[Bug 987532] Re: description of puppet configuration is wrong

2013-06-09 Thread PeterNSteinmetz 
https://help.ubuntu.com/12.04/serverguide/puppet.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987532

Title:
  description of puppet configuration is wrong

To manage notifications about this bug go to:
https://bugs.launchpad.net/serverguide/+bug/987532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 988421] [NEW] nagios3 check_load produces no output

2012-04-25 Thread PeterNSteinmetz 
Public bug reported:

I am running a nagios3 server on ubuntu 10.04 server (nagios3
3.2.0-4ubuntu2.2) and a nrpe server on ubuntu 10.10 (nagios-nrpe-server
2.12-4ubuntu1.10.10.1, nagios-plugins  1.4.14-5ubuntu3)

Have these both basically up and running, and the server is able to run
a check_disk command on the npre server and receives results.

For a check_load command, however, the status information is '(No output
returned from plugin)'.

I have looked extensively on the web for this, and it appears there are
a number of reasons this may happen.

On the server, if I run 
sudo su - nagios -c /usr/lib/nagios/plugins/check_nrpe -H 10.41.129.36 -c 
check_load
there is nothing returned.

If I change the user from nagios to peter, then I get the expected
response.

On the nrpe server, the same thing is happening. If I run 
sudo su - nagios -c /usr/lib/nagios/plugins/check_load  -w 15,10,5 -c 30,25,20
there is nothing returned. If I change the user to peter it returns the 
expected output.

I've tried making the plugins all owned by nagios:nagios, that doesn't
help. I've tried adding a line for nagios to sudoers file and then
adding the sudo command prefix, that doesn't fix it when invoking the
command on the nagios server. I've also tried adding the nagios user to
the admin group and that doesn't help.

I've enabled the debugging on the nrpe server, and for the command from
the nagios server, I see the connection and request in syslog when the
user is peter, but no such request when the user is nagios. Neither of
the local commands generate any syslog output.

It is difficult to understand why this command, check_load, on the nrpe
server is returning output for users 'peter' and 'root' but not for user
'nagios' when 'nagios' owns the executable.

When I check executing the check_disk command locally on the nrpe server with
sudo su - nagios -c /usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p 
/dev/sda1
it works and returns a report.

Curiously, if I change the nagios user to have a login shell, such as
/bin/bash, on the nrpe server, then the check_load command is returning
output, though still doesn't work from the nagios server. In neither
case, however, does the nagios user have a password.

Both the check_load and check_disk plugins are owned by nagios:nagios
and have -rwxr-xr-x permissions, so what is the difference?

/proc/loadavg is owned by root:root and has rw-r--r-- permissions, so
should be readable.

It appears this is a problem with the nagios user setup in the ubuntu
packaging. I have checked the upstream bug fixes to current and there is
nothing in nagios-plugin which would appear to address this issue.

** Affects: nagios-plugins (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: nagios3

** Tags added: nagios3

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios-plugins in Ubuntu.
https://bugs.launchpad.net/bugs/988421

Title:
  nagios3 check_load produces no output

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/988421/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 988421] [NEW] nagios3 check_load produces no output

2012-04-25 Thread PeterNSteinmetz 
Public bug reported:

I am running a nagios3 server on ubuntu 10.04 server (nagios3
3.2.0-4ubuntu2.2) and a nrpe server on ubuntu 10.10 (nagios-nrpe-server
2.12-4ubuntu1.10.10.1, nagios-plugins  1.4.14-5ubuntu3)

Have these both basically up and running, and the server is able to run
a check_disk command on the npre server and receives results.

For a check_load command, however, the status information is '(No output
returned from plugin)'.

I have looked extensively on the web for this, and it appears there are
a number of reasons this may happen.

On the server, if I run 
sudo su - nagios -c /usr/lib/nagios/plugins/check_nrpe -H 10.41.129.36 -c 
check_load
there is nothing returned.

If I change the user from nagios to peter, then I get the expected
response.

On the nrpe server, the same thing is happening. If I run 
sudo su - nagios -c /usr/lib/nagios/plugins/check_load  -w 15,10,5 -c 30,25,20
there is nothing returned. If I change the user to peter it returns the 
expected output.

I've tried making the plugins all owned by nagios:nagios, that doesn't
help. I've tried adding a line for nagios to sudoers file and then
adding the sudo command prefix, that doesn't fix it when invoking the
command on the nagios server. I've also tried adding the nagios user to
the admin group and that doesn't help.

I've enabled the debugging on the nrpe server, and for the command from
the nagios server, I see the connection and request in syslog when the
user is peter, but no such request when the user is nagios. Neither of
the local commands generate any syslog output.

It is difficult to understand why this command, check_load, on the nrpe
server is returning output for users 'peter' and 'root' but not for user
'nagios' when 'nagios' owns the executable.

When I check executing the check_disk command locally on the nrpe server with
sudo su - nagios -c /usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p 
/dev/sda1
it works and returns a report.

Curiously, if I change the nagios user to have a login shell, such as
/bin/bash, on the nrpe server, then the check_load command is returning
output, though still doesn't work from the nagios server. In neither
case, however, does the nagios user have a password.

Both the check_load and check_disk plugins are owned by nagios:nagios
and have -rwxr-xr-x permissions, so what is the difference?

/proc/loadavg is owned by root:root and has rw-r--r-- permissions, so
should be readable.

It appears this is a problem with the nagios user setup in the ubuntu
packaging. I have checked the upstream bug fixes to current and there is
nothing in nagios-plugin which would appear to address this issue.

** Affects: nagios-plugins (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: nagios3

** Tags added: nagios3

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/988421

Title:
  nagios3 check_load produces no output

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/988421/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 987532] [NEW] description of puppet configuration is wrong

2012-04-23 Thread PeterNSteinmetz 
Public bug reported:

In the server guide, the configuration described for puppet is not
correct, and can be misleading for people trying to use this as a known
starting point.

The nodes.pp file is not needed here, as the entries for package and
service 'apache2' will apply to all nodes by default.

Either these should be moved under a class 'apache' and then sites.pp
should import nodes or the nodes.pp file part should be removed and it
should be explained that this will apply to all nodes.

** Affects: ubuntu-docs (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/987532

Title:
  description of puppet configuration is wrong

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/987532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 986649] [NEW] puppet agent can't obtain catalogs

2012-04-21 Thread PeterNSteinmetz 
Public bug reported:

For puppet 2.7.1-1ubuntu3.5~maverick1 running on maverick server, the
agent fails to be able to obtain catalogs from the puppetmaster, due to
a failure to validate the ca certificate.

This is a dangerous bug as it appears when following the instructions in
the server guide for installing puppet and is just silent, in the sense
that there is nothing normally in the logs. It only appear if one checks
whether the changes are being propagated or runs the puppet agent with a
command like:

sudo puppetd agent --no-daemonize --verbose --debug

which will show something like:

err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate
notice: Using cached catalog
err: Could not retrieve catalog; skipping run

after retrieving the signed ca certificate.

It is NOT due to a problem with time syncing, as can be verified by
checking the validity time of the certificate with a command like:

sudo openssl x509 -text -noout -in /etc/puppet/ssl/certs/ca.pem

and ensuring that the not before time lies in the future.

It is likely due to an inability of the ruby puppet application to
properly verify the ca certificate. See for example this now closed bug
at puppetlabs:

http://projects.puppetlabs.com/issues/14067

This page contains a fair amount of useful information about puppet's use of 
certificates:
http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security

** Affects: puppet (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: puppet server

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/986649

Title:
  puppet agent can't obtain catalogs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/986649/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 986649] [NEW] puppet agent can't obtain catalogs

2012-04-21 Thread PeterNSteinmetz 
Public bug reported:

For puppet 2.7.1-1ubuntu3.5~maverick1 running on maverick server, the
agent fails to be able to obtain catalogs from the puppetmaster, due to
a failure to validate the ca certificate.

This is a dangerous bug as it appears when following the instructions in
the server guide for installing puppet and is just silent, in the sense
that there is nothing normally in the logs. It only appear if one checks
whether the changes are being propagated or runs the puppet agent with a
command like:

sudo puppetd agent --no-daemonize --verbose --debug

which will show something like:

err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate
notice: Using cached catalog
err: Could not retrieve catalog; skipping run

after retrieving the signed ca certificate.

It is NOT due to a problem with time syncing, as can be verified by
checking the validity time of the certificate with a command like:

sudo openssl x509 -text -noout -in /etc/puppet/ssl/certs/ca.pem

and ensuring that the not before time lies in the future.

It is likely due to an inability of the ruby puppet application to
properly verify the ca certificate. See for example this now closed bug
at puppetlabs:

http://projects.puppetlabs.com/issues/14067

This page contains a fair amount of useful information about puppet's use of 
certificates:
http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security

** Affects: puppet (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: puppet server

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986649

Title:
  puppet agent can't obtain catalogs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/986649/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 579924] Re: Upgrading Ubuntu LTS skips database version - Fatal error: Version error for database bacula. Wanted 12, got 10

2011-03-23 Thread PeterNSteinmetz 
Also just affected me on upgrade from karmic to lucid, using mysql. This
just cost me a couple of hours, so I definitely vote in favor of having
this handled properly during upgrade, especially as it affects LTS-LTS
upgrades.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in Ubuntu.
https://bugs.launchpad.net/bugs/579924

Title:
  Upgrading Ubuntu LTS skips database version - Fatal error: Version
  error for database bacula. Wanted 12, got 10

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 579924] Re: Upgrading Ubuntu LTS skips database version - Fatal error: Version error for database bacula. Wanted 12, got 10

2011-03-23 Thread PeterNSteinmetz 
Also just affected me on upgrade from karmic to lucid, using mysql. This
just cost me a couple of hours, so I definitely vote in favor of having
this handled properly during upgrade, especially as it affects LTS-LTS
upgrades.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/579924

Title:
  Upgrading Ubuntu LTS skips database version - Fatal error: Version
  error for database bacula. Wanted 12, got 10

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 426778] Re: Please upgrade calendarserver to version 2.3 from upstream

2010-02-07 Thread PeterNSteinmetz 
Trying to determine how to develop a package working from the source code for 
2.3, since the upstream doesn't seem to be moving. Page now on the wiki:
https://wiki.ubuntu.com/CalendarServerPackaging

Hopefully others can contribute who have more expertise in packaging.

-- 
Please upgrade calendarserver to version 2.3 from upstream
https://bugs.launchpad.net/bugs/426778
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 403349] Re: calendarserver has dependency on non-existent python-xml package in karmic

2010-02-07 Thread PeterNSteinmetz 
Trying to determine how to develop a package working from the source code for 
2.3, since the upstream doesn't seem to be moving. Page now on the wiki:
https://wiki.ubuntu.com/CalendarServerPackaging

Hopefully others can contribute who have more expertise in packaging.

-- 
calendarserver has dependency on non-existent python-xml package in karmic
https://bugs.launchpad.net/bugs/403349
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 403349] Re: calendarserver has dependency on non-existent python-xml package in karmic

2009-11-21 Thread PeterNSteinmetz 
It looks like version 2.3 will require a fair number of changes to the
debian and ubuntu packaging, from what I can see.

Spent a fair amount of time working with 1.4 from
http://trac.calendarserver.org/browser/CalendarServer/tags/release/CalendarServer-1.4

which was released at basically the same time as 2.3, that is, 3 months
ago.

I'm a newbie at this packaging business, so am sure it is not quite
right yet.

I took the source for 1.4 and copied in the debian subdirectory from the
prior ubuntu package. Needed to make a number of changes to some patch
files and the control file.

Have been able to build the source package, build the package, and
install on my system (though with a syntax warning in one module that
may indicate another patch that needs changing).

I'm finished with this for the weekend, so thought I would forward along
my source directory and orig.tar.gz tarball that I was using in
construction.

I'm assuming that really the way this should work is either for the
debian upstream to be fixed, or for the source to be retrieved via the
svn from macports and then a debian subdirectory added, but I'm
definitely not sure on that.

Perhaps others can carry on with the packaging and testing from here?

thanks,
Peter


** Attachment added: Attempt to get 1.4 source version working.
   http://launchpadlibrarian.net/35936991/calendarServer1.5Attempt.tgz

-- 
calendarserver has dependency on non-existent python-xml package in karmic
https://bugs.launchpad.net/bugs/403349
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 403349] Re: calendarserver has dependency on non-existent python-xml package in karmic

2009-11-21 Thread PeterNSteinmetz 
Interesting, perhaps 2.3 isn't so bad. I took the source from macports
for 2.3 and copied in the debian subdirectory from the ubuntu 1.2
source.

Removed all files from patches (after all, these may have been fixed).
Modified calendarserver.examples to point at conf/auth/accounts.xml
rather than conf/accounts.xml. Modified control file to remove
dependence on python-twisted-calendarserver, and changed dependence on
python-xml to python-lxml.

This seems to build and install. No idea if it works well or at all.

-- 
calendarserver has dependency on non-existent python-xml package in karmic
https://bugs.launchpad.net/bugs/403349
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 437483] Re: Improved description of permissions for openldap using TLS

2009-09-29 Thread PeterNSteinmetz 
Sorry to hear that is still trouble. I've been slowly working on the
patch to provide better error reporting when using GNUtls, but it will
be a while.

With an official cert, you will need all 3 of the olcTLSxxx parameters
set. Assuming that is in line, I would be sure the group has read
permissions on the certs and key and read and execute on the directories
containing them.

-- 
Improved description of permissions for openldap using TLS
https://bugs.launchpad.net/bugs/437483
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 437483] Re: Improved description of permissions for openldap using TLS

2009-09-27 Thread PeterNSteinmetz 
Yes, indeed. I guess I'm not familiar enough with bazaar version
control. I obtained a copy of the docs, modified and performed a commit
with a message, giving me rev # 354. But I take it that must not
propagate the change.

I was trying to follow the instructions in the bugs playbook at:
https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation?action=AttachFiledo=viewtarget=BugsPlaybook.pdf

but the command 'bzr diff  diffname.txt' near the end didn't give
anything.

Subsequently, I've generated a differences file using 'bzr diff -r 353 
changes.txt', which seems to contain the differences, and I attach here.

Please let me know if there was some other more proper way of
accomplishing this.


** Attachment added: changes.txt
   http://launchpadlibrarian.net/32531511/changes.txt

-- 
Improved description of permissions for openldap using TLS
https://bugs.launchpad.net/bugs/437483
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-26 Thread PeterNSteinmetz 
For the time being, I posted an update for the network-auth.xml in
ubuntu-docs.

https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/437483

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 437483] [NEW] Improved description of permissions for openldap using TLS

2009-09-26 Thread PeterNSteinmetz 
Public bug reported:

Binary package hint: ubuntu-docs

With the use of GNUtls users often encounter an error of the form main:
TLS init def ctx failed: -1 without further explanation (which was
available with openssl). Witness for example
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/420277

To help avoid this, I've update the notes on the network authentication
page regarding the use of certificates and items to check, revno 354 of
ubuntu-doc.

** Affects: ubuntu-docs (Ubuntu)
 Importance: Undecided
 Status: New

-- 
Improved description of permissions for openldap using TLS
https://bugs.launchpad.net/bugs/437483
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-26 Thread PeterNSteinmetz 
For the time being, I posted an update for the network-auth.xml in
ubuntu-docs.

https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/437483

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-18 Thread PeterNSteinmetz 
Yes, continues to be annoying.

One thing to do is to carefully verify the certificate chain you have
configured for LDAP use. If the certificate is self-signed, then don't
configure the olcCACertificateFile item. Otherwise, make sure the CA
signing the certificate has its certificate in this property.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-18 Thread PeterNSteinmetz 
Thanks Dave. I agree about the docs on this. Can you comment on which
howto you were using?

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-18 Thread PeterNSteinmetz 
Yes, continues to be annoying.

One thing to do is to carefully verify the certificate chain you have
configured for LDAP use. If the certificate is self-signed, then don't
configure the olcCACertificateFile item. Otherwise, make sure the CA
signing the certificate has its certificate in this property.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-18 Thread PeterNSteinmetz 
Thanks Dave. I agree about the docs on this. Can you comment on which
howto you were using?

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-11 Thread PeterNSteinmetz 
Playing around with the source today and debugging slapd with gdb.

It appears that much of the pain here is in tls_g.c, the wrappers for
gnutls. The function tlsg_ctx_init in particular. This is where, at
least for my configuration, most of the failures are occurring. And the
code in this function often makes a call onto a gnutls function, as in:

if (lo-ldo_tls_cacertfile != NULL) {
rc = gnutls_certificate_set_x509_trust_file( 
ctx-cred,
lt-lt_cacertfile,
GNUTLS_X509_FMT_PEM );
if ( rc  0 ) return -1;
}

and doesn't really do anything with the return code. There are 3 places
in tlsg_ctx_init where this occurs with no logging of what the actual
error code was. It just returns -1, rather than a more specific error
code. Upshot is that we simply get a -1 error code in the log with no
further advice on the specific problem.

The code in tls_o.c for this function and others seems better developed
and reports more useful error codes.

With a self-signed certificate, and setting only the olcTLSCertificateFile 
olcTLSCertificateKeyFile, the server works and does answer properly when trying 
with a command on another machine like:

openssl s_client -connect ldapServerIP:636 -showcerts

If oldTLSCACertificateFile is set to the self-signed certificate, slapd
fails to initialize TLS.

I suspect most of the problems being reported are due to configuration
issues, like those reported by Christian R. Without better error output,
it is very difficult to figure these out.

Now I'd be delighted to try and add more debugging and produce a patch;
however, perhaps I can get a bit of help with the packaging?

I've been able to get the source with 'apt-get source libldap-2.4-2',
and go in change the debian/configure.options, followed by a 'debchange
-i' and 'debuild -us -uc -i -I', then a 'sudo debi', and get a version
with debugging symbols installed.

What has been eluding me (after reading the HOWTO and several other
tutorials), is how to get changes in the source to build into the
package properly when installed and how to get other Debug statements to
work (though perhaps that is just because the packaging isn't working
right, since the machine language statements in the debugger don't agree
with the source listed in gdb, ouch). With a -nc option on debuild it
builds, but likely isn't actually including the changes. Without the
-nc, it complains about the upstream patches not being able to be
applied.

Hopefully someone can point me to the correct descriptions or give me
some help on this one.

Of course, a fixed up package with better error output from one of the
openldap gurus would be most welcome!

thanks,
Peter

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-11 Thread PeterNSteinmetz 
Playing around with the source today and debugging slapd with gdb.

It appears that much of the pain here is in tls_g.c, the wrappers for
gnutls. The function tlsg_ctx_init in particular. This is where, at
least for my configuration, most of the failures are occurring. And the
code in this function often makes a call onto a gnutls function, as in:

if (lo-ldo_tls_cacertfile != NULL) {
rc = gnutls_certificate_set_x509_trust_file( 
ctx-cred,
lt-lt_cacertfile,
GNUTLS_X509_FMT_PEM );
if ( rc  0 ) return -1;
}

and doesn't really do anything with the return code. There are 3 places
in tlsg_ctx_init where this occurs with no logging of what the actual
error code was. It just returns -1, rather than a more specific error
code. Upshot is that we simply get a -1 error code in the log with no
further advice on the specific problem.

The code in tls_o.c for this function and others seems better developed
and reports more useful error codes.

With a self-signed certificate, and setting only the olcTLSCertificateFile 
olcTLSCertificateKeyFile, the server works and does answer properly when trying 
with a command on another machine like:

openssl s_client -connect ldapServerIP:636 -showcerts

If oldTLSCACertificateFile is set to the self-signed certificate, slapd
fails to initialize TLS.

I suspect most of the problems being reported are due to configuration
issues, like those reported by Christian R. Without better error output,
it is very difficult to figure these out.

Now I'd be delighted to try and add more debugging and produce a patch;
however, perhaps I can get a bit of help with the packaging?

I've been able to get the source with 'apt-get source libldap-2.4-2',
and go in change the debian/configure.options, followed by a 'debchange
-i' and 'debuild -us -uc -i -I', then a 'sudo debi', and get a version
with debugging symbols installed.

What has been eluding me (after reading the HOWTO and several other
tutorials), is how to get changes in the source to build into the
package properly when installed and how to get other Debug statements to
work (though perhaps that is just because the packaging isn't working
right, since the machine language statements in the debugger don't agree
with the source listed in gdb, ouch). With a -nc option on debuild it
builds, but likely isn't actually including the changes. Without the
-nc, it complains about the upstream patches not being able to be
applied.

Hopefully someone can point me to the correct descriptions or give me
some help on this one.

Of course, a fixed up package with better error output from one of the
openldap gurus would be most welcome!

thanks,
Peter

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-06 Thread PeterNSteinmetz 
Interesting. My version also was an upgrade from
hardy-intrepid-jaunty. My /etc/ldap/ldap.conf doesn't contain a line
about TLS_RANDFILE though, and my install doesn't report the TLS:
gcry_control error, rather, there is nothing other than the main: TLS
init def ctx failed: -1 complaint.  I suspect these may be related
problems, at least in the sense of hard to tell what is going wrong
during initialization.

I will likely later this weekend try to clear aside configuration and
try a local build of openldap with debugging for gdb turned on and built
against gnutls.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-06 Thread PeterNSteinmetz 
Interesting. My version also was an upgrade from
hardy-intrepid-jaunty. My /etc/ldap/ldap.conf doesn't contain a line
about TLS_RANDFILE though, and my install doesn't report the TLS:
gcry_control error, rather, there is nothing other than the main: TLS
init def ctx failed: -1 complaint.  I suspect these may be related
problems, at least in the sense of hard to tell what is going wrong
during initialization.

I will likely later this weekend try to clear aside configuration and
try a local build of openldap with debugging for gdb turned on and built
against gnutls.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-05 Thread PeterNSteinmetz 
Interesting that there is the TLS complaint through TLS: gcry_control
...

Nothing like that in mine. I was looking through the source a bit last
night on this. It seems that the TLS init call is returning a -1 error
code under some circumstances without really throwing another error
message.

Despite the problems with gnutls, it seems the ubuntu folks are
committed to staying with it for licensing reasons.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-09-05 Thread PeterNSteinmetz 
Interesting that there is the TLS complaint through TLS: gcry_control
...

Nothing like that in mine. I was looking through the source a bit last
night on this. It seems that the TLS init call is returning a -1 error
code under some circumstances without really throwing another error
message.

Despite the problems with gnutls, it seems the ubuntu folks are
committed to staying with it for licensing reasons.

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-08-28 Thread PeterNSteinmetz 
** Changed in: openldap (Ubuntu)
   Status: Invalid = New

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-08-28 Thread PeterNSteinmetz 
Thanks Mr. Gug. I checked this, placing the apparmor profile into
complain mode with sudo aa-complain /usr/sbin/slapd.

The same problem occurs with an attempt to start slapd, but there are no
entries in /var/log/kern.log associated and no audit entries.

I also moved the certificates and keys generated using gnutls into
/etc/ssl/certs and /etc/ssl/private. Still the same problem with no
audit entries in the /var/log/kern.log.

I'm not quite certain what is meant by standard locations, since
https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html says to
put then in /etc/ssl/certs and /etc/ssl/private under the TLS and SSL
sections, though I am happy to try moving them anywhere that may help.

Is there some setting I should be using to get more information out of
gnutls about what may be going on?

thanks,
Peter

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-08-28 Thread PeterNSteinmetz 
** Changed in: openldap (Ubuntu)
   Status: Invalid = New

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] Re: ldap tls refusing to initialize

2009-08-28 Thread PeterNSteinmetz 
Thanks Mr. Gug. I checked this, placing the apparmor profile into
complain mode with sudo aa-complain /usr/sbin/slapd.

The same problem occurs with an attempt to start slapd, but there are no
entries in /var/log/kern.log associated and no audit entries.

I also moved the certificates and keys generated using gnutls into
/etc/ssl/certs and /etc/ssl/private. Still the same problem with no
audit entries in the /var/log/kern.log.

I'm not quite certain what is meant by standard locations, since
https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html says to
put then in /etc/ssl/certs and /etc/ssl/private under the TLS and SSL
sections, though I am happy to try moving them anywhere that may help.

Is there some setting I should be using to get more information out of
gnutls about what may be going on?

thanks,
Peter

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 420277] [NEW] ldap tls refusing to initialize

2009-08-27 Thread PeterNSteinmetz 
Public bug reported:

Binary package hint: libldap-2.4-2

Trying to run a slapd server in Ubuntu 9.04, generally following the
docs at: https://help.ubuntu.com/9.04/serverguide/C/openldap-
server.html.

It works fine until I try and use certificates as per the section TLS
and SSL on that page.

Then, if I try and start using /etc/init.d/slapd it tells me to start using the 
debugging flags. If I then do so with the command:
sudo slapd -d -1 -h 'ldap:/// ldapi:/// ldaps:///' -g openldap -u openldap -F 
/etc/ldap/slapd.d/

At the end of copious output is:

main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.

This is with entries in /etc/ldap/slapd.d/cn=config.ldif like:

olcTLSCACertificateFile: /home/peter/CA/server-ca-cert.pem
olcTLSCertificateFile: /home/peter/CA/server-gnutls-cert.pem
olcTLSCertificateKeyFile: /home/peter/CA/server-gnutls-key.pem

If these entries are commented out, the server will start and work.

This occurs with a private key and certificate generated using both
openssl and with the gnutls certtool.

Dependencies for slapd are:

ldd -v $(which slapd)
linux-gate.so.1 =  (0xb7de2000)
libldap_r-2.4.so.2 = /usr/lib/libldap_r-2.4.so.2 (0xb7d97000)
liblber-2.4.so.2 = /usr/lib/liblber-2.4.so.2 (0xb7d89000)
libdb-4.7.so = /usr/lib/libdb-4.7.so (0xb7c34000)
libodbc.so.1 = /usr/lib/libodbc.so.1 (0xb7bcd000)
libpthread.so.0 = /lib/tls/i686/cmov/libpthread.so.0 (0xb7bb4000)
libslp.so.1 = /usr/lib/libslp.so.1 (0xb7ba4000)
libnsl.so.1 = /lib/tls/i686/cmov/libnsl.so.1 (0xb7b8b000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0xb7b73000)
libgnutls.so.26 = /usr/lib/libgnutls.so.26 (0xb7ad5000)
libtasn1.so.3 = /usr/lib/libtasn1.so.3 (0xb7ac3000)
libz.so.1 = /lib/libz.so.1 (0xb7aad000)
libgcrypt.so.11 = /lib/libgcrypt.so.11 (0xb7a44000)
libcrypt.so.1 = /lib/tls/i686/cmov/libcrypt.so.1 (0xb7a12000)
libresolv.so.2 = /lib/tls/i686/cmov/libresolv.so.2 (0xb79fb000)
libltdl.so.7 = /usr/lib/libltdl.so.7 (0xb79f2000)
libdl.so.2 = /lib/tls/i686/cmov/libdl.so.2 (0xb79ee000)
libwrap.so.0 = /lib/libwrap.so.0 (0xb79e5000)
libc.so.6 = /lib/tls/i686/cmov/libc.so.6 (0xb7882000)
/lib/ld-linux.so.2 (0xb7de3000)
libgpg-error.so.0 = /lib/libgpg-error.so.0 (0xb787e000)

Related packages installed:
gnutls-bin 2.4.2-6ubuntu0.1 gnutls26 install ok installed
gnutls-doc 2.4.2-6ubuntu0.1 gnutls26 install ok installed
ldap-utils 2.4.15-1ubuntu3 openldap install ok installed
libcurl3-gnutls 7.18.2-8ubuntu4.1 curl install ok installed
libgnutls26 2.4.2-6ubuntu0.1 gnutls26 install ok installed
libldap-2.4-2 2.4.15-1ubuntu3 openldap install ok installed
slapd 2.4.15-1ubuntu3 openldap install ok installed

It doesn't seem like this could be a problem with V1 certificates, since both 
the CA cert and the server cert have X.509 Certificate Information: Version: 3 
(cf. https://bugs.launchpad.net/bugs/305264).
Additionally they have Signature Algorithm: RSA-SHA.

I wonder if it is related to a cipher suite specification, given
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256. Though I tried
setting 'olcTLSCipherSuite: +AES-256-CBC:+SHA1' in the cn=config.ldif
file, to no avail.

I don't know how to get the more detailed information from TLS, I only
see the 'main: TLS init def ctx failed: -1' line.

Is this another issue with the gnutls specifications? Or just something
missing in the docs there for jaunty. Strikes me as a fairly important
issue for ubuntu server.

Peter

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: ldap tls

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 420277] [NEW] ldap tls refusing to initialize

2009-08-27 Thread PeterNSteinmetz 
Public bug reported:

Binary package hint: libldap-2.4-2

Trying to run a slapd server in Ubuntu 9.04, generally following the
docs at: https://help.ubuntu.com/9.04/serverguide/C/openldap-
server.html.

It works fine until I try and use certificates as per the section TLS
and SSL on that page.

Then, if I try and start using /etc/init.d/slapd it tells me to start using the 
debugging flags. If I then do so with the command:
sudo slapd -d -1 -h 'ldap:/// ldapi:/// ldaps:///' -g openldap -u openldap -F 
/etc/ldap/slapd.d/

At the end of copious output is:

main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.

This is with entries in /etc/ldap/slapd.d/cn=config.ldif like:

olcTLSCACertificateFile: /home/peter/CA/server-ca-cert.pem
olcTLSCertificateFile: /home/peter/CA/server-gnutls-cert.pem
olcTLSCertificateKeyFile: /home/peter/CA/server-gnutls-key.pem

If these entries are commented out, the server will start and work.

This occurs with a private key and certificate generated using both
openssl and with the gnutls certtool.

Dependencies for slapd are:

ldd -v $(which slapd)
linux-gate.so.1 =  (0xb7de2000)
libldap_r-2.4.so.2 = /usr/lib/libldap_r-2.4.so.2 (0xb7d97000)
liblber-2.4.so.2 = /usr/lib/liblber-2.4.so.2 (0xb7d89000)
libdb-4.7.so = /usr/lib/libdb-4.7.so (0xb7c34000)
libodbc.so.1 = /usr/lib/libodbc.so.1 (0xb7bcd000)
libpthread.so.0 = /lib/tls/i686/cmov/libpthread.so.0 (0xb7bb4000)
libslp.so.1 = /usr/lib/libslp.so.1 (0xb7ba4000)
libnsl.so.1 = /lib/tls/i686/cmov/libnsl.so.1 (0xb7b8b000)
libsasl2.so.2 = /usr/lib/libsasl2.so.2 (0xb7b73000)
libgnutls.so.26 = /usr/lib/libgnutls.so.26 (0xb7ad5000)
libtasn1.so.3 = /usr/lib/libtasn1.so.3 (0xb7ac3000)
libz.so.1 = /lib/libz.so.1 (0xb7aad000)
libgcrypt.so.11 = /lib/libgcrypt.so.11 (0xb7a44000)
libcrypt.so.1 = /lib/tls/i686/cmov/libcrypt.so.1 (0xb7a12000)
libresolv.so.2 = /lib/tls/i686/cmov/libresolv.so.2 (0xb79fb000)
libltdl.so.7 = /usr/lib/libltdl.so.7 (0xb79f2000)
libdl.so.2 = /lib/tls/i686/cmov/libdl.so.2 (0xb79ee000)
libwrap.so.0 = /lib/libwrap.so.0 (0xb79e5000)
libc.so.6 = /lib/tls/i686/cmov/libc.so.6 (0xb7882000)
/lib/ld-linux.so.2 (0xb7de3000)
libgpg-error.so.0 = /lib/libgpg-error.so.0 (0xb787e000)

Related packages installed:
gnutls-bin 2.4.2-6ubuntu0.1 gnutls26 install ok installed
gnutls-doc 2.4.2-6ubuntu0.1 gnutls26 install ok installed
ldap-utils 2.4.15-1ubuntu3 openldap install ok installed
libcurl3-gnutls 7.18.2-8ubuntu4.1 curl install ok installed
libgnutls26 2.4.2-6ubuntu0.1 gnutls26 install ok installed
libldap-2.4-2 2.4.15-1ubuntu3 openldap install ok installed
slapd 2.4.15-1ubuntu3 openldap install ok installed

It doesn't seem like this could be a problem with V1 certificates, since both 
the CA cert and the server cert have X.509 Certificate Information: Version: 3 
(cf. https://bugs.launchpad.net/bugs/305264).
Additionally they have Signature Algorithm: RSA-SHA.

I wonder if it is related to a cipher suite specification, given
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256. Though I tried
setting 'olcTLSCipherSuite: +AES-256-CBC:+SHA1' in the cn=config.ldif
file, to no avail.

I don't know how to get the more detailed information from TLS, I only
see the 'main: TLS init def ctx failed: -1' line.

Is this another issue with the gnutls specifications? Or just something
missing in the docs there for jaunty. Strikes me as a fairly important
issue for ubuntu server.

Peter

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: ldap tls

-- 
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 279342] Re: External ieee1394 drive not recognized 2.6.27-5

2009-02-04 Thread PeterNSteinmetz 
Also, should I be registering this as a new bug on 2.6.28-4, since it
has to do with the new drivers, rather than the old?

-- 
External ieee1394 drive not recognized 2.6.27-5
https://bugs.launchpad.net/bugs/279342
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 279342] Re: External ieee1394 drive not recognized 2.6.27-5

2009-02-03 Thread PeterNSteinmetz 
Again, thanks Stefan for the suggestions. I followed up on this and
tried getting the Tandberg VXA-2 tape drive and PacketLoader tape
library to mount with the new drivers.

Booted off a jaunty alpha 3 live cd, which gives kernel
2.6.28-4-generic.

Then, with the tape drive not plugged in, did 
modprobe -r ohci1394
modprobe firewire-ohci
modprobe firewire-sdp2

so far, this gives the following in the kern.log:

Feb  4 00:07:14 ubuntu kernel: [  152.065612] ieee1394: Node removed: 
ID:BUS[0-00:1023]  GUID[003093412325]
Feb  4 00:07:28 ubuntu kernel: [  166.296014] firewire_ohci: Added fw-ohci 
device :03:01.0, OHCI version 1.10
Feb  4 00:07:29 ubuntu kernel: [  166.796127] firewire_core: created device 
fw0: GUID 003093412325, S800

I then plug in the tape drive and the following shows up:

firewire_core: phy config: card 0, new root=ffc1, gap_count=5
scsi3 : SBP-2 IEEE-1394
firewire_sbp2: Workarounds for fw1.0: 0x2 (firmware_revision 0x000201, model_id 
0x00)
scsi4 : SBP-2 IEEE-1394
firewire_sbp2: Workarounds for fw1.1: 0x2 (firmware_revision 0x000201, model_id 
0x00)
firewire_core: created device fw1: GUID 0010100319003177, S800
firewire_sbp2: fw1.0: logged in to LUN  (0 retries)
scsi 3:0:0:0: Sequential-Access EXABYTE  VXA-2a   2152 PQ: 0 ANSI: 2
scsi 3:0:0:0: Attached scsi generic sg2 type 1
firewire_sbp2: fw1.1: logged in to LUN 0001 (0 retries)
firewire_sbp2: released fw1.0, target 3:0:0
firewire_sbp2: released fw1.1, target 4:0:0
st: Version 20080504, fixed bufsize 32768, s/g segs 256
Driver 'st' needs updating - please use bus_type methods
osst :I: Tape driver with OnStream support version 0.99.4
osst :I: $Id: osst.c,v 1.73 2005/01/01 21:13:34 wriede Exp $
Driver 'osst' needs updating - please use bus_type methods
firewire_core: giving up on config rom for node id ffc1
firewire_core: phy config: card 0, new root=ffc1, gap_count=5
firewire_core: giving up on config rom for node id ffc0
scsi5 : SBP-2 IEEE-1394
firewire_sbp2: Workarounds for fw1.0: 0x2 (firmware_revision 0x000201, model_id 
0x00)
scsi6 : SBP-2 IEEE-1394
firewire_sbp2: Workarounds for fw1.1: 0x2 (firmware_revision 0x000201, model_id 
0x00)
firewire_core: created device fw1: GUID 0010100319003177, S800
firewire_core: phy config: card 0, new root=ffc0, gap_count=5
firewire_sbp2: released fw1.0, target 5:0:0
firewire_sbp2: released fw1.1, target 6:0:0
firewire_core: phy config: card 0, new root=ffc1, gap_count=5
firewire_core: giving up on config rom for node id ffc0

Looks like it initially figured out it was a VXA-2 and created the sg
device, but then it was released and something went on with the tape
driver. This seems to loop forever, creating two more devices, then
giving up on them, over and over again.

Is there something else I need to do about the tape driver? Other ideas
for testing on jaunty?

-- 
External ieee1394 drive not recognized 2.6.27-5
https://bugs.launchpad.net/bugs/279342
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 279342] Re: External ieee1394 drive not recognized 2.6.27-5

2009-01-30 Thread PeterNSteinmetz 
Firstly, thanks for the extensive explanation Stefan. I tried setting
the 0x100 option for sbp2, and you are correct, no other workarounds are
now enabled, but that doesn't fix this.

I also tried a modified kernel module, where there is a distinction
between the first and second time out messages. This is the first
message. I also tried increasing the timeout value to 40s, this also
didn't help.

In reviewing all of the dmesg logs however, I noticed there is an early
complaintm after the host is added, there a large number of complaints
that

ieee1394: The root node is not cycle master capable; selecting a new
root node and resetting...

Eventually this stops repeating. And then there is the complaint

ieee1394: Error parsing configrom for node 0-00:1023

(where this node id is for the tape drive in question)

Do these two items indicate that something else is actually going on
here?

I would certainly appreciate any other suggestions on what I could try
to get this tape drive working under ubuntu. It is reported to work
under FreeBSD, so perhaps I'll try that next.

-- 
External ieee1394 drive not recognized 2.6.27-5
https://bugs.launchpad.net/bugs/279342
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 279342] Re: External ieee1394 drive not recognized 2.6.27-5

2009-01-27 Thread PeterNSteinmetz 
I would like to add an additional device that seems to be having a very
similar same problem, under a variety of kernel versions. (I am happy to
move this to a new thread if people think that is better).

This is the Tandberg Data StorageLoader VXA-2 1U with firewire
interface. (http://www.tandbergdata.com/us/en/products/search-
result/?action=2product=62ref=166)

The dmesg looks like:
- [   78.748200] ieee1394: sbp2: Workarounds for node 0-00:1023: 0x2
  (firmware_revision 0x000201, vendor_id 0x001010, model_id 0x00)
- [   99.737945] ieee1394: sbp2: Error logging into SBP-2 device -
  timed out
  [   99.738104] sbp2: probe of 0010100319003177-1 failed with error -16

I am able to access the drive and tape library under MacOS X using the
manufacturer provided tools and am able to upgrade the firmware, etc.

The message above is under ubuntu hardy heron server (8.04 i386) kernel
2.6.24-19-server. It persists after unloading and loading the ohci1394
module or the sdp2 module.

This message is also produced when booting off the LiveCD versions for
either Ubuntu Intrepid Ibex or the Jaunty alpha 3 release.

The controller chip on the host (a SuperMicro server) is a Texas
Instruments TSB82AA2 IEEE-1394b Link Layer Controller (rev 01).

It appears that this tape/library is using an Initio Firewire-PATA
controller bridge. Three are given on their site
http://www.initio.com/Html/Products.asp. Given the age of the product, I
might suspect the inic-1430.

I understand this chip has had issues in the past under Linux kernels,
and I see in the dmesg that a workaround is being used. The comments in
the source (sdp2.c) for this workaround note, however, that this may
have been only necessary for their older products, and the lookup is
using a wildcard for the model_id.

So is it possible, with the latest firmware upgrades, that this
workaround itself is causing the timeout on login? (the workaround seems
to be chopping the length in the request to conform to some older
windows bug)

And if this is true, is there a way to turn off the workaround? Or
perhaps modify this module to identify the devices for which the
workaround is really needed?

-- 
External ieee1394 drive not recognized 2.6.27-5
https://bugs.launchpad.net/bugs/279342
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs