Author: termina

Ubuntu One Review

I’ve been using Dropbox since the service launched and have overall been very happy with it. My only complaint was that if you decide to pay there are only two tiers available: 50 and 100GB. ($99 and $199 a year respectively).

Having tried Ubuntu One when it first came out (when you could only use it on Linux) I was hesitant to try again. Checking out their website I was pleasantly surprised to see that we get 5GB free (compared to DropBox’s 2GB) and that getting 20GB was only $29 a year (or $2.99 a month). However, they still do not have a Windows client!

The first thing I did was install it on my Android phone. After it installed, I opened it and was greeted by a very clean looking interface. Unfortunately that was mostly illusion for as soon as I clicked ‘Log In’ it took me away from the app and opened up the default web browser to one.ubuntu.com

To make it even worse, the browser window just displayed an error of ‘Something has gone wrong’. Three more attempts, each time an error. Attempting to use their website on my laptop showed frequent timeouts at this same time.

Wow… really? That certainly raises a red flag.

After giving up for the night, the next morning I tried again and it worked on the first try.

After authenticating, it gives me the option to upload all past and future photos, all future photos or none.

Much like Photobucket the “auto-upload” does NOT allow you to define directories to grab images from, making the feature next to worthless if you use any apps that download photos to your phone. In fact the only options for the auto-upload are a checkbox to enable/disable and how quickly you want it to start uploading your photos when it detects them.

Pros:

  • 5GB of storage (compared to 2GB dropbox)
  • Finally has support for other devices
  • Cheaper upgrade option (compared to dropbox)

Cons:

  • Poorly made app (relies on web browser, doesn’t work half the time…)
  • Auto-upload is a tacked on feature with no way to customize
  • Unreliable website
  • Still no windows client? It’s been 2+ years!

Conclusion

Avoid Ubuntu One.

Unlike Dropbox (which supports every OS I’ve thrown at it) you will be unable to use Ubuntu One while you’re at work/school assuming they run Windows. Same for OSX.

Their Android app is flaky and still needs quite a bit of work. Their website was having difficulties which does not bode well for their infrastructure.

If you have your files “in the cloud” you want to be guaranteed you will be able to access them.

To sum it up: Ubuntu One isn’t worth it, even when you’re using the Free plan.

LDAP User Add Script

A bug with phpldapadmin in Ubuntu 10.04 has forced me to find other ways to add a generic Linux account to LDAP.

This consists of three files; I keep them in /root/ldap and have a symlink to add_ldap_user.sh in /usr/local/bin

add_ldap_user.sh Script

last.uid The last used UID, auto-incriments

user.ldif Sample linux account in LDIF format

add_ldap_user.sh


#!/bin/bash
NEWUID=`cat /root/ldap/last.uid`
echo -ne "First Name: "
read FIRST
echo -ne "Last Name: "
read LAST
echo -ne "User Name: "
read USERNAME

sed “s/FIRST/`echo $FIRST`/g” /root/ldap/user.ldif > /root/ldap/temp
sed “s/LAST/`echo $LAST`/g” /root/ldap/temp > /root/ldap/temp2
sed “s/USERNAME/`echo $USERNAME`/g” /root/ldap/temp2 > /root/ldap/temp
sed “s/USERUID/`echo $NEWUID`/g” /root/ldap/temp > /root/ldap/temp2

ldapadd -x -w`cat /etc/ldap.secret` -D “cn=admin,dc=YOUR,dc=HOSTNAME” < /root/ldap/temp2
echo `expr $NEWUID + 1` > /root/ldap/last.uid
rm /root/ldap/temp
rm /root/ldap/temp2
passwd $USERNAME

user.ldif


dn: cn=FIRST LAST,ou=People,dc=YOUR,dc=HOSTNAME
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
givenName: FIRST
sn: LAST
cn: FIRST LAST
uid: USERNAME
userPassword: {MD5}QaJUwABOZ6gUsv/xOD/FOQ==
gidNumber: 100
homeDirectory: /home/USERNAME
loginShell: /bin/bash
uidNumber: USERUID

last.uid

1900

Note that because the LDIF contains a place-holder password, you must be able to run ‘passwd LDAP-USER’ on the host you are running this on.

OpenSolaris mod_bw Apache2 Bandwidth Limiting

Install needed software

pkg install gsed wget SUNWapch22 sunstudioexpress

Yes, sunstudioexpress is really necessary. gcc will NOT work with mod_bw.
Download mod_bw

cd /tmp
wget http://ivn.cl/files/source/mod_bw-0.8.tgz
gunzip mod_bw-0.8.tgz
tar xf mod_bw-0.8.tar
cd mod_bw

Build/install the module. We need to make sure the SunStudioExpress binaries are chosen before anything else, so add it to the beginning of PATH.

export PATH=/opt/SunStudioExpress/bin:$PATH

We also need to make a symlink to /usr/ucb/echo (this is a bug with the apxs included in opensolaris, not with mod_bw)

mkdir /usr/ucb
ln -s /usr/bin/echo /usr/ucb/echo

Now cross your fingers and build the module

/usr/apache2/2.2/bin/apxs -i -a -c mod_bw.c

If it complains about .h files, you can find them here:

/usr/apache2/2.2/include
/usr/apr/1.3/include
/usr/apr-util/1.3/include

Once apxs finishes, it should automatically add the following entry to /etc/apache2/2.2/conf.d/modules-32.load

LoadModule bw_module          /var/apache2/2.2/libexec/mod_bw.so

Add the following to /etc/apache2/2.2/httpd.conf

BandWidthModule On

BandWidth all 40000

MinBandWidth all 10000

ForceBandWidthModule On

Restart apache2 and check on it’s status

svcadm restart apache22

svcs -a | grep apache22

online          1:55:27 svc:/network/http:apache22

If it’s in maintenance mode, check the log file

/var/svc/log/network-http:apache22.log

Automate Restart of D-Link DCS-900 Cameras

I have some older D-Link DCS-900 cameras being used with ZoneMinder for a security system at home.

While these cameras are normally very stable (no lock-ups for weeks or months at a time) it still happens. To make things work more smoothly, I decided to find a way to restart the devices with cron.

I decided to have the cameras be reset twice a month (on the 1st and 15th of each month at 4am).


crontab -e

0 4 1,15 * * wget –http-user=admin –http-password=YOUR-PASSWORD -O /dev/null –post-data=”Reset= Yes ” http://camera1/Reply.html

 

You can remove the –http-user and –http-password sections if you do not have an admin user/password set.

Ubuntu 9.10 PXE Boot

Ubuntu 9.10 uses initrd.lz instead of initrd.gz, so PXE booting like you did in previous versions does not work.

This article assumes you’ve already downloaded the iso and have a working PXE boot server.

First, copy the contents of the iso to a directory we can work with


mkdir /tmp/910

mount -o loop ubuntu-9.10-desktop-i386.iso /tmp/910

cp -r /tmp/910 /tftpboot

Convert initrd.lz to initrd.gz


cd /tftpboot/910/casper

mkdir initrd

cp initrd.lz initrd

cd initrd

lzma -dc -S .lz initrd.lz | cpio -id

rm initrd.lz

find . | cpio –quiet –dereference -o -H newc | gzip -9 > initrd.gz

cp initrd.gz /tftpboot/910/casper

Now add the appropriate lines to pxelinux (Example: /tftpboot/pxelinux.cfg/default)


LABEL Ubuntu 9.10 i386 Unmodified Livecd
KERNEL 910/casper/vmlinuz
APPEND root=/dev/nfs boot=casper netboot=nfs nfsroot=192.168.0.1:/home/tftpboot/910 initrd=910/casper/initrd.gz quiet splash --

Make sure /tftpboot is shared via nfs; in /etc/exports add the following line


/tftpboot/910 192.168.0.0/24(rw,async,no_subtree_check)

Reload the NFS server

/etc/init.d/nfs-kernel-server reload

OpenSolaris LDAP Client to Linux OpenLDAP Server

The following outlines how to set up a OpenSolaris client to work with a Linux OpenLDAP server.

The following is one line

ldapclient manual -a credentialLevel=proxy -a authenticationMethod=simple -a proxyDN=cn=admin,dc=server -a proxyPassword=yourpassword -a defaultSearchBase=dc=server -a defaultServerList=192.168.1.1:389 -a serviceSearchDescriptor=passwd:ou=People,dc=server -a
serviceSearchDescriptor=group:ou=Groups,dc=server

Add the following lines to their appropriate sections in /etc/pam.conf

login   auth required           pam_ldap.so.1
other   auth required           pam_ldap.so.1
passwd  auth required         pam_ldap.so.1

Test LDAP with

ldaplist -l passwd

Test user authentication using the following steps

mkdir /export/home/ldapuser

chown ldapuser /export/home/ldapuser

Edit /etc/auto_home and add the following BEFORE “+auto_home”

ldapuser localhost:/export/home/ldapuser

SSH to test

ssh ldapuser@localhost

You should be in! If not, you may have to change the following in /etc/ssh/sshd_config

PAMAuthenticationViaKBDInt no

#Change from yes to no

Restart SSH

svcadm restart ssh

If you are still unable to log in, your userPassword attribute probably needs to be changed from md5/md5crypt to crypt.

su – ldapuser

passwd

After changing your password you should be able to log in.

View processes (PID) using disk I/O

Install the sysstat package

apt-get install sysstat

# iostat -m
Linux 2.6.27-14-generic (slowaris)      07/28/2009      _x86_64_

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
4.88    6.65    3.03    1.49    0.00   83.95

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn

md0             221.24         0.64         0.78    1765002    2159490

We can see that I/O isn’t terribly high here, but there are 221 transfers per second going on.

To check what processes are causing I/O

echo 1 > /proc/sys/vm/block_dump

tail -f /var/log/syslog | grep md0

Jul 28 08:20:12 server kernel: [2752582.434647] kvm(17362): READ block 1017744552 on md0
Jul 28 08:20:12 server kernel: [2752582.502401] kvm(17362): READ block 615283608 on md0
Jul 28 08:20:13 server kernel: [2752582.634622] kvm(17362): READ block 1017744576 on md0
Jul 28 08:20:14 server kernel: [2752583.964709] kvm(17362): READ block 1017744608 on md0
Jul 28 08:20:14 server kernel: [2752584.372889] kvm(1868): dirtied inode 17367041 (live-default-32.img) on md0
Jul 28 08:20:14 server kernel: [2752584.372908] kvm(1868): dirtied inode 17367041 (live-default-32.img) on md0

We see that kvm is causing some disk I/O; now where know where to start investigating!

To turn off these messages

echo 0 > /proc/sys/vm/block_dump

OpenVZ on Ubuntu 8.10

Other OpenVZ Ubuntu 8.10 guides that I’ve seen have you use the old lenny repository; since this no longer exists let’s try another way!

I used a 64-bit machine; steps will be the same for 32-bit. If you have 64-bit and just want to download the kernel I used: http://bbis.us/~will/openvz-ubuntu810.tar.gz

Now let’s build the kernel.

cd /usr/src
wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.tar.bz2
tar xjf linux-2.6.27.tar.bz2
cd linux-2.6.27

wget http://download.openvz.org/kernel/branches/2.6.27/2.6.27-briullov.1/patches/patch-briullov.1-combined.gz
gunzip patch-briullov.1-combined.gz

wget http://download.openvz.org/kernel/branches/2.6.27/2.6.27-briullov.1/configs/kernel-2.6.27-x86_64.config.ovz
#OR
wget http://download.openvz.org/kernel/branches/2.6.27/2.6.27-briullov.1/configs/kernel-2.6.27-i686.config.ovz

cp kernel-2.6.27-*.config.ovz .config
patch -p1 < patch*

make oldconfig

make
make modules_install install

cd /boot
mkinitramfs -o /boot/initrd.img-2.6.27 2.6.27

vi /boot/grub/menu.lst

#Replace uuid entries with your disks uuid
title           Ubuntu 8.10 OpenVZ 2.6.27
uuid            2d5b2466-4bdf-44c7-b8e5-4d46a9f927c8
kernel          /boot/vmlinuz-2.6.27 root=UUID=2d5b2466-4bdf-44c7-b8e5-4d46a9f927c8 ro quiet splash
initrd          /boot/initrd.img-2.6.27
quiet

grub-install /dev/sda

apt-get install vzctl vzquota

reboot

If everything went according to plan, you’ll boot into your new kernel. If you get a kernel panic, or things are not working as expected, you may have to

make menuconfig

Once the kernel is working, let’s create a container.

cd /var/lib/vz/private

mkdir 1

debootstrap hardy 1

When you see:

#I: Base system installed successfully.

You can continue.

vi /etc/vz/dists/default
#Change redhat to debian OR copy ubuntu.conf to default

Create the container and set an IP

vzctl set 1 –applyconfig vps.basic –save
vzctl set 1 –ipadd 192.168.100.7 –save
vzctl set 1 –nameserver 192.168.100.1 –save

vzctl start 1

At this time you cannot enter the container. You will receive the error

Unable to open pty: No such file or directory

To fix this:

vzctl exec 1 update-rc.d -f udev remove

Restart and enter the container

vzctl restart 1

vzctl enter 1

If network doesn’t work add to /etc/sysctl.conf on server (not container):

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

Ubuntu 8.10 LDAP Server with TLS

This should also work with Ubuntu 9.04

apt-get install slapd ldap-utils libnss-ldap libpam-ldap migrationtools

Much like Debian, we must perform an extra step to make our changes permanent.

dpkg-reconfigure slapd

Omit OpenLDAP server configuration? No
DNS domain name: your-server
Organization name: whatever
Database backend to use: HDB
Do you want the database to be removed when slapd is purged? No
Move old database? Yes
Admin password: <password>
Confirm: <password>
Allow LDAPv2 protocol: No

Now we will populate LDAP. You should probably add a temporary LDAP user for testing. After we populate LDAP we’ll remove it.

adduser test
cd /usr/share/migrationtools

Edit migrate_common.ph and replace “padl.com” with your domain and dc=padl,dc=com with dc=YOUR,dc=DOMAIN

./migrate_base.pl > /tmp/base.ldif

./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif

./migrate_group.pl /etc/group /tmp/group.ldif

Remove the top section of /tmp/base.ldif

dn: dc=dev
dc: dev
objectClass: top
objectClass: domain

Restart LDAP and add our information to LDAP


/etc/init.d/slapd restart

ldapadd -x -W -D 'cn=admin,dc=example,dc=net' < /tmp/base.ldif
ldapadd -x -W -D 'cn=admin,dc=example,dc=net' < /tmp/passwd.ldif
ldapadd -x -W -D 'cn=admin,dc=example,dc=net' < /tmp/group.ldif

To enable PAM I suggest


cd /tmp
wget http://st0rage.org/files/pam.d.tar
tar xf pam.d.tar -C /etc

Alternativly, you can try the following Ubuntu specific method:


auth-client-config -t nss -p lac_ldap
pam-auth-update ldap

Please note that I was unable to change user passwords with ‘passwd’ using this method.

Remove the test user

userdel test

Set up TLS Certificate

mkdir /etc/ldap/ssl
cd /etc/ldap/ssl

openssl req -new -nodes -out req.pem -keyout key.pem
#No challenge password, leave empty
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 9999
mv new.key.pem server.pem
cat ca-cert >> server.pem

Enable TLS on server

ldapmodify -x -D cn=admin,cn=config -W

Paste in the following:

dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/ssl/server.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/server.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/server.pem

Press ENTER a few times to finish modifying and then Control+C when you see:

modifying entry "cn=config"

Edit /etc/default/slapd and add

SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"

Restart slapd

/etc/init.d/slapd restart

If it fails, try:


chown -R openldap /etc/ldap/ssl
/etc/init.d/slapd restart

Client configuration

vi /etc/ldap.conf

uri ldaps://server
port 636
ssl start_tls
ssl on
tls_checkpeer no
tls_cacertfile /etc/ldap/ssl/server.pem


vi /etc/nsswitch.conf

passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: ldap

Now test! Make sure to stop nscd if you’re using it

/etc/init.d/nscd stop

Test LDAP

$ id test
uid=1001(test) gid=1001(test) groups=1001(test)

Remember to keep an eye on /var/log/auth.log if you run into any problems