Category Archives: Debian

OpenVPN complains about wrong user/password without you requesting one?

If your OpenVPN client is complaining about a wrong user/password combination (AUTH_FAILED), although you are not requesting it on your server, it might be a completely different reason.

After migrating to a new operating system but taking OpenVPN’s configuration with me, I was running into this problem. All clients were complaining about wrong username and password.

The reason is simple:

openvpn_client-connect.sh: line 3: mail: command not found
Wed May 25 23:16:22 2016 CertName/192.168.1.12:54211 WARNING: Failed running command (--client-connect): could not execute external program
Wed May 25 23:16:25 2016 CertName/192.168.1.12:54211 PUSH: Received control message: 'PUSH_REQUEST'
Wed May 25 23:16:25 2016 CertName/192.168.1.12:54211 Delayed exit in 5 seconds
Wed May 25 23:16:25 2016 CertName/192.168.1.12:54211 SENT CONTROL [CertName]: 'AUTH_FAILED' (status=1)

I configured OpenVPN to send an email on connect and disconnect of a client. The script wants to use the mail command – which is not installed as default by Xenial. This leads to a client-connect-script error which in turn leads OpenVPN to respond with an AUTH_FAILED. Which in turn gives the “Wrong username/password” error message on the clients.

Solution: Make the client-connect script working again 😀

Installing Debian Jessie on an APU1D4

To install Debian Jessie on an APU1D4, it is easiest to go for a network installation. You need
– a TFTP server
– a DHCP server
– the Debian file structure in the TFTP server’s root directory

For DHCP you will need something like the following configuration:

ddns-update-style none;
max-lease-time 186400;
authoritative;

subnet 192.168.66.0 netmask 255.255.255.0 {
  range 192.168.66.100 192.168.66.150;
  option domain-name-servers 192.168.66.1;
  option domain-name "example.com";
  option domain-search "example.com";
  option routers 192.168.66.1;
  option broadcast-address 192.168.66.255;
  default-lease-time 86400;
  max-lease-time 186400;
}

host apuc{
	hardware ethernet 00:0d:b9:12:34:bc;
	fixed-address 192.168.66.66;
        filename "pxelinux.0";
        next-server 192.168.66.1;
}
host apud{
	hardware ethernet 00:0d:b9:12:34:bd;
	fixed-address 192.168.66.66;
        filename "pxelinux.0";
        next-server 192.168.66.1;
}
host apue{
	hardware ethernet 00:0d:b9:12:34:be;
	fixed-address 192.168.66.66;
        filename "pxelinux.0";
        next-server 192.168.66.1;
}

For the TFTP server you need something like the following configuration:

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

Then simply extract the debian installer files into /src/tftp . I have included my working configuration into netboot_serial_20150107.tar. Should you want to change its configuration, simply edit the file pxelinux.cfg/default file. Mine looks as follows and is preconfigured for serial console output:

default install
label install
	menu label ^Install
	menu default
	kernel debian-installer/amd64/linux
	append initrd=debian-installer/amd64/initrd.gz --- vga=normal console=tty0 console=ttyS0,115200n8

Attach a serial console cable and fire it up!

Install most basic Debian Jessie container for use as a template for LXC or similar

To create a most basic Debian Jessie container, you can follow these steps:

mkdir jessie
cd jessie
mkdir rootfs
cd rootfs/
debootstrap jessie . http://ftp.de.debian.org/debian/
chroot .
passwd

You should not forget to set the root password as it is good to have a known value later.

Now that we are within the container, we can configure the most basic settings that we will need for all containers:

tasksel --task-packages standard | xargs apt-get install -y
dpkg-reconfigure locales

Here I am usually generating

  de_DE.ISO-8859-1
  de_DE.UTF-8
  de_DE.ISO-8859-15@euro
  en_US.ISO-8859-1
  en_US.ISO-8859-15
  en_US.UTF-8

and set the default to en_US.UTF-8 .

To get the full repository contents, you should change your repository sources to look as below:

deb http://ftp.de.debian.org/debian jessie main contrib non-free
deb http://ftp.de.debian.org/debian-security jessie/updates main contrib non-free

and then do an aptitude update .

You should also install an SSH server by entering

aptitude install openssh-server

Enable root logins via SSH by changing one line in its configuration:

PermitRootLogin yes

Unfortunately systemd is not yet working easily with LXC, so it should be replaced by the old sysvinit:

aptitude install sysvinit-core
dpkg -P systemd

Edit initial DNS resolver configuration so it looks like this:

search yourdomain.com
nameserver ip.of.your.namserver

Then also configure the main network interface configuration:

auto eth0
iface eth0 inet static
	address 192.168.168.100
	netmask 255.255.255.255
	gateway 192.168.168.1

iface eth0 inet6 static
        address 2001:aaaa:bbbb:0168::2
        netmask 64
        gateway 2001:aaaa:bbbb:0168::1

Replace /etc/inittab with the following short version which is enough for a container:

id:2:initdefault:
si::sysinit:/etc/init.d/rcS
~~:S:wait:/sbin/sulogin
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty --noclear 38400 console
p0::powerfail:/sbin/init 0
p6::ctrlaltdel:/sbin/init 6

Should the network not come up automatically, you can set the IP address in the config file of the container:

lxc.network.ipv4=192.168.168.100/24

After a first start, you should also configure the mail server so it can send all system mail to your main mail server:

dpkg-reconfigure exim4-config

and answer all the questions.

Shut the machine down again, cleanup all the log files and make a copy which you can then use as your template for further containers.

FhGFS glitches

Installing FhGFS leads to little glitches. I am installing on Debian 7.0 running XQuartz on Mac OS X.

  • to avoid the XTEST error message when starting the Java GUI, follow the instructions on http://xquartz.macosforge.org/trac/ticket/414 and enter defaults write org.macosforge.xquartz.X11 enable_test_extensions -bool yes in a terminal window before starting the GUI
  • if you are using a proxy, be sure to define it in /etc/environment before starting the admon process or else the automatic wget downloads will fail

VGA modes when booting the Linux kernel

Use these modes in the kernel boot parameters list with vga=0x317 for 800x600x16, more in the table:

 Colours   640x400 640x480 800x600 1024x768 1152x864 1280x1024 1600x1200
  -------+--------------------------------------------------------------
  4 bits |    ?       ?     0x302      ?        ?        ?         ?
  8 bits |  0x300   0x301   0x303    0x305    0x161    0x307     0x31C
 15 bits |    ?     0x310   0x313    0x316    0x162    0x319     0x31D
 16 bits |    ?     0x311   0x314    0x317    0x163    0x31A     0x31E
 decimal |           d785    d788     d791
 24 bits |    ?     0x312   0x315    0x318      ?      0x31B     0x31F
 decimal |           d786    d789     d792
 32 bits |    ?       ?       ?        ?      0x164      ?

How to build your own Debian Etch Boot CD with recent 3ware-9xxx drivers

I wanted to install my latest server (Dual-Quad-Xeons and a 5.7TB 3ware 9650SE controller) with Debian Etch. Unfortunately at this moment there was no Debian installation CD with a recent 3w-9xxx driver – so my great RAID controller was not supported. Of course all Debian CDs didn’t find any harddisk 🙁

Now there were two possibilities – a network boot or a customized Debian installation CD. Here I will describe the second option, building your own installation CD.

The latest official Debian kernel at this moment was 2.6.18-3, so I downloaded exactly the following packages:

  • linux-image-2.6.18-3-amd64
  • linux-headers-2.6.18-3-amd64

This way I needed to simply exchange the included kernel module with my new version. To exchange the 3w-9xxx module, I downloaded the sources from 3ware and built the module. The resulting 3w-9xxx.ko has to be copied over the “old” file which does not know about the 9650SE controller yet. A simple

cp 3w-9xxx.ko /lib/modules/2.6.18-3-amd64/kernel/drivers/scsi/

did it in my case!

A Debian installer CD needs special kernel packages, so called “udebs”. You can build these udebs from an installed kernel, if you download the source of linux-kernel-di-amd64-2.6 with the command

apt-get source linux-kernel-di-amd64-2.6

then you enter the unpacked directory, in my case this was linux-kernel-di-amd64-2.6-1.14 . As I said, I wanted to build/update kernel 2.6.18-3, but the downloaded sources are probably for another/older version. In my case this was 2.6.17-2. To make everything work, you have to change every occurrence of 2.6.17-2 to 2.6.18-3 in the files debian/control and kernel-versions by opening the files with any editor you like. I was using vi and issued the command

:%s/2.6.17-2/2.6.18-3/g

Simply enter dpkg-buildpackage after this and you will find many .udeb files in the parent directory. If dpkg-buildpackage is not available, install the package dpkg-dev . If it breaks after it started, it could need the package kernel-wedge.

Keep the .udeb files, you will need them later!

Now you have to build a recent version of debian-installer. I used the developer version from the subversion repository. To get the sources, give the folllowing command and enter the installer directory afterwards:

svn co svn://svn.debian.org/svn/d-i/trunk/installer installer

Edit the file build/config/amd64.cfg and make sure the KERNELVERSION line shows YOUR kernel version. Also uncomment the word #monolithic in the first line by removing the #. Edit build/config/common and make sure SUITE is set to “testing” or whatever you wish to install later. Copy the .udeb files you created before into the build/localudebs directory,

You should probably copy the original kernel .deb from
/var/cache/apt/archives to /usr/src and also the newly built driver
module to /usr/src, so you can edit build/config/common and make sure
the following line exists:

EXTRAFILES = /usr/src/linux-image-2.6.18-3-amd64_2.6.18-7_amd64.deb /usr/src/3w-9xxx.ko

This way these files will be at the same place in installation environment –
and you should install /copy them before finishing the installation, otherwise the installer has found your
RAID disk, but after you boot into your new system the old kernel would
be active and not recognizing the controller. (To install you can open a shell by selecting one of the last installer menu entries. Your future system can be found in the /target directory. Don’t forget to add your necessary kernel module to be included in your initrd, otherwise the kernel will boot, but then wait endlessly for its root file system. I did that by adding 3w-9xxx to /etc/initramfs-tools/modules and then doing a “mkinitramfs -o initrd.img-2.6.18-3-amd64 2.6.18-3-amd64.)

Now enter the build directory and type

make build_monolithic

Should it break because of unmet dependencies, install them. In my case I had to enter this:

apt-get install grep-dctrl bc debiandoc-sgml libbogl-dev glibc-pic libslang2-pic libnewt-pic genext2fs mklibs mkisofs dosfstools syslinux tofrodos mtools bf-utf-source

Should you get an error saying something about weak symbols, try a “make reallyclean” and then a “make build_monolithic” again – it worked for me and I had an ISO image in dest/monolithic .