Bug#719865: network-manager-gnome: Can't edit wireless network while connected via different network
Package: network-manager-gnome Version: 0.9.8.2-1+b1 Severity: normal Dear Maintainer, If I want to edit some wireless network, I go to Network Settings, select Wireless and then select Network Name from drop down menu. However if I select the network, the NM disconnects from currently connected one and tires to connect to selected one. It's quite an undesired behaviour when I only need to ie. change password in network I'm not currently connected to, try to solve problems with one network searching solution connected to other one etc. It would be nice to have a possibility to edit wireless network without disconnecting current one. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable'), (10, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages network-manager-gnome depends on: ii dbus-x11 1.6.12-1 ii dconf-gsettings-backend [gsettings-backend] 0.16.1-1 ii gconf-service3.2.6-1 ii gnome-icon-theme 3.8.2-2 ii libatk1.0-0 2.8.0-2 ii libc62.17-92 ii libcairo-gobject21.12.14-5 ii libcairo21.12.14-5 ii libdbus-1-3 1.6.12-1 ii libdbus-glib-1-2 0.100.2-1 ii libgconf-2-4 3.2.6-1 ii libgdk-pixbuf2.0-0 2.28.2-1 ii libglib2.0-0 2.36.4-1 ii libgnome-bluetooth11 3.8.1-2 ii libgnome-keyring03.8.0-2 ii libgtk-3-0 3.8.2-3 ii libnm-glib-vpn1 0.9.8.0-5 ii libnm-glib4 0.9.8.0-5 ii libnm-gtk0 0.9.8.2-1+b1 ii libnm-util2 0.9.8.0-5 ii libnotify4 0.7.5-2 ii libpango-1.0-0 1.32.5-5+b1 ii libpangocairo-1.0-0 1.32.5-5+b1 ii libsecret-1-00.15-2 ii network-manager 0.9.8.0-5 ii policykit-1-gnome0.105-2 Versions of packages network-manager-gnome recommends: ii gnome-bluetooth 3.8.1-2 ii gnome-keyring 3.8.2-2 ii iso-codes 3.45-1 ii mobile-broadband-provider-info 20130506-1 ii notification-daemon 0.7.6-1 Versions of packages network-manager-gnome suggests: ii network-manager-openconnect-gnome 0.9.8.0-1 ii network-manager-openvpn-gnome 0.9.8.2-1 ii network-manager-pptp-gnome 0.9.8.2-1 ii network-manager-vpnc-gnome 0.9.8.2-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767425: freeipa-server: ipa-server-install doesn't enable some Apache modules it uses in its configuration
Package: freeipa-server Version: 4.0.4-1 Severity: normal Dear Maintainer, While running ipa-server-install, the Apache gets reconfigured to provide some IPA services. However it doesn't enable some Apache modules whose directives it uses in Apache ipa.con. The modules I had to enable by hand to make install continue were mod_deflate (needed by AddOutputFilterByType) and mod_authz_user (used by Require valid-user). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages freeipa-server depends on: ii 389-ds-base 1.3.3.5-2 ii acl 2.2.52-2 ii apache2 2.4.10-6 ii bind91:9.9.5.dfsg-5 ii bind9-dyndb-ldap 6.0-1 ii certmonger 0.75.14-2 ii dogtag-pki-server-theme 10.2.0-2 ii fonts-font-awesome 4.2.0~dfsg-1 ii freeipa-admintools 4.0.4-1 ii freeipa-client 4.0.4-1 ii init-system-helpers 1.21 ii krb5-admin-server1.12.1+dfsg-11 ii krb5-kdc 1.12.1+dfsg-11 ii krb5-kdc-ldap1.12.1+dfsg-11 ii krb5-pkinit 1.12.1+dfsg-11 ii ldap-utils 2.4.40-2 ii libapache2-mod-auth-kerb 5.4-2.2 ii libapache2-mod-nss 1.0.10-1 ii libapache2-mod-wsgi 4.3.0-1 ii libc62.19-12 ii libcomerr2 1.42.12-1 ii libjs-dojo-core 1.10.2+dfsg-1 ii libjs-jquery 1.7.2+dfsg-3.2 ii libk5crypto3 1.12.1+dfsg-11 ii libkrad0 1.12.1+dfsg-11 ii libkrb5-31.12.1+dfsg-11 ii libldap-2.4-22.4.40-2 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.2-1 ii libnss3-1d 2:3.17.2-1 ii libnss3-tools2:3.17.2-1 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libssl1.0.0 1.0.1j-1 ii libtalloc2 2.1.1-2 ii libtevent0 0.9.21-1 ii libunistring00.9.3-5.2 ii libuuid1 2.25.2-2 ii libverto10.2.4-1 ii memcached1.4.21-1 ii ntp 1:4.2.6.p5+dfsg-3.1 ii pki-ca 10.2.0-2 ii python 2.7.8-2 ii python-freeipa 4.0.4-1 ii python-krbv 1.0.90-1 ii python-ldap 2.4.10-1 ii python-pyasn10.1.7-1 pn python:any none ii samba-libs 2:4.1.13+dfsg-2 ii slapi-nis0.54-1 freeipa-server recommends no packages. freeipa-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767427: freeipa-server: Missing dependencies to some python modules
Package: freeipa-server Version: 4.0.4-1 Severity: normal Dear Maintainer, Package freeipa-server is probably missing some dependencies. I've installed the package and tried to configure IPA by running ipa-server-install but the script crashed several times on missing python packages and I had to install manually at least those packages to get script running, so ipa-server should depend on them: python-selinux python-qrcode python-yubico -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages freeipa-server depends on: ii 389-ds-base 1.3.3.5-2 ii acl 2.2.52-2 ii apache2 2.4.10-6 ii bind91:9.9.5.dfsg-5 ii bind9-dyndb-ldap 6.0-1 ii certmonger 0.75.14-2 ii dogtag-pki-server-theme 10.2.0-2 ii fonts-font-awesome 4.2.0~dfsg-1 ii freeipa-admintools 4.0.4-1 ii freeipa-client 4.0.4-1 ii init-system-helpers 1.21 ii krb5-admin-server1.12.1+dfsg-11 ii krb5-kdc 1.12.1+dfsg-11 ii krb5-kdc-ldap1.12.1+dfsg-11 ii krb5-pkinit 1.12.1+dfsg-11 ii ldap-utils 2.4.40-2 ii libapache2-mod-auth-kerb 5.4-2.2 ii libapache2-mod-nss 1.0.10-1 ii libapache2-mod-wsgi 4.3.0-1 ii libc62.19-12 ii libcomerr2 1.42.12-1 ii libjs-dojo-core 1.10.2+dfsg-1 ii libjs-jquery 1.7.2+dfsg-3.2 ii libk5crypto3 1.12.1+dfsg-11 ii libkrad0 1.12.1+dfsg-11 ii libkrb5-31.12.1+dfsg-11 ii libldap-2.4-22.4.40-2 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.2-1 ii libnss3-1d 2:3.17.2-1 ii libnss3-tools2:3.17.2-1 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libssl1.0.0 1.0.1j-1 ii libtalloc2 2.1.1-2 ii libtevent0 0.9.21-1 ii libunistring00.9.3-5.2 ii libuuid1 2.25.2-2 ii libverto10.2.4-1 ii memcached1.4.21-1 ii ntp 1:4.2.6.p5+dfsg-3.1 ii pki-ca 10.2.0-2 ii python 2.7.8-2 ii python-freeipa 4.0.4-1 ii python-krbv 1.0.90-1 ii python-ldap 2.4.10-1 ii python-pyasn10.1.7-1 pn python:any none ii samba-libs 2:4.1.13+dfsg-2 ii slapi-nis0.54-1 freeipa-server recommends no packages. freeipa-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768122: freeipa-server: Bind fails to start during ipa-server-install because of wrong configuration template
Package: freeipa-server Version: 4.0.4-2 Severity: normal Dear Maintainer, Bind configuration template (/usr/share/ipa/bind.named.conf.template) fits Fedora conventions of config and other files placement, which leads to inability to start bind9 service during ipa-server-install which in turn leads to failure of the server configuration. There are 3 main problems in the template: 1) It presumes bind's zone and other data files are placed in /var/named. It doesn't exist on my Debian system and these files are placed in /var/cache/bind. The quick and easy fix is to change directory directive in template to /var/cache/bind and create bind owned /var/cache/bind/data directory. 2) Template replaces existing /etc/bind/named.conf.local. But my Debian has options section of bind configuration placed in /etc/bind/named.conf.options (IMHO default). It causes 2 options sections in the configuration and bind refuses to start because of incorrect config. Comment out options in /etc/bind/named.conf.options is enough to make it continue. 3) Template includes file /etc/named.rfc1912.zones, where some default zones are placed on Fedora. In Debian, I think those zones are being set via /etc/bind/named.conf.default-zones. The nicest thing would be to break template into files corresponding to Debian configuration and make ipa-server-install apply those, but maybe replacing /etc/bind/named.conf instead of /etc/named.conf.local would be enough (with some template tweaks). Thank you for packaging freeipa though, because it's quite nice piece of software missing in Debian ecosystem in my opinion. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages freeipa-server depends on: ii 389-ds-base 1.3.3.5-2 ii acl 2.2.52-2 ii apache2 2.4.10-6 ii bind91:9.9.5.dfsg-5 ii bind9-dyndb-ldap 6.0-1 ii certmonger 0.75.14-2 ii dogtag-pki-server-theme 10.2.0-2 ii fonts-font-awesome 4.2.0~dfsg-1 ii freeipa-admintools 4.0.4-2 ii freeipa-client 4.0.4-2 ii init-system-helpers 1.21 ii krb5-admin-server1.12.1+dfsg-11 ii krb5-kdc 1.12.1+dfsg-11 ii krb5-kdc-ldap1.12.1+dfsg-11 ii krb5-pkinit 1.12.1+dfsg-11 ii ldap-utils 2.4.40-2 ii libapache2-mod-auth-kerb 5.4-2.2 ii libapache2-mod-nss 1.0.10-2 ii libapache2-mod-wsgi 4.3.0-1 ii libc62.19-12 ii libcomerr2 1.42.12-1 ii libjs-dojo-core 1.10.2+dfsg-1 ii libjs-jquery 1.7.2+dfsg-3.2 ii libk5crypto3 1.12.1+dfsg-11 ii libkrad0 1.12.1+dfsg-11 ii libkrb5-31.12.1+dfsg-11 ii libldap-2.4-22.4.40-2 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.2-1 ii libnss3-1d 2:3.17.2-1 ii libnss3-tools2:3.17.2-1 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libssl1.0.0 1.0.1j-1 ii libtalloc2 2.1.1-2 ii libtevent0 0.9.21-1 ii libunistring00.9.3-5.2 ii libuuid1 2.25.2-2 ii libverto10.2.4-1 ii memcached1.4.21-1 ii ntp 1:4.2.6.p5+dfsg-3.1 ii pki-ca 10.2.0-2 ii python 2.7.8-2 ii python-freeipa 4.0.4-2 ii python-krbv 1.0.90-1 ii python-ldap 2.4.10-1 ii python-pyasn10.1.7-1 ii python-qrcode5.0.1-1 ii python-selinux 2.3-2 ii python-yubico1.1.0-2 pn python:any none ii samba-libs 2:4.1.13+dfsg-2 ii slapi-nis0.54-1 freeipa-server recommends no packages. freeipa-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768187: freeipa-server: ipa-server-install needs two more python modules on clean Debian install
Package: freeipa-server Version: 4.0.4-2 Severity: normal Dear Maintainer, Continuing experimenting with ipa-server-install on clean Debina installation I've found freeipa-server depends on python-dbus, that wasn't installed by default neither pulled in by freeipa-server. Without it, ipa-server-install quits before it asks anything. Second missing module is python-memcache that is needed to run IPA WSGI application. Without this module, Apache during server configuration starts, but in error log, there are error messges about missing module: ipa: ERROR: Failed to start IPA: No module named memcache This causes ipa-client-install skript to fail. After installation of the modules, ipa-server-install ran just fine. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages freeipa-server depends on: ii 389-ds-base 1.3.3.5-2 ii acl 2.2.52-2 ii apache2 2.4.10-6 ii bind91:9.9.5.dfsg-5 ii bind9-dyndb-ldap 6.0-2 ii certmonger 0.75.14-2 ii dogtag-pki-server-theme 10.2.0-3 ii fonts-font-awesome 4.2.0~dfsg-1 ii freeipa-admintools 4.0.4-2 ii freeipa-client 4.0.4-2 ii init-system-helpers 1.21 ii krb5-admin-server1.12.1+dfsg-11 ii krb5-kdc 1.12.1+dfsg-11 ii krb5-kdc-ldap1.12.1+dfsg-11 ii krb5-pkinit 1.12.1+dfsg-11 ii ldap-utils 2.4.40-2 ii libapache2-mod-auth-kerb 5.4-2.2 ii libapache2-mod-nss 1.0.10-2 ii libapache2-mod-wsgi 4.3.0-1 ii libc62.19-12 ii libcomerr2 1.42.12-1 ii libjs-dojo-core 1.10.2+dfsg-1 ii libjs-jquery 1.7.2+dfsg-3.2 ii libk5crypto3 1.12.1+dfsg-11 ii libkrad0 1.12.1+dfsg-11 ii libkrb5-31.12.1+dfsg-11 ii libldap-2.4-22.4.40-2 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.2-1 ii libnss3-1d 2:3.17.2-1 ii libnss3-tools2:3.17.2-1 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libssl1.0.0 1.0.1j-1 ii libtalloc2 2.1.1-2 ii libtevent0 0.9.21-1 ii libunistring00.9.3-5.2 ii libuuid1 2.25.2-2 ii libverto10.2.4-1 ii memcached1.4.21-1 ii ntp 1:4.2.6.p5+dfsg-3.1 ii pki-ca 10.2.0-3 ii python 2.7.8-2 ii python-freeipa 4.0.4-2 ii python-krbv 1.0.90-1 ii python-ldap 2.4.10-1 ii python-pyasn10.1.7-1 ii python-qrcode5.0.1-1 ii python-selinux 2.3-2 ii python-yubico1.1.0-2 pn python:any none ii samba-libs 2:4.1.13+dfsg-2 ii slapi-nis0.54-1 freeipa-server recommends no packages. freeipa-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769037: freeipa-client: ipa-client-automount fails on missing /etc/sysconfig/nfs
Package: freeipa-client Version: 4.0.4-2 Severity: minor Dear Maintainer, Running ipa-client-automount script to automaticaly configure automounter for IPA maps fails, because it tries to modify /etc/sysconfig/nfs file that is not found on Debian (it's RHEL convention again). The script tries to set NEED_GSSD=yes in the file, which is set in /etc/default/nfs-common. I've just created the empty file to let the script run till the end, because it didn't manage to set up all the necessary things anyway (main problem is missing sssd, described in #762843) so I had to configure by hand to use LDAP and I didn't want to leave the system in inconsistent state, but some better handling is probably needed. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages freeipa-client depends on: ii bind9utils 1:9.9.5.dfsg-5 ii certmonger 0.75.14-2 ii dnsutils 1:9.9.5.dfsg-5 ii krb5-user1.12.1+dfsg-14 ii libc62.19-13 ii libcomerr2 1.42.12-1 ii libcurl3 7.38.0-3 ii libcurl3-nss 7.38.0-3 ii libk5crypto3 1.12.1+dfsg-14 ii libkrb5-31.12.1+dfsg-14 ii libldap-2.4-22.4.40-2 ii libnss3-tools2:3.17.2-1 ii libpopt0 1.16-10 ii libsasl2-2 2.1.26.dfsg1-12 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libxmlrpc-core-c31.33.14-0.1 ii ntp 1:4.2.6.p5+dfsg-3.1+b1 ii python 2.7.8-2 ii python-dnspython 1.12.0-1 ii python-freeipa 4.0.4-2 ii python-krbv 1.0.90-1 ii python-ldap 2.4.10-1 pn python:any none ii sssd 1.11.7-2 ii wget 1.16-3 freeipa-client recommends no packages. Versions of packages freeipa-client suggests: ii libpam-krb5 4.6-3+b1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775550: 389-ds-base: Update fails when /var mounted on different filesystem than /etc
Package: 389-ds-base Version: 1.3.3.5-3 Severity: normal Dear Maintainer, When updating package 389-ds-base, update fails and leaves directory server in uconfigured state if /var is mounted on separate filesystem. There is no apparent error, but changing /var/lib/dpkg/info/389-ds-base.postinst setup-ds -l $OUT -u -s General.UpdateMode=offline $OUT 21 to setup-ds -l $OUT -u -s General.UpdateMode=offline reveals the problem in this postinst script. The error is: Could not rename config file '/etc/dirsrv/slapd-KASPAR-IN/slapd-collations.conf' to '/var/lib/dirsrv/slapd-KASPAR-IN/bak.bak/slapd-collations.conf'. Error: Invalid cross-device link Creating symlink /etc/dirsrv/bak - /var/lib/dirsrv/salpd-instance/{bak,bak.bak} resolves the problem but it's not exactly elegant solution. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages 389-ds-base depends on: ii 389-ds-base-libs 1.3.3.5-3 ii adduser 3.113+nmu3 ii debconf [debconf-2.0]1.5.55 ii init-system-helpers 1.22 ii ldap-utils 2.4.40-3 ii libc62.19-13 ii libdb5.3 5.3.28-9 ii libgcc1 1:4.9.2-10 ii libicu52 52.1-6 ii libldap-2.4-22.4.40-3 ii libmozilla-ldap-perl 1.5.3-2+b1 ii libnetaddr-ip-perl 4.075+dfsg-1+b1 ii libnspr4 2:4.10.7-1 ii libnss3 2:3.17.2-1.1 ii libnss3-1d 2:3.17.2-1.1 ii libpam0g 1.1.8-3.1 ii libpci3 1:3.2.1-3 ii libperl4-corelibs-perl 0.003-1 ii libsasl2-2 2.1.26.dfsg1-12 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12 ii libsensors4 1:3.3.5-2 ii libsnmp305.7.2.1~dfsg-7 ii libsocket-getaddrinfo-perl 0.22-1+b1 ii libssl1.0.0 1.0.1k-1 ii libstdc++6 4.9.2-10 ii libsvrcore0 1:4.0.4-15 ii libwrap0 7.6.q-25 ii perl 5.20.1-4 ii python 2.7.8-2 389-ds-base recommends no packages. 389-ds-base suggests no packages. -- Configuration Files: /etc/default/dirsrv changed: KRB5CCNAME=/tmp/krb5cc_114 KRB5_KTNAME=/etc/dirsrv/ds.keytab /etc/default/dirsrv.systemd changed: [Service] LimitNOFILE=8192 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775551: bind9: Bind freezes after few hours of operation with ldap plugin
Package: bind9 Version: 1:9.9.5.dfsg-8 Severity: important Dear Maintainer, I run bind with bind9-dyndb-ldap plugin, so I'm not sure if the problem is in bind itself or the plugin but after few hours of operation, bind stops resolving queries and responding to any commands sent via rndc. If I try to restart it (with systemctl restart bind9.service) systemctl times out waiting for bind to restart and kills it and starts again. I've checked the logs but haven't found any problem there - bind just stops writing there. Tried to increase logging level with rndc trace but with no effect. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bind9 depends on: ii adduser3.113+nmu3 ii bind9utils 1:9.9.5.dfsg-8 ii debconf [debconf-2.0] 1.5.55 ii init-system-helpers1.22 ii libbind9-901:9.9.5.dfsg-8 ii libc6 2.19-13 ii libcap21:2.24-6 ii libcomerr2 1.42.12-1 ii libdns100 1:9.9.5.dfsg-8 ii libgssapi-krb5-2 1.12.1+dfsg-16 ii libisc95 1:9.9.5.dfsg-8 ii libisccc90 1:9.9.5.dfsg-8 ii libisccfg901:9.9.5.dfsg-8 ii libk5crypto3 1.12.1+dfsg-16 ii libkrb5-3 1.12.1+dfsg-16 ii liblwres90 1:9.9.5.dfsg-8 ii libssl1.0.01.0.1k-1 ii libxml22.9.2+dfsg1-1+b1 ii lsb-base 4.1+Debian13+nmu1 ii net-tools 1.60-26+b1 ii netbase5.3 bind9 recommends no packages. Versions of packages bind9 suggests: ii bind9-doc 1:9.9.5.dfsg-8 ii dnsutils1:9.9.5.dfsg-8 pn resolvconf none pn ufw none -- Configuration Files: /etc/bind/named.conf.local changed: /** / options { // turns on IPv6 for port 53, IPv4 is on by default for all ifaces listen-on-v6 {any;}; // Put files that named is allowed to write in the data/ directory: directory /var/cache/bind; // the default dump-file data/cache_dump.db; statistics-file data/named_stats.txt; memstatistics-file data/named_mem_stats.txt; forward first; forwarders { 213.46.172.36; 213.46.172.37; }; // Any host is permitted to issue recursive queries allow-recursion { any; }; tkey-gssapi-keytab /etc/named.keytab; pid-file /run/named/named.pid; dnssec-enable yes; }; /**/ /* If you want to enable debugging, eg. using the 'rndc trace' command, * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ logging { channel default_debug { file data/named.run; severity dynamic; print-time yes; }; }; // Dynamic DNS update include /etc/bind/rndc.key; controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; }; /*zone . IN { type hint; file named.ca; };*/ include /etc/bind/zones.rfc1918; dynamic-db ipa { library ldap.so; arg uri ldapi://%2fvar%2frun%2fslapd-KASPAR-IN.socket; arg base cn=dns, dc=kaspar,dc=in; arg fake_mname budha.kaspar.in.; arg auth_method sasl; arg sasl_mech GSSAPI; arg sasl_user DNS/budha.kaspar.in; arg serial_autoincrement yes; }; /etc/bind/zones.rfc1918 changed: zone 16.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 17.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 18.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 19.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 20.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 21.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 22.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 24.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 25.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 26.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 27.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 28.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 29.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 30.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 31.172.in-addr.arpa { type master; file /etc/bind/db.empty; }; zone 168.192.in-addr.arpa { type master; file /etc/bind/db.empty; }; -- debconf information: bind9/different-configuration-file: bind9/run-resolvconf: false bind9/start-as-user: bind -- To UNSUBSCRIBE, email to
Bug#806778: bind9-dyndb-ldap: Bind fails to get zones from 389 directory server (IPA)
Package: bind9-dyndb-ldap Version: 6.0-4 Severity: important Dear Maintainer, I have bind in freeipa setup with 389 directory server as backend. Everything worked fine until yesterday's restart of whole server, after which bind can't see LDAP zones contents any more. Configuration haven't changed so I suspect some of the updates that came in after last restart (must have happend before 11-1). The bind log contains these entries: named[18922]: LDAP instance 'ipa' is being synchronized, please ignore message 'all zones loaded' reloading configuration succeeded any newly configured zones are now loaded LDAP error: Server is unwilling to perform: Too many active synchronization sessions: unable to start SyncRepl session ldap_syncrepl will reconnect in 60 seconds received control channel command 'reconfig' ldap_sync_prepare() failed, retrying in 1 second: shutting down ... LDAP server error log is empty, but access log shows there is some problem with search operation: conn=39352 fd=110 slot=110 connection from local to /var/run/slapd-REALM.socket conn=39352 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI conn=39352 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress conn=39352 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI conn=39352 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress conn=39352 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI conn=39352 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="krbprincipalname=dns/hostname@domain,cn=services,cn=accounts,dc=domain,dc=xx" conn=39351 op=3 SRCH base="cn=dns,dc=domain,dc=xx" scope=2 filter="(|(objectClass=idnsConfigObject)(objectClass=idnsZone)(objectClass=idnsForwardZone)(objectClass=idnsRecord))" attrs=AL conn=39351 op=4 UNBIND conn=39351 op=4 fd=108 closed - U1 conn=39351 op=3 RESULT err=53 tag=101 nentries=0 etime=0 If I try to use ldapsearch with same parameters (kinit -k -t /etc/bind/named.keytab DNS/hostname and than ldapsearch -Y GSSAPI) I get the correct result and LDAP log contains: conn=39404 op=3 RESULT err=0 tag=101 nentries=85 etime=0 So it seems bind sets some connection or search parameters that cause the problem when querying LDAP. I've tried to increase bind log verbosity. but it didn't help as it seems it doesn't affect this plugin. Bind config is set as: dynamic-db "ipa" { library "ldap.so"; arg "uri ldapi://%2fvar%2frun%2fslapd-REALM.socket"; arg "base cn=dns, dc=domain,dc=xx"; arg "fake_mname hostname.; arg "auth_method sasl"; arg "sasl_mech GSSAPI"; arg "sasl_user DNS/hostname"; arg "serial_autoincrement yes"; }; If there is a way I could help debugging the problem, I can add more information here. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bind9-dyndb-ldap depends on: ii bind9 1:9.9.5.dfsg-12+b1 ii libc6 2.19-22 ii libdns100 1:9.9.5.dfsg-12+b1 ii libkrb5-3 1.13.2+dfsg-4 ii libldap-2.4-2 2.4.42+dfsg-2 bind9-dyndb-ldap recommends no packages. bind9-dyndb-ldap suggests no packages. -- no debconf information
Bug#818578: 389-ds-base: 389 dirserver update fails in 389-ds-base.postinst script on upgradeschemafiles
Package: 389-ds-base Version: 1.3.4.8-2 Severity: normal Dear Maintainer, While updating 389-ds-base to version 1.3.4.8-2, configure fails with: Setting up 389-ds-base (1.3.4.8-2) ... dpkg: error processing package 389-ds-base (--configure): subprocess installed post-installation script returned error exit status 1 The problem happens in /var/lib/dpkg/info/389-ds-base.postinst on line 27: setup-ds -l $OUT -u -s General.UpdateMode=offline > $OUT 2>&1 Letting stdout and stderr to terminal showed error in /usr/share/dirsrv/updates/60upgradeschemafiles.pl: String found where operator expected at /usr/share/dirsrv/updates/60upgradeschemafiles.pl line 181, near "move "$bakdir/99user.ldif"" (Do you need to predeclare move?) turned out the problem (perl doesn't know move function) is probably caused by missing File::Copy include in the script. So adding: use File::Copy; to the beginning of /usr/share/dirsrv/updates/60upgradeschemafiles.pl helped and the configure step ran fine then. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages 389-ds-base depends on: ii 389-ds-base-libs 1.3.4.8-2 ii adduser 3.114 ii debconf [debconf-2.0]1.5.59 ii init-system-helpers 1.29 ii ldap-utils 2.4.42+dfsg-2+b2 ii libc62.22-3 ii libdb5.3 5.3.28-11 ii libgcc1 1:5.3.1-12 ii libicu55 55.1-7 ii libldap-2.4-22.4.42+dfsg-2+b2 ii libmozilla-ldap-perl 1.5.3-2+b2 ii libnetaddr-ip-perl 4.078+dfsg-1+b1 ii libnspr4 2:4.12-1 ii libnss3 2:3.23-1 ii libpam0g 1.1.8-3.2 ii libpci3 1:3.3.1-1.1 ii libperl4-corelibs-perl 0.003-2 ii libsasl2-2 2.1.26.dfsg1-14+b1 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-14+b1 ii libsensors4 1:3.4.0-2 ii libsnmp305.7.3+dfsg-1+b2 ii libsocket-getaddrinfo-perl 0.22-3 ii libssl1.0.2 1.0.2g-1 ii libstdc++6 5.3.1-12 ii libsvrcore0 1:4.0.4-15 ii libwrap0 7.6.q-25 ii perl 5.22.1-9 ii python 2.7.11-1 ii systemd 229-2 389-ds-base recommends no packages. 389-ds-base suggests no packages. -- Configuration Files: /etc/default/dirsrv changed: KRB5CCNAME=/tmp/krb5cc_114 KRB5_KTNAME=/etc/dirsrv/ds.keytab /etc/default/dirsrv.systemd changed: [Service] LimitNOFILE=8192 -- no debconf information
Bug#855910: network-manager: Network Manager doesn't set default gw over DHCP
Package: network-manager Version: 1.6.2-1 Severity: important Dear Maintainer, Network Manager stopped setting up default route over wlan interface (can't check wired connection at the moment). I've lloked into the problem and it seems the reason for this behaviour is incorrect dhclient-wlanX.conf being generated. The generated file looks like: # Created by NetworkManager # Merged from /etc/dhcp/dhclient.conf # Configuration file for /sbin/dhclient. ... # option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; #send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; ... # This part is added by NM send host-name "XYZ"; # added by NetworkManager option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; option ms-classless-static-routes code 249 = array of unsigned integer 8; option wpad code 252 = string; request; # override dhclient defaults also request subnet-mask; also request broadcast-address; also request interface-mtu; also request domain-name-servers; also request rfc3442-classless-static-routes; also request ms-classless-static-routes; also request static-routes; also request wpad; also request ntp-servers; So it seems it strips the line with default request options from /etc/dhcp/dhclient.conf and even overrides them anyway and misses request for routers option, which would set the default gw. It does this for different connections. None of them has "Use only for resources on this network" checked and ipv4 section in /etc/NetworkManager/system-connections/connection contains only [ipv4] dns-search= method=auto -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (650, 'unstable'), (10, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages network-manager depends on: ii adduser3.115 ii dbus 1.10.16-1 ii init-system-helpers1.47 ii libaudit1 1:2.6.7-1 ii libbluetooth3 5.43-1 ii libc6 2.24-9 ii libglib2.0-0 2.50.3-1 ii libgnutls303.5.8-3 ii libgudev-1.0-0 230-3 ii libjansson42.9-1 ii libmm-glib01.6.4-1 ii libndp01.6-1 ii libnewt0.520.52.19-1 ii libnl-3-2003.2.27-1 ii libnm0 1.6.2-1 ii libpam-systemd 232-18 ii libpolkit-agent-1-00.105-17 ii libpolkit-gobject-1-0 0.105-17 ii libreadline7 7.0-2 ii libselinux12.6-3 ii libsoup2.4-1 2.56.0-2 ii libsystemd0232-18 ii libteamdctl0 1.26-1 ii libuuid1 2.29.1-1 ii lsb-base 9.20161125 ii policykit-10.105-17 ii udev 232-18 ii wpasupplicant 2.6-3 Versions of packages network-manager recommends: ii crda 3.18-1 pn dnsmasq-base ii iptables 1.6.0+snapshot20161117-5 ii iputils-arping 3:20161105-1 ii isc-dhcp-client 4.3.5-3 ii modemmanager 1.6.4-1 ii ppp 2.4.7-1+4 Versions of packages network-manager suggests: pn libteam-utils -- Configuration Files: /etc/NetworkManager/NetworkManager.conf changed: [main] plugins=ifupdown,keyfile no-auto-default=00:1F:16:10:F3:7B, [ifupdown] managed=false -- no debconf information
Bug#841477: 389-ds-base: 389 directory server fails to start TLS/SSL
Package: 389-ds-base Version: 1.3.5.13-1 Severity: important Dear Maintainer, After recent updates the 389 directory server fails to start SSL on port 636. The rest of server starts fine but in the logs, there is an error message: SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable Runtime error -5977 - Failure to load dynamic library.) ERROR: SSL Initialization Failed. Disabling SSL. When I ran strace on ns-slapd, I've noticed it's missing file /etc/dirsrv/slapd-suffix/libnssckbi.so. After linking /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so from package libnss3 the error message changed to: SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable Runtime error -8015 - The certificate/key database is in an old, unsupported format or failed to open.) I've checked the cert db with certutil -L -d /etc/dirsrv/slapd-suffix and it seems OK. The certificate is valid until the start of the november so I have no idea now, where the problem might be. Is it some libraries incompatibility or are there some other steps I can do to debug the issue. I'm running 389 server as a part of freeipa installation, so I'm now not able to issue different certificate to test, becouse the CA can't start without LDAP server running. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages 389-ds-base depends on: ii 389-ds-base-libs 1.3.5.13-1 ii acl 2.2.52-3 ii adduser 3.115 ii debconf [debconf-2.0]1.5.59 ii init-system-helpers 1.45 ii ldap-utils 2.4.42+dfsg-2+b3 ii libc62.24-5 ii libdb5.3 5.3.28-12 ii libgcc1 1:6.2.0-7 ii libicu57 57.1-4 ii libldap-2.4-22.4.42+dfsg-2+b3 ii libmozilla-ldap-perl 1.5.3-2+b3 ii libnetaddr-ip-perl 4.079+dfsg-1+b1 ii libnspr4 2:4.12-6 ii libnss3 2:3.26-2 ii libpam0g 1.1.8-3.3 ii libpci3 1:3.3.1-1.1 ii libperl4-corelibs-perl 0.003-2 ii libsasl2-2 2.1.26.dfsg1-15 ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-15 ii libsensors4 1:3.4.0-3 ii libsnmp305.7.3+dfsg-1.5+b1 ii libsocket-getaddrinfo-perl 0.22-3 ii libssl1.0.2 1.0.2j-1 ii libstdc++6 6.2.0-7 ii libsvrcore0 1:4.1.2+dfsg1-2 ii libsystemd0 231-9 ii libwrap0 7.6.q-25 ii perl 5.24.1~rc3-3 ii python 2.7.11-2 ii systemd 231-9 389-ds-base recommends no packages. 389-ds-base suggests no packages. -- Configuration Files: /etc/default/dirsrv changed: KRB5_KTNAME=/etc/dirsrv/ds.keytab KRB5CCNAME=/tmp/krb5cc_114 /etc/default/dirsrv.systemd changed: [Service] TimeoutStartSec=10m NotifyAccess=all LimitNOFILE=8192 -- no debconf information
Bug#841086: pki-ca context doesn't start in tomcat
Package: pki-ca Version: 10.3.5-4 Severity: important Dear Maintainer, While upgradeing to Freeipa 4.3.2 I've encountered problem with pki-ca. IPA tries to use CA during the upgrade, but the new version of pki-ca doesn't start and the upgrade fails. According to catalina.out, the error is some missing class/incorrect jar version because the pki-tomcatd itself starts, but the /ca context fails with error: Oct 17, 2016 4:23:06 PM org.apache.catalina.core.ContainerBase addChildInternal SEVERE: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost ].StandardContext[/ca]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:108) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/ServiceUnavailableException at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671) at java.lang.Class.getConstructor0(Class.java:3075) at java.lang.Class.newInstance(Class.java:412) at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:117) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1193) at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source) at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1466) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:543) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:502) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:743) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:318) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:103) ... 11 more Caused by: java.lang.ClassNotFoundException: javax.ws.rs.ServiceUnavailableException at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 36 more Oct 17, 2016 4:23:06 PM org.apache.catalina.startup.HostConfig deployDescriptor SEVERE: Error deploying configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ca]] at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587) at
Bug#889526: pki-server: Dogtag stopped starting after libnss3 upgrade to 2:3.35-2
Package: pki-server Version: 10.5.3-4 Severity: important Dear Maintainer, After upgrade of libnss3 to 2:3.35-2 pki-server (used as part of freeipa installation) stoped working. The Tomcat with pki-server contexts starts, but all the Dogtag context crash with errors: javax.ws.rs.ServiceUnavailableException: Subsystem unavailable (catalina.out) Failed to create jss service: java.lang.SecurityException: Unable to initialize security library (ca/debug) I appears the Tomcat isn't able to load jss library because the previous error in catalina is: Feb 03, 2018 1:57:19 PM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom SEVERE: Exception initializing random number generator using provider [Mozilla-JSS] java.security.NoSuchProviderException: no such provider: Mozilla-JSS and catalina.out contains warnings like: ARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'enableOCSP' to 'false' did not find a match ing property. Downgrading libnss3 to 2:3.34.1-1 fixes the problem. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (650, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages pki-server depends on: ii adduser 3.117 ii dogtag-pki-server-theme 10.5.3-4 ii ldap-utils2.4.45+dfsg-1 ii libatk-wrapper-java 0.33.3-15 ii libcommons-collections3-java 3.2.2-1 ii libcommons-dbcp-java 1.4-5 ii libcommons-pool-java 1.6-3 ii libjackson-json-java 1.9.2-8 ii libjackson2-annotations-java 2.9.4-1 ii libjackson2-jaxrs-providers-java 2.9.4-1 ii libjboss-logging-java 3.3.1-1 ii libjs-jquery 3.2.1-1 ii libjs-underscore 1.8.3~dfsg-1 ii libnuxwdog-java 1.0.3-3+b4 ii libscannotation-java 1.0.2+svn20110812-3 ii libsymkey-java10.5.3-4 ii libtomcatjss-java 7.2.4-1 ii libxml-commons-external-java 1.4.01-2 ii libxml-commons-resolver1.1-java 1.2-9 ii pki-base 10.5.3-4 ii pki-base-java 10.5.3-4 ii pki-tools 10.5.3-4 ii python2.7.14-4 ii python-cryptography 2.1.4-1 ii python-ldap 3.0.0~b4-1.1 ii python-lxml 4.1.0-1 ii python-selinux2.7-2+b1 ii tomcat8.0-user8.0.46-1 ii velocity 1.7-5 pki-server recommends no packages. pki-server suggests no packages. -- no debconf information
Bug#1052584: linux-image-6.5.0-1-amd64: NFS4 stopped working in 6.5 with SELinux error
Package: src:linux Version: 6.5.3-1 Severity: normal Dear Maintainer, After upgrading to kernel version 6.5.0-1-amd64, the NFS4 stopped working on the station. Whe trying to mount nf4 FS, the mount fails with error: mount.nfs: an incorrect mount option was specified for The kernel log contains error message: kernel: SELinux: Unable to set superblock options before the security server is initialized This puzzles me a bit as I've got SELinux disabled (don't even have SELinux userspace installed, /sys/fs/selinux/enforce says 0). Tried booting with selinux=0 boot parameter but with the same result. Rebooting wih previou (6.4.0-4-amd64) kernel version fixes the problem immediately. -- Package-specific info: ** Version: Linux version 6.5.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-13 (Debian 13.2.0-4) 13.2.0, GNU ld (GNU Binutils for Debian) 2.41) #1 SMP PREEMPT_DYNAMIC Debian 6.5.3-1 (2023-09-13) ** Command line: BOOT_IMAGE=/boot/vmlinuz-6.5.0-1-amd64 root=UUID=66909970-fb76-4ca1-ac09-21ce627d56fb ro acpi_osi=Linux apparmor=0 quiet resume=UUID=83a4e08d-09cd-40d7-815f-060f24d8ed07 ** Not tainted ** Kernel log: [ 4.333757] AVX2 version of gcm_enc/dec engaged. [ 4.333908] AES CTR mode by8 optimization enabled [ 4.335361] snd_hda_intel :34:00.1: enabling device ( -> 0002) [ 4.336166] snd_hda_intel :34:00.1: Handle vga_switcheroo audio client [ 4.336173] input: SYNA8018:00 06CB:CE67 Mouse as /devices/platform/AMDI0010:01/i2c-1/i2c-SYNA8018:00/0018:06CB:CE67.0001/input/input13 [ 4.336314] input: SYNA8018:00 06CB:CE67 Touchpad as /devices/platform/AMDI0010:01/i2c-1/i2c-SYNA8018:00/0018:06CB:CE67.0001/input/input14 [ 4.336456] hid-multitouch 0018:06CB:CE67.0001: input,hidraw0: I2C HID v1.00 Mouse [SYNA8018:00 06CB:CE67] on i2c-SYNA8018:00 [ 4.336927] snd_hda_intel :34:00.6: enabling device ( -> 0002) [ 4.339656] thinkpad_acpi: rfkill switch tpacpi_bluetooth_sw: radio is unblocked [ 4.346487] videodev: Linux video capture interface: v2.00 [ 4.349686] thinkpad_acpi: rfkill switch tpacpi_wwan_sw: radio is unblocked [ 4.356589] snd_hda_intel :34:00.1: bound :34:00.0 (ops amdgpu_dm_audio_component_bind_ops [amdgpu]) [ 4.366123] thinkpad_acpi: Standard ACPI backlight interface available, not loading native one [ 4.368909] input: HD-Audio Generic HDMI/DP,pcm=3 as /devices/pci:00/:00:08.1/:34:00.1/sound/card0/input16 [ 4.369050] input: HD-Audio Generic HDMI/DP,pcm=7 as /devices/pci:00/:00:08.1/:34:00.1/sound/card0/input17 [ 4.369175] input: HD-Audio Generic HDMI/DP,pcm=8 as /devices/pci:00/:00:08.1/:34:00.1/sound/card0/input18 [ 4.378763] acp_yc_mach acp_yc_mach.0: Enabling ACP DMIC support via DMI [ 4.378827] acp_yc_mach acp_yc_mach.0: Enabling ACP DMIC support via DMI [ 4.414400] thinkpad_acpi: battery 1 registered (start 0, stop 100, behaviours: 0x7) [ 4.414423] ACPI: battery: new extension: ThinkPad Battery Extension [ 4.421306] snd_hda_codec_realtek hdaudioC1D0: autoconfig for ALC257: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker [ 4.421312] snd_hda_codec_realtek hdaudioC1D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0) [ 4.421315] snd_hda_codec_realtek hdaudioC1D0: hp_outs=1 (0x21/0x0/0x0/0x0/0x0) [ 4.421318] snd_hda_codec_realtek hdaudioC1D0: mono: mono_out=0x0 [ 4.421320] snd_hda_codec_realtek hdaudioC1D0: inputs: [ 4.421322] snd_hda_codec_realtek hdaudioC1D0: Mic=0x19 [ 4.421660] usb 5-1: Found UVC 1.10 device Integrated Camera (174f:1812) [ 4.429655] usb 5-1: Found UVC 1.50 device Integrated Camera (174f:1812) [ 4.431756] usbcore: registered new interface driver uvcvideo [ 4.451513] ath11k_pci :01:00.0: BAR 0: assigned [mem 0x9880-0x989f 64bit] [ 4.451533] ath11k_pci :01:00.0: enabling device ( -> 0002) [ 4.451643] input: ThinkPad Extra Buttons as /devices/platform/thinkpad_acpi/input/input12 [ 4.452347] ath11k_pci :01:00.0: MSI vectors: 32 [ 4.452355] ath11k_pci :01:00.0: wcn6855 hw2.1 [ 4.458975] NET: Registered PF_QIPCRTR protocol family [ 4.470682] input: HDA Digital PCBeep as /devices/pci:00/:00:08.1/:34:00.6/sound/card1/input19 [ 4.470771] input: HD-Audio Generic Mic as /devices/pci:00/:00:08.1/:34:00.6/sound/card1/input20 [ 4.470850] input: HD-Audio Generic Headphone as /devices/pci:00/:00:08.1/:34:00.6/sound/card1/input21 [ 4.529613] Bluetooth: Core ver 2.22 [ 4.529643] NET: Registered PF_BLUETOOTH protocol family [ 4.529645] Bluetooth: HCI device and connection manager initialized [ 4.529650] Bluetooth: HCI socket layer initialized [ 4.529656] Bluetooth: L2CAP socket layer initialized [ 4.529667] Bluetooth: SCO socket layer initialized [ 4.541302] kvm_amd: TSC scaling supported [ 4.541305] kvm_amd: Nested Virtualization enabled [ 4.541307] kvm_amd: Nested Paging enabled [ 4.541315]
Bug#1052584: linux-image-6.5.0-1-amd64: NFS4 stopped working in 6.5 with SELinux error
Hi Slavatore. I've tried to build a new kernel image with the patch mentioned and it seems it works well. I was able to mount NFS 4 shares with no problem so this patch indeed solves the problem reported for me. Thank you for your help On 25. 09. 23 10:01, Salvatore Bonaccorso wrote: Control: tags -1 + moreinfo Hi Michal, On Mon, Sep 25, 2023 at 12:52:16AM +0200, Michal Kaspar wrote: Package: src:linux Version: 6.5.3-1 Severity: normal Dear Maintainer, After upgrading to kernel version 6.5.0-1-amd64, the NFS4 stopped working on the station. Whe trying to mount nf4 FS, the mount fails with error: mount.nfs: an incorrect mount option was specified for The kernel log contains error message: kernel: SELinux: Unable to set superblock options before the security server is initialized This puzzles me a bit as I've got SELinux disabled (don't even have SELinux userspace installed, /sys/fs/selinux/enforce says 0). Tried booting with selinux=0 boot parameter but with the same result. Rebooting wih previou (6.4.0-4-amd64) kernel version fixes the problem immediately. I suspect this is fixed by https://git.kernel.org/linus/ccf1dab96be4caed7c5235b1cfdb606ac161b996 in 6.6-rc2, and which went into 6.5.5 (will be included on next unstable upload). Can you apply the patch on top to confirm if that fixes the issue for you? Regards, Salvatore