Topic: No VPN after a manual server migration

[cljunkie]

Configuration:

Generic celeron 400 Mhz with 384 MB RAM, Raid5 (4 scsi drives) SME 7.1.3.

        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)

Configuration above was migrated from a previous server. home directories and ibays had to be moved manually due large graphic files and large attachements to email.

The manual method using signal-events was used for this move. I have done this move in this fashion two times in the last month to increase hard drive space by adding hard drives to array (no fun). This time the VPN ceased to work after the migration. Client machine(s) a/are Macintosh running OS X 10.4.

Here is the message log (columbus=server, cljunkie=me):

Apr 15 22:34:20 columbus pptpd[5369]: CTRL: Client 69.xxx.xxx.xxx control connection started
Apr 15 22:34:20 columbus pptpd[5369]: CTRL: Starting call (launching pppd, opening GRE)
Apr 15 22:34:21 columbus pppd[5370]: Plugin radius.so loaded.
Apr 15 22:34:21 columbus pppd[5370]: RADIUS plugin initialized.
Apr 15 22:34:21 columbus pppd[5370]: pppd 2.4.4 started by root, uid 0
Apr 15 22:34:21 columbus kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Apr 15 22:34:21 columbus pppd[5370]: Using interface ppp0
Apr 15 22:34:21 columbus pppd[5370]: Connect: ppp0 <--> /dev/pts/2
Apr 15 22:34:31 columbus pppd[5370]: Peer cljunkie failed CHAP authentication
Apr 15 22:34:31 columbus pppd[5370]: Connection terminated.
Apr 15 22:34:32 columbus kernel: divert: no divert_blk to free, ppp0 not ethernet
Apr 15 22:34:32 columbus pppd[5370]: Exit.
Apr 15 22:34:32 columbus pptpd[5369]: GRE: read(fd=6,buffer=804ebe0,len=8196) from PTY failed: status = -1 error = Input/output error, us
Apr 15 22:34:32 columbus pptpd[5369]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Apr 15 22:34:32 columbus pptpd[5369]: CTRL: Reaping child PPP[5370]
Apr 15 22:34:32 columbus pptpd[5369]: CTRL: Client 69.xxx.xxx.xxx control connection finished


I don't think this is a bug. Could I have missed a file when copying them by hand? If so, which one would have been the problem file and how would I go about fixing this. We can't do e-mail with our external users until I fix VPN. Web based email has proven to be a hassle for us in graphics.

To avoid the usual beat down: Yes I have checked the bugtracker and searched the forums but there doesn't seem to be a close enough message that includes Macintosh. I'm trying to get my hands on a WinTel to check and see if I can reproduce the problem for my Windows based users.

Thanks!

cljunkie

[william_syd]

        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)

I don't use VPN but a very common cause of failure is the kernel modules not matching the running kernel.

Code: [Select]

uname -r
rpm -qa | grep kmod

[cljunkie]

# uname -r
2.6.9-42.0.10.EL

# rpm -qa | grep kmod
kmod-appletalk-1.0-1.2.6.9_42.0.10.EL
kmod-slip-smp-1.0-1.2.6.9_42.0.10.EL
kmod-slip-1.0-1.2.6.9_42.0.10.EL
kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL
kmod-appletalk-smp-1.0-1.2.6.9_42.0.10.EL

[william_syd]

Yeah, your errors needed to say something about "kernel no support" for that to be your problem.

Worth a try.

[byte]

        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)

This line seems suspect "title SME Server (2.6.9-42.0.3.ELsmp)" please report to bug tracker.

Apr 15 22:34:32 columbus pptpd[5369]: GRE: read(fd=6,buffer=804ebe0,len=8196) from PTY failed: status = -1 error = Input/output error, us
Apr 15 22:34:32 columbus pptpd[5369]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

This looks like your firewall isn't allowing the GRE packets or something to do with your firewall setup/changed since.

[cljunkie]

I'm, still leaning towards not properly copying something over during the upgrade. Now all my SMB users can't get in (groan). I'll go to the back tracker to post, but I'm still thinking I screwed up.

Is it possible to install from a 7.0 CD and tell the install program to update the existing users info and mail, then install 7.1.3 and possible have everything working again?

[dmay]

Configuration above was migrated from a previous server.

What previous server release did you migrate from?
How _exactly_ did you perform the migration?

Darrell

[cljunkie]

This is about the third time I've done this in the last month to increase hard drive space from two 72 Gig drives Raid1 to three 72 Gig drives Raid1 (because of the three drive, no auto Raid5 settings) to finally (and most recently that is causing me problems) four 72 Gig drives.

I work for a newspaper and we have a lot of mail with large attachments and shared file directories (ibays) and no tape drive. Even with the files in the ibays copied to a backup directory, the /home/e-smith is still over 11 Gigs.

So we've been using the process of manual migrating files via rsync see other thread on these boards)

signal-event pre-backup

rsync -a /home/e-smith root@xxx.xxx.xxx.xxx:/temp/home/ (another temporary server)

rsync -a /etc/e-smith/templates-custom root@xxx.xxx.xxx.xxx:/temp/etc/e-smith/

rsync -a /etc/e-smith/templates-user-custom root@xxx.xxx.xxx.xxx:/temp/etc/e-smith/

rsync -a /etc/ssh root@xxx.xxx.xxx.xxx:/temp/etc/

rsync -a/root root@xxx.xxx.xxx.xxx:/temp

rsync -a /etc/sudoers root@xxx.xxx.xxx.xxx:/temp/etc/

rsync -a /etc/passwd root@xxx.xxx.xxx.xxx:/temp/etc/

rsync -a /etc/shadown root@xxx.xxx.xxx.xxx:/temp/etc/

rsync -a /etc/group root@xxx.xxx.xxx.xxx:/temp/etc/

rsync -a /etc/samba/secrets.tdb root@xxx.xxx.xxx.xxx:/temp/etc/samba/

rsync -a /etc/samba/smbpasswd root@xxx.xxx.xxx.xxx:/temp/etc/samba/

rsync -a /etc/smbpasswd root@xxx.xxx.xxx.xxx:/etc

signal-event post-backup

Shutdown

Then I install additional hard drive (for a total of five to make RAID5.

I insert my 7.1 install CD and do a fresh install (temporary settings)

Then I reverse the process.

signal-event pre-restore

rsync -a root@xxx.xxx.xxx.xxx:/temp/home/e-smith/ /home/e-smith/

rsync -a root@xxx.xxx.xxx.xxx:/temp/etc/e-smith/ /home/e-smith/ (does both templates-custom and templates-user-custom)

rsync -a root@xxx.xxx.xxx.xxx:/temp/etc/ (pulls in all the files I put in this directory) /etc

rsync -a root@xxx.xxx.xxx.xxx:/temp/root/  /root

signal-event post-upgrade; signal-event reboot

That's it. Usually works. Only difference this time is that I have 4 drives doing Raid 5 instead of 3 drives doing Raid 1.

Again, I think I may have missed something. I really don't think it is a bug. I just need a second pair of eyes to make sure I didn't miss anything in the process this time. (I do this by hand from paper. I don't have a script file)

Thanks in advance.

[william_syd]

        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)

This line seems suspect "title SME Server (2.6.9-42.0.3.ELsmp)" please report to bug tracker.

Whats suspect about it? He appears to have quoted two lines lower instead of one line higher.

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.3.ELsmp ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.3.ELsmp.img
title SME Server-up (2.6.9-42.0.3.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.3.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.3.EL.img

[cljunkie]

# rpm -qa | grep kmod
kmod-appletalk-1.0-1.2.6.9_42.0.10.EL
kmod-slip-smp-1.0-1.2.6.9_42.0.10.EL
kmod-slip-1.0-1.2.6.9_42.0.10.EL
kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL
kmod-appletalk-smp-1.0-1.2.6.9_42.0.10.EL

# uname -r
2.6.9-42.0.10.EL

Here is my grub.conf file.

# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/main/root
#          initrd /initrd-version.img
#boot=/dev/sda
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title SME Server (2.6.9-42.0.10.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.ELsmp ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.ELsmp.img
title SME Server (2.6.9-42.0.10.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.3.ELsmp ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.3.ELsmp.img
title SME Server-up (2.6.9-42.0.3.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.3.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.3.EL.img

[dmay]

rsync -a /etc/shadown root@xxx.xxx.xxx.xxx:/temp/etc

Typo or did you miss these:

/etc/gshadow
/etc/shadow

Darrell

[dmay]

I work for a newspaper and we have a lot of mail with large attachments and shared file directories (ibays) and no tape drive.

That's why there are two Disk Archive (dar) contribs available. You should try both to see which one fits you best.

Darrell

[cljunkie]

Yes, those were typos. There are others in this post. I did include them in the routine. rsync barfs when I do typos, but I check off my list when I do it for real.

I have tried to get my head around DAR for 6 months. Not there yet.

[byte]

        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-42.0.10.EL.img
title SME Server (2.6.9-42.0.3.ELsmp)
        root (hd0,0)

This line seems suspect "title SME Server (2.6.9-42.0.3.ELsmp)" please report to bug tracker.

Whats suspect about it? He appears to have quoted two lines lower instead of one line higher.

Well spotted. I didn't  

[byte]

Do you still get this problem ? if so there's a bug...

http://bugs.contribs.org/show_bug.cgi?id=2912

[cljunkie]

I've been tied up all week with work-arounds for my users (and political damage control). I'll head over and take a look at the bug report. I hope it is dead on because I'm looking at doing a reinstall and configuration from scratch thjis weekend (not sure how to preserve messages yet in that case) or keep in running with the work-arounds while finding another server solution.

[cljunkie]

I had to do a wipe and reinstall.

I rsync ibays and users directories to another computer.

After reinstalling SME, upgading, setting up domains, users, etc from scratch, every aspect of SME works as well as before. User's IMAPs was not recovered. Their files are on the other computers in case some day I decide to attempt to recover them. I'm not sure where to start.

The server is actually running better than before (go figure). My SMB users can now once again login. VPN is working again. Everyone is happy accpet for the loss of mail. Most users are POPing their mail now instead of IMAP because they don't trust the server. It's going to take a while to regain that trust from them and my boss.

This task was also the attempt to reduce the number os servers we have running from three to one. With the inabilty to get one of the five hard drives not to be left unsed as a spare, we are still running short of spacce and will have to go through this again in mid-sumer (2007). But atleast we're down to two servers. I will be searching bugtracker about the hard drive problem. I always seem to run into problems when I have an odd number of hard drives installed.

So in the mean time, I am looking into the DAR site (I'm unnderstanding that better than the initial read of DAR for SME). Maybe after I under stand it, I can better understand DAR for SME. Also looking into what someone suggested: AFFE(?).

My old traditional UNIX head buddies are recommending I take a look at CPIO (and I thought rsync command lines are scary). I'm scare of TAR for very large backup files (lots of large fraphic files for a newspaper). Some one else said to look into dd and dump.

I think (no one can ever be 100% sure) that we have our nearby/short term and offsite/long term archiving under control. It's that bare iron eight hours to deadline restore we are lacking. Recovering enough mail AND being able to access it would be nice.

It use to be easy last year with a few files on a old Compaq 6000 server (upon which SME no longer works), now it is becoming a real concern on our slower, older standby server now running RAID5.

Again, I say pilot error, not a bug. Need a better parachute.

Thanks to everyone that help. I learn quite a bit and have even more respect for SME as an appliance and a platform for developers to deliver plug and play solutions. My users don't even realize how many fewer problems they've had since mgration from our old OS X Server 10.3.X on a G3 for basic services.

I (me) will be donating (couldn't swing it in the budget last year during the beta/test phase).

-cljunkie

PS-Any one need a Compaq Proliant 6000 for parts?

[cljunkie]

I had to do a wipe and reinstall.

I rsync ibays and users directories to another computer.

After reinstalling SME, upgading, setting up domains, users, etc from scratch, every aspect of SME works as well as before. User's IMAPs was not recovered. Their files are on the other computers in case some day I decide to attempt to recover them. I'm not sure where to start.

The server is actually running better than before (go figure). My SMB users can now once again login. VPN is working again. Everyone is happy accpet for the loss of mail. Most users are POPing their mail now instead of IMAP because they don't trust the server. It's going to take a while to regain that trust from them and my boss.

This task was also the attempt to reduce the number os servers we have running from three to one. With the inabilty to get one of the five hard drives not to be left unsed as a spare, we are still running short of spacce and will have to go through this again in mid-sumer (2007). But atleast we're down to two servers. I will be searching bugtracker about the hard drive problem. I always seem to run into problems when I have an odd number of hard drives installed.

So in the mean time, I am looking into the DAR site (I'm unnderstanding that better than the initial read of DAR for SME). Maybe after I under stand it, I can better understand DAR for SME. Also looking into what someone suggested: AFFE(?).

My old traditional UNIX head buddies are recommending I take a look at CPIO (and I thought rsync command lines are scary). I'm scare of TAR for very large backup files (lots of large fraphic files for a newspaper). Some one else said to look into dd and dump.

I think (no one can ever be 100% sure) that we have our nearby/short term and offsite/long term archiving under control. It's that bare iron eight hours to deadline restore we are lacking. Recovering enough mail AND being able to access it would be nice.

It use to be easy last year with a few files on a old Compaq 6000 server (upon which SME no longer works), now it is becoming a real concern on our slower, older standby server now running RAID5.

Again, I say pilot error, not a bug. Need a better parachute.

Thanks to everyone that help. I learn quite a bit and have even more respect for SME as an appliance and a platform for developers to deliver plug and play solutions. My users don't even realize how many fewer problems they've had since mgration from our old OS X Server 10.3.X on a G3 for basic services.

I (me) will be donating (couldn't swing it in the budget last year during the beta/test phase).

-cljunkie

PS-Any one need a Compaq Proliant 6000 for parts?

[mrjhb3]

I. User's IMAPs was not recovered. Their files are on the other computers in case some day I decide to attempt to recover them. I'm not sure where to start.

All you should have to do is copy the files from the old Maildir directory to the new Maildir directory, then change permissions, and imap access to mail should be restored.  I have done/tested this many times.  Occassionaly I have had to remove the old index files, but no mail was lost.

YMMV,

John