When I try to bootstrap CMake (regardless of parameters for as far as I can see) it fails with the following error:
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
CURSES_CURSES_H_PATH
used as include directory in directory /usr/src/cmake-2.8.6/Source/CursesDialog/form
used as include directory in directory /usr/src/cmake-2.8.6/Source
Although it can find libcurses...
-- Looking for wsyncup in /usr/lib/libcurses.so
-- Looking for wsyncup in /usr/lib/libcurses.so - found
The problem seems to lie in the fact that my curses.h header file is in /usr/include/ncursesw instead of in /usr/include. It would seem that CMake needs curses to build and cannot use ncurses... Strangely, I've compiled ncurses conform Linux From Scratch and which places the headers in that subfolder (ncursesw). Compiling non-wide versions didn't work either, as the headers are placed in /usr/include/ncurses. CMake is part of Beyond Linux From Scratch, but I don't see any workarounds there, so I'm puzzled why BLFS doesn't encounter the same problems...
I've come up with a workaround that works for my situation, but I don't know if this is a good solution or will cause problems in the future...
sed -i "s#FIND_FILE(CURSES_HAVE_CURSES_H curses.h )#FIND_FILE(CURSES_HAVE_CURSES_H curses.h HINTS /usr/include/ncursesw )#" Modules/FindCurses.cmake
sed -i "s#FIND_PATH(CURSES_CURSES_H_PATH curses.h )#FIND_PATH(CURSES_CURSES_H_PATH curses.h HINTS /usr/include/ncursesw )#" Modules/FindCurses.cmake
I've hinted the FindCurses script to look for curses.h in the /usr/include/ncursesw folder.
Sunday, October 16, 2011
Sunday, October 2, 2011
Test "samba3.blackbox.smbclient_s3.crypt" in samba 3.6.0 fails
I got the following two errors from one of the tests in the Samba 3.6.0 test suite:
UNEXPECTED(failure): samba3.blackbox.smbclient_s3.crypt (s3dc).writing into a read-only directory fails
REASON: _StringException: _StringException: CLI_FORCE_INTERACTIVE=yes /usr/src/samba-3.6.0/source3/bin/smbclient -U% //LOCALS3DC2/ro-tmp -I 127.0.0.2 --configfile=/usr/src/samba-3.6.0/source3/st/client/client.conf -e
UNEXPECTED(failure): samba3.blackbox.smbclient_s3.crypt (s3dc).Reading a owner-only file fails
REASON: _StringException: _StringException: CLI_FORCE_INTERACTIVE=yes /usr/src/samba-3.6.0/source3/bin/smbclient -U% //LOCALS3DC2/ro-tmp -I 127.0.0.2 --configfile=/usr/src/samba-3.6.0/source3/st/client/client.conf -e
The solution to these errors is to run the test suite as a non-root user (which is always a good idea). Unfortunately, since I use automated scripts to compile, test and configure packages (wrote them myself), it is difficult to switch users half way (you need root for installing). My solution was to su to a non-root user just for these tests and let him own the entire source tree, so that there are no access problems.
UNEXPECTED(failure): samba3.blackbox.smbclient_s3.crypt (s3dc).writing into a read-only directory fails
REASON: _StringException: _StringException: CLI_FORCE_INTERACTIVE=yes /usr/src/samba-3.6.0/source3/bin/smbclient -U% //LOCALS3DC2/ro-tmp -I 127.0.0.2 --configfile=/usr/src/samba-3.6.0/source3/st/client/client.conf -e
UNEXPECTED(failure): samba3.blackbox.smbclient_s3.crypt (s3dc).Reading a owner-only file fails
REASON: _StringException: _StringException: CLI_FORCE_INTERACTIVE=yes /usr/src/samba-3.6.0/source3/bin/smbclient -U% //LOCALS3DC2/ro-tmp -I 127.0.0.2 --configfile=/usr/src/samba-3.6.0/source3/st/client/client.conf -e
The solution to these errors is to run the test suite as a non-root user (which is always a good idea). Unfortunately, since I use automated scripts to compile, test and configure packages (wrote them myself), it is difficult to switch users half way (you need root for installing). My solution was to su to a non-root user just for these tests and let him own the entire source tree, so that there are no access problems.
Saturday, June 18, 2011
Error in testing binutils-2.21
When compiling a new version of binutils (version 2.21), I encountered the following error during the 'make check':
Running /usr/src/binutils-2.21/ld/testsuite/ld-plugin/plugin.exp ...
FAIL: plugin claimfile lost symbol
I couldn't find much about the cause of this error, but I did find a patch that fixed this error for me:
http://sourceware.org/ml/binutils-cvs/2010-11/msg00048.html
Running /usr/src/binutils-2.21/ld/testsuite/ld-plugin/plugin.exp ...
FAIL: plugin claimfile lost symbol
I couldn't find much about the cause of this error, but I did find a patch that fixed this error for me:
http://sourceware.org/ml/binutils-cvs/2010-11/msg00048.html
Saturday, May 14, 2011
PPP+PAM Windows VPN Error 734: The PPP link control protocol was terminated
Today I was battling with "Error 734: The PPP link control protocol was terminated" that the Windows 7 VPN client was giving me. Although the fixes suggested in this forum post will probable help most people, it didn't help me (as usual).
Apparently, in my case, this was caused by having the "login" setting in your /etc/ppp/options.xl2tpd and using an improper PAM-configuration.
From what I understand is that when you enter the correct password that is in chap.secrets, it will pass that authentication step, but it could fail on PAM authentication (as was the case with my configuration). So removing the "login" option will take care of this error, but will also disable PAM-support.
Currently I'm working on how to avoid having passwords in the chap.secrets file (but only in LDAP that is accessible via PAM). Filling in "" as the secret does not seem to work... According to an Oracle (?) article CHAP cannot be used in combination with PAM, since the password isn't sent accross the link, the server cannot create the MD5 hash that is requested by the client (based on a kind of challenge). But if LDAP could generate that hash... (Yeah, I know, LDAP is a database, not an authentication server)
Apparently, in my case, this was caused by having the "login" setting in your /etc/ppp/options.xl2tpd and using an improper PAM-configuration.
From what I understand is that when you enter the correct password that is in chap.secrets, it will pass that authentication step, but it could fail on PAM authentication (as was the case with my configuration). So removing the "login" option will take care of this error, but will also disable PAM-support.
Currently I'm working on how to avoid having passwords in the chap.secrets file (but only in LDAP that is accessible via PAM). Filling in "" as the secret does not seem to work... According to an Oracle (?) article CHAP cannot be used in combination with PAM, since the password isn't sent accross the link, the server cannot create the MD5 hash that is requested by the client (based on a kind of challenge). But if LDAP could generate that hash... (Yeah, I know, LDAP is a database, not an authentication server)
Sunday, May 1, 2011
GCC test errors
I've compiled gcc 4.5.2 and although apparently it is impossible to have no unexpected fails when testing your compiled version (why!?), I had some extra errors when running "make -k test":
FAIL: gcc.c-torture/compile/limits-exprparen.c -O0 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O1 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O2 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O3 -fomit-frame-pointer (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O3 -g (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -Os (test for excess errors)
According to the compile instructions for GCC in LinuxFromScratch you have to increase your stack size to be able to successfully pass these tests:
ulimit -s 16384
FAIL: gcc.c-torture/compile/limits-exprparen.c -O0 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O1 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O2 (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O3 -fomit-frame-pointer (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -O3 -g (test for excess errors)
FAIL: gcc.c-torture/compile/limits-exprparen.c -Os (test for excess errors)
According to the compile instructions for GCC in LinuxFromScratch you have to increase your stack size to be able to successfully pass these tests:
ulimit -s 16384
Saturday, April 23, 2011
Default settings of Windows VPN
In hindsight, the error below was very easy to explain. But when you're confronted with a non-working VPN server, you're checking every error in the log. Unfortunately most errors are non-self-explanatory and when you look them up on the internet, nothing can be found.
2011-04-23 11:38:53: [192.168.0.3] ERROR: invalid flag 0x08.
A default configuration in Windows 7 will have the type of type of VPN set to "automatic". This will cause Windows to try to connect with each VPN type it supports until it has a connection. In this case, Windows will first try IKEv2, then PPTP and finally (in this case) IPSec/L2TP. This can also be
If you look this error up in Google, you get exactly 1 result. The result is a message on a board from someone who apparently has the same problem. To me, this seems very strange. As most people will use the automatic setting (since it will work in most cases), almost every racoon log will contain this error... Doesn't anybody care about errors in their logs? Or am I mistaken?
2011-04-23 11:38:53: [192.168.0.3] ERROR: invalid flag 0x08.
A default configuration in Windows 7 will have the type of type of VPN set to "automatic". This will cause Windows to try to connect with each VPN type it supports until it has a connection. In this case, Windows will first try IKEv2, then PPTP and finally (in this case) IPSec/L2TP. This can also be
If you look this error up in Google, you get exactly 1 result. The result is a message on a board from someone who apparently has the same problem. To me, this seems very strange. As most people will use the automatic setting (since it will work in most cases), almost every racoon log will contain this error... Doesn't anybody care about errors in their logs? Or am I mistaken?
Racoon (IPsec) and Windows 7 VPN
I'm trying to create a VPN server on my Linux From Scratch server using IPsec and L2TP. I would like to log-in using only a password, not using certificates.
I'm trying to make this work using ipsec-tools-0.8.0, xl2tpd-1.2.8 and ppp-2.4.5. I want to log in using Windows clients.
My racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
initial_contact on;
passive off;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes, 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
Almost independent of how you configure racoon, if you create a default VPN-connection under Windows 7, you'll find out that it will not work and that the log file ends with:
2011-04-23 11:41:49: ERROR: no suitable proposal found.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to get valid proposal.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to process ph1 packet (side: 1, status: 1).
Apparently, the VPN client of Windows 7 uses certificates by default. So if you want to use pre-shared keys for authentication for L2TP under Windows, you have to change this explicitly in the properties of your VPN client. (Under Security -> Advanced Settings -> L2TP -> Use preshared key for authentication) (which should, of course, be the same as the key that you have set in (/usr/local/)/etc/racoon/psk.txt.)
I'm trying to make this work using ipsec-tools-0.8.0, xl2tpd-1.2.8 and ppp-2.4.5. I want to log in using Windows clients.
My racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
initial_contact on;
passive off;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes, 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
Almost independent of how you configure racoon, if you create a default VPN-connection under Windows 7, you'll find out that it will not work and that the log file ends with:
2011-04-23 11:41:49: ERROR: no suitable proposal found.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to get valid proposal.
2011-04-23 11:41:49: [192.168.0.3] ERROR: failed to process ph1 packet (side: 1, status: 1).
Apparently, the VPN client of Windows 7 uses certificates by default. So if you want to use pre-shared keys for authentication for L2TP under Windows, you have to change this explicitly in the properties of your VPN client. (Under Security -> Advanced Settings -> L2TP -> Use preshared key for authentication) (which should, of course, be the same as the key that you have set in (/usr/local/)/etc/racoon/psk.txt.)
Welcome to my blog.
As a hobby, I'm always experimenting with computer stuff. I'm fiddling with a Linux From Scratch machine, A.C. Ryan PlayonHD (don't buy it!) and my Windows Domain on which I try to configure web servers, imap-servers, VPN, crosscompiling, etc. I'm not easily satisfied with solutions that just work, I'm interested in the details. In most of these situations, this will lead to frustrations about errors that occur, for which even the Internets do not seem to have an answer. This goes up (and beyond) to a certain point where I think: "Isn't a hobby supposed to be fun?". That's why I decided to post my experiences on a blog, so at least, I can remember my own solutions when I encounter the same error again, and, as a bonus, I hope to help others.
Subscribe to:
Posts (Atom)