can also access the share with a command like: $ smbclient //dl560/dati -U someuser -W BNCRM and issuing the right credentials when prompted. What I cannot absolutely get working is access the same share with Kerberos: $ smbclient -k //dl560/dati The above command is run as an authenticated user, who can perfectly well access another share on a virtual Debian 10 server. If I issue the above command with the -d10 option I get the long output below. I've mapped 445 port this way: $ lxc config device add samba port445 proxy listen=tcp:0.0.0.0:445 connect=tcp:10.65.65.147:445 Any suggestionwould be very appreciated. I can try to provide any missing information.giuli Best regards. - $ smbclient -k //dl560/dati WARNING: The option -k|--kerberos is deprecated! INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter logging = file doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes added interface lxcbr0 ip=10.0.3.1 bcast=10.0.3.255 netmask=255.255.255.0 added interface lxdbr0 ip=10.190.52.1 bcast=10.190.52.255 netmask=255.255.255.0 added interface eno1 ip=192.168.0.77 bcast=192.168.1.255 netmask=255.255.254.0 Client started (version 4.17.10-Debian). Opening cache file at /run/samba/gencache.tdb tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file /run/samba/gencache.tdb: Permission denied gencache_init: Opening user cache file /home/someuser/.cache/samba/gencache.tdb. sitename_fetch: No stored sitename for realm '' internal_resolve_name: looking up dl560#20 (sitename (null)) namecache_fetch: name dl560#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 192.168.0.5 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 session request ok negotiated dialect[SMB3_11] against server[dl560] cli_session_setup_spnego_send: Connect to dl560 as someu...@bncrm.roma using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'ncalrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submech
Map URL to a container...
Hi, I'm running a web server inside an LXD container which is only accessible from the host. I mapped the container's 80 port to the 82 host's port, so I can access the container's web server as http://host:82. The host itself runs Apache on the usual 80 port. What I whis to get is something like this: http://host/path1 --> http://localip/path1 http://host/path2 --> http://localip/path2 and so on and so forth. How can I do it? Best regards.
Re: Samba server doesn't ask for alternate user credentials...
Dear David, below is what you asked for, I hope it's enough, thanks. On Fri, 2022-10-21 at 17:26 -0700, David Christensen wrote: > On 10/21/22 05:40, nimrod wrote: > > Hi, > > > > I'm running a Debian 10 Samba server with winbind and kerberos in a > > Active Directory domain. > > > > Domain users can access a unique share, which is then divideded > > into > > different directories, each with different file system permissions, > > based on domain users and groups. A single user can only access > > some of > > these directories from a Windows or Linux client (clearly joined to > > the > > domain) without being prompted for credentials, because the user is > > already logged in the domain by his client machine. > > > > The problem is that if a user tries to access one directory he's > > not > > allowed to access, the server just blocks the access, without > > giving > > him a chance to authenticate as a different user. This would be > > most > > useful for technicians, who need to access some "private" > > directories, > > containing installation packages and activation keys for many > > softwares, from the user client without being forced to logout from > > the > > client and login again with admin credentials, which is very > > annoying > > for them. > > > > Here is smb.conf: > > > > [global] > > workgroup = BNCRM > > log file = /var/log/samba/log.%m > > max log size = 1000 > > logging = file > > panic action = /usr/share/samba/panic-action %d > > server role = member server > > password server = dc2.bncrm.roma > > obey pam restrictions = yes > > unix password sync = yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *Enter\snew\s*\spassword:* %n\n > > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* > > . > > pam password change = yes > > usershare allow guests = yes > > kerberos method = system keytab > > template homedir = /home/%U > > template shell = /bin/bash > > security = ads > > realm = BNCRM.ROMA > > idmap backend = tdb > > idmap gid = 1-200 > > idmap uid = 1-200 > > winbind use default domain = yes > > winbind refresh tickets = yes > > winbind offline logon = yes > > winbind enum groups = yes > > winbind enum users = yes > > vfs objects = acl_xattr > > map acl inherit = Yes > > store dos attributes = Yes > > username map = /etc/samba/user.map > > > > [dati] > > path = /data > > valid users = @"domain users", system > > browsable = yes > > writable = yes > > read only = no > > - > > Here is nsswitch.conf: > > > > passwd: files systemd winbind > > group: files systemd winbind > > shadow: files winbind > > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > > networks: files > > protocols: db files > > services: db files winbind > > ethers: db files > > rpc: db files > > netgroup: nis winbind > > sudoers: files winbind > > > > pam.d/common-auth > > > > auth [success=2 default=ignore] pam_unix.so nullok_secure > > auth [success=1 default=ignore] pam_winbind.so krb5_auth > > krb5_ccache_type=FILE cached_login try_first_pass > > auth requisite pam_deny.so > > auth required pam_permit.so > > --- > > Finally, krb5.conf: > > > > [libdefaults] > > default_realm = BNCRM.ROMA > > kdc_timesync = 1 > > ccache_type = 4 > > forwardable = true > > proxiable = true > > fcc-mit-ticketflags = true > > > > [realms] > > BNCRM = { > > kdc = 192.168.0.195 > > kdc = 192.168.0.190 > > admin_server = 192.168.0.195 192.168.0.190 > > } > > > > [domain_realm] > > .bncrm.roma = BNCRM.ROMA > > bncrm.roma = BNCRM.ROMA > > --- > > I'm not sure it's enough, feel free to ask anything you need. > > > > Thanks in advance and best regards. > > > Please run the following command and post your complete console > session > (prompts, commands entered, output displayed): > > # cat /etc/debian_version ; uname -a 11.5 Linux PC-GIULIANO.BNCRM.ROMA 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64 GNU/Linux > Please run the following command and post your complete console > session > for any Samba, winbind, Kerberos, and/or other relevant packages you > have installed: > > # dpkg-query -W samba 2:4.13.13+dfsg-1~deb11u5 winbind krb5-config 2.6+nmu1 krb5-doc krb5-k5tls krb5-kdc krb5-locales 1.18.3-6+deb11u2 krb5-user 1.18.3-6+deb11u2 > > > David >
Samba server doesn't ask for alternate user credentials...
Hi, I'm running a Debian 10 Samba server with winbind and kerberos in a Active Directory domain. Domain users can access a unique share, which is then divideded into different directories, each with different file system permissions, based on domain users and groups. A single user can only access some of these directories from a Windows or Linux client (clearly joined to the domain) without being prompted for credentials, because the user is already logged in the domain by his client machine. The problem is that if a user tries to access one directory he's not allowed to access, the server just blocks the access, without giving him a chance to authenticate as a different user. This would be most useful for technicians, who need to access some "private" directories, containing installation packages and activation keys for many softwares, from the user client without being forced to logout from the client and login again with admin credentials, which is very annoying for them. Here is smb.conf: [global] workgroup = BNCRM log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d server role = member server password server = dc2.bncrm.roma obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes usershare allow guests = yes kerberos method = system keytab template homedir = /home/%U template shell = /bin/bash security = ads realm = BNCRM.ROMA idmap backend = tdb idmap gid = 1-200 idmap uid = 1-200 winbind use default domain = yes winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = yes winbind enum users = yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes username map = /etc/samba/user.map [dati] path = /data valid users = @"domain users", system browsable = yes writable = yes read only = no - Here is nsswitch.conf: passwd: files systemd winbind group: files systemd winbind shadow: files winbind gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname networks: files protocols: db files services: db files winbind ethers: db files rpc: db files netgroup: nis winbind sudoers: files winbind pam.d/common-auth auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so --- Finally, krb5.conf: [libdefaults] default_realm = BNCRM.ROMA kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] BNCRM = { kdc = 192.168.0.195 kdc = 192.168.0.190 admin_server = 192.168.0.195 192.168.0.190 } [domain_realm] .bncrm.roma = BNCRM.ROMA bncrm.roma = BNCRM.ROMA --- I'm not sure it's enough, feel free to ask anything you need. Thanks in advance and best regards. -- nimrod
Weird printing issue...
Hi, this actually could seem a LibreOffice issue, but I'm not so sure. In this image you can see a tipical library index card, 3x5 inches. It is a page of Writer document whose page style has exactly these dimensions, 3"x5". It prints quite well on the physical card of the same dimensions (though the toner is going down so the quality is not good). But, as you can see, on the left, highlighted in green, there is an additional and absolutely unwanted vertical strips which is clearly "copied" from the card. It seems impossible to prevent such stripes to be printed. If I save the document as PDF and print it with Evince, the same happens. The stripes never appear in the documents, ODT nor PDF, only when the documents are actually printed. It doesn't depend on the paper format: on a "3x5 index card" or A4 the result is the same. The printer is rather old, HP Laserjet P1505, installed with the proprietary HP plugin via HPLIP. It prints all A4 documents I could try without any visibile issue (except for the toner issue). No spurious stripes at all. Both via Writer or Evince I'm printing with the PDF driver. The only other driver is Postscript, but the printers is a PCL one, though I could not find a PCL driver. Maybe I had not search enough. Any suggestion will be very appreciated. Best regards.
Google Chrome leaves processes around each time is closed
Hi, recently Google Chrome started to leave around a "chrome --enable- crashpad" process every time I closed it. Each of such processes sucks 25% of CPU. If I open another instance of Chrome and I close it, another process is created and reaches the 25% of CPU, and so on and so forth. Obviously the fans roar a lot until I don't kill every such processes. The first time I open Chrome one of these processes is started, but it runs smoothly even around 0% of the CPU. Fans are quite silent. I have three PC all equipped with Bullseye and regularly updated, but only one shows this behaviour. It's a Sony Vaio laptop, very good for me except for this strange problem. Thanks in advance.
Re: Analog-digital conversion with puzzling results...
On Sun, 2022-05-15 at 20:53 +0200, didier gaumet wrote: > > > Le dimanche 15 mai 2022 à 19:21 +0200, nimrod a écrit : > > [...] > > Recently, I wanted to convert some other tapes I found in the > > attic, > > but something very strange is happening. > > > > Some tapes I bought many year ago look ugly > [...] > > But other tapes are captured well by the ADVC, even some I shoot by > > myself about 30 years ago. > [...] > > This could be caused by a copy protection mechanism like this: > https://en.wikipedia.org/wiki/VHS#Copy_protection > > There are some recipes on the net to bypass it, I do not know if it > is > useful and reliable, for example: > https://forums.afterdawn.com/threads/mini-faq-macrovision-cheat-for-the-canopus-advc100.290888/ Wow, that worked perfeclty! I own an ADVC 110 instead of the older 110, but the trick has remained the same. Many, many, many thanks! > >
Analog-digital conversion with puzzling results...
Hi, I hope to get some advice or to be pointed to some place where I can find a solution to a really frustrating problem. I'm using again, after some years, an analog-digital audio/video converter by Canopus, namely ADVC 110. I'm not a professional, but this equipment is rather good and I've using it for years to convert many old VHS and Video8 tapes. Please note that it needs a Firewire adapter to work. I had some, all based on the VIA chipset 6306/7. This cards work very well with my miniDV Firewire native camcorder, too. Recently, I wanted to convert some other tapes I found in the attic, but something very strange is happening. Some tapes I bought many year ago look ugly, in terms of colors. See for example frame 1 and frame 3, taken from the (ugly by itself) movie "The Lion King 2". I tried some other tapes, also some more recent ones, with the same results. The tapes look good if I connect the VHS player to my TV, with the same cables that connect it to the ADVC. But other tapes are captured well by the ADVC, even some I shoot by myself about 30 years ago. I mean, colors are "right", as right they could be on a VHS, as you can see in frame 2 and frame 4. Actually, I tried with several VHS tapes I shoot by myself, and I could not reproduce this problem yet. It really seems to arise with commercial tapes only, but not with all of them. By the way, the four frames were all taken from a capture of "The Lion King 2": every now and then some "good" frames are captured, so even the same tape is not all bad, though about 99% is horrible. Any hint would be very appreciated. PS I'm not going to capture "The Lion King 2", of course, it's just the example I have at hand right now.
[SOLVED] Re: Unwanted route appears at every reboot...
On Thu, 2022-04-28 at 11:08 -0500, David Wright wrote: > On Wed 27 Apr 2022 at 22:49:59 (+0200), nimrod wrote: > > > > yesterday afternoon, after working all day at office without any > > (network) problem, I decided to reboot my machine. Suddenly I could > > not > > navigate on the web. But I could ping the gateway, I could resolve > > names... just cannot reach the network (most commands just issued > > the > > classic "network is unreachable" message). > > > > thinking it was a route problem, I issued "ip route" on the > > terminal > > and got this default route: > > > > default dev eno1 scope link src 169.254.30.62 metric 202 > > > > I deleted it and add the good one: > > > > ip route add default via 192.168.1.113 dev eno1 > > > > and I could navigate again immediately. Nevertheless, after every > > reboot the wrong default route is there again. I couldn't find any > > file > > or directory in which this could be configured, nor I found a > > command > > that could create somehow implicitly such a default route. > > > > How can prevent it to come back after reboot? I could add some kind > > of > > /etc/rc.local or a systemd target to remove the wrong one and add > > the > > right one at every boot, but i would prefer to understand why it > > happens. At least, since a 169.254 route is always on, I wish to > > undestand why it becomes the default one, preventing me from reach > > the > > internet. > > > > Please note that I only use Network Manager from the Gnome GUI with > > a > > static address, and I didn't modify the configuration in several > > months. Never touched /etc/network* dirs and files, nor > > /etc/systemd/network. > > It sounds as if your computer failed to find the DHCP server when you > rebooted "yesterday" afternoon, which could have made it > autoconfigure > the interface with 169.254 (called ?mDNS), and add a route. There > doesn't seem to be a problem having these interfaces around unless > they get a default route. > > I would look in /var/lib/avahi-autoipd/ and see if there's a file > called containing 169.254.30.62. If so, remove > it and, next time you reboot, it shouldn't happen. (That is, unless > you have a recurrence of the same problem as "yesterday" afternoon.) I even removed AVAHI, so that file is missing. But anyway it was not AVAHI's fault, see below. > > I can simulate the same effect on a laptop by tapping its rfkill > switch when it boots, preventing the wifi from configuring. > Because /e/n/i still has a DHCP ethernet configuration festering > there as well as the wifi one, it sets an ethernet route that > obstructs the wifi's getting one when I un-rfkill the wifi. > > As for the original cause, take a look at /var/log/daemon.log* > for "yesterday" afternoon with zgrep -i -e dhcp -e dhclient I already had a look at dhclient lines in the logs, but didn't see anything suspect. But when I issued the above grep I found lots of lines like this: Apr 29 09:19:20 dhcpcd[982]: eno1: adding route to 169.254.0.0/16 Apr 29 09:19:20 dhcpcd[982]: eno1: adding default route I just purged the dhcpcd5 package, rebooted, et voila, the default route is the good one, no other intervention needed. I can't even remember why I installed that package, sorry for having all of you to loose your time. But surely it was that. Most likey it can't be installed without a minimum of customization, at least when one has interfaces created by LXD or such. I had LXD on my laptop too, but I didn't install dhcpcd5 on it, and it never had the same problem. Your suggestions were very interesting and useful, thanks you all! > > Cheers, > David. >
Re: Unwanted route appears at every reboot...
On gio, 2022-04-28 at 05:26 +0800, Jeremy Ardley wrote: On 28/4/22 4:49 am, nimrod wrote: default dev eno1 scope link src 169.254.30.62 metric 202 the 169.254 address is Used for link-local addresses between two hosts on a single link when no IP address is otherwise specified, such as would have normally been retrieved from a DHCP server. So something is stopping your system from assigning the static address. When it is booted and in the bad state what does 'ip a' show? "ip a" reports a normal situations in any case. At least, I could not see any oddities at this level, nor had I to change anything concerning just the ip addresses of my interfaces. The only interface I configured, only with NM, is eno1 with a static address: 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether c8:5a:cf:0f:ca:f0 brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 192.168.0.77/23 brd 192.168.1.255 scope global noprefixroute eno1 valid_lft forever preferred_lft forever inet 169.254.30.62/16 brd 169.254.255.255 scope global noprefixroute eno1 valid_lft forever preferred_lft forever 3: lxcbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0 valid_lft forever preferred_lft forever 4: lxdbr0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:16:3e:8d:ce:69 brd ff:ff:ff:ff:ff:ff inet 10.116.239.1/24 scope global lxdbr0 valid_lft forever preferred_lft forever inet 169.254.189.225/16 brd 169.254.255.255 scope global noprefixroute lxdbr0 valid_lft forever preferred_lft forever inet6 fd42:a242:50fe:49d7::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::c83f:ad2d:1a3d:75a4/64 scope link valid_lft forever preferred_lft forever 6: veth1bd75455@if5: mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000 link/ether 92:5f:b6:50:48:df brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 169.254.156.137/16 brd 169.254.255.255 scope global noprefixroute veth1bd75455 valid_lft forever preferred_lft forever As you can see there are several bridge because I have LXD on my machine, but they have been there for months. Here is what "ip r" after reboot: default dev eno1 scope link src 169.254.30.62 metric 202 10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown 10.116.239.0/24 dev lxdbr0 proto kernel scope link src 10.116.239.1 169.254.0.0/16 dev eno1 scope link src 169.254.30.62 metric 202 169.254.0.0/16 dev lxdbr0 scope link src 169.254.189.225 metric 204 169.254.0.0/16 dev veth1bd75455 scope link src 169.254.156.137 metric 206 192.168.0.0/23 dev eno1 proto kernel scope link src 192.168.0.77 metric 100 192.168.0.0/23 via 192.168.1.113 dev eno1 proto static metric 100 I just have to delete the wrong default route and add the good one as I wrote in the original message. Here the "ip r" currently working (I can access the internet without problems): default via 192.168.1.113 dev eno1 10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown 10.116.239.0/24 dev lxdbr0 proto kernel scope link src 10.116.239.1 169.254.0.0/16 dev eno1 scope link src 169.254.30.62 metric 202 169.254.0.0/16 dev lxdbr0 scope link src 169.254.189.225 metric 204 169.254.0.0/16 dev veth1bd75455 scope link src 169.254.156.137 metric 206 192.168.0.0/23 dev eno1 proto kernel scope link src 192.168.0.77 metric 100 192.168.0.0/23 via 192.168.1.113 dev eno1 proto static metric 100 As you can see, the only difference is the default route. What does it show in syslog? Here are only the syslog lines containing NetworkManager and the time of the reboot. I also removed hostname to shorten the text a bit. Apr 29 09:19:06 NetworkManager[713]: [1651216746.8892] NetworkManager (version 1.30.0) is starting... (for the first time) Apr 29 09:19:06 NetworkManager[713]: [1651216746.8892] Read config: /etc/NetworkManager/NetworkManager.conf (lib: no-mac-addr-change.conf) Apr 29 09:19:06 NetworkManager[713]: [1651216746.8906] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager" Apr 29 09:19:06 NetworkManager[713]: [1651216746.8961] manager[0x55ddfe00e010]: monitoring kernel firmware directory '/lib/firmware'. Apr 29 09:19:06 NetworkManager[713]: [1651216746.8961] monitoring ifupdow
Unwanted route appears at every reboot...
Hi, yesterday afternoon, after working all day at office without any (network) problem, I decided to reboot my machine. Suddenly I could not navigate on the web. But I could ping the gateway, I could resolve names... just cannot reach the network (most commands just issued the classic "network is unreachable" message). thinking it was a route problem, I issued "ip route" on the terminal and got this default route: default dev eno1 scope link src 169.254.30.62 metric 202 I deleted it and add the good one: ip route add default via 192.168.1.113 dev eno1 and I could navigate again immediately. Nevertheless, after every reboot the wrong default route is there again. I couldn't find any file or directory in which this could be configured, nor I found a command that could create somehow implicitly such a default route. How can prevent it to come back after reboot? I could add some kind of /etc/rc.local or a systemd target to remove the wrong one and add the right one at every boot, but i would prefer to understand why it happens. At least, since a 169.254 route is always on, I wish to undestand why it becomes the default one, preventing me from reach the internet. Please note that I only use Network Manager from the Gnome GUI with a static address, and I didn't modify the configuration in several months. Never touched /etc/network* dirs and files, nor /etc/systemd/network. Any hint will be much appreciated. Best regards.
Re: Weird printing issue...
On sab, 2022-04-09 at 04:28 -0400, Bijan Soleymani wrote: > On 2022-04-09 03:52, nimrod wrote: > > Thanks for your advice. Unfortunately I couldn't find any setting > > about > > Postscript, PCL or such in CUPS, HPLIP and the usual Gnome > > utilities to > > manage printers. > > > > The only spot where I see something like what you say is from > > Libreoffice printer's details, File / Printer settings / Properties > > / > > Device / Printer language type. The choice is currently "Automatic: > > PDF", but I can choose also 3 level of Postscript or "Postscript: > > level > > from driver". > > So there are two stages here. One the app (libre office) converts the > document to postscript or PDF. And two cups converts the PDF or > postscript to some format your printer understands. It is possible > that > either of these steps fails. > > This is why I recommended trying print to file (which default to pdf) > and seeing if that pdf file prints properly if opened and printed via > chrome. That way you can tell whether it is stage one or stage two > above > which has an issue. Also I think there must be a cups command line > command to print pdf and ps files that you could try, if it works in > chrome, to see if chrome does another level of processing that fixes > things. > > Bijan > Hi, I tried on my usual laptop a very simple test: I have two version of my printer, so I printed the "ugly" file on both, and only one shows the black stripes. Unfortunately, nor CUPS, nor Gnome printers app shows any option dealing with PCL, but I found a reference to PCL in the PPD file of the "good" one. Strangely enough, the "bad" printer was installed by HP Toolbox provided by the hplip package. I need to install a printer with that package in order to use the scan function, which is extremely important for me and is almost impossibile to use with the "good" printer. Having several printers just to manage all the features of the hardware printer is not very elegant, but as far as it works I could simply rename the "bad" printer "scanner" and the "good" one "printer", just to avoid confusion because now they have very long names which differ just for the last characters. Thank you again for your advice.
Re: Weird printing issue...
On gio, 2022-04-07 at 20:09 -0400, Bijan Soleymani wrote: > On 2022-04-07 18:20, nimrod wrote: > > Hi, > > > > I'm getting very strange, and ugly, prints with LibreOffice, Evince > > and > > Atril. You can see what I mean in the linked screenshot below. > > > > The "screen <https://www.paralog.it/screen.png>" image shows what I > > see > > when I open a PDF file, with Evince, Atril, PDFmod and so on. The > > "printed <https://www.paralog.it/printed.png>" one shows the ugly > > results when I print the same file. It seems the problem is the > > monospace uppercase "A". But somewhere else the same horrible > > result > > seems caused by a monospace lowercase "b" in the word "sub". > > My guess not knowing anything about your setup is that the printing > is > happening using some print language postscript or the HP one (PCL), > and > the fonts are not communicated properly or missing on the printer, > but > computer thinks they are there, etc. > > You can try some experiments. You can print from LibreOffice to a > PDF, > and then print that pdf from a pdf viewer and from chrome (since you > can > print from chrome without issue), and that way narrow down the issue. > > The other thing to do is switch your print settings in CUPS or > whatever > the print system is from Postscript to PCL, or vice versa and see if > that fixes things. > > Bijan Thanks for your advice. Unfortunately I couldn't find any setting about Postscript, PCL or such in CUPS, HPLIP and the usual Gnome utilities to manage printers. The only spot where I see something like what you say is from Libreoffice printer's details, File / Printer settings / Properties / Device / Printer language type. The choice is currently "Automatic: PDF", but I can choose also 3 level of Postscript or "Postscript: level from driver". I guess I should look also in some configuration file. Best regards. >
Weird printing issue...
Hi, I'm getting very strange, and ugly, prints with LibreOffice, Evince and Atril. You can see what I mean in the linked screenshot below. The "screen" image shows what I see when I open a PDF file, with Evince, Atril, PDFmod and so on. The "printed" one shows the ugly results when I print the same file. It seems the problem is the monospace uppercase "A". But somewhere else the same horrible result seems caused by a monospace lowercase "b" in the word "sub". Something similar happens printing with LibreOffice Writer, but the black stripes are much thinner and not apparently related with the "A" character. Definitely this is not a printer issue. My printer is an HP Laserjet MFP M277 and every test page is perfect. Also, if I put the file on a pendrive and plug it into the printer, it prints the file perfectly. Last but not least, I can get perfect prints if I open the file with Google Chrome and print it directly with Chrome. All this happened quite suddenly about a month ago. I regularly update all my Debian PC. All of them show this issue. I can't really figure out what the hell is happening. Any help will be very appreciated. Best regards.
Re: Minimalistic IMAP web client...
On mer, 2022-03-02 at 16:23 -0500, Dan Ritter wrote: > > It seems very simple, but I didn't find anything just like that. > > Roundcube, for instance, seems a good choice, but installing it on > > Debian forces me to configure a database for the users, which I > > really > > don't need and don't even want to use. Squirrelmail is another good > > choice, I thought it was a typical PHP application that you just > > drop > > in /var/www/html, making just some changes on some config.php, but > > it's > > not exactly like that. > > > > Any hint would be really appreciated! > > > > I just recommended RainLoop, but I have to withdraw that: the > consensus on their GitHub issues is that the fork SnappyMail is > better maintained. Thanks a lot, I will give it a try, seems very interesting. In the meantime I made Squirrelmail to work, but it has the same UI I saw many many years ago. This is very good for me, since I'm looking for a minimalistic approach, but it's really too minimalistic for my users. RainLoop and SnappyMail are modern. Best regards. > > That said, Rainloop has worked very well for me over the years, > and I suspect that SnappyMail will continue that. > > https://snappymail.eu/ > https://github.com/the-djmaze/snappymail > > -dsr- >
Minimalistic IMAP web client...
Hi, I set up Dovecot as an IMAP server just for local users on a server: so no database, no LDAP, just local users with Maildir in their own home directory. SMTP in this scenario is unrelevant, because my users just have to access archived email. The server doesn't send nor receive mail. Don't try to understand why. But my users are very "primitive" and I don't have time to waste with their Thunderbird configuration, so I would just point them to a web site where they can access the same mail. What I need is just a web interface for the IMAP access. This web site should allow users to login with their local credentials on the server (remember, they are local Unix users). It seems very simple, but I didn't find anything just like that. Roundcube, for instance, seems a good choice, but installing it on Debian forces me to configure a database for the users, which I really don't need and don't even want to use. Squirrelmail is another good choice, I thought it was a typical PHP application that you just drop in /var/www/html, making just some changes on some config.php, but it's not exactly like that. Any hint would be really appreciated! Best regards.
Can surf the internet, but not my home network...
Hi, my devices (pc, laptops, smartphone) all can surf the internet without problems. So one would say that the router is working properly. But computer A cannot access computer B via SSH as it's alwais being doing for years, and viceversa. They cannot even ping each other. No firewall on them at all. Computer A can ping computer C instead, and viceversa. No PC can access the printer website nor print any more. Nor can I scan documents as I could before, because the scanner is part of the printer. All the devices are listed in the router's web administrative interface, but some have a green dot, some other a grey dot, apparently without a meaning, because some active device has the grey dot and some the green dot though it's even turned off. Just one PC is running Windows, all the other three are running Debian. Another interesting fact is that I can print documents with my smartphone accessing the printer via DirectWiFi. If I understand it right, DirectWiFi doesn't make use of the router. And here is the router info: Product Vendor: Technicolor Product Name: AGHP Serial Number: CP1911TAAWE Software Version: 19.4 Such devices, usually distributed by TIM in Italy, don't seem the most performing on the market, but it's still very difficult to use another one with most italian providers. Otherwise I would change it immediately with a better and customizable one. I really cannot figure out what's happening. Any hint would be very much appreciated.
Can surf the internet, but not my home network...
Hi, my devices (pc, laptops, smartphone) all can surf the internet without problems. So one would say that the router is working properly. But computer A cannot access computer B via SSH as it's alwais being doing for years, and viceversa. They cannot even ping each other. No firewall on them at all. Computer A can ping computer C instead, and viceversa. No PC can access the printer website nor print any more. Nor can I scan documents as I could before, because the scanner is part of the printer. All the devices are listed in the router's web administrative interface, but some have a green dot, some other a grey dot, apparently without a meaning, because some active device has the grey dot and some the green dot though it's even turned off. Just one PC is running Windows, all the other three are running Debian. Another interesting fact is that I can print documents with my smartphone accessing the printer via DirectWiFi. If I understand it right, DirectWiFi doesn't make use of the router. And here is the router info: Product Vendor: Technicolor Product Name: AGHP Serial Number: CP1911TAAWE Software Version: 19.4 Such devices, usually distributed by TIM in Italy, don't seem the most performing on the market, but it's still very difficult to use another one with most italian providers. Otherwise I would change it immediately with a better and customizable one. I really cannot figure out what's happening. Any hint would be very much appreciated. -- nimrod
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Thu, 2019-08-08 at 01:02 +0100, nektarios wrote: > On Wed, 07 Aug 2019 23:05:13 +0200Nimrod wrote: > > On Wed, 2019-08-07 at 14:45 -0400, bw wrote: > > > In-Reply-To:< > > > c5618c98-2bad-490f-8ae5-61191e1d9...@email.android.com> > > > > > 2) The output of `iwlist scan` to see if the network > > > > > youre looking for is detected from the hardware. > > > > This is interesting, I didn't know this command. It would > > > > ratherstrange if the hotspot is shown by the above command but > > > > not byNetwork Manager. > > > > > > No, it would not be strange at all. Network-manager is in it's > > > owntime-zone, and is often rather strange and hard to > > > figureout. Sometimes you must be patient, it does not scan > > > immediately.For CLI tools I prefer 'iw' to the older iwlist > > > command, but eithermay help you. If the device is scanning and > > > finding other ap, thenit probably is a network-manager quirk. It > > > oftenmisses/adds/deletes aps from the list IME. > > > > I tried iw while Network Manager was not finding my hotspot, and > > iwfound it instead.But suddenly NM found it too! Last time it > > worked was several daysago. I really can't understand. I'm happy > > it's working now, but I'mafraid it will stop working sooner or > > later. I restarted severaltimes both laptop and hotspot, using both > > Gnome Shell and Mate, andthe hotspot always appeared almost > > immediately, as it was used to dobefore. I then turned on another > > Nokia 3 hotspot (I have threeidentical smartphone, mine and those > > of my sons). The second one isstill invisible, while other devices, > > including my own smartphone, canconnect to it with no > > problems.Issuing iw scan now has no effect.For everyone who > > answered here is the output of dmesg | grep wl:[ 10.811861] > > wlan0: Broadcom BCM4315 802.11 Hybrid WirelessController > > 6.30.223.271 (r587334)[ 11.084358] wl :02:00.0 wls1:renamed > > from wlan0[ 16.562792] IPv6: ADDRCONF(NETDEV_UP): wls1: linkis > > not ready[ 17.614802] IPv6: ADDRCONF(NETDEV_UP): wls1: link isnot > > ready[ 161.102549] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: > > linkbecomes ready[ 725.746601] IPv6: ADDRCONF(NETDEV_UP): wls1: > > link isnot ready[ 725.770340] ERROR @wl_cfg80211_scan : > > [ 729.858749] IPv6:ADDRCONF(NETDEV_CHANGE): wls1: link becomes > > ready[ 1264.074169] IPv6:ADDRCONF(NETDEV_UP): wls1: link is not > > ready[ 1537.300735] IPv6:ADDRCONF(NETDEV_CHANGE): wls1: link > > becomes ready[ 1540.111204] IPv6:ADDRCONF(NETDEV_UP): wls1: link is > > not ready[ 1655.286877] IPv6:ADDRCONF(NETDEV_CHANGE): wls1: link > > becomes ready[ 1821.082896] IPv6:ADDRCONF(NETDEV_UP): wls1: link is > > not ready[ 1845.425123] IPv6:ADDRCONF(NETDEV_CHANGE): wls1: link > > becomes ready[ 1849.392169] IPv6:ADDRCONF(NETDEV_UP): wls1: link is > > not ready[ 1909.187372] IPv6:ADDRCONF(NETDEV_UP): wls1: link is not > > ready[ 1909.219378] ERROR@wl_cfg80211_scan : [ 1909.248580] ERROR > > @wl_cfg80211_scan : After the link became ready, I disabled wifi > > intentionally, andreenabled after some seconds. Also, I tried many > > time "iw scan".I can provide other data if you need it, just tell > > me.Many thanks. > > > Good Luck,bw > > `iwlist` command was very useful to me once debugging a raspberi > piwith failing wireless adapter (networks appearing and > disappearing). Sorry for the long delay, I had no connection till now. iwlist doesn't show the Nokia 3 hotspot, while it shows any other kind of hotspot, AP, SSID etc... round here. > Tbh the errors there don't look good but not serious either. If the > related output from `iwlist scan` shows only 2.4 Ghz networks > (itmaybe detecting only networks in the 2.4 GHz - if your nic is > old). > `lshw` output might be of use if you know what hardware you have in > thelaptop as a driver/device mismatch might cause the device not work > verywell (I ve seen it once only with usb wireless adapter). Here is the output of lshw, limited to the wireless interface: *-network description: Wireless interfaceproduct: BCM4312 802.11b/g LP- PHYvendor: Broadcom Limitedphysical id: 0bus info: pci@:02:00.0logical name: wls1version: 01serial: 00:21:00:81:d9:85width: 64 bitsclock: 33MHzcapabilities: pm msi pciexpress bus_master cap_list ethernet physical wirelessconfiguration: broadcast=yes driver=wl0 driverversion=6.30.223.271 (r587334) latency=0 multicast=yes wireless=IEEE 802.11resources: irq:17 memory:d470-d4703fff Best regards. > Regards
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Wed, 2019-08-07 at 08:31 -0700, Shahryar Afifi wrote: > Eliminate the possibilities:try to connect other phone's hot spot to > your laptop. I tried this with an ASUS tablet, an Alcatel 1 smartphone, and an unknown smartphone branded by Vodafone. The last two are Oreo, the first one is a rather old Android version, at most 6. But they are all immediately seen by my Buster laptop, and the WI-FI connection works perfectly. > try using third party app on your phone to set up hot spot. I tried many, but most of them are just useless shortcut. Anyway no one works. Can you suggest one? > try to connect nokia 3 to other buster ( or even windows to test) I have not another Buster, but I have a Stretch laptop, which has no problem with my three Nokia 3 smartphone. > set up hot spot from your laptop and see if you can see it in nokia 3 I did it, and at least one of the Nokia 3 sees the SSID of the hotspot, but can't connect. The hotspot is created with WEP security, but the Nokia 3 says the connection has no security at all. This is wrong, but at least explains why the Nokia 3 can't connect to the Buster hotspot. I even tried to create another connection on the Nokia 3, setting WEP as security and the right password, but I didn't succede. Maybe I made some mistake. Sorry for the long delay... I had no connection for many days! Best regards. > > On Wed, 2019-08-07 at 10:42 +0200, Nimrod wrote: > > Hi, > > my (very old) laptop has been working like a charm until I > > updatedfrom Stretch to Buster. Among the other, the issue in the > > subject isvery relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia > > 3smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia > > 3hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet > > hasa rather old Android version, I guess 6 or even less, and it > > cannotbe updated); also, my laptop finds a lot of wi-fi networks > > around(currently I'm in a building in the small town of Anzio, > > Italy, butalmost every corner of the town is full of wi-fi > > networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia > > 3smartphone with Android up to date; we have three of them, and > > Ichecked everyone one of them: they all can be used by the tablet > > inpoint 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 > > whenthey try to communicate. Currently I'm still using my Nokia 3 > > as amodem via Bluetooth, but the connection is rather slow. When > > the wi-fi hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; > > Busteris up to date- all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. > > -- Nimrod
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Wed, 2019-08-07 at 14:45 -0400, bw wrote: > In-Reply-To: > > > 2) The output of `iwlist scan` to see if the network you > > > re looking for is detected from the hardware. > > This is interesting, I didn't know this command. It would rather > > strange if the hotspot is shown by the above command but not by > > Network Manager. > > No, it would not be strange at all. Network-manager is in it's own > time-zone, and is often rather strange and hard to figure > out. Sometimes you must be patient, it does not scan immediately. > For CLI tools I prefer 'iw' to the older iwlist command, but either > may help you. If the device is scanning and finding other ap, then > it probably is a network-manager quirk. It often misses/adds/deletes > aps from the list IME. I tried iw while Network Manager was not finding my hotspot, and iw found it instead. But suddenly NM found it too! Last time it worked was several days ago. I really can't understand. I'm happy it's working now, but I'm afraid it will stop working sooner or later. I restarted several times both laptop and hotspot, using both Gnome Shell and Mate, and the hotspot always appeared almost immediately, as it was used to do before. I then turned on another Nokia 3 hotspot (I have three identical smartphone, mine and those of my sons). The second one is still invisible, while other devices, including my own smartphone, can connect to it with no problems. Issuing iw scan now has no effect. For everyone who answered here is the output of dmesg | grep wl: [ 10.811861] wlan0: Broadcom BCM4315 802.11 Hybrid Wireless Controller 6.30.223.271 (r587334)[ 11.084358] wl :02:00.0 wls1: renamed from wlan0[ 16.562792] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 17.614802] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 161.102549] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 725.746601] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 725.770340] ERROR @wl_cfg80211_scan : [ 729.858749] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1264.074169] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1537.300735] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1540.111204] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1655.286877] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1821.082896] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1845.425123] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1849.392169] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.187372] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.219378] ERROR @wl_cfg80211_scan : [ 1909.248580] ERROR @wl_cfg80211_scan : After the link became ready, I disabled wifi intentionally, and reenabled after some seconds. Also, I tried many time "iw scan". I can provide other data if you need it, just tell me. Many thanks. > Good Luck,bw
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Aug 7, 2019 11:38, Nektarios Katakis wrote:On Wed, 07 Aug 2019 10:42:09 +0200 Nimrod wrote: > Hi, > > my (very old) laptop has been working like a charm until I updated > from Stretch to Buster. Among the other, the issue in the subject is > very relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia 3 > smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia 3 > hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet has > a rather old Android version, I guess 6 or even less, and it cannot be > updated); also, my laptop finds a lot of wi-fi networks around > (currently I'm in a building in the small town of Anzio, Italy, but > almost every corner of the town is full of wi-fi networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia 3 > smartphone with Android up to date; we have three of them, and I > checked everyone one of them: they all can be used by the tablet in > point 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem > via Bluetooth, but the connection is rather slow. When the wi-fi > hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; Buster > is up to date > - all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. > > A good place to check your wireless issues is the excellent wifi howto page from debian docs https://wiki.debian.org/WiFi/HowToUse. I'll certainly take a look at it. You re not mentioning what software you re using to connect to wifi. Just Gnome Shell interface, which I guess is just a GUI for Network Manager.From the right upper corner of the screen I can look at all wifi networks available. There are many, my wife's tablet hotspot immediately appears if turned on, but none of our three Nokia 3 even appears there when hotspot is turned on, not even after many many minutes.But my wife's tablet immediately connects to any of the Nokia 3 hotspot. So does her Alcatel smartphone, a very low level device. Ah, the laptop even connects without problem at all with my wife's Alcatel hotspot. For your case I would check 2 things: 1) `dmesg` output to check if you see any errors from your network card driver or if its loaded correctly. I definitely exclude any problems with the network card driver, because it perfectly works with many other wifi devices, as I told above. Nevertheless I'll follow your suggestion as soon as I come back home. 2) The output of `iwlist scan` to see if the network you re looking for is detected from the hardware. This is interesting, I didn't know this command. It would rather strange if the hotspot is shown by the above command but not by Network Manager.Thanks a lots. Regards -- Nektarios Katakis
Buster on laptop cannot find Nokia 3 hotspot...
Hi, my (very old) laptop has been working like a charm until I updated from Stretch to Buster. Among the other, the issue in the subject is very relevant for me. Here is what happens when I turn on wi-fi hotspot on Nokia 3 smartphone (Android up to date): 1) any smartphone or tablet in the family can connect to my Nokia 3 hotspot. 2) my laptop can connect at least to a tablet hotspot (the tablet has a rather old Android version, I guess 6 or even less, and it cannot be updated); also, my laptop finds a lot of wi-fi networks around (currently I'm in a building in the small town of Anzio, Italy, but almost every corner of the town is full of wi-fi networks) 3) my laptop cannot even see any hotspot provided by a Nokia 3 smartphone with Android up to date; we have three of them, and I checked everyone one of them: they all can be used by the tablet in point 2) above, and none of them are even found by my laptop. It seems there is something wrong with my laptop and Nokia 3 when they try to communicate. Currently I'm still using my Nokia 3 as a modem via Bluetooth, but the connection is rather slow. When the wi-fi hotspot was working the speed was much higher. Some data: - the laptop is a HP 6730s, quite slow but incredibly robust; Buster is up to date - all the Nokia 3 have Android 9 July update Thanks in advance for any hint. -- Nimrod
Re: Multiple monitors...
On Wed, 2018-03-07 at 21:28 +0100, deloptes wrote: > Nimrod wrote: > > > I need to show some movies on different monitors using a video card > > with 8 HDMI ports on a workstation, and I need to have all done > > perhaps reveal the make and model of this "misterious" card first. I have this card at office, I only know it's an Nvidia, and actually the nouvau driver is loaded. This driver only manages four ports, but I'm sure that the proprietary driver from Nvidia can manage all the eight ports. > second you may need appropriate xorg configuration (either xorg.conf) > or via > xrandr from user space. For example > > xrandr --output HDMI-1 --auto --right-of HDMI-2 --auto I made some other attempts today and I think I found a solution that uses xrandr and xdotool. I open all windows on the left-most screen defined with xrandr, at full screen, then I use xdotool, with some simple calculation based on the width and the number of monitors, to show every window on a specific monitor. The only disadvantage of this solution is that a user must be logged in a gnome-shell session, but I'm going to handle this simply with an autologin user, because the workstation is well protected from physical access. Thanks a lot for your suggestion. > and so on > > check with xrandr without arguments and post output here. > > regards >
Multiple monitors...
Hi, I need to show some movies on different monitors using a video card with 8 HDMI ports on a workstation, and I need to have all done automatically everytime the workstation starts, without use intervention. I had no time yet to practice with this card, but I also have a card with two HDMI and a VGA ports on my PC at work, so I made some experiments. I'm using GNOME on Debian Stretch, and GNOME allows me only to arrange the two monitors as a unique virtual bigger screen (besides other configurations such as mirroring I'm not interested in). If I have to show a window on a specific monitor I can only use some sort of xdotool/wmctrl command. Also, I see some confusion between displays and workspace. I can move or show a new window on a specific workspace, but that's useless for me. I got some decent results using xrandr to put the two monitors side by side (they have different resolution, but this is not a problem for me) and then using xdotool to move a window to the right far enough to have it on the second monitor. But this is rather complicated. My first thought was using the DISPLAY variable this way: $ DISPLAY=:0.0 xterm $ DISPLAY=:0.1 gedit The first command works, but the second says "cannot open display :0.1". I'm sure there must be an easier solution. Thanks in advance. -- Nimrod
SOLVED Re: Preventing ACL on cdrom drive...
On Wed, 2016-12-28 at 13:42 +0100, Pascal Hambourg wrote: > Le 28/12/2016 à 11:19, Nimrod a écrit : > > > >> I guess I have to specify suitable permission in the above file. I > >> tried with: > >> > >> ENV{ID_FS_USAGE}=="filesystem|other|crypto", > >> ENV{UDISKS_FILESYSTEM_SHARED}="1", GROUP="users", MODE="0660" > >> > >> (on a single line), but it seems that GROUP and MODE are simply > >> ignored. > > > > Sorry, I'm wrong again: the above line actually sets suitable permission > > on /dev/sr0. > > Anyway I do not think that it helps. > > > So the problem is at mount point level. The cdrom is > > mounted under /media/CDROM, but whatever permission I give to /media the > > CDROM subdirectory is owned by user 1000 and nobody can umount it except > > user 1000 (that's me, but if another user mount it, "eject" prompts me > > with my own credentials in order to actually eject the CDROM). > > AFAIK, the ability for anyone to unmount the filesystem is not related > to the permissions on the mount point but to the "users" mount option. > > > I didn't find any way to mount /media/CDROM avoiding this annoying > > behaviour. > > Mount with a line in /etc/fstab with options noauto,users. Well, actually that worked, but I was looking for a completely "udev" solution. Nevertheless, I'm happy with this solution too, so I marked the thread as solved. Thanks and happy new year to everybody! >
Re: Preventing ACL on cdrom drive...
On Mon, 2016-12-26 at 22:16 +0100, Nimrod wrote: > On Mon, 2016-12-26 at 18:29 +0100, Pascal Hambourg wrote: > > > Le 26/12/2016 à 17:28, Nimrod a écrit : > > > On Sat, 2016-12-24 at 05:20 +0100, Michael Biebl wrote: > > > > > >> Does it help if you mount the cdrom as shared? > > >> See https://udisks.freedesktop.org/docs/latest/udisks.8.html → > > >> UDISKS_FILESYSTEM_SHARED > > > > > > No, it doesn't. The disk is already mounted in a shared directory, but > > > its name is "/media//CDROM", and permissions are restricted to > > > only, where is the one who first logged in the Gnome > > > desktop. > > > > /media/ is not a shared directory. > > Sorry, you're right. I followed the above suggestion, but the result > is not a great step forward: if another user tries to eject the cdrom, > he's asked with the password of the user who logged for first. > > I guess I have to specify suitable permission in the above file. I > tried with: > > ENV{ID_FS_USAGE}=="filesystem|other|crypto", > ENV{UDISKS_FILESYSTEM_SHARED}="1", GROUP="users", MODE="0660" > > (on a single line), but it seems that GROUP and MODE are simply > ignored. Sorry, I'm wrong again: the above line actually sets suitable permission on /dev/sr0. So the problem is at mount point level. The cdrom is mounted under /media/CDROM, but whatever permission I give to /media the CDROM subdirectory is owned by user 1000 and nobody can umount it except user 1000 (that's me, but if another user mount it, "eject" prompts me with my own credentials in order to actually eject the CDROM). I didn't find any way to mount /media/CDROM avoiding this annoying behaviour. Deep darkness again. > > Thanks a lot anyway. > > >
Re: Preventing ACL on cdrom drive...
On Mon, 2016-12-26 at 18:29 +0100, Pascal Hambourg wrote: > Le 26/12/2016 à 17:28, Nimrod a écrit : > > On Sat, 2016-12-24 at 05:20 +0100, Michael Biebl wrote: > > > >> Does it help if you mount the cdrom as shared? > >> See https://udisks.freedesktop.org/docs/latest/udisks.8.html → > >> UDISKS_FILESYSTEM_SHARED > > > > No, it doesn't. The disk is already mounted in a shared directory, but > > its name is "/media//CDROM", and permissions are restricted to > > only, where is the one who first logged in the Gnome > > desktop. > > /media/ is not a shared directory. Sorry, you're right. I followed the above suggestion, but the result is not a great step forward: if another user tries to eject the cdrom, he's asked with the password of the user who logged for first. I guess I have to specify suitable permission in the above file. I tried with: ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1", GROUP="users", MODE="0660" (on a single line), but it seems that GROUP and MODE are simply ignored. Thanks a lot anyway. >
Re: Preventing ACL on cdrom drive...
On Sat, 2016-12-24 at 05:20 +0100, Michael Biebl wrote: > Am 23.12.2016 um 18:54 schrieb Nimrod: > > Hi, > > > > sorry for this trivial question, but I really tried to find an answer on > > the web without any result. > > > > This is the issue: on a computer at home (shared among relatives, each > > with his/her own account), the first user that logs in after boot locks > > the cdrom drive, and any other user that logs in can't eject the cdrom: > > only the first user can eject it. > > > > Is there a way to avoid this? Being a home computer there are no privacy > > issues: the cdrom drive is used just for CD ripping or burning, there's > > no reason to prevent each other access to the unit. > > Does it help if you mount the cdrom as shared? > See https://udisks.freedesktop.org/docs/latest/udisks.8.html → > UDISKS_FILESYSTEM_SHARED No, it doesn't. The disk is already mounted in a shared directory, but its name is "/media//CDROM", and permissions are restricted to only, where is the one who first logged in the Gnome desktop. > > https://wiki.archlinux.org/index.php/udisks#Mount_to_.2Fmedia_.28udisks2.29 > > >
Re: Preventing ACL on cdrom drive...
On Fri, 2016-12-23 at 23:16 +0100, Thomas Schmitt wrote: > Hi, > > Nimrod wrote: > > I see a "+" in your permission. What is that, and how could I get it > > too? > > It indicates that there is a non-trivial ACL and that it is worth to run > program getfacl to see all permissions. > > $ getfacl /dev/sr0 > getfacl: Removing leading '/' from absolute path names > # file: dev/sr0 > # owner: root > # group: cdrom > user::rw- > user::rw- > group::rw- > mask::rw- > other::--- > > I.e. my desktop user explicitely has rw permission independently of his > group memberships. > > > > > putting them all into group "cdrom". > > > They all are already. > > Consider Pascal Hambourg's theory that only the one can eject who mounted. > > If the automounter (udisks ?) acts on your desktop user's behalf or on > its own user id, then permissions on the device file might be not enough > to operate it. > > In this case you need to get your automounter under control. > > > > sometimes I'm even prompted for > > password to eject a CD I myself put into the drive! > > What happens if the various users perform the command > > eject /dev/sr0 > > in a shell terminal ? Especially the superuser should have success. Here is what happens when another user issues the "eject" command: umount: /media/andrea/CDROM: Permission denied eject: unmount of `/media/andrea/CDROM' failed As you surely expected, root can eject the cdrom instead. > > Maybe you can enable all your family members to perform > sudo eject /dev/sr0 > and provide some icon for this command on the desktop. (I assume family > does not like shell commands.) > It would work, but that would also be rather unaesthetic. Nevertheless I will try this approach as a last choice. > > Have a nice day :) > > Thomas >
Re: Preventing ACL on cdrom drive...
On Fri, 2016-12-23 at 20:54 +0100, Pascal Hambourg wrote: > Le 23/12/2016 à 18:54, Nimrod a écrit : > > > > This is the issue: on a computer at home (shared among relatives, each > > with his/her own account), the first user that logs in after boot locks > > the cdrom drive, and any other user that logs in can't eject the cdrom: > > only the first user can eject it. > > I suspect that in order to eject the CD, you must first unmount its > filesystem, but only the user who mounted it or root can unmount it if > the CD drive has the "user" option in /etc/fstab. Try to replace "user" > with "users" which allows any user to unmount it. There is no line about cdrom in /etc/fstab. Cdrom are usually mounted under /media//cdrom or something like that. Since audio CD are not mounted, any user can eject them. This could be a good point for your suspicion (or is it "suspect"? Sorry, english is not my language). Anyway, here is the output from mount about a CDROM: /dev/sr0 on /media/andrea/CDROM type iso9660 (ro,nosuid,nodev,relatime,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2) Hope this is useful, thanks. >
Re: Preventing ACL on cdrom drive...
Thanks for your kind answer, below is mine. On Fri, 2016-12-23 at 20:30 +0100, Thomas Schmitt wrote: > Hi, > > Nimrod wrote: > > the first user that logs in after boot locks the cdrom > > drive, and any other user that logs in can't eject the cdrom: only the first > > user can eject it. > > Are you sure that it is the existence of the a user's ACL permission > which prevents the other's from ejecting and not their lack of own > permission ? No, I'm lost in the deepest darkness. > > I understand from traces in the web, that on my Debian Jessie it is about > SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="uaccess" > in > /lib/udev/rules.d/70-uaccess.rules > Rumor has it that "uaccess" causes the ACL. That's what I found too, but none of the adviced solution works. > > The permission set of my /dev/sr0 > > brw-rw+ 1 root cdrom 11, 0 Dec 23 12:26 /dev/sr0 > Here are mine: brw-rw 1 root cdrom 11, 0 Dec 23 20:48 /dev/sr0 I see a "+" in your permission. What is that, and how could I get it too? > is not narrowed by the desktop user's ACL but rather widened. So i would > assume that your whole family needs rw-permission. That could be achieved > here by putting them all into group "cdrom". > They all are already. I add something I forgot to mention: sometimes I'm even prompted for password to eject a CD I myself put into the drive! > > Have a nice day :) I'd rather hope to get in bed quite soon and sleep till 11 AM, but thanks a lot anyway. > > Thomas >
Preventing ACL on cdrom drive...
Hi, sorry for this trivial question, but I really tried to find an answer on the web without any result. This is the issue: on a computer at home (shared among relatives, each with his/her own account), the first user that logs in after boot locks the cdrom drive, and any other user that logs in can't eject the cdrom: only the first user can eject it. Is there a way to avoid this? Being a home computer there are no privacy issues: the cdrom drive is used just for CD ripping or burning, there's no reason to prevent each other access to the unit. Best regards. -- Nimrod