[12:29] sergiodj: hi, this bug came up in a server guide comment, https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997 [12:29] Launchpad bug 1934997 in sssd (Ubuntu) "Authentication fails after upgrading sssd to 2.2.3-3ubuntu0.6" [High, Triaged] [12:29] have you got any news about it? [12:29] tl;dr samba does not create the empty policy file, I got that, and sssd is treating that in a particular way. Does windows also not create that policy? Can we say by now where the fix should be? [12:30] oh, I'm finding some activity [12:42] hi [13:10] rbasak: I know you are off today, but I'll just leave this here. I'm going to create a merge MP, and I'll try the pre-requisite branch trick [13:14] rbasak: I don't think it works, the diff is all messed up [13:32] Did anyone create an auto-install iso image with the new 22.04 - any online references for that? [14:33] ahasenack: ah, thanks for tracking down the PR that fixed it. I will merge sssd soon-ish, and I see that Timo has just uploaded 2.7.1-1 to Debian [14:33] it should fix the issue, as you pointed out [14:34] yep [14:34] I'm updating the server guide with a note, and I'm thinking about the 22.04 release notes as well, since it has AD join in the installer [14:34] right [14:34] weird that the bug only happened on ssh logins, not console ones [14:35] I wonder if the console login is missing some pam module, or something else that would have applied the gpo [14:35] when you were testing, did you only use ssh for testing? [14:35] it's been a while and I don't remember the details, let me re-read the bug [14:36] someone in the https://discourse.ubuntu.com/t/sssd-and-active-directory/27888 comments is saying that it only blocked ssh logins [14:36] (that's how I was pointed at that bug) [14:37] ahasenack: based on what I wrote at https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997/comments/5, I think I was testing using console login [14:37] Launchpad bug 1934997 in sssd (Ubuntu) "Authentication fails after upgrading sssd to 2.2.3-3ubuntu0.6" [High, Triaged] [18:56] hi [19:52] ih [20:25] Hi, I have a dedicated server in my home network runnning Ubuntu LTS latest. It is connected to my router, which serves also as local DNS. My server features two NICs, as fail backup, both are attached to the router, named eno1 and eno2 with IPs 192.168.1.40 and 41. Of course, there is just one host name, myserver.home. So how do I need to properly [20:25] configure the NICs in Ubuntu and the DNS to properly resolve any requests to the server? Can I use the same hostname for different IPs? Or is the solution within configuring the NICs to olny use one at the time? Maybe I should just deconnect the second... [20:29] Addtional complication: The IPs are by reserved DHCP only. [20:30] So it requires the MAC adress [20:36] Hinnerk: depending upon what you're trying to build, this may be useful overview of what's available https://ubuntu.com/server/docs/ubuntu-ha-introduction [20:38] * sergiodj fastens his seatbelt and starts looking into the Samba merge MP [20:38] Thx, that seems a bit over the top for me. It's really just a small home network, but since it had the two NICs... maybe I just deactivate one, it seems to cause more trouble to me than it is worth it (to me). [20:41] having one dedicated to ssh local, is nice [20:43] does your switch support bonding? maybe doubling them to get pseudo-double the bandwidth might be handy and probably way easier to configure [21:09] maret [21:10] i need ubuntu manual [21:10] plz [21:11] https://help.ubuntu.com/ [21:11] its in the topic [21:12] is it useful to build server [21:12] the Ubuntu Server guide is useful when building a server, yes [21:14] !info harden-doc [21:14] harden-doc (3.19+nmu1, jammy): useful documentation to secure a Debian system. In component universe, is extra. Built by harden-doc. Size 879 kB / 8,751 kB [21:18] is this working for anyone: [21:18] $ lftp https://ubuntu.com [21:18] cd: Fatal error: Certificate verification: Not trusted (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF) [21:19] that's in impish, but I see the same on kinetic [21:19] I see the same thing on Jammy [21:19] ahasenack: Same on focal. [21:20] looking for other command-line tools that link with gnutls [21:21] lynx [21:21] hm, that worked [21:28] ahasenack: fedora and debian also [21:29] also fails, you mean? [21:29] yes [21:31] ahasenack: maybe related to this: https://github.com/lavv17/lftp/issues/641 [21:31] Issue 641 in lavv17/lftp "gnutls integration code manually tries to verify chain, can't handle cross-signed CA" [Closed] [21:32] apparently lftp implements its own verification algorithm there? not sure [21:33] scary [21:33] I was actually stracing it, to see if it read gnutls' config file, and it doesn't [21:33] but it links with gnutls for something [21:35] is ubuntu.com's certificate from Let's Encrypt? [21:35] ah, it is [21:35] then: https://github.com/lavv17/lftp/issues/526 [21:35] Issue 526 in lavv17/lftp "FTPS Letsencrypt Certificate verification: Not trusted." [Open] [21:36] I'm not touching that code with a 10-metre pole, FWIW [21:36] :-P [21:38] sergiodj: thanks for finding that, I filed a bug [21:38] the fact that lftp doesn't work correctly with Let's Encrypt certs && that upstream hasn't addressed this yet is a bit concerning, though :-/ [21:38] the other bug/fix you linked is closed, thogh [21:38] what is this one [21:38] yw [21:38] I think one is not aware of the other [21:38] maybe [21:39] yeah, there is a fix committed [21:39] ah, good [22:19] Ok, I think I messed up my network configuration. My connections do not work anymore. I tried to remove them and reconfigured, but no gain. How do I best go about restoring my sevrers network cards to default? [22:19] or rather the connections of course. [22:21] I'm also unsure, what to reset. NetworkManager? netplan? How do these live together? [22:28] Hinnerk: netplan is telling nm or networkd how everything should be configured. so really depends on how you edited your connections to revert it back [22:32] Well, I meddled a bit too much, I think. Did changes to both [22:33] I have two NICs in the server, one was not in netplan so I added it. [22:34] Hinnerk: well seems like you want to revert to a basic netplan config then. look at netplan.io/examples to see something you like (i assume just dhcp) which should be a 3-liner [22:34] Yes, dhcp is fine. [22:43] Still fails. [22:44] I have two NICs eno1 and eno2 [22:44] eno1 should be on dhcp, eno2 I do not care about at this point [22:44] as long as it doesn not get in the way, which it may. [22:45] Hinnerk: can you paste your config somewhere? for example paste.debian.net [22:45] sure just a sec, need to get it out of the server. [22:47] Not so eays, since NIC are not working i only have access through IPMI. [22:50] Discovered an error. Fixed an rebooting. Doubt it will fix the entire issue, but we'll see. [22:51] Hinnerk: you could just do sudo netplan apply to verify if the config works in comparison to rebooting ;) [22:51] next time :) [22:52] My left CTRL key is deactived via IPMI, it seems. So sometime when I save, I add an S accidently. [22:52] Fixed that. [22:55] paste.debian.net/1243264 [22:55] didn't fix it. [22:56] should I add eno2 as well? [22:58] Hinnerk: you can, but this should work. question now is, what specifically did you change to not let it work anymore [22:58] Yes, I'm surprised too. I didn't do anything totally crazy. [22:59] I did use the network manager GUI. But I prefer not to anymore... [22:59] never sure, where that changes things. [22:59] Hinnerk: ahm are you on a desktop or server? [22:59] I am on a server. [22:59] It has a desktop though [22:59] Hinnerk: well if you use nm, it makes sense that the config doesn't apply as it tries to use networkd [23:00] in general I use it without gui, just the services there, apache with nextcloud, dlna server,... [23:00] so I think we should do it the proper server way, if there are two. [23:01] Hinnerk: can you first verify which network stack you are using? [23:01] How? [23:01] what does systemctl status NetworkManager.service say? running? [23:02] Yes, running. [23:03] so edit your config to use the networkmanager stack not networkd [23:09] ok, did that. now what? [23:09] did apply also. [23:09] does your network interface get an ip? (ip addr) [23:13] Now this is strange: [23:13] eno1 does not get an IP. [23:14] eno2 gets the IP eno2 should have gotten. [23:14] the DHCP server reserves IPs for their respective MACs. I just verfied that those are set correct. [23:15] sry, type, eno2 gets the IP eno1 should have gotten. [23:15] and still cant ping the router. [23:16] I did verify the cables are ok :) [23:16] eh, cables are very unlikely [23:16] Yes, I figured, but was desperate. [23:16] I do know that having 2 nics on 1 network is kinda weird on linux (had my own fair share of issues) but not to that extend [23:17] Can we just completey deactivate one and just make sure the other one works fine? [23:18] Hinnerk: sure, i mean as long as you don't configure one of the interfaces, you should be able to use NM perfectly normal. [23:18] Hinnerk: is gateway etc set correctly through your dns? [23:18] argh dhcp [23:18] but I guess most things are on the router? [23:18] Yes, but the router works fine. [23:19] DNS is configured good. [23:22] Just cleaned up configurations in NM. Will reboot router to ensure, there'S no buffering issue or something. So I'll be gone for a bit - but I think I'll call it a day anyway. Thx for the help, I will probably be back (not quite Terminator...).