Showing post in category: Work
Well I couldn’t make my Atheros (ath0) work as a bridged network with VMware… but I made a workaround which I want to share with you guys. Anyways I’ll have it documented if I cant remember what I did later on. I have installed VMware on my Ubuntu laptop and a edgy-alternative (server) as a guest OS within VMware.
The way I did this was making my laptop into a router between the “VMware host only” net and my wireless net.
You need to have configured a host only network for your VMware machines, mine is called vmnet1 and is using the network:
192.168.154.0/24
My laptop has the following ip’s:
wireless: ath0 192.168.20.197 (provided by DHCP)
wired: eth0 * (not used in this example)
VMware net: vmnet1 192.168.154.1 (static)
gateway: default 192.168.20.1
My Ubuntu edgy server has the following ip’s:
wired: eth0 192.168.154.2 (static)
On my laptop I have made a script that does the following:
INTERNAL=vmnet1
EXTERNAL=ath0
# Enable router functionality
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enabling SNAT (MASQUERADE) functionality on $EXTERNAL
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
All my rules are set to accept as default, if yours are not you might want to add something like this:
iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
On my VMware guest I have configured eth0 to have the static ipadress 192.168.154.2 and to use 192.168.154.1 as default gateway.
The way you set this up depends on you guest OS, but you can also do this manually with:
INTERNAL=eth0
ip a add dev $INTERNAL 192.168.154.2/24
ip link set $INTERNAL up
route add default gw 192.168.154.1
Now test by pinging you host’s gateway (my laptop):
ping 192.168.20.1
Note: You propably want to set you guest OS to be able to use a DNS server.
Today at work I got an error like the following while I tried to add a new user:
ldapsam_add_sam_account: SID 'S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-3048' already in the base, with samba attributes
I searched the net to find out what the problem was. On some site I found how the SID is calculated:
User-SID: uid*2+sambaAlgorithmicRidBase
Group-SID: gid*2+sambaAlgorithmicRidBase+1
My user had uid 1024 so it seemed to fit just right (I guess sambaAlgorithmicRidBase=1000). But why had another user already got the SID 3048, that would mean that another user had uid 1024?… Exactly! 
Users for Samba is stored in LDAP. I have split my user- and Windows workstaion accounts (which also needs to be Linux users) into different containers named Users and Computers. When a normal account is created, it only checked for existing uid’s in the Users-container. Because of this I now have 2 users with the uid 1024 (both Windows workstation account and my newly created user account) and now a SID conflict. I should fix the uid check when adding a new user to also check in the Computers-container. Hopes this helps some people with similar problems.
… down a drain called World of Warcraft.
As a few people have pointed out, I havn’t blogged for some time now. I spend most my evenings playing World of Warcraft and havn’t really used my spare time on all sorts Open Source stuff as I used to.
This is my character so far. It is actually now pretty easy to get WoW running under Linux with WINE.
But at work I have tried to update our Instiki installation to the newest 0.11 version which wasn’t as easy as it may sound. I finally got all the old stuff migrated and all seemed to work until we tried to proxy from our DMZ to the internal Instiki wiki. Instiki didn’t like that… I is some time ago now so I dont have the error message. But if I stumble upon it I’ll put it here.
Instead I found a Media Wiki altered by MindTouch called dekiwiki.
The cool thing about that wiki is they made a page where you can get you own public readable wiki, I already made my own at emcken.wiki.com. Not much for you guys, but now have a place for all my notes and shit which usually just lie around on my disk until it dissappears in all the other mess.
2 weeks ago I attended LinuxForum both as a exhibitor with my work (Casalogic) and as a speaker. For my speach I takled about Windows integration through Samba. This was my first time talking infront of so many people and I was very nervous. Anyway I think it went very well, even thought I had trouble keeping in within the time frame. There is always something to improve but there always is. I think I can do it alot better next time, and I would like the chance to talk more in-depth about Samba and Active Directory integration. Though – first I’d like to play more with it, so I’m prepared for questions and detailed explanations.
You can find the slides I used for my presentation on the LinuxForum 2006 (slides) homepage
LinuxForum gave all speakers a little present: A Cordless screwdriver with the LinuxForum 2006 logo printed on it. VERY COOL.
For some time now I have been trying to switch to Dirvish (from rdiff-backup) mostly because you can use a limit bandwidth which is a very important factor for me. The following is an example of configuring dirvish to use a ssh tunnel to backup through.
I assume you have created a master config file /etc/dirvish/master.conf.
Lets jump right into configuring a vault /dirvish/default.conf:
client: root@localhost
tree: /
xdev: 0
index: gzip
image-default: %Y%m%d
exclude:
var/cache/apt/archives
var/cache/man
tmp
var/tmp
Note: xdev needs to be 0, not false, no, off or anything like it. (I was tricked by this because the dirvish for Debian guide uses the value true for xdev which AFAIK is wrong.
All this until now is standard dirvish stuff. Now comes the tunnel part:
pre-server: ssh -f -L 20014:rivendell:22 root@fw.emcken.dk sleep 14400
rsh: ssh -o HostKeyAlias=1114 -p 20014
pre-server is a command to run before the backup starts. The command above will create a ssh tunnel through fw.emcken.dk to rivendell on port 20014 and go into the background. The sleep 14400 keeps the tunnel open for 4 hours when idle. Don’t worry!… your backup won’t be terminated if it is still in progress after 4 hours. The tunnel will be kept open for as long as the runnel is in use. The remote execution is just an ugly hack to ensure that the tunnel is automatically closed after use.
rsh is the important stuff. The -o HostKeyAlias=1114 makes us able to connect to localhost without being told that someone might be trying to do a ‘man-in-the-middle attack’ and refuse to connect to the tunnel. But to use HostKeyAlias we need to specify this in /root/.ssh/config more on this further down.
-p 20014 specifies the port we want to connect to.
The following might be useful when making backups over the internet:
zxfer: true
speed-limit: 90
zxfer compress all data transmitted and speed-limit limits the bandwidth that dirvish will use.
Now to complete the setup the machine being backed up is defined in /root/.ssh/config:
Host rivendell
Port 20014
HostKeyAlias 1114
This is placed in root’s home dir because (on my system) root (cron) runs my backups. It is possible to create a separate user for it but I didn’t think it nessesary.
Now when you have copied your public ssh key to the machine that is going to be backed up, you are all set.
The last couple of days I have tinkered with a new antivirus / antispam server at work. Its foundation is a Debian Sarge running Postfix, Spamassassin, ClamAV through Amavis-ng (Amavis is installed from current unstable) and of top if it all mailgraph.
All packages was taken from the stable Debian release – Sarge, except of amavis-ng which does not exist in Sarge. This package was instead downloaded from unstable… fortunately it had no dependencies from unstable what so ever.
The documentation on the Spamassassin homepage is great which is just the opposite for amavis-ng which seems non-exsisting. The configuration file shipped with Debian makes up for the lack of documentation. It seems that amavis-ng should be a (more modular) reimplementation of amavisd-new. Even though people on the mailinglists recommend amavisd-new 
I have a serious problem keeping my hands off the bleeding edge stuff so I couldn’t resist installing amavis-ng. I have tried using it before, but at that time I couldn’t make it fork (it became a serious bottleneck). I’m not saying that it didn’t work, it might as well hav been me. Though I cannot seem to find the difference from my previous installation and my new one. Anyway it seems to fork correctly in this new installation and to test the virus filter I recommend this web site
The reason why I write this entry is because I made some changes to mailgrap to make it work the way I wanted.
Read on to see what (small) changes I made.
› Continue reading
After I stumbled upon the cool Markdown syntax and the Markdown text parser, some time ago. I have been looking for a wiki system which uses this cool syntax. We use a wiki system at work to document customer setups in, and a wiki with a decent syntax would be nice.
A guy has made PHP Markdown an port of Markdown to PHP and I hoped it would be easy to find a wiki system using markdown syntax. So far I only found Instiki who lives up to this demand fully, which works very well under Ubuntu.
Other wikis – like DokuWiki – are able to use markdown as a rendering plugin but it never feels fully integraded.
With DokuWiki you need to wrap you text in tags like this:
text with markdown syntax here
… and why would I want to do that on every page I create?
Another thing that turned me away from DokuWiki was the fact that I wasn’t able to make it work
Thought I find Instiki really cool it has it’s drawbacks too:
- The first I noticed was that it is written in ruby.
Not that that Ruby is a bad thing but I would have prefeered a wiki system in PHP
so I would understand the code myself. This I can live with.
- The fact that it is written in Ruby, makes unable to run it on port 80 where my
Apache server is running. Perhapes I would be able to solve this using some sort of
proxy thing with Apache. Requsts on a certain domains/page gets forwarded to
another port (for Instiki that would be 2500)… I think this is also the way Zope
usually works. If this would endeed work I could live with that. I havn’t searched
for this “problem” on their website though…
- I’m not able to upload files not even images and that is a thing I cannot live without.
When image (file) upload enters Instiki it will contain all I need for a great wiki. I trust they will implement it in a good way… all the other things they made is.
It would be cool if I could use the syntax in my weblog… but that is only a matter of doing a little footwork.
At work I have been working on some graphics for an OpenOffice.org CD production. But the graphics for print needs to be delivered in TIFF CMYK format. For this I found a CMYK plug-in for GIMP.
The installation is a bit tricky for GIMP 2.0 under Linux (haven’t tried the other versions/platforms).
First the installation guide doesn’t mention GIMP 2.0 for Linux second it differs from the 1.2 installation guide.
The binary provided in the file for GIMP 2.0 under Linux isn’t compiled for GIMP 2.0 but for the development version 1.3. This means that you either have to make symlinks on your system for the plug-in to hit the correct libs, or compile yourself.
I compiled the source myself and installed the plug-in i my .gimp-2.0/plug-ins/-dir because I don’t like to tinker to much with filesystem outside /home.
To compile you need the following dev-libs:
rohan:~# apt-get install libgimp2.0-dev liblcms1-dev libtiff4-dev
I also had to modify the Makefile to use GIMP 2.0 libs instead of 1.3.
The GIMP 1.2 installation also mentions the file: sRGB Color Space Profile.icm
But this file isn’t provided by the GIMP 2.0 files you can download on the homepage. I found the file in the download for GIMP 1.2 instead.
I would be nice if the plug-in was provided by a Debian package.
… working on a Aptus server which I have to have ready tomorrow for at customer. It serves so called ‘fit clients’, and I like the concept… though I wouldn’t (probably never) trade my favorite distro…. Debian
Aptus only works with distos like SUSE and Redhat.
Well…. hurray!
It works – everybody cheering – I must be tired.
I’ll better finish this up so I can get home and get some sleep.