[00:46] uhhhhhhhhhhhhghghghg. so. I created a xfs filesystem because I ran out of inodes on ext4, but I've also filled the inodes on this xfs disk. is there any other filesystem I could use that has more inodes? [00:48] woah, really?? I didn't realize that was possible with xfs. I thought it was dynamic. heh. [00:50] wait.... ncdu only reported 16gb used, but df -h shows I used all 20gb? [00:50] maybe I didn't run out inodes, that would be good [00:50] that makes more sense to me :) [00:50] at the same time though, over 20gb of data to create a tileserver for a map that's kept in a ~200mb database seems a tad excessive [00:51] 7.9 million inodes.... yeah I'm submitting a bug that's ridiculous [00:55] I suspect that means whoever made the database design really understood the principles of data normalization! :D [00:56] lol [00:56] and whoever wrote that software, didn't understand that millions of files is generally a bad idea… [00:57] Glorfindel: keep in mind that metadata also takes up space [00:58] Filesystem Inodes IUsed IFree IUse% Mounted on [00:58] srv 12875952530 10 12875952520 1% /srv [00:59] oh. don't mind me. I can't read. [00:59] 12 billion - should be enough for everyone (tm) [00:59] :) [00:59] one would think :o [01:00] 62 million files on that thing, give or take. [01:00] suddenly 8 million for a mineserver map server seems pretty silly [01:00] or someone aught to think that 8 million files in a directory (or tree) just means "you nee to use a database!" [01:01] *need* [01:01] sarnold: wow [01:02] Glorfindel: my ubuntu mirror is ~800k inodes.. the unpacked sources are way bigger :) [01:05] heh, makes sense [02:29] Huh, I wonder why multiple VMs of mine (three so far) are running into kernel panics on boot with the latest kernel :/ [02:35] :( [02:36] keithzg[m]: which kernel is that? [02:37] Specifically, I'm seeing `Kernel panic - not syncing: VFS: Unable to moutn root fs on unknown-block(0,0)`. Kernel is "4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:58:23 UTC 2018 i686 athlon i686 GNU/Linux" [02:38] keithzg[m]: Ah, sounds like your initramfs files didn't build...? [02:38] keithzg[m]: Can you boot into older kernels and rebuild your initramfses? [02:38] update-initramfs -a [02:38] perhaps [02:38] mason: Yeah that's what I thought, although `sudo update-initramfs -u -k 4.15.0-38-generic` did not fix it. [02:39] RoyK: "Illegal option -a" [02:39] -c -k all, isn't it? [02:39] I confuse platforms sometimes. [02:39] Yeah, try update-initramfs -c -k all [02:40] Shall do... [02:42] keithzg[m]: out of curiousity - what sort of virtualisation? [02:42] I wonder if this all has to do with grub2, I got the "GRUB upgrade scripts have detected a GRUB Legacy setup in /boot/grub" message last week and accepted chainloading, intending on actually checking things sometime this week. All the VMs in question are quite old ones I inherited from my predecessor, they started out on at least 10.04! [02:42] RoyK: KVM [02:42] ok [02:43] 10.04 is a wee bit old ;) [02:43] Yup they've had long lifespans, gone to 12.04 then 14.04 then 16.04 and recently finally 18.04 and a move to an entirely different machine a few months back! [02:44] Alas, `update-initramfs -c -k all` did nothing, the VM I tried still kernel panics. [02:44] keithzg[m]: Hrm. I'd want to rip apart the initramfs at this point. Unsure what else to do. [02:45] Very oddly, the VM I first noticed this on earlier today worked fine after I rebooted into the prior kernel, applied pending updates, and rebooted again. It's also one of the old VMs. [02:45] keithzg[m]: Make sure your /boot isn't out of space, although I'd think you'd see an error message to that effect when building. [02:46] keithzg[m]: Another less-intense thing might be to delete the new kernel and reinstall, and capture the session in script(1) for further debugging. [02:47] if it's out of space, remove old kernels - you may have to truncate some of the files to remove before running apt remove/purge, since apt uses some disk space just to remove things [02:47] don't remove them manually - apt will be upset [02:47] just run something like [02:47] > /boot/somekernel [02:48] to truncate it [02:48] mason: Yeah, these VMs don't even actually have a separate /boot partition, and / has plenty of space. Funny enough, the VM that recovered *had* run out of space, and I had initially thought that was a problem. Maybe in fact it was a problem on *that* VM and the same panic message is actually from a different underlying cause on the other VMs, although that seems like a *huge* coincidence if so. [02:50] keithzg[m]: The initramfs having issues or being invalid is the most common cause of that error message. Kernel tries to load it and fails. [02:51] keithzg[m]: Might be worth update-grub as well, with a spelunk into the grub config files to make sure it's specifying the right files. [02:51] mason: yeah already tried `update-grub`. [02:53] Oho, I fixed it on one of the VMs at least; under the presumption that there's some sort of reason why last week that I was still on grub-legacy was flagged during the `apt upgrade` I ran on 'em all, I tried running the suggested `upgrade-from-grub-legacy` and then rebooted. Et voila! [02:53] Thank goodness for virtualization, if I hadn't been able to take a quick snapshot before hand it might have been quite a while before I worked up the courage to try that ;) [02:54] Ah, good. [02:58] Other failing VMs seem to have been fixed by the same approach. Other than "dpkg-maintscript-helper: error: environment variable DPKG_MAINTSCRIPT_NAME is required" as the last output line, `update-from-grub-legacy` seems to have worked fine and resolved this. Phew! [04:02] I upgraded a VPS from 16.04 to 18.04 and now there is no network. The VPS lets me log in via a web console but I can't even ping out from the server. How to troubleshoot? [04:03] The outputs for some of the commands are here: https://imgur.com/a/cmqGEfE (sorry it's an image rather than text paste but the webconsole doesn't allow text copy) [04:05] n00bee: try `sudo systemctl status networking` and if it's off, try `sudo systemctl start networking` ? [04:06] n00bee: your interface has no IP address [04:07] nacc: It's probably worse. It says Unit networking.service not found [04:07] *could not be found [04:07] i might have the wrong service [04:09] n00bee: try `sudo ifup eth0` ? [04:09] nacc: sudo systemctl restart NetworkManager.service ... also not found [04:10] nacc: ifup command not found [04:11] n00bee: you're not on a desktop, so no NM [04:11] n00bee: ah it would appear that ifupdown maybe got purged [04:12] n00bee: you have two options, i think, follow what is written here: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#New_since_16.04_LTS [04:12] n00bee: apt-cache policy ifupdown? [04:13] nacc: apt-cache policy ifupdown suggests it may be installed [04:13] wait..sorry..no [04:13] installed: (none) [04:14] systemctl status systemd-networkd [04:14] candidate: 0.8.17ubuntu1.1 [04:14] may give you some debugging output [04:14] yeah, so if you want to keep using /e/n/i you need to have that installed, read the release notes above [04:15] nacc: Sorry, what does /e/n/i mean? [04:15] n00bee: /etc/network/interfaces (which is what ifupown parses) [04:15] n00bee: sorry, gotta step away, read those docs [04:15] nacc: ok. thanks [04:55] nacc: So I read the docs and they specify the 18.04 counterparts to 16.04 commands and services. Using that I was able to start systemd-networkd and do the equivalent of ifup eth0. But still no network. [04:56] When you say "no network", what do you mean? [04:56] Does ifconfig show eth0 up and running? [04:56] d-rock: I upgraded from 16.04 to 18.04 today and now have not network. Can't SSH in or ping out. [04:57] OK, but "ifconfig eth0" shows that the interface is UP and RUNNING, and shows tx/rx activity? [04:57] d-rock: The web console doesn't allow copy paste. Let me take a screenshot of the output of ifconfig eth0 [04:58] looking for a package (or whatever) that is like pfsense, a web frontend for NAT/router/gateway/firewall.. the simpler the better. I literally just need NAT/dhcpd and i will be running pihole for DNS [04:58] I'm on a terminal, so I can't view graphics :) [04:58] d-rock: :) so it says flags=4098 broadcast, multicast [04:58] That's not up [04:59] d-rock but it doesn't say anythign that indicates up or running. All packets RX, TX are 0 [04:59] also, i have eth1, but it's not getting a static IP, i have /etc/network/interfaces.d/eth1 populated [04:59] For reference, my interface: enp5s0: flags=4163 mtu 1500 [04:59] First, let's see if we can manually configure it [04:59] Unless you've already verified that [05:00] http://projectftm.com/#pAGR1e0AkCvAlV8xVaYeAA this is the eth1 file [05:00] d-rock: OK wait. It is up now. I ran sudo ip link set eth0 up [05:01] after that ifconfig eth0 shows up, broadcast, running, multicast [05:01] OK, does it have an IP set? [05:01] I suspect you'll need to re-ifup [05:01] I can't remember the networkd command off the top of my head [05:02] d-rock I don't know if it has an IP set. ifconfig does have a line for inet6 but ipv6 is not enabled for the server i think [05:02] inet6 will always be set. At the very least, it gets the link-local address [05:02] Do you see a line for just plain "inet"? [05:03] RoyK: a filesystem *is* a database [05:03] d-rock: No line for inet [05:03] * JanC doesn't understand why people don't understand that [05:03] OK, can you re-run the networkd command? [05:04] d-rock: you mean sudo systemctl restart systemd-networkd [05:04] That'll do it [05:04] There's another, more surgical command, but I can't remember it [05:05] d-rock: That didn't do anything :( [05:05] It didn't throw any errors but I still can't ping out. And ifconfig eth0 still doesn't show an inet [05:05] Then let's just try to bring this up manually [05:06] ip addr add dev eth0 [05:06] some query if anyone knows? i have installed isc-dhcp-server in 18.04. Seems like in 18.04 interface is not auto-up without connecting network cable to client machine, so dhcp server cannot listen to defined interface. Any solution [05:07] d-rock: I have the static IP address. and in /etc/network/interfaces the netmast is 255.255.255.0. So you're saying the sommand is ip addr add 192.241.x.x/255.255.255.0 ? [05:07] are you freaking kidding me [05:07] network configuguration is done through YAML? [05:07] come on, guys, seriously [05:07] ubuntu drives me batty [05:07] genewitch: I kinda had the same reaction when I saw netplan [05:08] n00bee: ip addr add 192.241.x.x/24 dev eth0 [05:08] d-rock: Thanks! [05:08] 255.255.255.0 is a 24 bit mask [05:09] d-rock: OK so now I see that in ifconfig eth0. Now restart systemd-networkd ? [05:09] No, let's hold off [05:09] Can you ping your gateway now? [05:09] you don't have to use netplan [05:10] d-rock: Web console hung [05:11] n00bee: when you set the ip address? [05:11] d-rock: yay! i can ping the gateway [05:11] Huzzah! [05:11] ip route add 0/0 via [05:12] d-rock : done [05:12] Should be able to ping, say, 8.8.8.8 [05:12] YES!! [05:12] and netplan makes lots of sense when you have to do cloud configurations [05:12] Should be able to reach it from outside, as well [05:13] d-rock: yes, it's back online and accessible from the outside as well [05:13] d-rock: are these changes going to stick after a reboot? [05:13] They will not [05:14] But, it does confirm that this is an issue with networkd and/or netplan, not the NIC or network itself [05:14] d-rock: hmm...so what should i do [05:14] or with the netplan configuration ;) [05:15] Sure, it could be the config [05:15] To be honest, I'm fighting my own battle with 18.04 networking. I ended up just writing a shell script to init things the way I wanted [05:15] there is a #netplan channel to discuss that BTW [05:16] d-rock: I could probably just move stuff out of this server and set up a new one from scratch [05:16] I hesitate to project my own experience, but that might be simpler :P [05:17] so is there a simple answer? webgui for all the firewall-y stuff in linux? Like pfsense/monowal/ipcop for BSD [05:17] In any case, I need to drop off. Good luck! [05:18] d-rock: Thanks much. You were a life saver and hero today! [05:18] NP, glad I could repay some of the help I've gotten on this channel :) [05:18] (although e.g. cyphermox is in here too it's easier for them to miss discussions of netplan maybe) [05:20] is there a guide to having 3 routable networks under netplan? [05:20] i have 10.0.0.0/8 192.168.1.1/24 and WAN [05:20] which is technicaly 192.168.42.1/something [05:23] genewitch: that's exactly the sort of thing you want to ask in the #netplan channel (if it's not in their documentation) ;) [05:23] GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH [05:24] and do you really need a web interface for the firewall? or is a descriptive configuration file also useful? [05:24] ubuntu implemented netplan [05:24] they broke 10 years of working network config [05:24] you don't have to use netplan if you don't want to... [05:24] ifupdown still works if you prefer that [05:24] /etc/network/interfaces.d/eth1 [05:24] doesn't work [05:25] this used to be stupidly obnoxiously straightforward, it's taken hours out of my night [05:26] if you don't have a netplan config and ifupdown is installed, that should still work, I guess? [05:26] i have a netplan config but it is complaining about something [05:26] if not, file a bug report :) [05:27] genewitch you should be able to `netplan generate --debug` and get more verbose information on what it errors about [05:28] http://projectftm.com/#EfzbyVArZW8ykjaekYCE_w [05:28] exact same output [05:29] Error in network definition //etc/netplan/eth1.yaml line 5 column 17: expected sequence [05:32] shouldn't addresses take a sequence? [05:33] simply said: put it between [] [05:34] (I'm not a netplan expert, so this is just a guess, to be fair) [05:34] * katamo had a toddler interruption [05:34] yeah that's all working now, but the routes are wrong [05:36] you have "addresses: [10.0.0.1]" instead of "addresses: 10.0.0.1" now? [05:37] http://projectftm.com/#FD5qmugC0YFFuZUHIlvuFQ [05:37] genewitch ^ [05:37] does that get closer? [05:38] note the use of space between addresses & eliminating the genmask/netmask lines in favor of */* address syntax [05:38] JanC: yes [05:38] i had that originally :-) but it doesn't look right, you know? [05:38] a single IP is a /32 [05:40] katamo: i did addresses: [10.0.0.1/9] [05:40] er /8 obviously [05:41] genewitch I just ran `netplan generate --debug` after copy paste of the link I shared with you. it completed without error [05:42] katamo: yes mine works fine too, except i can't ping 10.0.0.2 :-) [05:42] `ip r | pastebinit` [05:43] i can't do that, because the internet isn't working now [05:44] fair enough lol. whats the output? [05:44] http://projectftm.com/#n3T06ci4QHs35bHBQYdPWQ [05:44] lemme if down eth1 this is ridic [05:44] `ip r del default via 192.168.1.1 dev eth0` [05:44] for testing [05:45] or that works [05:45] i can ping 192.168.1.1 after running that, but nothing else [05:46] default route is for what, internet? [05:46] default route is for everything that doesn't have a specific route [05:47] usually that means the general internet ;) [05:48] Okay, can we get the full output for configs on all interfaces? [05:48] for one thing in the "routes", your 192.168.1.1 dev eth0 network has no netmask definition [05:48] http://projectftm.com/#ZbbJinc8BCQs-wI-SOKPuQ [05:49] 192.168.1.0/24 is going to be out of band, the only two networks that should be routable outbound are 10.0.0.0 and whatever usb0 is [05:49] config files. either netplan or interfaces(.d)/* ? sorry I'm not used to reading ifconfig output any more lol. woe is me [05:49] the yaml? [05:50] eth1.yaml http://projectftm.com/#HKWqhJ0ub1YeoPaZs72tUQ [05:50] eth0.yaml http://projectftm.com/#3fWxIdIZ-5dpFLaSRUr-WQ [05:50] there's no usb0 in either location [05:51] usb0 is brought up with dhclient usb0 [05:52] i wanna make sure i can still access the internet if i disable eth1.service [05:52] the output of "ip route" might be relevant... [05:52] okay. lets do one interface at a time then. that was a good idea. and i'm still hung up on "192.168.1.1 dev eth0" [05:52] are you okay with bringing all interfaces down, then raising eth1 first? sounds like you're concerned about that. [05:53] ip route with `systemctl disable eth1` http://projectftm.com/#bTUtehwmWwosE68B7sj8_A [05:53] JanC I think we have that output here: http://projectftm.com/#n3T06ci4QHs35bHBQYdPWQ [05:53] i can ping both public (4.2.2.2) and private (192.168.1.12) with that setup [05:53] (remember 'ifconfig' has been deprecated for over a decade and in theory might disappear any day now :P ) [05:53] Okay, we should not have multiple default routes. [05:54] ah, right [05:54] i want eth1 to provide NAT from usb0 to the 192.168.1.1 network [05:54] but not via this device [05:54] I got a router connected to eth1 [05:54] we're doing routing from this box? [05:54] on the WAN port [05:54] NAT only [05:55] well i guess routing, but i just want to be able to ping 10.0.0.2, 192.168.1.1, 192.168.1.12, 4.2.2.2, google.com [05:55] once i am there, i know what to do [05:56] Okay. can we bring the eth0 down? `ip link set eth0 down` ? [05:56] katamo: should i reboot with eth1 enabled first? [05:56] and this is going to slow me down since i have to physically access the machine which is not in this room [05:57] wait a sec [05:57] eth1 systemd service is disagbled right now [05:57] and everything is working as i'd expect [05:58] i know i am rough [05:58] okay you specifically mentioned every network except the 192.168.1.0/24 dev eth0 network [05:58] what is the .0/24 network? [05:59] and why does .1.0/24 have a netmask/24 whereas the 1.1 network has implied /32? [06:00] inet 192.168.1.6 netmask 255.255.255.0 broadcast 192.168.1.255 [06:00] 192.168.1.1/24? it's a class C handed out by another router right now [06:00] it's out of band [06:01] admittedly i'm a server engineer not a networking engineer and I deal mostly in virtual networks/servers [06:02] yeah this is a unique thing. [06:02] It's a SBC with two nics that actually operate at gigabit so i was hoping i could set this up [06:02] sounds like a fairly complex network for usb nic's? [06:02] ah [06:02] the usb nic is a cellphone [06:02] my cellular modem got taken out by lightning [06:02] oic. cellular gateway? [06:03] yes [06:03] so usb0 is just going to NAT to eth1 [06:03] I use LXD ubuntu servers as routers with odd nic devices & client wifi radios as wan all day so it should be straightforward [06:03] hrm [06:03] eth0 is just out of band so i can get in if those are down [06:04] As i said, i just need to ssh IN to eth0, eth0 doesn't need to route anywhere [06:04] Okay, do you ssh into it via the 192.168.1.1 or 192.168.42.129 address? [06:05] 192.168.1.6 [06:05] .42 is cellular [06:05] ip a without eth1 http://projectftm.com/#iXR_MMRn9J7DXpLxooHptQ [06:06] all this routes. i can ping google.com and i can ssh in [06:06] lemme reboot with eth1 enabled [06:06] baby steps [06:07] Okay http://projectftm.com/#lmhaVjJrGSozjkZ5hIKL0A [06:07] that accurate? [06:08] yes [06:09] working networking http://projectftm.com/#loQFlNCyXBQso4LWCf84UA [06:09] not working networking http://projectftm.com/#wnB3yyIcgi4U-81DDvd3SQ [06:11] okay, please amuse me for a sec. can you cp your eth1.yaml to a safe place, then make a new one with copy paste of http://projectftm.com/#OMMBbGahZEd0nkjU5hvALw ? [06:11] of course [06:11] then `ip link set eth1 down; ip link set eth1 up` [06:11] wait [06:12] `ip link set eth1 down; netplan generate --debug && netplan apply && ip link set eth1 up` [06:13] stand by [06:14] ok [06:14] how's our ping 4.2.2.2 look? [06:14] can't ping 4.2.2.2 [06:14] :*( [06:14] :-D [06:15] From 10.0.0.1 icmp_seq=4 Destination Host Unreachable [06:15] so it thinks 10.0.0.1 is the default route [06:15] whereas it should be 192.168.42.whatever [06:15] if its not a route, than remove the gateway line from your .yaml [06:15] ^ [06:15] wait.... this is.... duh. its trying to use its own interface as the default route [06:16] shoulda seen that sooner. i'm silly after hours [06:17] i'm just happy ssh always works on reboot right now [06:18] haha no doubt. you shouldnt have to reboot between netplan config changes though [06:18] i do anyhow [06:18] it's like 6 seconds [06:18] fair enough then [06:18] okay now i can ping 192.168.1.12 (that network) and the internet [06:19] woohoo! [06:19] and everything else? [06:19] so why is gateway not necessary? does that autoconfigure a route or something? [06:20] gateway tells the OS that it is a route. IE if there's not an obvious alternate, that is where to pass traffic for up stream nat [06:20] everything else isn't set up yet and i imagine the reason i can't ping 10.0.0.2 is that the router that is connected to has "ignore WAN ping" rofl [06:20] likely [06:20] cell phones are a pita [06:20] if this works it saves me literally $200 [06:20] so that's why i am so dedicated [06:21] absolutely! I've used my cell hotspot as WAN for 2 days for fail over [06:21] that cellular modem costs a bit, and even that is double NAT - if i have to deal with double NAT i'd rather do it on my software [06:21] oh this is my primary internet [06:21] :O [06:22] i'm using my personal cellphone for testing, the actual cellphone is on a windows machine, i'm talking to you on an ubuntu VM in Los Angeles while sitting at a windows desktop in louisiana [06:22] do what works lol [06:23] indeed. [06:26] genewitch given your use-case can I ping you with a thought out of channel? Its not ubuntu-server specific but relevant [06:26] sure [06:27] ping sent === crimastergogo_ is now known as crimastergogo [12:19] good morning [12:46] kstenerud: I still see two issues in d/changelog in https://code.launchpad.net/~kstenerud/ubuntu/+source/tmux/+git/tmux/+merge/357991, not sure if you are still working on that or waiting for another review pass [12:55] xnox: hey, question about a server seed change you made a while ago [12:55] ahasenack, Which one? ^_0 [12:56] xnox: you added both gnupg and dirmngr to server seeds, but gnupg has a depends on dirmngr, is the latter really necessary? [12:56] * xnox does a lot of seed changes [12:56] xnox: https://pastebin.ubuntu.com/p/dnDZDwy8Md/ [12:56] ahasenack, need to check things...... back in the day gnupg and dirmngr got split out and at one point did not have the dep between themselves. [12:57] could be [12:57] but now gnupg is a metapackage effectively [12:57] ahasenack: I've pushed changes to address that. Do I need to write a comment about it? [12:58] kstenerud: I don't know if just pushing changes sends out an email notification, a ping/comment would be nice [12:58] kstenerud: but I see two other issues there still, I don't think he commented on them [12:58] kstenerud: the bug number is missing a #, [12:58] kstenerud: and the new version number is incorrect [12:58] ahasenack, right. So i think the change still stands. Albeit redundant now, but was not much so before. [12:59] what should the version number be? [12:59] ahasenack, this could be made lighter, by replacing "gnupg dirmngr" with "gpg dirmngr gpg-agent" [12:59] kstenerud: check the security team's page with that table [12:59] ahasenack, but imho having the full gnupg suite of utils is nice. [12:59] xnox: I agree with having gpg and dirmngr for the reasons you stated, I was just wondering if I was missing something since gnupg has a depends on dirmngr [12:59] ahasenack, any particular reason why you are asking about this? do you want to drop all of gnupg? or does this gnupg-metapackage-of-doom pulling in too much now? [13:00] ahasenack, when we still had gnupg2 package and were transitioning to the new one, the dirmngr depends was not there. [13:00] so historical. [13:00] xnox: ok, thanks [13:00] but i'd want to keep it there, such that it doesn't regress again [13:01] agreed [13:01] cause to talk to keyservers one needs dirmngr installed. [13:01] yes, the network part [14:03] Hello [14:04] i`m having some problems with slapd on ubuntu 16.04 and was wondering if someone has some tips [14:05] I want to change my admin password but I keep getting inufficient acces errors, something like this http://www.mehic.info/2014/05/rootdn-ldap_add-insufficient-access-50/ [14:05] but i dont want to go and change those files [14:05] ive noticed a few thinfs [14:06] in my olcDatabase={1}hdb,cn=config i have an olcRootDN and olcRootPW, this is the password i want to change [14:06] but it seems i need to use the creds from olcDatabase={0}config [14:06] but in there i only see a olcRootDN, no olcRootPW [14:06] i`m reading here https://help.ubuntu.com/lts/serverguide/openldap-server.html [14:07] and in the post install chapter i see this command: sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn [14:07] this returns No such object (32) [14:07] but i see the file strucute that is above in the docs [14:07] any clues? [14:09] ive tried ldappasswd -Y EXTERNAL -H ldapi:/// -s welkom123 cn=Manager,dc=yo,dc=lo [14:09] ive tried making an ldiff and trying to put it in using my admin account but im not allowed [14:31] y1ds: do you know the existing password for cn=admin? [14:33] well i know the password for manager, wich is the rootdn of the database, but not of the config [14:35] y1ds: try this example: [14:35] ldappasswd -x -D cn=admin,dc=lxd -w secret -s newsecret cn=admin,dc=lxd [14:35] -w: existing password [14:35] -s: new password [14:35] that doesnt work [14:35] -D: dn of the admin [14:35] it does, I just did it [14:35] cn=admin,dc=lxd: dn whose password you want to change (same as -D for this casE) [14:36] note I provided the existing password [14:36] yes i tried that [14:36] because the acl for the userPassword attribute reads, among other things: by self write [14:36] root@xenial-foo:~# ldappasswd -x -D cn=admin,dc=lxd -w secret -s newsecret cn=admin,dc=lxd [14:36] root@xenial-foo:~# echo $? [14:36] 0 [14:36] I jsut did it [14:37] sec [14:37] there are two admins here, btw [14:37] one is for the cn=config db, the other is for the dc=lxd (or whatever domain you have) db [14:38] my line above changes the pw for the dc=lxd suffix [14:39] ldap_bind: Invalid credentials (49) [14:39] then -w has the wrong password [14:39] or -D is incorrect [14:40] it is not [14:40] to change olcRootPW in the cn=config db (for the olcRootDN "user"), you need ldapmodify, not ldappasswd [14:40] ldappasswd only changes the userPassword attribute [14:41] try ldapwhoami with the same -D and -w [14:41] ldap_bind: Invalid credentials (49) [14:42] yeah i tried changint it with ldapmodify and an ldiff [14:42] but i think the problem is that i need to be the root of olcDatabase={0}config [14:43] there is also a olcRootDN in there, namely cn=config, but not a olcRootPW [14:43] yeah what you say aboce [14:43] above [14:44] it's not clear to me which password you want to update [14:44]