Slow initial connection on https connects

Nov 22

Our most busy server sometimes showed long connection times after we changed the default protocol from http to https.

This server is running Apache 2.4.10 on Debian Wheezy, and the slow connection times manifested themselves after periods of higher than normal load, but far from being critical.

I have tried a lot of different things, like incrementing the number of Apache processes, limiting the number of concurrent outgoing mails (the server sends about 20.000 emails every day), and also adding more memory to the system – but nothing helped.

Unfortunately, http/2 is not available with this Apache version, and I don’t like to backport from a newer Debian version. The same is true for ALPN and NPN – both not available in the installed Apache version.

The solution was to enable OCSP stapling:

SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Now the maximum connection times are down to about 5 seconds in the most busy periods, instead of reaching 20 seconds and more. In times of normal load the connection times are below 0.1 seconds.

As test I can recommend the SSLLabs test by Qualys:

Debian 9 Stretch, PHP 7 and Microsoft SQL Server access

Nov 12

Microsoft supports SQL Server access from Linux and PHP 7, but unfortunately not with Debian 9 Stretch, but only for Debian 8 (and Ubuntu 15.10, Ubuntu 16.10, Ubuntu 6.04, RedHat 7 and MacOS).


I have tried to use the PDO Sybase drivers (package php7.0-sybase), but was not able to connect.

Then I found the page and have done the following:

pecl install sqlsrv-5.1.1preview
pecl install pdo_sqlsrv-5.1.1preview

The build failed until I installed the package unixodbc-dev
apt-get install unixodbc-dev

To enable the both modules in Apache2, I have done also the following:
cd /etc/php/7.0/mods-available
cp pdo_dblib.ini pdo_sqlsrv.ini
cp pdo_dblib.ini sqlsrv.ini

changed the contents of the files to list the appropriate -so file ( and,
cd /etc/php/7.0/apache2/conf.d
ln -s /etc/php/7.0/mods-available/sqlsrv.ini 20-sqlsrv.ini
ln -s /etc/php/7.0/mods-available/pdo_sqlsrv.ini 20-pdo_sqlsrv.ini

and restarted Apache2.

Now, my test function returned that the ODBC driver was missing.
I have downloaded then the Debian 8 version and installed the driver and the tools:
apt-get install unixodbc
dpkg -i msodbcsql_13.1.9.1-1_amd64.deb
dpkg -i mssql-tools_14.0.7.0-1_amd64.deb

After this, I was able to connect to the SQL server and run a select statement.

$conn = new PDO("sqlsrv:Server=$myserverName;Database=$myDB", $myUser, $myPass);

Firebird installation on Debian server

Sep 11

Installing Firebird on Debian (Jessie in my case) gave a problem: after installing and starting the server I was not able to connect to the database server:

Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

using the sysdba password I entered in the installation dialog.

Unfortunately it seems the installation procedure has a bug, and does not accept the entered password, but attributes a random password. This random password can you find in the file


The connect with this random password succeedes and you can change your password afterwards – but you must change it with both the Firebird administration tools and inside this file.

The password can be changed with the gsec tool:

gsec -user sysdba -password <password_from_SYSDBA.password>
modify sysdba -pw <your_new_password>

And another speciality for Debian:

The isql tool is called isql-fb

Windows 10 do not likes the netlogon share on server (Samba or Windows)

Aug 28

Today, I had an interesting issue: Windows 10 (workgroup setting, local account) does not connect to the Samba netlogon share, even with the latest Samba version (4.2.3), it asks username and password.
Access to other shares works without any issue.
I had also checked the HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\AllowInsecureGuest setting – it does not change anything.
My temporary solution was to create a new share, identical to the netlogon share, with another name – I choosed netlogonw10. Calling the login script from this share works.

The same is true also for netlogon shares on Windows servers, if the machine is not in the Windows domain

Add Windows 7 PC to Samba Domain after IP address change

Aug 16

Today, I had to change all IP addresses on a customers Samba network. (Really, the customer had two separate networks, and I have unified them to one).

After this, I had to add several Windows 7 PCs to the Samba domain, but the process failed, and the logs on the Samba server had no entries on this.

The error message was:

“The specified domain either does not exist or could not be contacted”

I had added the registry entries specified here:

but nothing.

Finally, the nblookup tool downloadable from Microsofts website pointed me in the right direction: incorrect wins data!

The solution was simple:

/etc/init.d/samba stop
rm /var/lib/samba/wins.*
/etc/init.d/samba start

This recreated the correct wins database wins.tdb and the PC could be joined to the database.

winbindd at 100% cpu after system crash

Aug 17

After a power shortage, nobody could connect to the Samba shares of a Debian Linux server, and a look at “top” on the Linux server showed that the winbindd process used 100% cpu.

The solution was easy:

/etc/init.d/samba stop
/etc/init.d/winbind stop

a kill -9 <processnumber> to the running winbindd process.

Find and remove the gencache.tdb file (/var/lib/samba/gencache.tdb on my Debian server).

/etc/init.d/samba start
/etc/init.d/winbind start
/etc/init.d/samba stop
net rpc join -U administrator%<admin_password>
/etc/init.d/samba start

This fixed the problem.

Configuration: Domain master is a Windows SBS 2003, main file server a Debian Linux Lenny server using winbind as primary autentication mechanism.