#StackBounty: #debian #pam Why does this PAM code prevent all logins to a Debian system?

Bounty: 50

Why does adding this line to /etc/pam.d/common-auth:

auth        required      pam_tally2.so deny=4 unlock_time=1200 even_deny_root

and adding this line to /etc/pam.d/common-account:

account     required      pam_tally2.so

prevent all logins to my Debian 10 system? All of my other pam configuration files (login, common-session, and common-password are unchanged from the defaults, but I can post those too if necessary).

I’ve seen a couple of other questions that discuss pam_tally, e.g. this one, this one, and this one, but they either don’t have answers specific to pam_tally or don’t have any answers at all.

(For background, I’m trying to adapt this updated guide for Debian systems)

EDIT: The libpam-modules package is installed.


Get this bounty!!!

#StackBounty: #linux #debian #xorg How do I get out of a login loop?

Bounty: 100

I recently upgraded from Debian Jessie to Stretch and had a hard time getting X to start due to graphics conflicts. I sorted those out through a series of purge and reinstall commands and was excited to see the familiar login screen. Unfortunately for me, after I enter my password, the screen briefly blinks and I’m still at the login screen.

I can get into the system without problem on one of the other TTY but I can’t seem to get the desktop to come up.

Other things of note:

  • I have checked the .Xauthority permissions/ownership and they are fine (as are the rest of the files in my home.)
  • It doesn’t seem to matter which desktop I choose (I have Fluxbox, Gnome, and X11 options) it always comes right back.
  • The logs seem pretty clear, nothing stands out as suspect to me

Edit:
The Xorg.0.log has the following EE lines:

(EE) open /dev/dri/card0: No such file or directory
(EE) Screen 0 deleted because of no matching config section
(EE) AIGLX: reverting to software rendering

Edit2:
Home has 100G of free space, root has 2.4G

.xsession-errors is empty

Adding a new user also loops. Trying to delete that user after looping the login says the user is in use by /lib/systemd/systemd --user


Get this bounty!!!

#StackBounty: #linux #debian #udp #multicast Debian ignores second multicast packet

Bounty: 50

I have a home local network with several devices. One of devices sending multicast packets with information about some events (smart home). It works well – I’ve try to launch Multicast Tester app on my Android phone and I see all of packets which was sent by smart home device.

Also I have a server with Linux. It based on old Samsung NC10. And here is a little problem with multicast: when smart home device send two multicast packets one by one quickly, Linux server receives only the first packet and ignores the second. To check it I am using tcpdump dst port 9898 -X and I see two packets on Android and only first on Linux.

I also check the router but there is no specific settings for this server or multicasts. It looks the problem in Linux settings.

I also try to check it with watch -d "cat /proc/net/snmp | grep -w Udp":

# watch -d "cat /proc/net/snmp | grep -w Udp"

Every 2,0s: cat /proc/net/snmp | grep -w Udp                                                                                                                                                                                         BArtWell-Server: Tue Jan  7 15:36:38 2020

Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti
Udp: 252376 567 385 163222 0 0 385 9288

I am confused with IgnoredMulti number, it looks great.

How to fix this problem? How to force Linux do not ignore the second multicast packet when it was sent quickly?


Get this bounty!!!

#StackBounty: #debian #watchdog watchdog daemon unable to reset hardware watchdog timer on Supermicro X9DR3-F motherboard

Bounty: 400

I have a Supermicro X9DR3-F motherboard where JWD jumper pins 1 and 2 are shorted and watchdog functionality in UEFI is enabled:
Supermicro UEFI

This means that the system is reset after around 5 minutes if nothing resets the hardware watchdog timer. I installed the watchdog daemon and configured it to use iTCO_wdt driver:

$ cat /etc/default/watchdog 
# Start watchdog at boot time? 0 or 1
run_watchdog=1
# Start wd_keepalive after stopping watchdog? 0 or 1
run_wd_keepalive=1
# Load module before starting watchdog
watchdog_module="iTCO_wdt"
# Specify additional watchdog options here (see manpage).
$ 

When the watchdog daemon is started, then the driver is loaded without issues:

$ sudo dmesg | grep iTCO_wdt
[   17.435620] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[   17.435667] iTCO_wdt: Found a Patsburg TCO device (Version=2, TCOBASE=0x0460)
[   17.435761] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
$ 

Also, the /dev/watchdog file is present:

$ ls -l /dev/watchdog
crw------- 1 root root 10, 130 Dec  8 22:36 /dev/watchdog
$ 

watchdog-device option in watchdog daemon configuration points to this file:

$ grep -v ^# /etc/watchdog.conf 



watchdog-device    = /dev/watchdog
watchdog-timeout   = 60


interval           = 5
log-dir            = /var/log/watchdog
verbose            = yes
realtime           = yes
priority           = 1

heartbeat-file     = /var/log/watchdog/heartbeat
heartbeat-stamps   = 1000
$ 

In order to debug the writes to the watchdog device I have enabled heartbeat-file option and looks that the keepalive messages to /dev/watchdog are sent:

$ tail /var/log/watchdog/heartbeat
 1575830728
 1575830728
 1575830728
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
 1575830733
$ 

However, despite this the server resets itself with roughly five minute intervals.

My next thought was that maybe the iTCO_wdt driver controls the watchdog in C606 chipset and the watchdog resetting the server is instead part of IPMI. So I made sure that the iTCO_wdt driver is not loaded during the boot and rebooted the server. Fair enough, the /dev/watchdog was no longer present. Now I loaded the ipmi_watchdog module:

$ ls -l /dev/watchdog
ls: cannot access '/dev/watchdog': No such file or directory
$ sudo modprobe ipmi_watchdog
$ sudo dmesg -T | tail -1
[Tue Dec 10 21:12:48 2019] IPMI Watchdog: driver initialized
$ ls -l /dev/watchdog
crw------- 1 root root 10, 130 Dec 10 21:12 /dev/watchdog
$ 

.. and finally started the watchdog daemon which based on the /var/log/watchdog/heartbeat file is writing to /dev/watchdog with 5s interval. However, the server still reboots with roughly 300s intervals.

Why isn’t the watchdog daemon able to reset the hardware watchdog timer on Supermicro X9DR3-F motherboard?


Get this bounty!!!

#StackBounty: #debian #email #smtp #exim Complete setup of Exim4 as SMTP to reach most inboxes as possible (correct configuration)

Bounty: 200

I have over the last days tried to setup Exim4 to handle all mails sent from a web application.

It seems to be working, but I haven’t found out how to hardcode the hostname which will be sent with EHLO? (I don’t want to set /etc/hostname)

Have found the variable MAIN_HARDCODE_PRIMARY_HOSTNAME mentioned in the config but havn’t found a way to set it. Is this variable the simplest way to set the hostname or is there a better way to do it?

Below is the complete install/config.. Am I missing something?

Exim version 4.92
Debian Buster 10

Install

apt-get install exim4-daemon-light

Configure Exim4

dpkg-reconfigure exim4-config

Type:           internet site
FQDN:           smtp.mydomain.com
SMTP listener:      (empty)
Mail destinations:  (empty)
Domain relay:       (empty)
Machine relay:      (empty)
DNS queries minimal:    No
Delivery method:    Maildir
Split conf files:   No

Enable TLS and generate certs

printf "MAIN_TLS_ENABLE = truen" >> /etc/exim4/exim4.conf.localmacros
/usr/share/doc/exim4-base/examples/exim-gencert

check reverse DNS (IP -> smtp.mydomain.com)

https://mxtoolbox.com/ReverseLookup.aspx

Get IPv6

ip -6 addr | grep inet6 | awk -F '[ t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80

/etc/hosts

[ipv4]  smtp.mydomain.com
[ipv6]  smtp.mydomain.com

uncomment in ‘/etc/exim4/exim4.conf.template’

# plain_server:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CON$
# server_set_id = $2
# server_prompts = :
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
# .endif

add user/pass -> ‘/etc/exim4/passwd’

/usr/share/doc/exim4-base/examples/exim-adduser

DKIM/SPF

I have setup DKIM keys on the server and DKIM/SPF on DNS and both works


Get this bounty!!!

#StackBounty: #ubuntu #debian #keyboard-shortcuts #gnome #xkb How to revert keyboard layout switching shortcuts after setting them with…

Bounty: 50

I wanted to have two keyboard layouts (one for english and one for spanish), and add a shortcut for switching between them.

The solution I chose was to set the following lines in my /etc/default/keyboard file:

XKBLAYOUT="us,es"
XKBOPTION="grp:ctrl_shift_toggle"

This has turned out to be a mistake because the ctrl_shift shortcut interfers and takes precedence over all other application level shortcuts like browser’s ctrl+shift+tab and vi’s ctrl+shift+insert.

I haven’t found a way to revert this change and have it persist in between shutdowns.

Here are the methods I have tried:
1) Removing the XKBOPTION line from /etc/default/keyboard
2) Running the command dpkg-reconfigure keyboard
3) Running the command setxkbmap -option. This works but is reset upon restarting.
4) Configuring one single layout by adding the line XKBLAYOUT and adding the alternative layout via GNOME and using the GNOME shortcut (Super space). The switch has no effect and is reset upon restarting.

I don’t know where these changes are stored in between installs, I have ran grep with searching for terms like XKBOPTION,ctrl_shift_toggle but I can’t seem to find it. All I can find is that the setxkbmap -print command shows the ctrl_shift_toggle option:

xkb_keymap {
    xkb_keycodes  { include "evdev+aliases(qwerty)" };
    xkb_types     { include "complete"  };
    xkb_compat    { include "complete"  };
    xkb_symbols   { include "pc+us+es:2+us:3+inet(evdev)+grp(ctrl_shift_toggle)"    };
    xkb_geometry  { include "pc(pc105)" };
};

However, as mentioned, I cannot find the file responsible for the ctrl_shift_toggle configuration.

Note: The question is looking for an answer that can revert the state of the keyboard setting either to the original setting, or to the desired configuration. Reinstalling the OS or a solution that starts from a clean install is not considered an optimal solution. The reason for this is that, as a superuser, I want to have deep control of my system.

Thank you for your time.


Get this bounty!!!

#StackBounty: #debian #password #chrome chrome does not save my passwords

Bounty: 100

When I had to login in a site, Chrome used to offer me a number of possible user names and later the password associated with the user I choose (provided that I saved the user-password association previously).

Now Chrome still offers the correct possible users but then offers no password, I have to enter the password (if I remember it, that is, otherwise it’s password resetting) and, after a successful login, Chrome ask for permission to save the password. I give permission, of course, but next time I login it’s again no password remembered.

If I open the Settings->Passwords screen I see (the equivalent of)

Offer to save passwords [YES]
Auto Sign-in            [YES]

and below

Saved Passwords
    Saved passwords will appear here

that is, no password is really saved.

Final consideration, the same page permits to View and manage saved passwords in your Google Account and if I go there I can see all my sites, my users and my passwords except, important exception! that some of these passwords are stale.

I’m on Debian Sid, Chrome is Version 76.0.3809.132 (Official Build) (64-bit)
from Google’s official .deb

What can I do to fix this annoying problem?

UPDATE

This is what I get when I launch Chrome from the shell

$ google-chrome
[18891:18891:0906/221132.855189:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process.
[18856:18990:0906/221136.514201:ERROR:object_proxy.cc(619)] Failed to call method: org.freedesktop.Notifications.GetCapabilities: object_path= /org/freedesktop/Notifications: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Notifications was not provided by any .service files
[18891:18891:0906/221143.906640:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command
[18856:18996:0906/221151.512723:ERROR:password_syncable_service.cc(191)] Passwords datatype error was encountered: Failed to get passwords from store.

In particular, Passwords datatype error was encountered: Failed to get passwords from store. seems relevant wrt my issues.


Get this bounty!!!

#StackBounty: #debian #dual-boot #uefi #refind How to boot by default to Debian Buster

Bounty: 50

I just upgrade Debian from Stretch to Buster. I have a Win 10 installation on another partition but before I was not able to get a Boot menu with both choices so I had to modify the BIOS settings to be able to boot from Windows.

With Buster, the situation is better, I have a rEFInd screen where I choose Windows or Debian. The remaining problem is that Windows is selected by default.

I have read few things but I cannot find how to set the default configuration for the boot manager.

Here is the output of parted:

GNU Parted 3.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print all                                                        
Model: ATA SAMSUNG HD204UI (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  2000GB  2000GB  primary  ext4


Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End    Size    File system     Name                          Flags
 1      1049kB  473MB  472MB   ntfs            Basic data partition          hidden, diag
 2      473MB   578MB  105MB   fat32           EFI system partition          boot, esp
 3      578MB   595MB  16.8MB                  Microsoft reserved partition  msftres
 4      595MB   210GB  209GB   ntfs            Basic data partition          msftdata
 5      210GB   210GB  1049kB                                                bios_grub
 6      210GB   487GB  278GB   ext4
 7      487GB   500GB  12.8GB  linux-swap(v1)

I expected to find a refind.conf in /dev/sdb2 but I didn’t find anything.

$ tree -L 3 /boot/efi/
/boot/efi/
└── EFI
    ├── Boot
    │   └── bootx64.efi
    ├── Microsoft
    │   ├── Boot
    │   ├── bootmgfw.efi
    │   └── Recovery
    └── tools

Another thing to mention is that the output of efibootmgr is unexpected :

$ efibootmgr
BootCurrent: 0000
No BootOrder is set; firmware will attempt recovery

What do I have to do to boot by default to Debian ?


Get this bounty!!!

#StackBounty: #linux #debian #gnome #scaling Unable to change text-scaling-factor on gnome 3.30.2

Bounty: 100

On debian (testing) with gnome 3.30.2 I am unable to change the text-scaling-factor to 1.25. Neither the tweak-tool nor using the gsettings command works:
Option grayed out
As you can see on the screenshot the plus option is grayed out.

Using this command:

gsettings set org.gnome.desktop.interface text-scaling-factor 1.25

I get this error:

The provided value is outside of the valid range

Using the command line I can set the scaling factor to something equal to or below 1, but every value greater than 1 gives me the above error.

I am absolutely certain I was able to do this a few days ago. I do not remember installing any updates since then. Several reboots and logouts did not fix the problem. I would like to avoid uninstalling/reinstalling software since this is a relatively new debian install and I doubt it would help.

uname -a:

Linux T470s 4.19.0-5-amd64 #1 SMP Debian 4.19.37-3 (2019-05-15) x86_64 GNU/Linux

Are there any logs I can look at to see what’s wrong? How can I make that option available again?

I have tried turning the “Large Text” accessibility option on but that didn’t help either.


Get this bounty!!!