Header Shadow Image


[ERROR] waitforx: Unable to find any RandR outputs and FATAL: Module nvidia not found in directory

Recently ran into this lovely message:

root@g73sw01:~#
root@g73sw01:~# systemctl status gdm3 -l
? gdm.service – GNOME Display Manager
Loaded: loaded (/usr/lib/systemd/system/gdm.service; static)
Active: active (running) since Sat 2024-09-14 14:42:24 EDT; 1 day 21h ago
Main PID: 3254 (gdm3)
Tasks: 4 (limit: 19063)
Memory: 5.7M (peak: 50.2M)
CPU: 2.239s
CGroup: /system.slice/gdm.service
??3254 /usr/sbin/gdm3

Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rh>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rho>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: unable to locate daemon control file
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: stashed password to try later in open session
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_unix(gdm-password:session): session opened for user tom@mds.xyz(uid=155601104) by tom@mds.xyz(>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: unlocked login keyring
Sep 16 11:52:37 g73sw01.nix.mds.xyz gdm3[736955]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
Sep 16 11:52:48 g73sw01.nix.mds.xyz gdm3[737640]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
Sep 16 11:52:58 g73sw01.nix.mds.xyz gdm3[3254]: Gdm: Child process -39565 was already dead.
Sep 16 11:52:58 g73sw01.nix.mds.xyz gdm3[737891]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
root@g73sw01:~#

and also this one on XRDP and RDP attempts:

xrdp-sesman.log:[2024-09-14T13:10:14.437-0400] [ERROR] waitforx: Unable to find any RandR outputs

as well as this one in one of the /var/log/ log files:

can’t open /sys/module/nvidia/version
can’t access /run/u-d-c-nvidia-drm-was-loaded file

To begin addressing these, issue the following:

apt install linux-modules-nvidia

followed by installing the latest version:

apt install linux-objects-nvidia-550-server-open-6.8.0-44-lowlatency

this installed something.  But the command:

ubuntu-drivers list

still showed nothing.  And I do have Proprietary drivers for devices(restricted) is also checked in Software & Updates under Ubuntu Software.  So let’s try to install the open kernel package:

apt install nvidia-driver-550-open

and check if that worked:

ubuntu-drivers list

but nothing shows up.  Time for a reboot.  Testing with nvidia-smi reveals we need to:

root@g73sw01:~# nvidia-smi
NVIDIA-SMI has failed because it couldn’t communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.

root@g73sw01:~#

But this quickly turned into a struggle.  Even in single user mode, the following was printed and made it difficult to get a prompt:

NVRM: The NVIDIA GPU 0000:01:00.0 (PCI ID: 10de:0dd1)
NVRM: installed in this system is not spported by open nvidia.ko because it does not include the required GPU
NVRM: System Processor (GSP)
NVRM: Please see the ‘Open Linux Kernel Modules’ and ‘GSP Firmware’ sections in the driver README, available on
NVRM: the Linux graphics driver download page at www.nvidia.com.
nvidia: probe of 0000:01:00.0 failed with error -1
NVRM: The NVIDIA probe routine failed for 1 device(s)
NVRM: None of the NVIDIA devices were initialized.

Got X startup issues so neither NoMachine nor XRDP worked:

ERROR: apport (pid 24951) 2024-09-16 14:46:59,145: report /var/crash/_usr_bin_ibus-daemon.155601104.crash already exists and unseen, skipping to avoid disk usage DoS

Eventually, ended up in this state and with these packages:

libnvidia-cfg1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-common-470/noble-updates,noble-updates,noble-security,noble-security,now 470.256.02-0ubuntu0.24.04.1 all [installed,auto-removable]
libnvidia-compute-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
libnvidia-compute-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-decode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-decode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-egl-wayland1/noble,now 1:1.1.13-1build1 amd64 [installed,auto-removable]
libnvidia-encode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-encode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-extra-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-fbc1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-fbc1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-gl-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-gl-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-ifr1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-ifr1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
linux-modules-nvidia-550-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed]
linux-objects-nvidia-470-6.8.0-1005-oem/noble,now 6.8.0-1005.5 amd64 [installed,automatic]
linux-objects-nvidia-550-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed,automatic]
linux-objects-nvidia-550-server-open-6.8.0-44-lowlatency/noble-updates,noble-security,now 6.8.0-44.44.1+1 amd64 [installed]
linux-signatures-nvidia-6.8.0-1005-oem/noble,now 6.8.0-1005.5 amd64 [installed,automatic]
linux-signatures-nvidia-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed,automatic]
nvidia-compute-utils-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
nvidia-firmware-550-550.107.02/noble-updates,noble-security,now 550.107.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
nvidia-kernel-common-550/noble-updates,noble-security,now 550.107.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
nvidia-kernel-source-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
nvidia-prime/noble,noble,now 0.8.17.2 all [installed]
nvidia-settings/noble,now 510.47.03-0ubuntu4 amd64 [installed]
nvidia-utils-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
xserver-xorg-video-nvidia-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]

via these commands:

apt install linux-modules-nvidia-550-$(uname -r)
apt install linux-modules-nvidia-470-6.8.0-1005-oem

and upon reboot, no boot specific issues, yet.  Naturally made use of:

https://ubuntu.com/server/docs/nvidia-drivers-installation

After a few combinations of xrdp and xorgxrdp, finally logged in with only these errors printed:

[20240916-16:22:26] [ERROR] SSL_read: I/O error
[20240916-16:22:26] [ERROR] libxrdp_force_read: header read error
[20240916-16:22:26] [ERROR] Processing [ITU-T T.125] Connect-Initial failed
[20240916-16:22:26] [ERROR] [MCS Connection Sequence] receive connection request failed
[20240916-16:22:26] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20240916-16:22:26] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240916-16:22:26] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240916-16:22:26] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240916-16:22:26] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

This is the combination that works for both Kerberos/LDAP authenticated users and locally authenticated users:

xorgxrdp/noble,now 1:0.9.19-1 amd64 [installed]
xrdp/noble,now 0.9.24-4 amd64 [installed]

But when using:

xrdp_0.10.1-2_amd64.deb

we get the original error.

xrdp-sesman.log:[2024-09-14T13:10:14.437-0400] [ERROR] waitforx: Unable to find any RandR outputs

Now let’s try compiling from source.  Both XRDP and XORGXRDP from their GitHub repos and off the main branch:

root@g73sw01:/etc/X11# cat /etc/xrdp/sesman.ini|grep param
; Session definitions – startup command-line parameters for each session type
; Fedora 26 or later : param=/usr/libexec/Xorg
; Debian 9 or later : param=/usr/lib/xorg/Xorg
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
; Arch Linux : param=/usr/lib/Xorg
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
; CentOS 8 : param=/usr/libexec/Xorg
; FreeBSD (from 2022Q4) : param=/usr/local/libexec/Xorg
; param=Xorg
param=/usr/lib/xorg/Xorg

A parameter change that was needed is above, but otherwise worked for at least the local users.  A session example:

[tom@mds.xyz@g73sw01:~] :)[U]$ /usr/lib/xorg/Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log

X.Org X Server 1.21.1.11
X Protocol Version 11, Revision 0
Current Operating System: Linux g73sw01.nix.mds.xyz 6.8.0-1005-oem #5-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 01:33:14 UTC 2024 x86_64
Kernel command line: BOOT_IMAGE=/BOOT/ubuntu_6ywjpk@/vmlinuz-6.8.0-1005-oem root=ZFS=rpool/ROOT/ubuntu_6ywjpk ro quiet splash vt.handoff=1
xorg-server 2:21.1.12-1ubuntu1 (For technical support please see http://www.ubuntu.com/support)
Current version of pixman: 0.42.2
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (–) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: “.xorgxrdp.11.log”, Time: Tue Sep 17 00:52:18 2024
(++) Using config file: “/etc/X11/xrdp/xorg.conf”
(==) Using system config directory “/usr/share/X11/xorg.conf.d”
xorgxrdpSetup:
xrdpdevSetup:
rdpmousePlug:
rdpkeybPlug:
rdpIdentify:
rdpDriverFunc: op 10
rdpProbe:
rdpPreInit:
rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
rdpScreenInit: pfbMemory bytes 1920000
rdpScreenInit: pfbMemory 0x7f6d00924010
rdpSimdInit: assigning yuv functions
rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000206a7 bx 0x03100800 cx 0x1fbae3bf dx 0xbfebfbff
rdpSimdInit: sse2 amd64 yuv functions assigned
rdpClientConInit: disconnect idle session after [0] sec
rdpClientConInit: kill disconnected [0] timeout [0] sec
rdpXvInit: depth 24
rdpScreenInit: out
rdpCreateScreenResources:
rdpmousePreInit: drv 0x6351a97a2c90 info 0x6351a9a814f0, flags 0x0
rdpmouseControl: what 0
rdpmouseDeviceInit:
rdpmouseCtrl:
rdpRegisterInputCallback: type 1 proc 0x7f6d019c2610
rdpmouseControl: what 1
rdpmouseDeviceOn:
rdpkeybPreInit: drv 0x6351a97a2c40 info 0x6351a9a85040, flags 0x0
rdpkeybControl: what 0
rdpLoadLayout: rules=”evdev” model=”pc104″ variant=””layout=”us” options=””
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Could not resolve keysym XF86CameraAccessEnable
> Warning: Could not resolve keysym XF86CameraAccessDisable
> Warning: Could not resolve keysym XF86CameraAccessToggle
> Warning: Could not resolve keysym XF86NextElement
> Warning: Could not resolve keysym XF86PreviousElement
> Warning: Could not resolve keysym XF86AutopilotEngageToggle
> Warning: Could not resolve keysym XF86MarkWaypoint
> Warning: Could not resolve keysym XF86Sos
> Warning: Could not resolve keysym XF86NavChart
> Warning: Could not resolve keysym XF86FishingChart
> Warning: Could not resolve keysym XF86SingleRangeRadar
> Warning: Could not resolve keysym XF86DualRangeRadar
> Warning: Could not resolve keysym XF86RadarOverlay
> Warning: Could not resolve keysym XF86TraditionalSonar
> Warning: Could not resolve keysym XF86ClearvuSonar
> Warning: Could not resolve keysym XF86SidevuSonar
> Warning: Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpRegisterInputCallback: type 0 proc 0x7f6d00e27940
rdpkeybControl: what 1
rdpkeybDeviceOn:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpDeferredRandR:
rdpResizeSession: width 1024 height 768
calling RRScreenSizeSet
rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203
rdpRRGetInfo:
screen resized to 1024×768
RRScreenSizeSet ok 1
rdpRRSetRdpOutputs: numCrtcs 0 numOutputs 0 monitorCount 0
rdpRRSetRdpOutputs: update output 0 left 0 top 0 width 1024 height 768
rdpRRConnectOutput:
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off

 

Cheers,
HTH

SSSD krb5_child Disk quota exceeded

Getting this?

Sep 14 14:04:08 g73sw01.nix.mds.xyz krb5_child[53814]: Disk quota exceeded

Digging further:

root@g73sw01:~# cat /proc/key-users
0: 163 162/162 131/1000000 2746/25000000
101: 1 1/1 1/200 9/64000
108: 1 1/1 1/200 9/64000
110: 4 4/4 4/200 44/64000
113: 2 2/2 2/200 18/64000
123: 1 1/1 1/200 9/64000
128: 4 4/4 4/200 44/64000
135: 1 1/1 1/200 9/64000
137: 1 1/1 1/200 9/64000
997: 1 1/1 1/200 9/64000
998: 1 1/1 1/200 9/64000
999: 1 1/1 1/200 9/64000
1000: 5 5/5 5/200 55/64000
155601104: 60 60/60 59/200 19963/64000
root@g73sw01:~#

quick solution (albeit temporary) is to set kernel/keys/maxbytes higher:

# sysctl -w kernel/keys/maxbytes=64000
kernel.keys.maxbytes = 64000

and that will get you in.  However, on reboot, the high value above of 19963 disappeared, meaning it was a bug or a one-off issue when cache wasn’t cleared, so never had to use the above maxbytes increase after a reboot.  YMMV!

Cheers,
HTH

Mount Samba Share on Ubuntu

Getting this?

root@g73sw01:~# mount -t cifs -o credentials=/home/unbeknownst/.smbcredentials,vers=3.0 //nfs-c01.nix.mds.xyz/nfs-bob ./test -vv
mount: /root/test: mount(2) system call failed: No route to host.
root@g73sw01:~#

Solve it with:

root@g73sw01:~# apt-get install keyutils cifs-utils

Next hurdle, was the following:

tom@g73sw01:~$ id
uid=1000(tom) gid=1000(tom) groups=1000(tom),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),135(lxd),136(sambashare)
tom@g73sw01:~$ mount -t cifs -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000 //nfs-c01.nix.mds.xyz/nfs-vincent ./samba
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$

Strangely enough, the solution for this one is NOT to use mount -t cifs , but mount.cifs:

tom@g73sw01:~$ sudo mount.cifs //nfs-c01.nix.mds.xyz/nfs-vincent /home/tom/samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
[sudo] password for tom:
tom@g73sw01:~$

Testing this out a bit further, reveals the mount needs to be done via sudo:

tom@g73sw01:~$ mount -t cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$ mount.cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$ sudo mount -t cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
tom@g73sw01:~$

Not the best error message to indicate the real reason for the mount failure.  Testing from another user, reveals access denied:

[tom@mds.xyz@g73sw01:~] :([U]$ pwd
/n/mds.xyz/tom
[tom@mds.xyz@g73sw01:~] :)[U]$ cd /home/tom/samba
bash: cd: /home/tom/samba: Permission denied
[tom@mds.xyz@g73sw01:~] :([U]$

Perfect!

Cheers,
HTH

Identifying Ubuntu NVMe Drives based on Bus Number

There are three NVMe’s in a laptop. Two of the NVMe’s are the exact same model, Intel, and the other is a Kingston NVMe. All NVMe’s are 512GB. All are running either Windows 11 on the two identical drives, or Windows 10 on the Kingston drive. I want to keep only the second NVMe drive with Windows 11, and overwrite the first NVMe one, with Ubuntu.

However, when Ubuntu installation starts up, the NVMe drives show up as nvme0n1, nvme1n1 and nvme2n1.

The drives are as follows and their Bus Numbers as per the BIOS, are as follows:

1 – Intel SSDPEKNW512G8, Bus:2, Dev: 0, Func: 0
2 – Kingston RBUSNS8154P3512GJ3, Bus: 3, Dev: 0, Func: 0
3 – SSDPEKNW512G8, Bus: 4, Dev: 0, Func: 0

How do I tell which one I can overwrite without destroying drive #3 above, which I need to ensure retains the Windows 11 installation?

It turns out we can tell from the Ubuntu Installation command line as follows:

  • Press Ctrl – Alt – T, to open the Ubuntu Installation Linux command line.
  • Issue

    sudo su –

    to become the root (superuser)

  • Issue the following command to list the drives:

    lsblk -o NAME,SIZE,VENDOR,MODEL

  • That should give you printout similar to:

    nvme0n1 476.9G Intel SSDPEKNW512G8
    nvme1n1 476.9G Kingston RBUSNS8154P3512GJ3
    nvme2n1 476.9G Intel SSDPEKNW512G8

  • Next issue the following to list the bus numbers for each of the NVMe drives:

    lspci|grep -Ei “nvme|ssd”

  • This will list the SSD’s with their Bus numbers as follows:

    02:00:00 Non-Volatile memory controller: Intel Corporation SSD 660P Series (rev 03)
    03:00:00 Non-Volatile memory controller: Kingston Technology Company, Inc.  A1000/U-SNS8154P3 x2 NVMe SSD (rev 01)
    04:00:00 Non-Volatile memory controller: Intel Corporation SSD 660P Series (rev 03)

  • Each number above corresponding to the Bus identified in BIOS earlier.

An additional check that can be ran is using

fdisk -l

in Linux and comparing that to the Windows 10/11 diskpart output.  Both commands will display a Disk ID or Disk Identifier, that is unique for the filesystem MBR when the partitions were first created and laid down.  This won’t change until the disk is repartitioned.

Steps on Linux

  • Start a Terminal.
  • Become root:

    sudo su –

  • Execute

    fdisk -l

On Windows 10/11:

  • Start command prompt as administrator.
  • Execute:

    diskpart

  • Within diskpart, execute the following:

    select disk 0                 # Change to the disk you wish to check other then 0.
    detail disk

The additional, or secondary check could also be the only check needed or possible, since the windows Bus Information as “Bus Number 0” appeared for all the drives.  This was confusing.

Regardless, Happy Installing!

Cheers,
HTH

Ubuntu Disable RST while Windows Partitions Exist

Windows 11 already has the AHCI drivers by default.  There’s a number of articles that explain how to modify regex settings.  Usually this is not for the average user, or even an experienced one since if it doesn’t work, those settings would need to be reverted.   And there may not be an easy way to do this once the system can’t boot up, esp since windows will take actions, modifying files,  to try and boot the system.  This can have unintended consequences.

Regardless, backups are highly advised to a USB drive, that include all files and settings, before proceeding.

Disable RST in Advanced\SATA Configuration in BIOS by pressing F2 or DEL to get into BIOS first.  Reboot and check if every OS can boot up.  If they don’t, revert the BIOS settings and look at installing AHCI in Windows 10/11 to allow to switch to AHCI (It’s a boot driver after all).  The driver will come from your motherboard or laptop manufacturer.

Cheers,
HTH

Ubuntu: network unclaimed error

Getting a:

network unclaimed error

after a recent NVIDIA or apt update command?

After a recent upgrade, system wouldn’t boot to a UI.  Blank screen is shown.  To solve this, hit SHIFT + F2 at the blank screen, to switch to a terminal login screen.  Once at the login screen, change directory to /lib/modules/:

cd /lib/modules/

and type:

ls -altri

You may see that the kernel version has been updated, potentially unsuccessfully so no network drivers can be loaded.  Try to boot with an older kernel, which was the case for us, and that allowed us to get into the system since the previous kernel apparently has the proper network drivers to load at boot time, to bring Network connectivity back.

However, how did the system error out like that in the first place?  Turns out that the WineHQ for Ubuntu had a broken repository list, erroring out any apt update.  Not 100% sure or if WineHQ updated anything in the last few days, but an:

apt update

appears to have been ran and did not properly complete.  Appears this resulted in an incomplete kernel being updated or installed.  Again not 100% sure however, there were more package definitions in:

/etc/apt/source.list.d/

for WineHQ that had to be removed.  Once this was done, running:

apt update

or

apt upgrade

completed successfully and the updated packages for the kernel were downloading, fixing the latest Kernel as well.  This fixed the issue permanently, and the need to use a previous kernel to get around the boot issue above, was resolved.

Cheers,

OpenVPN Setup on Ubuntu

To get the latest version of OpenVPN, which will be 2.6 since files for 3.0 are still not yet available at the time of this article, we first need to import the OpenVPN repository key:

# ls -altri /etc/apt/keyrings/

# curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg –dearmor > /etc/apt/keyrings/openvpn-repo-pub-key.gpg

Change ‘arch’ to match your CPU architecture. Check the release versions available here:

https://build.openvpn.net/debian/openvpn/release/

And select the folder that actually has files in it.  For example, 2.6 has files in it and it’s the latest version:

Index of /debian/openvpn/release/2.6/
../
dists/ 12-Feb-2024 13:28 –
pool/ 09-Nov-2023 10:41 –
keyring.gpg 12-Feb-2024 13:28 7416
pubkey.gpg 12-Feb-2024 13:28 9903

Get the OS distribution to be used in the later command:

# lsb_release -c | awk ‘{print $2}’

Using the above, create the OpenVPN repository file within the /etc/apt/sources.list.d/ folder like this:

# echo “deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/release/2.6 jammy main” > /etc/apt/sources.list.d/openvpn-aptrepo.list

Verify the repository is working correctly by running an apt-get update:

# apt-get update

or

apt update

Followed by:

# apt install openvpn

Verify with:

# dpkg -l | grep -Ei vpn

Following this, configure your OpenVPN Client as follows. For the purpose of this article, assumption will be made that all the necessary files to connect to an OpenVPN Servers have been generated and sent over in a file such as user-vpn-config.zip or equivalent ( Replace user-vpn-cnofig.zip with the actual zip name sent to you. ):

ca.crt
ta.key
openvpn.domain.com-user.ovpn
user.key
user.crt

Copy the zip then extract the files to a folder such as:

# mkdir ~/openvpn
# cd ~/openvpn
# wget https://SOURCE-URL.com/SOURCE-PATH/user-vpn=config.zip # Replace the uppercase text with the actual path provided by your OpenVPN Server provider.
# unzip user-vpn-config.zip

The ‘~’ indicates the home folder of the currently logged in user. To find the current user, type:

# who am i

at the terminal prompt. Use a line such as this to verify the contents of the .ovpn config file:

# grep -Eiv “#|;” openvpn.domain.com-user.ovpn | sed ‘/^[[:space:]]*$/d’
client
dev tun2
proto tcp
remote openvpn.domain.com 12345
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-GCM:AES-128-GCM
data-ciphers-fallback AES-256-CBC
auth SHA256
comp-lzo no
verb 3
auth-nocache
tun-mtu 1500
#

Time to connect. Issue the following to connect to the remote site:

# openvpn openvpn.domain.com-user.ovpn

Important to note that when running the above command, it will not exit in that terminal window.  This is expected.  To access the remote host resources, either use another terminal tab or just another plain terminal or simply minimize the terminal running the OpenVPN command above, and use the rest of your workstation as if it was connected directly to your ISP.

Try to access some of the resources on the remote site. See your OpenVPN Server or ISP emails for further details.

Enjoy!

REF: https://askubuntu.com/questions/291035/how-to-add-a-gpg-key-to-the-apt-sources-keyring
REF: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
REF: https://support.surfshark.com/hc/en-us/articles/360011051133-How-to-set-up-manual-OpenVPN-connection-using-Linux-Terminal

IPA Fails to start: Timeout Exceeded and No Route to Host when IPV6 disabled

IPA doesn’t start? Just prints the following when an attempt is made to start it?

# strace -f -s 256 ipactl start
.
.
.
.
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr(“127.0.0.1”)}, 16) = 0
getsockname(4, {sa_family=AF_INET, sin_port=htons(51027), sin_addr=inet_addr(“127.0.0.1”)}, [28->16]) = 0
close(4) = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, “::1”, &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EHOSTUNREACH (No route to host)
close(4) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr(“127.0.0.1”)}, 16) = 0
close(4) = 0
socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
connect(4, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, “::1“, &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EHOSTUNREACH (No route to host)
close(4) = 0
select(0, NULL, NULL, NULL, {tv_sec=1, tv_usec=0}^C) = ? ERESTARTNOHAND (To be restarted if no handler)
strace: Process 3890 detached
Cancelled.

Running some basic checks, reveals the same error since IPV6 is disabled:

# nc -vz localhost 389
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:389.
Ncat: 0 bytes sent, 0 bytes received in 0.03 seconds.
# nc -vz ::1 389
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: No route to host.
#

And starting or attempting to start IPA resulted in:

#  ipactl start
Starting Directory Service
Failed to start Directory Service: Timeout exceeded

More debugging:

# vi /etc/sysctl.conf
# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:86:0d:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.0.44/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.0.46/32 scope global eth0
valid_lft forever preferred_lft forever

Disabling the disabling of IPV6 by commenting out the lines:

# cat /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# net.ipv6.conf.all.disable_ipv6 = 1
# net.ipv6.conf.default.disable_ipv6 = 1

DO NOT run this on the IPA server. This breaks SAMBA (https://www.freeipa.org/page/Deployment_Recommendations)

# grubby –update-kernel ALL –args ‘ipv6.disable=1’

After disabling with the commands below IPV6 the above error happened. Reenabling IPV6:

cat /etc/sysctl.conf
# net.ipv6.conf.all.disable_ipv6 = 1
# net.ipv6.conf.default.disable_ipv6 = 1

Followed by executing:

# sysctl -p

to stage the above changes, resolved the above error.  IPA now successfully starts up:

# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

Other errors seen alongside the one mentioned above:

# pwd
/var/log/dirsrv/slapd-NIX-MDS-XYZ
# tail -f errors access

(Sun Mar 10 10:09:21 2024) [[sssd[ldap_child[2407]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘NIX.MDS.XYZ’

Mar 10 11:46:32 idmipa01.nix.mds.xyz ns-slapd[1587]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: /tmp/krb5cc_993))

# vi /var/log/krb5kdc.log
Mar 09 23:40:37 idmipa01.nix.mds.xyz krb5kdc[1114](info): Didn’t connect to LDAP on startup: 110
krb5kdc: Server error – while fetching master key K/M for realm NIX.MDS.XYZ

VMWare
(Disconnected)

Connection timed out

Cheers,
HTH

Find Which Device Is Connected to a Cisco Switch Port

Issue the following:

mdscisco07#sh mac address-table interface gigabitEthernet 1/19
Unicast Entries
vlan mac address type protocols port
——-+—————+——–+———————+——————–
5 abcd.1234.wxyz dynamic ip,ipx GigabitEthernet1/19

HTH

Configuring an Ubuntu Workstation with XRDP, SSHD, VNC, FreeIPA, SSSD, Java, NetBeans

Building an Ubuntu Workstation for development and general use, one that can be accessed remotely with central authentication.  Most of the commands below will be ran as the root user, hence

# sudo su –

to root will be needed.  Let’s get going:

ALIAS SETUP

Personally, the following alias just makes it a tad easier to get around:

$ grep -Ei altri ~/.bashrc
alias lt=’ls -altri’
$

Some of the other commands that can come in handy is the bash search CTRL + r, allowing history searches and recalling previous commands.

NETWORK IP

# nmcli con add type ethernet con-name ens160 ifname ens160 ipv4.addresses 192.168.0.30/24 ipv4.gateway 192.168.0.1 ipv4.dns “192.168.0.46 192.168.0.51 192.168.0.224” ipv4.method manual ipv4.dns-search “mds.xyz nix.mds.xyz mws.mds.xyz” 

# nmcli con up ens160 

Associate the interface name that exists on your machine to the profile named ens160.

# (optional) nmcli con modify ens160 connection.interface-name INTERFACE-NAME             # Interface name determined by running ip a command.

# nmcli con show

Create a /etc/resolv.conf with the following contents:

$ cat /etc/resolv.conf
nameserver 192.168.0.224
nameserver 192.168.0.46
nameserver 192.168.0.51
domain nix.mds.xyz
search mds.xyz nix.mds.xyz mds.xyz

Or use the GUI.  Test by pinging google.com or another site.  Disable the other usual systemd network services:

# systemctl stop systemd-resolved
# systemctl stop resolveconf

 

SSHD

Install the SSHD server using:

apt install openssh-server

Test using PuTTy.

XRDP

Install XRDP using:

# apt install xrdp

Check that the service is running and port is open:

root@fr-ubuntu-01:~# netstat -pnltu|grep -Ei xrdp
tcp6 0 0 :::3389 :::* LISTEN 64884/xrdp
tcp6 0 0 ::1:3350 :::* LISTEN 64874/xrdp-sesman
root@fr-ubuntu-01:~#

Test using Windows Remote Desktop Connection:

SOFTWARE CENTER

Install the software center.  It may be missing:

# apt install synaptic
# apt install gnome-software

Check that the icons now exist in the Ubuntu start menu.

TIGER VNC

Install packages:

# apt list|grep -Ei tigervnc

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

tigervnc-common/jammy,now 1.12.0+dfsg-4 amd64 [installed,automatic]
tigervnc-scraping-server/jammy 1.12.0+dfsg-4 amd64
tigervnc-standalone-server/jammy,now 1.12.0+dfsg-4 amd64 [installed]
tigervnc-tools/jammy,now 1.12.0+dfsg-4 amd64 [installed,automatic]
tigervnc-viewer/jammy,now 1.12.0+dfsg-4 amd64 [installed]
tigervnc-xorg-extension/jammy,now 1.12.0+dfsg-4 amd64 [installed]

One line command to install the above is:

# apt install tigervnc-common tigervnc-scraping-server tigervnc-standalone-server tigervnc-tools tigervnc-viewer tigervnc-xorg-extension

Setup VNC for a number of users.  This file is global and hence, owned by root:

# cat /etc/tigervnc/vncserver.users
# TigerVNC User assignment
#
# This file assigns users to specific VNC display numbers.
# The syntax is <display>=<username>. E.g.:
#
# :2=andrew
# :3=lisa

:1=root
:2=vncuser

Create the configs such as these for each users:

root@fr-ubuntu-01:~/.vnc# cat config
# create new
# session=(display manager you use)
# securitytypes=(security options)
# geometry=(screen resolution)
session=gnome
securitytypes=vncauth,tlsvnc
geometry=2048×1152
depth=24
root@fr-ubuntu-01:~/.vnc#

Set the ~/.vnc/xstartup as follows:

#!/bin/bash -x

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
unset DBUS_SESSION_BUS_ADDRESS

unset SESSION_MANAGER
exec /usr/bin/gnome-session

Start TigerVNC as root first to test that a VNC server on port 5901 starts up:

# /usr/bin/tigervncserver –depth 32 –geometry 1680×1050 –localhost no :1 2>&1

Check with:

root@fr-ubuntu-01:~/.vnc# netstat -pnltu|grep -Ei 590
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 8021/Xtigervnc
tcp6 0 0 :::5901 :::* LISTEN 8021/Xtigervnc
root@fr-ubuntu-01:~/.vnc#

This will work but won’t allow root direct login via VNC.  Next, configure multiple instances to start on bootup, one for a non-privileged user.  To do so, the following line can be used to start sessions for each user:

/usr/sbin/tigervncsession “root” “:1”
/usr/sbin/tigervncsession “vncuser” “:2”

The above in turn is called from the TigerVNC startup scripts here in green (blue lines are extra added to stopping a server):

root@fr-ubuntu-01:~/.vnc# grep -Eiv “#” /lib/systemd/system/tigervncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=network.target

[Service]
User=root
Group=root
Type=forking
ExecStart=/usr/libexec/tigervncsession-start %i
ExecStop=/usr/bin/tigervncserver –kill :%i

PIDFile=/run/tigervncsession-:%i.pid
SELinuxContext=system_u:system_r:vnc_session_t:s0

[Install]
WantedBy=multi-user.target
root@fr-ubuntu-01:~/.vnc#

The systemd startup script calls yet another, this time, a bash script.  The below copy is highly modified for the purpose of this article:

# cat -n /usr/libexec/tigervncsession-start
1 #!/bin/bash
2 #
3 # Copyright 2019 Pierre Ossman for Cendio AB
4 #
5 # This is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
9 #
10 # This software is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this software; if not, write to the Free Software
17 # Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307,
18 # USA.
19 #
20
21 USERSFILE=”/etc/tigervnc/vncserver.users”
22 echo “Using configuration file $USERSFILE … ”
23
24 if [[ $# -ne 1 ]]; then
25   echo “Syntax:” >&2
26   echo ” $0 <display>” >&2
27   echo “Example:”
28   echo ” $0 \”:1\”” >&2
29   exit 1
30 fi
31
32 if [[ ! -f “${USERSFILE}” ]]; then
33   echo “Users file ${USERSFILE} is missing. Exiting!” >&2
34   exit 1
35 fi
36
37 DISPLAY=”$1″
38
39 # Check if that server is already running.
40 for VNCENTRY in $(/usr/bin/tigervncserver –list|awk ‘{ if ( $1 ~ /[0-9]+/ ) print $1 }’); do
41   echo “Checking if $VNCENTRY is already running …”;
42     if [[ $VNCENTRY -eq $DISPLAY ]]; then
43       echo “ERROR: Server $VNCENTRY is already running. If intent is to restart, issue a stop and start on that server:”;
44       echo ” systemctl stop tigervncserver@1″;
45       echo ” systemctl start tigervncserver@1″;
46       echo “OR issue the following”;
47       echo ” /usr/bin/tigervncserver –kill :$DISPLAY”;
48       exit 1;
49     fi
50 done
51
52 USER=$(grep “^[ ]*:${DISPLAY}=” “${USERSFILE}” 2>/dev/null | head -1 | cut -d = -f 2- | sed ‘s/ *$//g’)
53
54 echo “User for display $DISPLAY identified as \”$USER\” from file $USERSFILE …”;
55 echo “Users defined in config file are:”
56 echo “———————————”
57 grep -Eiv “#” $USERSFILE;
58 echo “———————————”
59
60 if [[ -z “${USER}” ]]; then
61   echo “No user configured for display ${DISPLAY}” >&2
62   exit 1
63 else
64   echo “Starting VNC Server as user ${USER} … ”
65 fi
66
67 # exec “/usr/sbin/tigervncsession” “${USER}” “:${DISPLAY}”
68 /usr/sbin/tigervncsession “${USER}” “:${DISPLAY}”;
69 echo “Return code from running /usr/sbin/tigervncsession is: $?”;
70
71 echo “Checking if PID file has been created.”
72 vnccount=0;
73 while [[ true ]]; do
74   vnccount=$((vnccount + 1))
75   if [[ -r /run/tigervncsession-:$DISPLAY.pid ]]; then
76     echo “PID File created by /usr/sbin/tigervncsession exists in /run/tigervncsession-:$DISPLAY.pid …”;
77     echo “Successfully started the TigerVNC Server on display port $DISPLAY. “;
78     break;
79   else
80     echo “PID Process file /run/tigervncsession-:$DISPLAY.pid not yet created. Waiting …”;
81     sleep 1;
82   fi
83
84   if [[ $vnccount -gt 10 ]]; then
85     echo “ERROR: TigerVNC process startup failed to create a PID file in /run/tigervncsession-:$DISPLAY.pid …”;
86     echo “ERROR: This indicares issues in startup. Exiting!”;
87     exit 1;
88   fi
89 done

At this point, looks like everything has a decent chance of working when started up.  Before plowing ahead, check and kill any previous VNC sessions that might still be hanging around started manually.  Need to do this to prevent errors particularly with port conflicts.

root@fr-ubuntu-01:~/.vnc# /usr/bin/tigervncserver –list

TigerVNC server sessions:

X DISPLAY # RFB PORT # RFB UNIX PATH PROCESS ID # SERVER
root@fr-ubuntu-01:~/.vnc#
root@fr-ubuntu-01:~/.vnc#
root@fr-ubuntu-01:~/.vnc# /usr/bin/tigervncserver –kill :*
tigervncserver: No VNC server running for this user!
root@fr-ubuntu-01:~/.vnc#

Let’s try and start up the service via systemd:

systemctl enable tigervncserver@1
systemctl enable tigervncserver@2

And start them:

systemctl start tigervncserver@1
systemctl start tigervncserver@2

check the status:

systemctl status tigervncserver@1
systemctl status tigervncserver@2

check ports:

root@fr-ubuntu-01:~# netstat -pnltu|grep -Ei 590
tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 72393/Xtigervnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 51235/Xtigervnc
tcp6 0 0 ::1:5902 :::* LISTEN 72393/Xtigervnc
tcp6 0 0 :::5901 :::* LISTEN 51235/Xtigervnc
root@fr-ubuntu-01:~#

And connect using a VNC Viewer application installed on your Windows 10/11 or installed on a Linux Desktop.  A few options exist including RealVNC and TightVNC:

RealVNC Viewer

PROBLEMS and FIXES

When encountering the following:

Jan 20 20:14:35 fr-ubuntu-01 systemd[40475]: tigervncserver@1.service: Failed to determine user credentials: No such process
Jan 20 20:14:35 fr-ubuntu-01 systemd[40475]: tigervncserver@1.service: Failed at step USER spawning /usr/libexec/tigervncsession-start: No such process

Fix the above by adding a user to the service:

# cat /lib/systemd/system/tigervncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=network.target

[Service]
User=root
Group=root
Type=forking
ExecStart=/usr/libexec/tigervncsession-start %i
PIDFile=/run/tigervncsession-%i.pid
SELinuxContext=system_u:system_r:vnc_session_t:s0

[Install]
WantedBy=multi-user.target

If getting this error:

Jan 20 20:16:49 fr-ubuntu-01 tigervncsession-start[40631]: No user configured for display 1

Fix by adding a user to this file:

# cat /etc/tigervnc/vncserver.users
# TigerVNC User assignment
#
# This file assigns users to specific VNC display numbers.
# The syntax is <display>=<username>. E.g.:
#
# :2=andrew
# :3=lisa

:1=root
:2=vncuser

Next issue:

# tail -f /var/log/syslog /var/log/auth.log
Jan 21 10:09:04 fr-ubuntu-01 gdm-password]: pam_succeed_if(gdm-password:auth): requirement “user != root” not met by user “root”

Means that the system is not configured to allow direct root login.  This is a security feature, worth having.  There are ways to enable this but it’s not recommended.  Best to configure access to a non-privileged user.  Hence, let’s configure for that above.

Another issue that can be seen is:

Jan 21 13:03:24 fr-ubuntu-01 systemd[1]: tigervncserver@1.service: Can’t open PID file /run/tigervncsession-1.pid (yet?) after start: Operation not permitted

this required a small update to the startup script:

/usr/libexec/tigervncsession-start

by adding in the following lines and removing the exec:

52 # exec "/usr/sbin/tigervncsession" "${USER}" ":${DISPLAY}"
53 /usr/sbin/tigervncsession "${USER}" ":${DISPLAY}"
54 echo "Return code from running /usr/sbin/tigervncsession is: $?"
55 echo "Checking if PID file has been created."
56 vnccount=0
57 while [[ true ]]; do
58     vnccount=$((vnccount + 1))
59     if [[ -r /run/tigervncsession-:$DISPLAY.pid ]]; then
60         echo "PID File created by /usr/sbin/tigervncsession exists in /run/tigervncsession-:$DISPLAY.pid ...";
61         echo "Successfully started the TigerVNC Server on display port $DISPLAY. ";
62     else
63         echo "PID Process file /run/tigervncsession-:$DISPLAY.pid not yet created. Waiting ...";
64         sleep 1;
65     fi
66
67     if [[ $vnccount -gt 10 ]]; then
68         echo "ERROR: TigerVNC process startup failed to create a PID file in /run/tigervncsession-:$DISPLAY.pid ...";
69         echo "ERROR: This indicares issues in startup. Exiting!";
70         exit 1;
71     fi
72 done

and modify the startup script as follows since the services append a ‘:’ to the file name:

# vi /lib/systemd/system/tigervncserver@.service
PIDFile=/run/tigervncsession-:%i.pid

then retry to start / restart the service.

Connectivity issue such as this:

# telnet fr-ubuntu-01.nix.mds.xyz 5902
Connecting To fr-ubuntu-01.nix.mds.xyz…Could not open connection to the host, on port 5902: Connect failed

is not due to the F/W, however, it’s good to check:

root@fr-ubuntu-01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@fr-ubuntu-01:~#
root@fr-ubuntu-01:~#
root@fr-ubuntu-01:~#
root@fr-ubuntu-01:~# ufw status
Status: inactive
root@fr-ubuntu-01:~#

but it has a lot to do with missing startup files in the USER/.vnc/ folder, such as these, with the correct permissions:

root@fr-ubuntu-01:/home/francesco/.vnc# lt
total 40
500 -rw——- 1 francesco francesco 8 Jan 14 23:57 passwd
1462 -rwx—— 1 francesco francesco 121 Jan 21 00:31 xstartup
1464 -rw——- 1 francesco francesco 177 Jan 21 12:20 config
34 drwxr-x— 15 francesco francesco 23 Jan 21 16:24 ..
1814 -rw-rw-r– 1 francesco francesco 6 Jan 21 16:24 fr-ubuntu-01.nix.mds.xyz:5902.pid
16 -rw-r–r– 1 francesco francesco 205 Jan 21 16:24 fr-ubuntu-01:2.log
504 -rw-rw-r– 1 francesco francesco 6083 Jan 21 16:27 fr-ubuntu-01.nix.mds.xyz:5902.log
496 drwxrwxr-x 2 francesco francesco 8 Jan 21 16:41 .
root@fr-ubuntu-01:/home/francesco/.vnc# cat xstartup
#!/bin/bash -x

PATH=/usr/bin:/usr/sbin
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec /usr/bin/gnome-session
root@fr-ubuntu-01:/home/francesco/.vnc# cat config
# create new
# session=(display manager you use)
# securitytypes=(security options)
# geometry=(screen resolution)
session=gnome
securitytypes=vncauth,tlsvnc
geometry=2048×1152
root@fr-ubuntu-01:/home/francesco/.vnc#

Whenever files are modified, restart the service.

SSSD / AD AUTHENTICATION

Install the SSSD Daemon to connect with central authentication, to, amongst other things, use a central user and

# apt install sssd-ad-common sssd-ad sssd-common sssd-dbus sssd-ipa sssd-kcm sssd-krb5-common sssd-krb5 sssd-ldap sssd-proxy sssd-tools sssd freeipa-client oddjob-mkhomedir libpam-sss libnss-sss sssd sssd-tools sssd-ldap ldap-utils openssl ca-certificates sssd-ad realmd adcli -y

# apt install libnfsidmap1 libnfsidmap-regex libnfsidmap-dev libnfs13 libnfs-utils libnfs-dev autofs nfs-common

# ipa-client-install –uninstall; ipa-client-install –force-join -p autojoin -w “<PASS>” –fixed-primary –server=idmipa01.nix.mds.xyz –server=idmipa02.nix.mds.xyz –domain=nix.mds.xyz –realm=NIX.MDS.XYZ -U

# ipa-client-automount –location=UserHomeDir01 -U

Configure the /etc/nsswitch.conf file for automount:

root@fr-ubuntu-01:/var/log# grep -Ei automount /etc/nsswitch.conf
automount: files sss
root@fr-ubuntu-01:/var/log#

Before using the service, a few tweaks are likely needed.  Update /etc/sssd/sssd.conf to add the lines in green:

root@fr-ubuntu-01:/var/log# cat /etc/sssd/sssd.conf
[domain/nix.mds.xyz]

id_provider = ipa
ipa_server = idmipa01.nix.mds.xyz, idmipa02.nix.mds.xyz
ipa_domain = nix.mds.xyz
ipa_hostname = fr-ubuntu-01.nix.mds.xyz
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_store_password_if_offline = True
sudo_provider = ipa
autofs_provider = ipa
subdomains_provider = ipa
session_provider = ipa
hostid_provider = ipa
ipa_automount_location = UserHomeDir01

dyndns_update = True
dyndns_update_ptr = True
ldap_schema = ad
ldap_id_mapping = True

sudo_provider = ipa
ldap_uri = ldap://idmipa01.nix.mds.xyz, ldap://idmipa02.nix.mds.xyz
ldap_sudo_search_base = ou=sudoers,dc=nix,dc=mds,dc=xyz

override_homedir = /n/%d/%u
# fallback_homedir = /n/%d/%u
# ldap_user_home_directory = unixHomeDirectory

[sssd]
services = nss, pam, ssh, sudo, autofs

domains = nix.mds.xyz
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

[session_recording]

root@fr-ubuntu-01:/var/log#

Adjust the /etc/krb5.conf file by adding in these additional entries:

root@fr-ubuntu-01:/var/log# cat /etc/krb5.conf
#File modified by ipa-client-install

includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
  default_realm = NIX.MDS.XYZ
  dns_lookup_realm = false
  rdns = false
  dns_canonicalize_hostname = false
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 0
  default_ccache_name = KEYRING:persistent:%{uid}

[realms]
  NIX.MDS.XYZ = {
    kdc = idmipa01.nix.mds.xyz:88
    master_kdc = idmipa01.nix.mds.xyz:88
    admin_server = idmipa01.nix.mds.xyz:749
    kpasswd_server = idmipa01.nix.mds.xyz:464
    kdc = idmipa02.nix.mds.xyz:88
    master_kdc = idmipa02.nix.mds.xyz:88
    admin_server = idmipa02.nix.mds.xyz:749
    kpasswd_server = idmipa02.nix.mds.xyz:464
    default_domain = nix.mds.xyz
    pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
    pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem

  }

  MDS.XYZ = {
    kdc = ad.mds.xyz
    default_domain = mds.xyz
  }

[domain_realm]
  .nix.mds.xyz = NIX.MDS.XYZ
  nix.mds.xyz = NIX.MDS.XYZ
  fr-ubuntu-01.nix.mds.xyz = NIX.MDS.XYZ
  .mds.xyz = MDS.XYZ
  mds.xyz = MDS.XYZ

root@fr-ubuntu-01:/var/log#

Check the remote AD user and the NFS mount:

root@fr-ubuntu-01:/n/mds.xyz# id remoteuser@mds.xyz
uid=155612345(remoteuser@mds.xyz) gid=155612345(remoteuser@mds.xyz) ………………………………..
root@fr-ubuntu-01:/n/mds.xyz#

Adjust the VNC configuration to allow extra AD / Kerberos / LDAP users access:

root@fr-ubuntu-01:/n/mds.xyz/remoteuser/.vnc# ls -altri xstartup config passwd
12410600697251477469 -rwx—— 1 remoteuser@mds.xyz remoteuser@mds.xyz 121 Jan 21 00:31 xstartup
9668247031218421920 -rw——- 1 remoteuser@mds.xyz remoteuser@mds.xyz 177 Jan 21 12:20 config
12896900723358409448 -rw——- 1 remoteuser@mds.xyz remoteuser@mds.xyz 8 Jan 21 18:41 passwd
root@fr-ubuntu-01:/n/mds.xyz/remoteuser/.vnc#

Adjust the VNC servers allowed for the users:

root@fr-ubuntu-01:/n/mds.xyz/remoteuser/.vnc# grep -Eiv “#” /etc/tigervnc/vncserver.users
:1=root
:2=vncuser
:3=vncuser@mds.xyz
:4=remoteuser@mds.xyz
root@fr-ubuntu-01:/n/mds.xyz/remoteuser/.vnc#

JDK JAVA DEVELOPMENT KIT

Run the following to install openjdk:

root@fr-ubuntu-01:~# apt install openjdk-21-jdk
root@fr-ubuntu-01:~# java –version
openjdk 21.0.1 2023-10-17
OpenJDK Runtime Environment (build 21.0.1+12-Ubuntu-222.04)
OpenJDK 64-Bit Server VM (build 21.0.1+12-Ubuntu-222.04, mixed mode, sharing)
root@fr-ubuntu-01:~#

NETBEANS

Installing through the software center, bring in a version that’s dated and may have issues on newer OS versions like Ubuntu 22.04.  Therefore, install directly from the latest package version from the following site:

https://netbeans.apache.org/front/main/download/nb20/

Install using the following steps:

# cd /tmp
# wget https://dlcdn.apache.org/netbeans/netbeans-installers/20/apache-netbeans_20-1_all.deb

# apt install ./apache-netbeans_20-1_all.deb

Start NetBeans via the UI.

CONCLUSION

Confirm all services are working by logging into your Ubuntu Server with the remote user, via VNC and start NetBeans:

Ubuntu Desktop Configuration Verification

Enjoy!

Cheers,


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License