DDclient authorization failed and sendmail error

Scott-Trakker · February 10, 2022, 7:39pm

Hello deSEC community!

For configuring ddclient I use the following configuration:

# deSEC configuration
use=if, if=eth0
protocol=dyndns2
ssl=yes
use=cmd, cmd='curl https://checkipv4.dedyn.io/'
server=update.dedyn.io
login=cockpit.jeroenverhoeckx.com
password='removed'
cockpit.jeroenverhoeckx.com

When I run sudo ddclient -force I get the following error message:

WARNING:  file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    13  100    13    0     0    110      0 --:--:-- --:--:-- --:--:--   110
FAILED:   updating cockpit.jeroenverhoeckx.com: authorization failed (HTTP/1.1 401 Unauthorized
FAILED:    Server: nginx
FAILED:    Date: Thu, 10 Feb 2022 19:24:31 GMT
FAILED:    Content-Type: text/plain
FAILED:    Content-Length: 7
FAILED:    Connection: close
FAILED:    WWW-Authenticate: Token
FAILED:    Allow: GET, HEAD, OPTIONS
FAILED:    Vary: Origin
FAILED:    Strict-Transport-Security: max-age=31536000
FAILED:    
FAILED:    badauth)
Can't exec "sendmail": No such file or directory at /sbin/ddclient line 1647.
ddclient: cannot execute command | sendmail -oi root

Questions:

Is my username correct? It should be the domain name?
Is my password correct? It must be the token I found under Token Management?
Why is this token updated every time I log in deSEC?
Does ddclient really need sendmail? Can it be disabled?
Where does the abbreviation deSEC stand for ?
After configuring ddclient it automatically runs every 5 minutes? I don’t need to create a cronjob?
Does ddclient survive a reboot of the server? It start automatically again?

Yours sincerely,

Scott Trakker

ps. All the step I took so far can be found here:
https://jeroenverhoeckx.com/build-your-own-personal-cloud.html#dynamic-dns

peter · February 10, 2022, 7:54pm

Hi Scott,

Thanks for your message, and welcome to deSEC!

It looks like you used the ID of your token in the password field, instead of the token value. The token value is only displayed once when the is created (in the GUI: in the green bar at the top of the dialog).

Note: While in this case it was helpful, it is much better to not include any credentials in things you post online. If the password in your post had been correct (and some other configuration error was the problem), anybody would now be able to change your DNS records.

Hope that helps!

Stay secure,
Peter

Scott-Trakker · February 10, 2022, 8:02pm

Hello Peter,

Thanks for the quick reply!!

I must have missed the green bar with the security token. What can I do to get it? Do I need to create a new account?

Note: While in this case it was helpful, it is much better to not include any credentials in things you post online. If the password in your post had been correct (and some other configuration error was the problem), anybody would now be able to change your DNS records.

Oh, are these credentials enough? I thought you would also need my personal password of deSEC.
Thanks for notifying me !

Scott

peter · February 10, 2022, 8:14pm

Hi Scott,

You can log in into your account, go to Token Management, then remove the existing token and create a new one. – If you don’t have a password for login yet, you can use the Password Reset function.

Yes, they are enough. Otherwise, ddclient would not be able to update your IP address in the DNS.

Stay secure,
Peter

Scott-Trakker · February 10, 2022, 8:27pm

Ah, thanks!

I didn’t know but you have to create a token manually (by clicking on the plus sign)! Didn’t know you had to do that! Maybe this should be mentioned somewhere?

Thanks !

Scott

Scott-Trakker · February 10, 2022, 8:30pm

Yes!

[XXXX@XXXX ~]$ sudo ddclient -force
WARNING:  file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    13  100    13    0     0     93      0 --:--:-- --:--:-- --:--:--    93
SUCCESS:  updating cockpit.jeroenverhoeckx.com: good: IP address set to 178.85.217.8

peter · February 10, 2022, 8:52pm

When you choose to create a domain under dedyn.io in the sign-up form, the token is automatically created and displayed when you click the link the in the verification email. It is not necessary to do this manually.

However, it looks like you had not used that value, and instead visited the Token Management screen and selected the ID of the token created at account verification time. Normally, it’s not necessary to go to the Token Management screen at all.

But again - the token itself is only displayed once, and cannot be displayed again in the Token Management screen. (We don’t even have it in clear text; we store it in irreversibly hashed form.) Therefore, if you don’t have the token value for some reason, it’s necessary to create a fresh one.

Does that make sense?

Stay secure,
Peter

Scott-Trakker · February 11, 2022, 12:07am

Hello Peter,

Yes, thanks, I now understand how it works!
I chose No, I’ll add one later and that’s why my process went different.

I documented al the steps that I took here:
https://jeroenverhoeckx.com/build-your-own-personal-cloud.html#set-up-dynamic-dns

Let me know what you think of it.

Best wishes,

Jeroen

peter · February 11, 2022, 8:34am

Looks great to me! Thanks for writing this up.

Cheers,
Peter