[ERROR] waitforx: Unable to find any RandR outputs and FATAL: Module nvidia not found in directory
Recently ran into this lovely message:
root@g73sw01:~#
root@g73sw01:~# systemctl status gdm3 -l
? gdm.service – GNOME Display Manager
Loaded: loaded (/usr/lib/systemd/system/gdm.service; static)
Active: active (running) since Sat 2024-09-14 14:42:24 EDT; 1 day 21h ago
Main PID: 3254 (gdm3)
Tasks: 4 (limit: 19063)
Memory: 5.7M (peak: 50.2M)
CPU: 2.239s
CGroup: /system.slice/gdm.service
??3254 /usr/sbin/gdm3
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rh>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rho>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: unable to locate daemon control file
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: stashed password to try later in open session
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: pam_unix(gdm-password:session): session opened for user tom@mds.xyz(uid=155601104) by tom@mds.xyz(>
Sep 16 11:52:32 g73sw01.nix.mds.xyz gdm-password][736096]: gkr-pam: unlocked login keyring
Sep 16 11:52:37 g73sw01.nix.mds.xyz gdm3[736955]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
Sep 16 11:52:48 g73sw01.nix.mds.xyz gdm3[737640]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
Sep 16 11:52:58 g73sw01.nix.mds.xyz gdm3[3254]: Gdm: Child process -39565 was already dead.
Sep 16 11:52:58 g73sw01.nix.mds.xyz gdm3[737891]: modprobe: FATAL: Module nvidia not found in directory /lib/modules/6.8.0-44-generic
root@g73sw01:~#
and also this one on XRDP and RDP attempts:
xrdp-sesman.log:[2024-09-14T13:10:14.437-0400] [ERROR] waitforx: Unable to find any RandR outputs
as well as this one in one of the /var/log/ log files:
can’t open /sys/module/nvidia/version
can’t access /run/u-d-c-nvidia-drm-was-loaded file
To begin addressing these, issue the following:
apt install linux-modules-nvidia
followed by installing the latest version:
apt install linux-objects-nvidia-550-server-open-6.8.0-44-lowlatency
this installed something. But the command:
ubuntu-drivers list
still showed nothing. And I do have Proprietary drivers for devices(restricted) is also checked in Software & Updates under Ubuntu Software. So let’s try to install the open kernel package:
apt install nvidia-driver-550-open
and check if that worked:
ubuntu-drivers list
but nothing shows up. Time for a reboot. Testing with nvidia-smi reveals we need to:
root@g73sw01:~# nvidia-smi
NVIDIA-SMI has failed because it couldn’t communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.
root@g73sw01:~#
But this quickly turned into a struggle. Even in single user mode, the following was printed and made it difficult to get a prompt:
NVRM: The NVIDIA GPU 0000:01:00.0 (PCI ID: 10de:0dd1)
NVRM: installed in this system is not spported by open nvidia.ko because it does not include the required GPU
NVRM: System Processor (GSP)
NVRM: Please see the ‘Open Linux Kernel Modules’ and ‘GSP Firmware’ sections in the driver README, available on
NVRM: the Linux graphics driver download page at www.nvidia.com.
nvidia: probe of 0000:01:00.0 failed with error -1
NVRM: The NVIDIA probe routine failed for 1 device(s)
NVRM: None of the NVIDIA devices were initialized.
Got X startup issues so neither NoMachine nor XRDP worked:
ERROR: apport (pid 24951) 2024-09-16 14:46:59,145: report /var/crash/_usr_bin_ibus-daemon.155601104.crash already exists and unseen, skipping to avoid disk usage DoS
Eventually, ended up in this state and with these packages:
libnvidia-cfg1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-common-470/noble-updates,noble-updates,noble-security,noble-security,now 470.256.02-0ubuntu0.24.04.1 all [installed,auto-removable]
libnvidia-compute-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
libnvidia-compute-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-decode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-decode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-egl-wayland1/noble,now 1:1.1.13-1build1 amd64 [installed,auto-removable]
libnvidia-encode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-encode-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-extra-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-fbc1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-fbc1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-gl-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-gl-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
libnvidia-ifr1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
libnvidia-ifr1-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 i386 [installed,auto-removable]
linux-modules-nvidia-550-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed]
linux-objects-nvidia-470-6.8.0-1005-oem/noble,now 6.8.0-1005.5 amd64 [installed,automatic]
linux-objects-nvidia-550-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed,automatic]
linux-objects-nvidia-550-server-open-6.8.0-44-lowlatency/noble-updates,noble-security,now 6.8.0-44.44.1+1 amd64 [installed]
linux-signatures-nvidia-6.8.0-1005-oem/noble,now 6.8.0-1005.5 amd64 [installed,automatic]
linux-signatures-nvidia-6.8.0-44-generic/noble-updates,noble-security,now 6.8.0-44.44+1 amd64 [installed,automatic]
nvidia-compute-utils-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
nvidia-firmware-550-550.107.02/noble-updates,noble-security,now 550.107.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
nvidia-kernel-common-550/noble-updates,noble-security,now 550.107.02-0ubuntu0.24.04.1 amd64 [installed,automatic]
nvidia-kernel-source-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
nvidia-prime/noble,noble,now 0.8.17.2 all [installed]
nvidia-settings/noble,now 510.47.03-0ubuntu4 amd64 [installed]
nvidia-utils-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
xserver-xorg-video-nvidia-470/noble-updates,noble-security,now 470.256.02-0ubuntu0.24.04.1 amd64 [installed,auto-removable]
via these commands:
apt install linux-modules-nvidia-550-$(uname -r)
apt install linux-modules-nvidia-470-6.8.0-1005-oem
and upon reboot, no boot specific issues, yet. Naturally made use of:
https://ubuntu.com/server/docs/nvidia-drivers-installation
After a few combinations of xrdp and xorgxrdp, finally logged in with only these errors printed:
[20240916-16:22:26] [ERROR] SSL_read: I/O error
[20240916-16:22:26] [ERROR] libxrdp_force_read: header read error
[20240916-16:22:26] [ERROR] Processing [ITU-T T.125] Connect-Initial failed
[20240916-16:22:26] [ERROR] [MCS Connection Sequence] receive connection request failed
[20240916-16:22:26] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20240916-16:22:26] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240916-16:22:26] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240916-16:22:26] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240916-16:22:26] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
This is the combination that works for both Kerberos/LDAP authenticated users and locally authenticated users:
xorgxrdp/noble,now 1:0.9.19-1 amd64 [installed]
xrdp/noble,now 0.9.24-4 amd64 [installed]
But when using:
xrdp_0.10.1-2_amd64.deb
we get the original error.
xrdp-sesman.log:[2024-09-14T13:10:14.437-0400] [ERROR] waitforx: Unable to find any RandR outputs
Now let’s try compiling from source. Both XRDP and XORGXRDP from their GitHub repos and off the main branch:
root@g73sw01:/etc/X11# cat /etc/xrdp/sesman.ini|grep param
; Session definitions – startup command-line parameters for each session type
; Fedora 26 or later : param=/usr/libexec/Xorg
; Debian 9 or later : param=/usr/lib/xorg/Xorg
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
; Arch Linux : param=/usr/lib/Xorg
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
; CentOS 8 : param=/usr/libexec/Xorg
; FreeBSD (from 2022Q4) : param=/usr/local/libexec/Xorg
; param=Xorg
param=/usr/lib/xorg/Xorg
A parameter change that was needed is above, but otherwise worked for at least the local users. A session example:
[tom@mds.xyz@g73sw01:~] :)[U]$ /usr/lib/xorg/Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
X.Org X Server 1.21.1.11
X Protocol Version 11, Revision 0
Current Operating System: Linux g73sw01.nix.mds.xyz 6.8.0-1005-oem #5-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 01:33:14 UTC 2024 x86_64
Kernel command line: BOOT_IMAGE=/BOOT/ubuntu_6ywjpk@/vmlinuz-6.8.0-1005-oem root=ZFS=rpool/ROOT/ubuntu_6ywjpk ro quiet splash vt.handoff=1
xorg-server 2:21.1.12-1ubuntu1 (For technical support please see http://www.ubuntu.com/support)
Current version of pixman: 0.42.2
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (–) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: “.xorgxrdp.11.log”, Time: Tue Sep 17 00:52:18 2024
(++) Using config file: “/etc/X11/xrdp/xorg.conf”
(==) Using system config directory “/usr/share/X11/xorg.conf.d”
xorgxrdpSetup:
xrdpdevSetup:
rdpmousePlug:
rdpkeybPlug:
rdpIdentify:
rdpDriverFunc: op 10
rdpProbe:
rdpPreInit:
rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
rdpScreenInit: pfbMemory bytes 1920000
rdpScreenInit: pfbMemory 0x7f6d00924010
rdpSimdInit: assigning yuv functions
rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000206a7 bx 0x03100800 cx 0x1fbae3bf dx 0xbfebfbff
rdpSimdInit: sse2 amd64 yuv functions assigned
rdpClientConInit: disconnect idle session after [0] sec
rdpClientConInit: kill disconnected [0] timeout [0] sec
rdpXvInit: depth 24
rdpScreenInit: out
rdpCreateScreenResources:
rdpmousePreInit: drv 0x6351a97a2c90 info 0x6351a9a814f0, flags 0x0
rdpmouseControl: what 0
rdpmouseDeviceInit:
rdpmouseCtrl:
rdpRegisterInputCallback: type 1 proc 0x7f6d019c2610
rdpmouseControl: what 1
rdpmouseDeviceOn:
rdpkeybPreInit: drv 0x6351a97a2c40 info 0x6351a9a85040, flags 0x0
rdpkeybControl: what 0
rdpLoadLayout: rules=”evdev” model=”pc104″ variant=””layout=”us” options=””
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Could not resolve keysym XF86CameraAccessEnable
> Warning: Could not resolve keysym XF86CameraAccessDisable
> Warning: Could not resolve keysym XF86CameraAccessToggle
> Warning: Could not resolve keysym XF86NextElement
> Warning: Could not resolve keysym XF86PreviousElement
> Warning: Could not resolve keysym XF86AutopilotEngageToggle
> Warning: Could not resolve keysym XF86MarkWaypoint
> Warning: Could not resolve keysym XF86Sos
> Warning: Could not resolve keysym XF86NavChart
> Warning: Could not resolve keysym XF86FishingChart
> Warning: Could not resolve keysym XF86SingleRangeRadar
> Warning: Could not resolve keysym XF86DualRangeRadar
> Warning: Could not resolve keysym XF86RadarOverlay
> Warning: Could not resolve keysym XF86TraditionalSonar
> Warning: Could not resolve keysym XF86ClearvuSonar
> Warning: Could not resolve keysym XF86SidevuSonar
> Warning: Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpRegisterInputCallback: type 0 proc 0x7f6d00e27940
rdpkeybControl: what 1
rdpkeybDeviceOn:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat on
rdpDeferredRandR:
rdpResizeSession: width 1024 height 768
calling RRScreenSizeSet
rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203
rdpRRGetInfo:
screen resized to 1024×768
RRScreenSizeSet ok 1
rdpRRSetRdpOutputs: numCrtcs 0 numOutputs 0 monitorCount 0
rdpRRSetRdpOutputs: update output 0 left 0 top 0 width 1024 height 768
rdpRRConnectOutput:
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
rdpInDeferredRepeatCallback:
rdpkeybChangeKeyboardControl:
rdpkeybChangeKeyboardControl: autoRepeat off
Cheers,
HTH
SSSD krb5_child Disk quota exceeded
Getting this?
Sep 14 14:04:08 g73sw01.nix.mds.xyz krb5_child[53814]: Disk quota exceeded
Digging further:
root@g73sw01:~# cat /proc/key-users
0: 163 162/162 131/1000000 2746/25000000
101: 1 1/1 1/200 9/64000
108: 1 1/1 1/200 9/64000
110: 4 4/4 4/200 44/64000
113: 2 2/2 2/200 18/64000
123: 1 1/1 1/200 9/64000
128: 4 4/4 4/200 44/64000
135: 1 1/1 1/200 9/64000
137: 1 1/1 1/200 9/64000
997: 1 1/1 1/200 9/64000
998: 1 1/1 1/200 9/64000
999: 1 1/1 1/200 9/64000
1000: 5 5/5 5/200 55/64000
155601104: 60 60/60 59/200 19963/64000
root@g73sw01:~#
quick solution (albeit temporary) is to set kernel/keys/maxbytes higher:
# sysctl -w kernel/keys/maxbytes=64000
kernel.keys.maxbytes = 64000
and that will get you in. However, on reboot, the high value above of 19963 disappeared, meaning it was a bug or a one-off issue when cache wasn’t cleared, so never had to use the above maxbytes increase after a reboot. YMMV!
Cheers,
HTH
Mount Samba Share on Ubuntu
Getting this?
root@g73sw01:~# mount -t cifs -o credentials=/home/unbeknownst/.smbcredentials,vers=3.0 //nfs-c01.nix.mds.xyz/nfs-bob ./test -vv
mount: /root/test: mount(2) system call failed: No route to host.
root@g73sw01:~#
Solve it with:
root@g73sw01:~# apt-get install keyutils cifs-utils
Next hurdle, was the following:
tom@g73sw01:~$ id
uid=1000(tom) gid=1000(tom) groups=1000(tom),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),135(lxd),136(sambashare)
tom@g73sw01:~$ mount -t cifs -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000 //nfs-c01.nix.mds.xyz/nfs-vincent ./samba
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$
Strangely enough, the solution for this one is NOT to use mount -t cifs , but mount.cifs:
tom@g73sw01:~$ sudo mount.cifs //nfs-c01.nix.mds.xyz/nfs-vincent /home/tom/samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
[sudo] password for tom:
tom@g73sw01:~$
Testing this out a bit further, reveals the mount needs to be done via sudo:
tom@g73sw01:~$ mount -t cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$ mount.cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
mount.cifs: permission denied: no match for /home/tom/samba found in /etc/fstab
tom@g73sw01:~$ sudo mount -t cifs //nfs-c01.nix.mds.xyz/nfs-vincent ./samba -o credentials=$(pwd)/.smbcredentials,vers=3.0,uid=1000,gid=1000
tom@g73sw01:~$
Not the best error message to indicate the real reason for the mount failure. Testing from another user, reveals access denied:
[tom@mds.xyz@g73sw01:~] :([U]$ pwd
/n/mds.xyz/tom
[tom@mds.xyz@g73sw01:~] :)[U]$ cd /home/tom/samba
bash: cd: /home/tom/samba: Permission denied
[tom@mds.xyz@g73sw01:~] :([U]$
Perfect!
Cheers,
HTH
Identifying Ubuntu NVMe Drives based on Bus Number
There are three NVMe’s in a laptop. Two of the NVMe’s are the exact same model, Intel, and the other is a Kingston NVMe. All NVMe’s are 512GB. All are running either Windows 11 on the two identical drives, or Windows 10 on the Kingston drive. I want to keep only the second NVMe drive with Windows 11, and overwrite the first NVMe one, with Ubuntu.
However, when Ubuntu installation starts up, the NVMe drives show up as nvme0n1, nvme1n1 and nvme2n1.
The drives are as follows and their Bus Numbers as per the BIOS, are as follows:
1 – Intel SSDPEKNW512G8, Bus:2, Dev: 0, Func: 0
2 – Kingston RBUSNS8154P3512GJ3, Bus: 3, Dev: 0, Func: 0
3 – SSDPEKNW512G8, Bus: 4, Dev: 0, Func: 0
How do I tell which one I can overwrite without destroying drive #3 above, which I need to ensure retains the Windows 11 installation?
It turns out we can tell from the Ubuntu Installation command line as follows:
- Press Ctrl – Alt – T, to open the Ubuntu Installation Linux command line.
- Issue
sudo su –
to become the root (superuser)
- Issue the following command to list the drives:
lsblk -o NAME,SIZE,VENDOR,MODEL
- That should give you printout similar to:
nvme0n1 476.9G Intel SSDPEKNW512G8
nvme1n1 476.9G Kingston RBUSNS8154P3512GJ3
nvme2n1 476.9G Intel SSDPEKNW512G8 - Next issue the following to list the bus numbers for each of the NVMe drives:
lspci|grep -Ei “nvme|ssd”
- This will list the SSD’s with their Bus numbers as follows:
02:00:00 Non-Volatile memory controller: Intel Corporation SSD 660P Series (rev 03)
03:00:00 Non-Volatile memory controller: Kingston Technology Company, Inc. A1000/U-SNS8154P3 x2 NVMe SSD (rev 01)
04:00:00 Non-Volatile memory controller: Intel Corporation SSD 660P Series (rev 03) - Each number above corresponding to the Bus identified in BIOS earlier.
An additional check that can be ran is using
fdisk -l
in Linux and comparing that to the Windows 10/11 diskpart output. Both commands will display a Disk ID or Disk Identifier, that is unique for the filesystem MBR when the partitions were first created and laid down. This won’t change until the disk is repartitioned.
Steps on Linux
- Start a Terminal.
- Become root:
sudo su –
- Execute
fdisk -l
On Windows 10/11:
- Start command prompt as administrator.
- Execute:
diskpart
- Within diskpart, execute the following:
select disk 0 # Change to the disk you wish to check other then 0.
detail disk
The additional, or secondary check could also be the only check needed or possible, since the windows Bus Information as “Bus Number 0” appeared for all the drives. This was confusing.
Regardless, Happy Installing!
Cheers,
HTH
Ubuntu Disable RST while Windows Partitions Exist
Windows 11 already has the AHCI drivers by default. There’s a number of articles that explain how to modify regex settings. Usually this is not for the average user, or even an experienced one since if it doesn’t work, those settings would need to be reverted. And there may not be an easy way to do this once the system can’t boot up, esp since windows will take actions, modifying files, to try and boot the system. This can have unintended consequences.
Regardless, backups are highly advised to a USB drive, that include all files and settings, before proceeding.
Disable RST in Advanced\SATA Configuration in BIOS by pressing F2 or DEL to get into BIOS first. Reboot and check if every OS can boot up. If they don’t, revert the BIOS settings and look at installing AHCI in Windows 10/11 to allow to switch to AHCI (It’s a boot driver after all). The driver will come from your motherboard or laptop manufacturer.
Cheers,
HTH
Ubuntu: network unclaimed error
Getting a:
network unclaimed error
after a recent NVIDIA or apt update command?
After a recent upgrade, system wouldn’t boot to a UI. Blank screen is shown. To solve this, hit SHIFT + F2 at the blank screen, to switch to a terminal login screen. Once at the login screen, change directory to /lib/modules/:
cd /lib/modules/
and type:
ls -altri
You may see that the kernel version has been updated, potentially unsuccessfully so no network drivers can be loaded. Try to boot with an older kernel, which was the case for us, and that allowed us to get into the system since the previous kernel apparently has the proper network drivers to load at boot time, to bring Network connectivity back.
However, how did the system error out like that in the first place? Turns out that the WineHQ for Ubuntu had a broken repository list, erroring out any apt update. Not 100% sure or if WineHQ updated anything in the last few days, but an:
apt update
appears to have been ran and did not properly complete. Appears this resulted in an incomplete kernel being updated or installed. Again not 100% sure however, there were more package definitions in:
/etc/apt/source.list.d/
for WineHQ that had to be removed. Once this was done, running:
apt update
or
apt upgrade
completed successfully and the updated packages for the kernel were downloading, fixing the latest Kernel as well. This fixed the issue permanently, and the need to use a previous kernel to get around the boot issue above, was resolved.
Cheers,
OpenVPN Setup on Ubuntu
To get the latest version of OpenVPN, which will be 2.6 since files for 3.0 are still not yet available at the time of this article, we first need to import the OpenVPN repository key:
# ls -altri /etc/apt/keyrings/
# curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg –dearmor > /etc/apt/keyrings/openvpn-repo-pub-key.gpg
Change ‘arch’ to match your CPU architecture. Check the release versions available here:
https://build.openvpn.net/debian/openvpn/release/
And select the folder that actually has files in it. For example, 2.6 has files in it and it’s the latest version:
Index of /debian/openvpn/release/2.6/
../
dists/ 12-Feb-2024 13:28 –
pool/ 09-Nov-2023 10:41 –
keyring.gpg 12-Feb-2024 13:28 7416
pubkey.gpg 12-Feb-2024 13:28 9903
Get the OS distribution to be used in the later command:
# lsb_release -c | awk ‘{print $2}’
Using the above, create the OpenVPN repository file within the /etc/apt/sources.list.d/ folder like this:
# echo “deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/release/2.6 jammy main” > /etc/apt/sources.list.d/openvpn-aptrepo.list
Verify the repository is working correctly by running an apt-get update:
# apt-get update
or
apt update
Followed by:
# apt install openvpn
Verify with:
# dpkg -l | grep -Ei vpn
Following this, configure your OpenVPN Client as follows. For the purpose of this article, assumption will be made that all the necessary files to connect to an OpenVPN Servers have been generated and sent over in a file such as user-vpn-config.zip or equivalent ( Replace user-vpn-cnofig.zip with the actual zip name sent to you. ):
ca.crt
ta.key
openvpn.domain.com-user.ovpn
user.key
user.crt
Copy the zip then extract the files to a folder such as:
# mkdir ~/openvpn
# cd ~/openvpn
# wget https://SOURCE-URL.com/SOURCE-PATH/user-vpn=config.zip # Replace the uppercase text with the actual path provided by your OpenVPN Server provider.
# unzip user-vpn-config.zip
The ‘~’ indicates the home folder of the currently logged in user. To find the current user, type:
# who am i
at the terminal prompt. Use a line such as this to verify the contents of the .ovpn config file:
# grep -Eiv “#|;” openvpn.domain.com-user.ovpn | sed ‘/^[[:space:]]*$/d’
client
dev tun2
proto tcp
remote openvpn.domain.com 12345
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-GCM:AES-128-GCM
data-ciphers-fallback AES-256-CBC
auth SHA256
comp-lzo no
verb 3
auth-nocache
tun-mtu 1500
#
Time to connect. Issue the following to connect to the remote site:
# openvpn openvpn.domain.com-user.ovpn
Important to note that when running the above command, it will not exit in that terminal window. This is expected. To access the remote host resources, either use another terminal tab or just another plain terminal or simply minimize the terminal running the OpenVPN command above, and use the rest of your workstation as if it was connected directly to your ISP.
Try to access some of the resources on the remote site. See your OpenVPN Server or ISP emails for further details.
Enjoy!
REF: https://askubuntu.com/questions/291035/how-to-add-a-gpg-key-to-the-apt-sources-keyring
REF: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
REF: https://support.surfshark.com/hc/en-us/articles/360011051133-How-to-set-up-manual-OpenVPN-connection-using-Linux-Terminal
IPA Fails to start: Timeout Exceeded and No Route to Host when IPV6 disabled
IPA doesn’t start? Just prints the following when an attempt is made to start it?
# strace -f -s 256 ipactl start
.
.
.
.
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr(“127.0.0.1”)}, 16) = 0
getsockname(4, {sa_family=AF_INET, sin_port=htons(51027), sin_addr=inet_addr(“127.0.0.1”)}, [28->16]) = 0
close(4) = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, “::1”, &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EHOSTUNREACH (No route to host)
close(4) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr(“127.0.0.1”)}, 16) = 0
close(4) = 0
socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
connect(4, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, “::1“, &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EHOSTUNREACH (No route to host)
close(4) = 0
select(0, NULL, NULL, NULL, {tv_sec=1, tv_usec=0}^C) = ? ERESTARTNOHAND (To be restarted if no handler)
strace: Process 3890 detached
Cancelled.
Running some basic checks, reveals the same error since IPV6 is disabled:
# nc -vz localhost 389
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:389.
Ncat: 0 bytes sent, 0 bytes received in 0.03 seconds.
# nc -vz ::1 389
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: No route to host.
#
And starting or attempting to start IPA resulted in:
# ipactl start
Starting Directory Service
Failed to start Directory Service: Timeout exceeded
More debugging:
# vi /etc/sysctl.conf
# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:86:0d:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.0.44/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.0.46/32 scope global eth0
valid_lft forever preferred_lft forever
Disabling the disabling of IPV6 by commenting out the lines:
# cat /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# net.ipv6.conf.all.disable_ipv6 = 1
# net.ipv6.conf.default.disable_ipv6 = 1
DO NOT run this on the IPA server. This breaks SAMBA (https://www.freeipa.org/page/Deployment_Recommendations)
# grubby –update-kernel ALL –args ‘ipv6.disable=1’
After disabling with the commands below IPV6 the above error happened. Reenabling IPV6:
cat /etc/sysctl.conf
# net.ipv6.conf.all.disable_ipv6 = 1
# net.ipv6.conf.default.disable_ipv6 = 1
Followed by executing:
# sysctl -p
to stage the above changes, resolved the above error. IPA now successfully starts up:
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
Other errors seen alongside the one mentioned above:
# pwd
/var/log/dirsrv/slapd-NIX-MDS-XYZ
# tail -f errors access
(Sun Mar 10 10:09:21 2024) [[sssd[ldap_child[2407]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘NIX.MDS.XYZ’
Mar 10 11:46:32 idmipa01.nix.mds.xyz ns-slapd[1587]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: /tmp/krb5cc_993))
# vi /var/log/krb5kdc.log
Mar 09 23:40:37 idmipa01.nix.mds.xyz krb5kdc[1114](info): Didn’t connect to LDAP on startup: 110
krb5kdc: Server error – while fetching master key K/M for realm NIX.MDS.XYZ
VMWare
(Disconnected)
Connection timed out
Cheers,
HTH
Find Which Device Is Connected to a Cisco Switch Port
Issue the following:
mdscisco07#sh mac address-table interface gigabitEthernet 1/19
Unicast Entries
vlan mac address type protocols port
——-+—————+——–+———————+——————–
5 abcd.1234.wxyz dynamic ip,ipx GigabitEthernet1/19
HTH