Description of problem: the cntlm daemon can not start correctly, it seems that the process can not create the pid file as specified inside the systemd unit. the systemd unit contain : ExecStart=/usr/sbin/cntlm -a ntlm -U cntlm -P /run/cntlm.pid -c /etc/cntlm.conf starting the process drop root's privileges becoming the user cntlm ( as specified by -U cntlm ) that can not have permissions to create the file /run/cntlm.pid. this cause the failed state Version-Release number of selected component (if applicable): cntlm.x86_64 0.92.3-2.mga7 @System How reproducible: Steps to Reproduce: 1. sudo dnf install cntlm 2. edit the conf file, adding username, domain, password and setting the custom proxy 3. sudo systemctl restart cntlm My fix proposed fix : 1 . remove the option -U, but is not secure 2 . create the folder and change its ownership before the units start I modified the unit file ================================================================ [f59073c@odin ~]$ more /usr/lib/systemd/system/cntlm.service [Unit] Description=CNTLM Authentication Proxy After=syslog.target network.target [Service] Type=forking PIDFile=/run/cntlm/cntlm.pid ExecStartPre=/usr/bin/mkdir /run/cntlm/ ExecStartPre=/usr/bin/chown cntlm. /run/cntlm/ ExecStart=/usr/sbin/cntlm -a ntlm -U cntlm -P /run/cntlm/cntlm.pid -c /etc/cntlm.conf ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ====================================================================
Created attachment 11151 [details] proposed cntlm.service
Updated cntlm-0.92.3-2.1.mga7 should be available on mirrors soonish in core/udpates_testing. Please test. Instead of creating dir with .service file I modified tmpfiles.conf to create /run/cntlm and modified only PID-file location in .service file.
Assignee: bugsquad => qa-bugsCC: (none) => jani.valimaa
MGA7-64 Plasma on Lenovo B50 No installation issues. Googled and found https://vijiboy.wordpress.com/2018/03/14/configure-cntlm-to-generate-hash-for-your-password-h-and-verify-m/ to get some tests Changed the /etc/cntlm file to point to my own laptop and at CLI: # cntlm -h CNTLM - Accelerating NTLM Authentication Proxy version 0.92.3 Copyright (c) 2oo7-2o1o David Kubicek This program comes with NO WARRANTY, to the extent permitted by law. You may redistribute copies of it under the terms of the GNU GPL Version 2 or newer. For more information about these matters, see the file LICENSE. For copyright holders of included encryption routines see headers. Usage: cntlm [-AaBcDdFfgHhILlMPpSsTUuvw] <proxy_host>[:]<proxy_port> ... -A <address>[/<net>] ACL allow rule. IP or hostname, net must be a number (CIDR notation) -a ntlm | nt | lm and a lot more further # cntlm -H Password: PassLM 142DDC49E073DA63552C4BCA4AEBFB11 PassNT 6744CA8C8FEC5500FCE7E2F016025F61 PassNTLMv2 E7502E111FBE7435B735B9B8D338A3C1 # Only for user 'testuser', domain 'corp-uk' and followed the steps to include this infi in the conf file but # cntlm -v -f -M http://google.com section: global, Username = 'testuser' section: global, Domain = 'corp-uk' section: global, Password = 'password' section: global, Username = 'testuser' section: global, Domain = 'hviaene.thuis' section: global, Proxy = 'localhost:8080' section: global, Listen = '127.0.0.1:3128' section: global, Password = ':' section: global, PassLM = '142DDC49E073DA63552C4BCA4AEBFB11' section: global, PassNT = '6744CA8C8FEC5500FCE7E2F016025F61' section: global, PassNTLMv2 = 'E7502E111FBE7435B735B9B8D338A3C1' Default config file opened successfully Resolve 127.0.0.1: -> 127.0.0.1 cntlm: Proxy listening on 127.0.0.1:3128 cntlm: Ignoring config file option: Username cntlm: Ignoring config file option: Domain cntlm: Ignoring config file option: Password cntlm: Workstation name used: mach5.hviaene.thuis Password: cntlm: Using proxy localhost:8080 cntlm: Resolving proxy localhost... Config profile 1/4... Resolve localhost: -> 127.0.0.1 127.0.0.1 so_connect: Connection refused cntlm: Proxy connect failed, will try localhost:8080 cntlm: No proxy on the list works. You lose. Connection to proxy failed, bailing out cntlm: Terminating with 0 active threads Whatever I tried, switching off firewall, no go. But the problem is apparantly not cntlm because telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection refused And I cann't get ly head around it.
CC: (none) => herman.viaene
Tested with a production server migrated from MGA6 to MGA7. Without this update, cntlm failed to start. So this update fixes the bug, please push.
CC: (none) => lists.jjorgeWhiteboard: (none) => MGA7-32-OK MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2019-0101.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Strawberries is sweet food and effect of strawberries is good on dogs https://whatdogseats.com/strawberries/ and dogs like very much it and you want more information just click on our website
CC: (none) => herryparker207
CC: herryparker207 => (none)