[Freedombox-discuss] User module diagnostic failed and no more SSH access

Thu Jan 21 10:04:13 UTC 2016

I just realized that the slapd package seemed to be marked for removal or
was already removed... how is that possible actually? Output:

root at momafreedom:/etc# dpkg --list slapd
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name
                    Version
 Architecture                                       Description
+++-==========================================================================================-==================================================-==================================================-======================
rc  slapd
                   2.4.42+dfsg-2                                      armel
                                             OpenLDAP server (slapd

Anyway, I just installed the package slapd again and restarted the service,
seems fine now actually. everything works again... the diagnosis gives me
passed everywhere too... huh? Strange!

root at momafreedom:/etc# apt-get install slapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
The following NEW packages will be installed:
  slapd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,273 kB of archives.
After this operation, 14.7 MB of additional disk space will be used.
Get:1 http://mirror.0x.sg/debian sid/main armel slapd armel
2.4.42+dfsg-2+b1 [1,273 kB]
Fetched 1,273 kB in 1s (708 kB/s)
Preconfiguring packages ...
Selecting previously unselected package slapd.
(Reading database ... 75843 files and directories currently installed.)
Preparing to unpack .../slapd_2.4.42+dfsg-2+b1_armel.deb ...
Unpacking slapd (2.4.42+dfsg-2+b1) ...
Processing triggers for libc-bin (2.21-6) ...
Processing triggers for systemd (228-4) ...
Setting up slapd (2.4.42+dfsg-2+b1) ...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.42+dfsg-2... done.
Processing triggers for libc-bin (2.21-6) ...
======  How can you help?  (doc: https://wiki.debian.org/how-can-i-help )
======

-----  Show old opportunities as well as new ones: how-can-i-help --old
 -----
root at momafreedom:/etc# /etc/init.d/slapd restart
[ ok ] Restarting slapd (via systemctl): slapd.service.

Diagnostic Results
Module: users
Test Result
Listening on tcp4 port 389 passed
Listening on tcp6 port 389 passed
Check LDAP entry "dc=thisbox" passed
Check LDAP entry "ou=people" passed
Check LDAP entry "ou=groups" passed

How is it possible that the package was removed, I have never touched the
apt by hand, I only had auto update enabled...

Best regards

On 21 January 2016 at 12:37, Tim Mohrbach <preexo at googlemail.com> wrote:

> Thanks a lot for your help!
> I tried changing the password by your suggested method but didn't have so
> much success with that. In the end I just enabled the root login in the
> sshd config (bad I know, will change it back again later).
> I can access it now via SSH and the user root. The LDAP server seems to
> run:
>
> root at momafreedom:~# systemctl status slapd
> ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory
> Access Protocol)
>    Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
>    Active: active (exited) since Thu 1970-01-01 08:00:13 HKT; 46 years 0
> months ago
>      Docs: man:systemd-sysv-generator(8)
>   Process: 438 ExecStart=/etc/init.d/slapd start (code=exited,
> status=0/SUCCESS)
>
> Jan 01 08:00:12 momafreedom systemd[1]: Starting LSB: OpenLDAP standalone
> server (Lightweight Directory Access Protocol)...
> Jan 01 08:00:13 momafreedom systemd[1]: Started LSB: OpenLDAP standalone
> server (Lightweight Directory Access Protocol).
>
> But the journalctl -xe command contains some worrysome lines about the
> LDAP not being able to bind to the server. Unfortunately I don't know
> anything about LDAP. Maybe you already have an idea for me how to fix this?
>
> root at momafreedom:~# journalctl -xe
> Jan 21 12:27:45 momafreedom ntpd[484]: Soliciting pool server
> 59.149.185.193
> Jan 21 12:27:46 momafreedom ntpd[484]: Soliciting pool server
> 2403:5000:171:11::2
> Jan 21 12:27:47 momafreedom nslcd[545]: [d062c2] <group/member="www-data">
> failed to bind to LDAP server ldapi:///: Can't contact LDAP server: No such
> file or directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [d062c2] <group/member="www-data">
> no available LDAP server found: Can't contact LDAP server: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [d062c2] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [200854] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [200854] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [b127f8] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [b127f8] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [16231b] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [16231b] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [16e9e8] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [16e9e8] <group/member="www-data">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [90cde7] <group/member="nslcd"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [90cde7] <group/member="nslcd"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [ef438d] <group/member="nobody">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [ef438d] <group/member="nobody">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [0e0f76] <group/member="root"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [0e0f76] <group/member="root"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [52255a] <group/member="postgres">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [52255a] <group/member="postgres">
> no available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [9cf92e] <group/member="ntp"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [9cf92e] <group/member="ntp"> no
> available LDAP server found: Server is unavailable: No such file or
> directory
> Jan 21 12:27:47 momafreedom nslcd[545]: [ed7263]
> <group/member="debian-deluged"> no available LDAP server found: Server is
> unavailable: Resource temporarily unavailable
> Jan 21 12:27:47 momafreedom nslcd[545]: [ed7263]
> <group/member="debian-deluged"> no available LDAP server found: Server is
> unavailable: Resource temporarily unavailable
> Jan 21 12:28:40 momafreedom systemd[1]: tor at default.service: Start
> operation timed out. Terminating.
> Jan 21 12:28:50 momafreedom NetworkManager[416]: <info>  Activation
> (enxb827ebc73b2b) Beginning DHCPv6 transaction (timeout in 45 seconds)
> Jan 21 12:28:50 momafreedom NetworkManager[416]: <info>  dhclient started
> with pid 1492
> Jan 21 12:28:50 momafreedom dhclient[1492]: XMT: Info-Request on
> enxb827ebc73b2b, interval 960ms.
> Jan 21 12:28:51 momafreedom dhclient[1492]: XMT: Info-Request on
> enxb827ebc73b2b, interval 2000ms.
> Jan 21 12:28:51 momafreedom ntpd[484]: Soliciting pool server
> 2401:1800:7800:101:be76:4eff:fe1c:28a1
> Jan 21 12:28:53 momafreedom dhclient[1492]: XMT: Info-Request on
> enxb827ebc73b2b, interval 4040ms.
>
> Thanks, I appreciate any help so much! I really hope this might be
> fixable...?
> Best regards
> Preexo
>
>
>
> On 16 January 2016 at 01:38, Sunil Mohan Adapa <sunil at medhas.org> wrote:
>
>> On Friday 15 January 2016 10:02 PM, Tim Mohrbach wrote:
>> > Hi,
>> >
>> > I noticed that I don’t get inside my box anymore via SSH.
>> > When running the user module diagnostics in plinth, it fails with all
>> tests:
>> >
>> > Diagnostic Results
>> > Module: users
>> > Test  Result
>> > Listening on tcp4 port 389    failed
>> > Listening on tcp6 port 389    failed
>> > Check LDAP entry "dc=thisbox" failed
>> > Check LDAP entry "ou=people"  failed
>> > Check LDAP entry "ou=groups"  failed
>> >
>> > When saving the user again as admin in plinth again, it said that it
>> failed adding the user as admin: “Failed to add user to group."
>> > Changing the password via plinth works, but still no access via SSH.
>> >
>> > Any idea what happened? How I can gain access via SSH again?
>>
>> It looks bad.  I believe slapd (the LDAP server) is not running for some
>> reason.  (Could be a DB corruption)
>>
>> To gain access: you can shutdown, insert SD card into desktop/laptop and
>> set the password inside the SD card for 'fbx' user using `passwd
>> --root=/mount/path fbx`.  Then boot the FreedomBox and login via SSH
>> using 'fbx' user.
>>
>> After that check why slapd is not running:
>>
>> $ systemctl status slapd
>>
>> $ systemctl start slapd
>> (if not already running)
>>
>> $ systemctl status slapd
>> $ journalctl -xe
>> $ journalctl -u slapd
>>
>> --
>> Sunil
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20160121/fa3e6114/attachment-0001.html>