I'll keep it open since your solution is only a workaround. My change will get overwritten next time.
Beiträge von Peronia
-
-
I can't replicate that problem.
Do you mean you can't reproduce the problem itself or only the UDP thing?
-
Yes, works fine. The share got mounted with v3 and UDP:
Code
Alles anzeigenroot@miranda:~# mount -t nfs uranus:/export/Downloads /mnt/downloads/ -v mount.nfs: timeout set for Wed Apr 17 15:35:48 2024 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 45841 root@miranda:~# mount ... uranus:/export/Downloads on /mnt/downloads type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.230.18,mountvers=3,mountport=45841,mountproto=udp,local_lock=none,addr=192.168.230.18)I don't understand why TCP don't work (I'm fine using UDP, think i had used it in OMV 6 too) and why UDP only works if I enable TCP.
-
Okay, thanks. But UDP only works without the -o udp flag and if v4 is enabled via OMV. I think now I have the nautilus problem again
-
My problem with v4 was nautilus, which neither support v4 nor auto negation of the versions. So I keep stuck with v3.
When I try udp, I got this:
Code
Alles anzeigenroot@miranda:~# mount -t nfs -o udp uranus:/export/Downloads /mnt/downloads/ -v mount.nfs: timeout set for Wed Apr 17 14:50:43 2024 mount.nfs: trying text-based options 'udp,vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,vers=4,minorversion=1,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,vers=4,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: an incorrect mount option was specifiedI also allowed v4 in OMV and got this:
Code
Alles anzeigenroot@miranda:~# mount -t nfs uranus:/export/Downloads /mnt/downloads/ -v mount.nfs: timeout set for Wed Apr 17 14:55:42 2024 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): No such file or directory mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 49642Strange that the connection takes place at v3 here.
Well, it got mounted with v3 UDP (not TCP)... I don't understand why v4 isn't used, maybe the path is not for v4? I have in mind that v4 don't need export I think.
Coderoot@miranda:~# mount ... uranus:/export/Downloads on /mnt/downloads type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.230.18,mountvers=3,mountport=49642,mountproto=udp,local_lock=none,addr=192.168.230.18) -
Yes, same result
-
Yeah, nice if this were in my case equal. Here are the result:
Code
Alles anzeigenroot@uranus:~# omv-salt deploy run nfs debian: ---------- ID: configure_nfs_conf Function: file.managed Name: /etc/nfs.conf.d/99-openmediavault.conf Result: True Comment: File /etc/nfs.conf.d/99-openmediavault.conf is in the correct state Started: 13:41:52.388232 Duration: 111.966 ms Changes: ---------- ID: configure_idmapd_conf Function: file.managed Name: /etc/idmapd.conf Result: True Comment: File /etc/idmapd.conf is in the correct state Started: 13:41:52.500327 Duration: 99.089 ms Changes: ---------- ID: divert_idmapd_conf Function: omv_dpkg.divert_add Name: /etc/idmapd.conf Result: True Comment: Leaving 'local diversion of /etc/idmapd.conf to /etc/idmapd.conf.distrib' Started: 13:41:52.599849 Duration: 8.293 ms Changes: ---------- ID: configure_nfs_exports Function: file.managed Name: /etc/exports Result: True Comment: File /etc/exports is in the correct state Started: 13:41:52.608293 Duration: 169.792 ms Changes: ---------- ID: divert_nfs_exports Function: omv_dpkg.divert_add Name: /etc/exports Result: True Comment: Leaving 'local diversion of /etc/exports to /etc/exports.distrib' Started: 13:41:52.778200 Duration: 8.224 ms Changes: ---------- ID: stop_nfs_blkmap_service Function: service.dead Name: nfs-blkmap Result: True Comment: The service nfs-blkmap is already dead Started: 13:41:53.524788 Duration: 21.651 ms Changes: ---------- ID: mask_nfs_blkmap_service Function: service.masked Name: nfs-blkmap Result: True Comment: Service nfs-blkmap is already masked Started: 13:41:53.546567 Duration: 0.538 ms Changes: ---------- ID: start_nfs_server_service Function: service.running Name: nfs-server Result: True Comment: The service nfs-server is already running Started: 13:41:53.547525 Duration: 17.309 ms Changes: ---------- ID: restart_nfs_utils_service Function: service.running Name: nfs-utils Result: True Comment: The service nfs-utils is already running Started: 13:41:53.565079 Duration: 19.566 ms Changes: Summary for debian ------------ Succeeded: 9 Failed: 0 ------------ Total states run: 9 Total run time: 456.428 ms -
Usually my HDDs going into standby when no interaction happens for 10 minutes, so they were in standby. I try this command:
Coderoot@miranda:~# mount -t nfs uranus:/export/Downloads /mnt/downloads/ mount.nfs: Connection refusedThe HDD don't wake up (usually they should). I waked them manually and try it then again with the same result.
I executed mount -t nfs uranus:/export/Downloads /mnt/downloads/ -v and got this:
Code
Alles anzeigenroot@miranda:~# mount -t nfs uranus:/export/Downloads /mnt/downloads/ -v mount.nfs: timeout set for Wed Apr 17 13:25:23 2024 mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'vers=4.2,addr=192.168.230.18,clientaddr=192.168.230.14' mount.nfs: mount(2): Connection refused mount.nfs: trying text-based options 'addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: Connection refused -
Sorry, forget to mention: I already tried to delete all NFS shares and create it new, mentioned here. This has no effect.
-
Hi,
today I upgraded from OMV 6 to OMV 7, without problems.
Now my servers can't connect via NFS. with showmount --exports uranus I am able to see the shares:
Coderoot@miranda:~# showmount --exports uranus Export list for uranus: /export/Switch 192.168.230.0/24 /export/Software 192.168.230.0/24 /export/Dokumente 192.168.230.0/24 /export/Medien 192.168.230.0/24 /export/Downloads 192.168.230.0/24 /export/Backup 192.168.230.0/24BUT the specific NFS mount for that client (miranda) doesn't show up. Here is my etc/exports:
Code
Alles anzeigen# This file is auto-generated by openmediavault (https://www.openmediavault.org) # WARNING: Do not edit this file, your changes will get lost. # /etc/exports: the access control list for filesystems which may be exported # to NFS clients. See exports(5). /export/Backup sonne(fsid=13e8c527-d2b0-4dde-85ea-8a121a05f4db,rw,subtree_check,insecure,all_squash,anonuid=1001,anongid=1002) 192.168.230.0/24(fsid=92993a13-490d-4a9d-8114-5f18c4f2bb6d,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1002) /export/Dokumente 192.168.230.0/24(fsid=c27fe697-e226-44a3-ae7e-0148285512e8,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1003) /export/Downloads miranda(fsid=382ec001-4514-4023-a22b-f2257f89d037,rw,subtree_check,insecure,all_squash,anonuid=1003,anongid=1001) 192.168.230.0/24(fsid=c81c9d91-0469-4d0b-a5b8-322d6138f2ad,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1001) /export/Medien ariel(fsid=0b9b44e8-db76-4e7a-bcae-09db15e684a3,rw,subtree_check,insecure,all_squash,anonuid=1002,anongid=1004) 192.168.230.0/24(fsid=f08f0bc9-d057-4a7e-bd0b-2717a2c5d790,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1004) /export/Software 192.168.230.0/24(fsid=35cd7da8-d7f9-42fc-a748-a02ba22640d5,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1005) /export/Switch 192.168.230.0/24(fsid=ffce7637-e309-4eaa-9996-5bfadf04ea18,rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1006)See line #8 for the entry.
When I try to mount I got this:
Code
Alles anzeigenroot@miranda:~# mount -t nfs -o nfsvers=3 uranus:export/Downloads /mnt/downloads/ -v mount.nfs: timeout set for Wed Apr 17 10:40:32 2024 mount.nfs: trying text-based options 'nfsvers=3,addr=192.168.230.18' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: portmap query retrying: RPC: Program not registered mount.nfs: prog 100003, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100003 vers 3 prot UDP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 192.168.230.18 prog 100005 vers 3 prot UDP port 51985 mount.nfs: mount(2): Invalid argument mount.nfs: an incorrect mount option was specifiedI only enabled NFS v3 in OMV due to other problems, not related to this server.
I ran this config for a long time in OMV 6 without issues.
I don't know if the host itself (miranda) in OMV 6 shows up in the command showmount --exports uranus, maybe this was never the case. But it uses these host specific config when it gets mounted.
Can you help me to get NFS working again?
-
Yes, the new layout is very "klicky" and sometimes displays too much information (e.g. all accounts and not seperated by system and user accounts like in the old layout).
-
Thanks, I can see it now.
I had an issue in this version, that the ACLs are set always recursiv. But I can't reproduce it.
Maybe the bug is gonne or I mishandled it...
-
Okay, seems to solve the Issue, the service run without aborts.
I read the linked thraed from you and changed the file, checked apparmor but forget to disable systemd-timesyncd.
Very sorry about that. Thanks for the help!
-
Hi
I'm running OMV 5 and used the ACL-tab:
I used sometimes the "+" besides a folder, to give extra ACLs.
In OMV 6.0.5-3 I can't see the "+", ony the first entry like "Medien" in my screenshot.
Why the subfolders are not shown?
I know v6 is not ready, but this is a disadvantage in my opinion.
-
Alles anzeigen
Hi everyone,
I hope I'm posting the right thing in the right section - please tell me if otherwise.
I have been trying to make public key authentication work for a long time on OMV, and after a few hours of troubleshooting I think I understand the problem better.What I'm trying to achieve
Allow a user created via OMV web GUI to open an SSH session with Public Key AuthenticationMy configuration
- Fresh install of OMV 5.4.3-1
- No plugins
- Installed on a dedicated physical host
Issue & steps to reproduce
- Create a new user (hereafter referred to as "bob") in OMV web GUI
- Assign bob to ssh group
- Generate a keypair with PuTTYgen
- Add the public key (in RFC4716 format) to the user in OMV web GUI
- Restart SSHD service
- Connect to OMV via PuTTY with private key configured
- Get "Server refused our key" error message and prompt for password
My findings
- I understand that OMV creates users without homedirs, and cannot use /home/bob/.ssh/authorized_keys to store the public key
- Therefore, the config file (/etc/ssh/sshd_config) is modified to add AuthorizedKeysFile with 3 entries, which SSHD will scan in order until it finds a relevant key :
- .ssh/authorized_keys (standard directory)
- .ssh/authorized_keys2 (also standard for ssh2 with legacy clients)
- /var/lib/openmediavault/ssh/authorized_keys/%u (where %u is replaced by the user trying to connect) --> this is where OMV stores keys added via GUI
- Scanning auth logs (/var/log/auth.log) reveals an important error :
Authentication refused: bad ownership or modes for directory /
This means that the root directory's permissions are unsatisfactory for sshd to trust the authorized_keys file stored in /var/lib/...
Indeed, permissions for "/" are set to root:root 775, which means group-writeable - whereas SSHD needs every directory in the path to authorized_keys to be only owner-writeable.
Proposed resolution
IMO there are two ways to deal with this :
- change permissions for root directory : chmod 755 /
--> This solution is confirmed working, but even though it's standard best practice, I cannot confirm that it doesn't cause any side effects. - Disable SSHD StrictMode, which runs multiple checks to validate SSH auth : in /etc/ssh/sshd_config, change StrictModes to no
--> This solution works but is not desirable as sshd puts these control for good reasons, mainly to prevent exposing sensitive files.
Does this sound like the right way to handle this ? Maybe there was a simpler way ?
Cheers!
I'm runing in this problem, too.
OMV does not execute the command omv-salt stage run setup after installation? With me it is also "broken", although I have version 5.6.24-1, where it should be fixed.
-
systemctl status systemd-timesyncd:
Code
Alles anzeigensystemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/systemd-timesyncd.service.d └─disable-with-time-daemon.conf Active: inactive (dead) Condition: start condition failed at Sat 2022-02-05 13:33:54 CET; 1min 12s ago └─ ConditionFileIsExecutable=!/usr/sbin/chronyd was not met Docs: man:systemd-timesyncd.service(8) Feb 05 13:21:09 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:22:34 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:23:59 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:25:24 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:26:49 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:28:14 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:29:39 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:31:04 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:32:29 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped. Feb 05 13:33:54 uranus systemd[1]: Condition check resulted in Network Time Synchronization being skipped.systemctl status ntp:
CodeUnit ntp.service could not be found.chronyd -d:
Code2022-02-05T12:36:47Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG) 2022-02-05T12:36:47Z Frequency -42.158 +/- 38.185 ppm read from /var/lib/chrony/chrony.drift 2022-02-05T12:36:52Z Selected source 131.188.3.223Is the condition failed by systemd-timesyncd right?
BTW: I have the prompt for chronyd -d open, the sync runs, no aborts.
-
I'm to 99% sure.
Even if I change the source to 0.de.pool.ntp.org chrony make one sync and shut down.
I'm looked in the thread but found no solution.
-
Nothing strange:
-
Same as before:
Code
Alles anzeigenchrony.service - chrony, an NTP client/server Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: e Active: inactive (dead) since Fri 2022-02-04 15:19:34 CET; 8min ago Docs: man:chronyd(8) man:chronyc(1) man:chrony.conf(5) Process: 29529 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0 Process: 29533 ExecStartPost=/usr/lib/chrony/chrony-helper update-daemon (code Main PID: 29531 (code=exited, status=0/SUCCESS) Feb 04 15:18:43 uranus systemd[1]: Starting chrony, an NTP client/server... Feb 04 15:18:43 uranus chronyd[29531]: chronyd version 3.4 starting (+CMDMON +NT Feb 04 15:18:43 uranus chronyd[29531]: Frequency -42.693 +/- 25.021 ppm read fro Feb 04 15:18:43 uranus chronyd[29531]: Loaded seccomp filter Feb 04 15:18:43 uranus systemd[1]: Started chrony, an NTP client/server. Feb 04 15:18:47 uranus chronyd[29531]: Selected source 192.168.230.1 Feb 04 15:19:34 uranus systemd[1]: Stopping chrony, an NTP client/server... Feb 04 15:19:34 uranus chronyd[29531]: chronyd exiting Feb 04 15:19:34 uranus systemd[1]: chrony.service: Succeeded. Feb 04 15:19:34 uranus systemd[1]: Stopped chrony, an NTP client/server. -
Funfact: When I run this command, chrony starts once again (and is now dead).
sudo omv-salt deploy run chrony:
Code
Alles anzeigendebian: ---------- ID: configure_chrony Function: file.managed Name: /etc/chrony/chrony.conf Result: True Comment: File /etc/chrony/chrony.conf is in the correct state Started: 15:18:43.177288 Duration: 38.583 ms Changes: ---------- ID: start_chrony_service Function: service.running Name: chrony Result: True Comment: Service chrony is already enabled, and is running Started: 15:18:43.230074 Duration: 72.328 ms Changes: ---------- chrony: True Summary for debian ------------ Succeeded: 2 (changed=1) Failed: 0 ------------ Total states run: 2 Total run time: 110.911 ms
