Archive for May, 2014

Update apt public keys in Debian to fix package authentication errors

Thursday, May 29th, 2014

The apt program for Debian uses public and private keys to validate packages downloaded from the repositories. You can learn all about it at https://wiki.debian.org/SecureApt. Public keys are stored in /etc/apt/trusted.gpg. If keys are missing, outdated, corrupted, etc. apt will complain when trying to install packages with an error like “The following signatures couldn’t be verified because the public key is not available”. You can choose to ignore the error. If so, when it reoccurs in the future you will see warnings like “WARNING: The following packages cannot be authenticated!”.

The solution to this problem is to update your public keys for the Debian repositories. These keys are installed via the package debian-archive-keyring. A simple “apt-get install debian-archive-keyring” is probably enough to update the keys are remove the errors/warnings during package installs.

Accessing status and diagnostic information for a Motorola Surfboard cable modem

Wednesday, May 28th, 2014

My ISP (to protect its identity, let’s call it Flomflast) drops my internet connection frequently. During the latest occurrence, I noticed from my router’s status page that the WAN address had been assigned to 192.168.100.11. I was surprised to see this since I believed there was no connection to the ISP via the cable line. How could the ISP DHCP server assigned an ip address to the router? And why the private network address?

I guessed that if the DHCP server was assigning addresses in the 192.168.100.x range then itself or another server (the gateway?) might be located at 192.168.100.1. I typed the address in the address bar of my favorite web browser and was greeted with a web page being served by my Motorola Surfboard cable modem.

Screenshot - 05282014 - 11:14:33 PM

On the configuration page I found information that the cable modem has a built-in DHCP server that takes over when the internet connection is dropped. As configured, it begins assigning addresses at 192.168.100.11. Since my router is the only device on that side of the network with the cable modem, it was assigned the first ip address in the range.

The status page for the cable modem is especially handy. From the comfort of my chair I can see that the internet connection is indeed lost without the usual process of several rounds of pinging followed by a walk to another room to check the modem lights. Even with the internet connected, the modem is still accessible at 192.168.100.1.

auth.log errors: pam_winbind.so missing

Thursday, May 1st, 2014

I had an authorization log (/var/lib/auth.log) was filling up with errors related to a missing pam_winbind.so library:

May  1 01:25:01 servername CRON[1906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  1 01:25:01 servername CRON[1906]: pam_unix(cron:session): session closed for user root
May  1 01:25:16 servername auth: PAM unable to dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory
May  1 01:25:16 servername auth: PAM adding faulty module: /lib/security/pam_winbind.so

…over and over. I tried upgrading winbind to the latest version in the Debian stable repositories. I installed libpam-winbind (2:3.6.6-6+deb7u3 for both). Neither of those actions fixed the problem. The library, pam_winbind.so, was not present in /lib/security.

After reading this thread:

https://lists.debian.org/debian-user/2012/07/msg00620.html

I found that the library was simply in the wrong location. It was the only file under /lib/powerpc-linux-gnu/security/. This machine is a powerpc. Other architectures will have a different architecture name in the /lib directory.

The simple solution was to make a symlink under at /lib/security/pam_winbind.so that points to the existing library at /lib/powerpc-linux-gnu/security/pam_winbind.so:

sudo ln -s /lib/powerpc-linux-gnu/security/pam_winbind.so /lib/security/pam_winbind.so

No more errors in the auth.log.