[Icecast] add user failed check log

Coolvibes Reloaded jayaubs89 at gmail.com
Tue Feb 28 12:32:15 UTC 2023


Good afternoon

Ah that's probably why I'm getting errors I'm running version 2.4.4 on a
windows 10 laptop using command prompt in admin mode, also you mentioned
about a trap what's that? And why am I getting adding user failed I don't
want listeners to consistently login everytime they tune in?

On Tue, 28 Feb 2023, 11:28 Philipp Schafft, <phschafft at de.loewenfelsen.net>
wrote:

> Good morning,
>
> On Tue, 2023-02-28 at 01:07 +0000, Coolvibes Reloaded wrote:
> > i'm trying to config the usr authentication
> > but when i goto add myself into the admin part
> > i get add user failed check log?
> >
> > so i did and i'm getting this
> > [...]
> > [2023-02-28  00:46:16] EROR auth_htpasswd/auth_htpasswd.c No filename
> > given in options for authenticator.
> > [...]
>
> There is no filename given for the htpasswd auth, will comment below.
>
>
>
> > [2023-02-28  00:44:26] WARN auth/auth.c unknown auth setting (auth)
> > [2023-02-28  00:44:26] WARN auth/auth.c unknown auth setting
> > (comment)
> > [2023-02-28  00:44:26] EROR auth_htpasswd/auth_htpasswd.c No filename
> > given in options for authenticator.
> > [2023-02-28  00:44:26] EROR connection/connection.c Could not create
> > listener socket on port 8080 bind my ip
> > [2023-02-28  00:44:26] EROR connection/connection.c Could not create
> > listener socket on port 8081 bind my ip
>
> Another set of warnings. Looking at the config below you seem to have
> fallen into the over configuration trap. Plus I'm not sure where some
> of that came from. Maybe you want to comment on that so we can improve
> docs/default configs.
>
>
> What is also missing is which exact version of Icecast you are running.
> The below seems to be a mix of 2.4.x and 2.5.x. I try to answer in a
> generic was for both.
>
> I would also suggest you to run xmllint every time you change the
> config as it checks the syntax. Helps to spot problems early. It also
> provides a way to autoformat (with the --format option) the file. Which
> is very nice.
>
> Another general note here: Everyone using 2.5.x is recommended to have
> a look at the dashboard. Icecast reports many common problems there. It
> is much easier to spot things very early there.
>
>
> > now my config file is
> >
> > <icecast>
> >   <!-- location and admin are two arbitrary strings that are e.g.
> > visible
> >          on the server info page of the icecast web interface
> >          (server_version.xsl). -->
> >   <location>United Kingdom</location>
> >   <admin>someemail at example.com</admin>
> >
> >   <!-- This is the hostname other people will use to connect to your
> > server.
> >          It affects mainly the urls generated by Icecast for
> > playlists and yp
> >          listings. You MUST configure it properly for YP listings to
> > work!
> >     -->
> >   <hostname>yourip/url</hostname>
>
> This is not for an IP address nor an URL. It is for the hostname of the
> server. ;)
>
>
> >   <!-- IMPORTANT!
> >          Especially for inexperienced users:
> >          Start out by ONLY changing all passwords and restarting
> > Icecast.
> >          For detailed setup instructions please refer to the
> > documentation.
> >          It's also available here: http://icecast.org/docs/
> >     -->
> >
> >   <limits>
> >     <clients>9000</clients>
> >     <sources>2</sources>
> >     <queue-size>524288</queue-size>
> >     <client-timeout>30</client-timeout>
> >     <header-timeout>15</header-timeout>
> >     <source-timeout>10</source-timeout>
> >     <!-- If enabled, this will provide a burst of data when a client
> >              first connects, thereby significantly reducing the
> > startup
> >              time for listeners that do substantial buffering.
> > However,
> >              it also significantly increases latency between the
> > source
> >              client and listening client.  For low-latency setups,
> > you
> >              might want to disable this. -->
> >     <burst-on-connect>1</burst-on-connect>
> >     <!-- same as burst-on-connect, but this allows for being more
> >              specific on how much to burst. Most people won't need to
> >              change from the default 64k. Applies to all mountpoints
> >  -->
> >     <burst-size>65535</burst-size>
> >   </limits>
> >
> >   <authentication>
> >     <!-- Sources log in with username 'source' -->
> >     <source-password>somepass</source-password>
> >     <!-- Relays log in with username 'relay' -->
> >     <relay-password>somepass</relay-password>
> >
> >     <!-- Admin logs in with the username given below -->
> >     <admin-user>admin</admin-user>
> >     <admin-password>somepass</admin-password>
> >   </authentication>
> >
> >
> >   <!-- set the mountpoint for a shoutcast source to use, the default
> > if not -->
> >   <!-- specified is /stream but you can change it here if an
> > alternative is -->
> >   <!-- wanted or an extension is required -->
> >   <shoutcast-mount>/stream</shoutcast-mount>
>
>
> >   <directory>
> >     <yp-url-timeout>15</yp-url-timeout>
> >     <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
> >   </directory>
> >
> >   <!-- You may have multiple <listener> elements -->
> >   <listen-socket>
> >     <port>someport</port>
> >     <bind-address>someip</bind-address>
> > <shoutcast-mount>/stream</shoutcast-mount>
> >     <tls>1</tls>
> > <ssl>1</ssl>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >     <tls>1</tls>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >     <tls>1</tls>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >     <shoutcast-mount>/stream</shoutcast-mount>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >   </listen-socket>
> >
> >   <listen-socket>
> >     <port>8080</port>
> >     <ssl>1</ssl>
> >   </listen-socket>
>
> You repeat yourself a lot here. Clearly you can only bind once to each
> port and address pair. (If no bind address is given, the wildcard
> address is assumed.)
>
> As for the TLS settings: in 2.4.x it is <ssl>1</ssl> and in 2.5.x it is
> <tls>true</tls> (which is the same as setting it to "rfc2818"). However
> for 2.5.x I would recommend to set this to <tls>auto</tls> (which
> allows any mode, including non-TLS) or <tls>auto_no_plain</tls> which
> allows any mode but non-TLS.
>
> More details can be found e.g. here:
>
> https://wiki.xiph.org/Icecast_Server/known_https_restrictions#Icecast2_2.5.x_.28branch_.22master.22.29
>
> If there is general interest in this I can talk a little bit about this
> on Friday as well.
>
>
> >   <!-- Global header settings
> >          Headers defined here will be returned for every HTTP request
> > to Icecast.
> >
> >          The ACAO header makes Icecast public content/API by default
> >          This will make streams easier embeddable (some HTML5
> > functionality needs it).
> >          Also it allows direct access to e.g. /status-json.xsl from
> > other sites.
> >          If you don't want this, comment out the following line or
> > read up on CORS.
> >     -->
> >   <http-headers>
> >     <header name="Access-Control-Allow-Origin" value="*" />
> >     <header name="X-Robots-Tag" value="index, noarchive" status="200"
> > />
> >   </http-headers>
> >
> >   <!-- Relaying
> >          You don't need this if you only have one server.
> >          Please refer to the config for a detailed explanation.
> >     -->
> >   <!--<master-server>127.0.0.1</master-server>-->
> >   <!--<master-server-port>8001</master-server-port>-->
> >   <!--<master-update-interval>120</master-update-interval>-->
> >   <!--<master-password>hackme</master-password>-->
> >
> >   <!-- setting this makes all relays on-demand unless overridden,
> > this is
> >          useful for master relays which do not have <relay>
> > definitions here.
> >          The default is 0 -->
> >   <!--<relays-on-demand>1</relays-on-demand>-->
> >
> >   <relay>
> >     <server>someip</server>
> >     <port>someport</port>
> >     <mount>/coolvibes.ogg</mount>
> >     <local-mount>/strawbs.ogg</local-mount>
> >     <on-demand>0</on-demand>
> >
> >     <relay-shoutcast-metadata>0</relay-shoutcast-metadata>
> >   </relay>
>
> If you're using recent 2.5.x you can also use
> <url>http://example.org/blubb</url> here for the upstream address.
>
>
> >   <!-- Mountpoints
> >          Only define <mount> sections if you want to use advanced
> > options,
> >          like alternative usernames or passwords
> >     -->
> >
> >   <!-- Default settings for all mounts that don't have a specific -->
> >
> >   <mount type="normal">
> >     <mount-name>/live.mp3</mount-name>
>
> In this block you set a real huge amount of options. I guess most of
> them can go. Some are set to the default value (e.g. you set <burst-
> size> to the same value as the global default). Some should be avoided
> unless there is a real requiement (e.g. <*type*>, <*metadata*>,
> <*header*>, <bitrate>, ...). And for some I'm not sure if you actually
> use them (<on-*>, <fallback*>, <intro>).
>
> Generally speaking use as little options as possible.
>
>
> >     <username>someusername</username>
> >     <password>someexamplepass</password>
> >     <max-listeners>900</max-listeners>
> >     <max-listener-duration>3600</max-listener-duration>
> >     <dump-file>/tmp/dump-example1.ogg</dump-file>
> >     <intro>/intro.ogg</intro>
> >     <fallback-mount>/stream.ogg</fallback-mount>
> >     <fallback-override>1</fallback-override>
> >     <fallback-when-full>1</fallback-when-full>
> >     <charset>ISO8859-1</charset>
> >     <public>1</public>
> >     <stream-name>somestream</stream-name>
> >     <stream-description>'hello'</stream-description>
> >     <stream-url>someurl</stream-url>
> >     <genre>World</genre>
> >     <bitrate>160</bitrate>
> >     <type>application/mp3</type>
> >     <subtype>mp3</subtype>
> >     <hidden>1</hidden>
> >     <burst-size>65536</burst-size>
> >     <mp3-metadata-interval>4096</mp3-metadata-interval>
>
> >     <authentication type="htpasswd">
> >       <auth name="stream_auth" value="#" />
> >  <option name="allow_duplicate_users" value="1"/>
> >       <!-- See authentication documentation -->
> >     </authentication>
>
> Not sure where you got this block from.
> Generally the htpasswd type takes an option with the filename. From the
> 2.4.4 example:
>         <authentication type="htpasswd">
>                 <option name="filename" value="myauth"/>
>         </authentication>
>
> The filename is relativ to Icecast's cwd (after chroot if any). So
> depending on your setup you might want to set it absolute.
>
>
>
> >     <http-headers>
> >       <header name="Access-Control-Allow-Origin" value="*" />
> >       <header name="X-Robots-Tag" value="index, noarchive" />
> >       <header name="foo" value="bar" status="200" />
> >       <header name="Nelson" value="Ha-Ha!" status="404" />
> >     </http-headers>
> >     <on-connect>/home/icecast/bin/source-start</on-connect>
> >     <on-disconnect>/home/icecast/bin/source-end</on-disconnect>
> >   </mount>
>
>
> The rest below is 2.4.x style config. Nothing wroth with it even for
> 2.5.x. But it might be a bit nicer to read/work with in 2.5.x style.
>
> >   <fileserve>1</fileserve>
> >
> >     <paths>
> >         <logdir>./log</logdir>
> >         <webroot>./web</webroot>
> >         <adminroot>./admin</adminroot>
>
> Relative paths here look a bit like you try to run it not as a service.
> I would avoid this outside of testing.
>
>
> >
> >         <!-- Aliases: treat requests for 'source' path as being for
> > 'dest' path
> >              May be made specific to a port or bound address using
> > the "port"
> >              and "bind-address" attributes.
> >           -->
> >         <!--
> >         <alias source="/foo" destination="/bar"/>
> >         -->
> >         <!-- Aliases: can also be used for simple redirections as
> > well,
> >              this example will redirect all requests for
> > http://server:port/ to
> >              the status page
> >         -->
> >         <alias source="/" destination="/status.xsl"/>
> >         <!-- The certificate file needs to contain both public and
> > private part.
> >              Both should be PEM encoded.
> >         <ssl-certificate>./icecast.pem</ssl-certificate>
> >         -->
> >     </paths>
> >
> > <security>
> >         <chroot>0</chroot>
> >
> >         <changeowner>
>
> Having changeowner active is not the nicest thing. Unless you need the
> extra permissions for e.g. binding to a privileged port I would suggest
> to not use this. If running as a service it is best to let the
> operating system change to the correct user before starting Icecast. if
> running ín a more test setup sudo/doas -u works very nice to switch to
> the target user.
>
>
> >             <user>user</user>
> >             <group>users</group>
> >         </changeowner>
> >
> >     </security>
> >
> >   <logging>
> >         <accesslog>access.log</accesslog>
> >         <errorlog>error.log</errorlog>
> >         <!-- <playlistlog>playlist.log</playlistlog> -->
> >         <loglevel>4</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error
> > -->
> >         <logsize>10000</logsize> <!-- Max size of a logfile -->
> >         <!-- If logarchive is enabled (1), then when logsize is
> > reached
> >              the logfile will be moved to
> > [error|access|playlist].log.DATESTAMP,
> >              otherwise it will be moved to
> > [error|access|playlist].log.old.
> >              Default is non-archive mode (i.e. overwrite)
> >         -->
> >         <!-- <logarchive>1</logarchive> -->
> >     </logging>
> > </icecast>
>
>
> With best regards,
>
> --
> Philipp Schafft (CEO/Geschäftsführer)
> Telephone:           +49.3535 490 17 92
> Website:             https://www.loewenfelsen.net/
> Follow us:           https://www.linkedin.com/company/loewenfelsen/
> Geschäftsführer/CEO: Philipp Schafft
>
> Löwenfelsen UG (haftungsbeschränkt)     Registration number:
> Bickinger Straße 21                     HRB 12308 CB
> 04916 Herzberg (Elster)                 VATIN/USt-ID:
> Germany                                 DE305133015
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230228/8a9b71f3/attachment.htm>


More information about the Icecast mailing list