[Icecast] Icecast authentication cant resolve address on Debian

Karl Heyes karl at xiph.org
Fri Jun 3 18:44:31 UTC 2011 

On 03/06/11 19:14, Martin Harrison wrote:
> Hi,
>
> I am trying to use the url authentication method but am having trouble
> getting icecast to work on a Debian installation on a VPS platform.
>
> I have logged in my VPS as root and installed icecast using
>
> apt-get install icecast2
> setup the config file and then set ENABLE=true in /etc/init.d/icecast2
>
> This initialy didn't work as it couldn't access log files and then had
> trouble with the graphics on the admin pages.
> I fixed this by copying the graphics from /usr/share/icecast2/web into
> /etc/icecast/web and by changing the log/web/admin paths
> from /var/log/icecast to /log and /usr/share/icecast2/web to /web.
> I also had to change the base dir fromto /usr/share/icecast2 to
> /etc/icecast as none of the linked xmls files could be read.
>
> At this point icecast will run, display the admin pages correctly, allow a
> source to conenct and users can listen.
>
> However when I enable the authentication it fails to resolve the address
> for the authentication script. The log files contain just two warnings
> that I don't understand the implications of/can't resolve.
>
> [2011-06-03  16:47:46] WARN stats/stats_event_conv No charset found for
> "ISO8859-1"
> [2011-06-03  16:55:11] WARN auth_url/url_add_listener auth to server
> http://www.***.co.uk/online/auth.php failed with Couldn't resolve host
> 'www.***.co.uk'


> I am assuing that this is something to do with access rights but am no
> unix expert (I developed my authentication system with icecast on a
> windows box trouble free).
>
> The relevant sections of the config file are below. any help is really
> appreciated.

>      <paths>
>          <basedir>/etc/icecast2</basedir>

>      </paths>

>      <security>
>          <chroot>1</chroot>

The distribution package makers should take more care in such cases. If 
you want to use DNS names then the mechanism for name lookups needs to 
be complete if you want to use a chroot jail.  This means that the 
configuration files or libraries need to exist within the jail.  The 
simplest change would be to use the IP address as that won't require the 
lookup or avoid the chroot to avoid the restricted directories (use full 
paths) but if you want the DNS lookup in a jail then the mechanism is 
basically

/etc/nsswitch.conf
   read hosts: entry
   lib load of /lib/libnss_... (file, dns etc depending on the protocol)

/lib/libnss_dns... reads /etc/resolv.conf


karl.

More information about the Icecast mailing list