MV

Monday, October 24, 2011

another note to self (get sound through headphones)

sound is not coming through headphone jack, only via built-in speakers on Dell Studio XPS.

After clean install of my laptop with Ubuntu 11.10 64-bit (Oneiric Ocelot), I no longer had sound through my headphones, only via the built-in speakers.

This resolved my issue:

open /etc/modprobe.d/alsa-base.conf
Add this line at the end of the file: options snd-hda-intel model=dell-m6
Logout/login and problem is solved.

Experienced this issue already in 10.10 (if my memory doesn´t let me down)

Monday, July 25, 2011

Ejabberd cluster on Ubuntu Server

Two years ago, I created a blog about the clustering of ejabberd nodes, running on OpenSolaris.

This message here has the same purpose but now running on Ubuntu Servers and linked to an openldap server. I used 9.04 (Jaunty Jackalope), but I think there shouldn't be too much changes in earlier or later versions.

I used the following setup:
3 ejabberd nodes (ejabberd1, ejabberd2, and ejabberd3)
1 OpenLDAP Server

Installation and Configuration First ejabberd



Make sure that your are logged in as root user.

1. Install ejabberd:
$ apt-get install ejabberd
2. Configure ejabberd to get users from the openldap server
* adapt /etc/ejabberd/ejabberd.cfg:

** %% Admin user: in this example the user must be listed in the LDAP
** %% Hostname
** %% List of LDAP servers: {ldap_servers, [""]}.
--> make sure that ejabberd node can reach ldap server using its
hostname (possibly adapt /etc/hosts)
** %% Encryption .. LDAP Servers (LDAPS): {ldap_encrypt, }.
--> tls, ssl, none, ...
** %% Port connect to LDAP server: {ldap_port, }.
** %% LDAP Manager: {ldap_rootdn, ""}.
--> e.g. {ldap_rootdn, "cn=admin,dc=example,dc=com"}.
** %% Password of LDAP manager: {ldap_password, ""}.
** %% LDAP attribute that holds user ID: {ldap_uids, [{"uid", "%u"}]}.

3. Modify /usr/sbin/ejabberdctl: ERLANG_NODE=ejabberd@`hostname`
--> not single quotes but back single quotes around hostname
4. Start ejabberd: /etc/init.d/ejabberd start

Check if ejabberd is running:

$ ejabberdctl status
Node ejabberd@ejabberd1 is started. Status: started
ejabberd is running


Installation and Configuration Other ejabberd Nodes



1. Install ejabberd:
$ apt-get install ejabberd
2. Copy ejabberd.cfg from first node
3. Copy ejabberdctl from first node
4. Copy /var/lib/ejabberd/.erlang.cookie from node 1 to new node.
5. Start ejabberd: /etc/init.d/ejabberd start

Check if ejabberd is running:

$ ejabberdctl status
Node ejabberd@ejabberd2 is started. Status: started
ejabberd is running


Now synchronize the databases is the tricky part. Thanks to this blog it is a piece of cake.
Just perform the steps below to synchronize the database of node 2 with the first node:

1. Start ejabberd in debug mode:
$ ejabberdctl debug
You arrive in an Erlang shell.
2. Enter the following commands:

* FirstNode = 'ejabberd@first', %%where first is the hostname of the first node (!) Make sure that the line ends with a comma, indicating that there are other commands to follow
* mnesia:stop(),
* mnesia:delete_schema([node()]),
* mnesia:start(),
* mnesia:change_config(extra_db_nodes, [FirstNode]),
* mnesia:change_table_copy_type(schema, node(), disc_copies).

3. End the debug session by pressing Ctrl-c, Ctrl-c

Your second node now runs ejabberd with the same database as on the first node.
Repeat this procedure for other ejabberd nodes which must serve the same database.

Web Interface ejabberd
----------------------
By default there is a webinterface available for ejabberd on http://:5280/admin

Log on with an LDAP user who has been added to the list of Admin users in ejabberd.cfg, login name is in the format user@domain, e.g. admin@example.com

Configuring OpenLDAP on Ubuntu Server

This message shows you how an easy setup of OpenLDAP. I configured this to test a new ejabberd clustering setup using Ubuntu Servers. So I decided why not to integrate OpenLDAP with the ejabberd cluster, which is likely a more useful setup.

Most of the documentation is taken from https://help.ubuntu.com/community/OpenLDAPServer.

Setup:
Simple Dual-core server 1024 MB RAM, running Ubuntu Server 9.04.
Make sure that you are connected to the Internet and that you are logged on as
root.

Installing the necessary packages:
* Install the following packages:
** slapd: ldap server daemon
** ldap-utils: ldap utilities
** db4.2-util: ?, not sure if this one is necessary

When installing these packages you will be asked for a password for the LDAP
directory administrator, which is not the root password of the server on which
you're installing OpenLDAP.

Reconfigure the LDAP tree:

$ dpkg-reconfigure slapd
Omit OpenLDAP server configuration? ... No
DNS domain name: ... example.com
Name of your organization: ... Whatever & Co
Admin Password: ******
Confirm Password: ******
OK
BDB
Do you want your database to be removed when slapd is purged? ... No
Move old database? ... Yes
Allow LDAPv2 Protocol? ... No


Check if ldap works:

$ ldapsearch -x -b dc=example,dc=com


Generate an encrypted password with slappasswd:

$ slappasswd
New password:
Re-enter password:
{SSHA}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m


This example shows what happens when using "secret" for the password, but your
result may vary!

Create the file /etc/ldap/slapd.conf and add the following content:


suffix "dc=example,dc=com"
directory "/var/lib/ldap"
rootdn "cn=admin,dc=example,dc=com"
rootpw {SSHA}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m


As root password use the generated password with the slappasswd tool.

Edit the file /etc/ldap/ldap.conf and uncomment the following line:


BASE dc=example,dc=com


Restart the LDAP service:

/etc/init.d/slapd restart


Populating the LDAP Tree
------------------------
Now that your LDAP directory is ready, you can start populating it. This will
be a 'classical' entry intended to be very compatible with Unix accounts
(posix), directories (like addressbooks), and classical accounts (for web
applications). But really it's just a starting point.

An LDAP directory can be fed with a ldif file ("ldap directory interchange
format" file). Create this file init.ldif somewhere on your system:


dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: Example Dot Com

dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=loboloco,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: loboloco
sn: Loco
givenName: Lobo
cn: Lobo Loco
displayName: Lobo Loco
uidNumber: 1000
gidNumber: 10000
userPassword:
gecos: Lobo Loco
loginShell: /bin/bash
homeDirectory: /home/lobo
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: lobo.loco@example.com
postalCode: 31000
l: Brussels
o: Example
mobile: +32 (0)3 xxx xx xx
homePhone: +32 (0)475 xxx xxx
title: System Administrator
postalAddress:
initials: LL

dn: cn=example,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: example
memberUid: loboloco
gidNumber: 10000

dn: cn=example2,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: example2
gidNumber: 10001


In the example above, the directory structure, a user and group have been
defined. In other examples you might see the objectClass: top added in every
entry, but that is default behavior so you don't have to add it explicitly.

As with the LDAP root password, these passwords can be generated with
slappasswd using the MD5 or CRYPT hashing scheme. See man slappasswd).


Examples slappasswd:
(http://www.zytrax.com/books/ldap/ch14/)
Generate an SSHA password suitable for use as rootpw (in slapd.conf) or for use in a LDIF file for userPassword or authPassword attributes.


# no options required
slappasswd

# prompts twice for password string and then outputs
{SSHA}kjhfhfehflejhfvlldkl

# save to a file using normal re-direction
slapppasswd > /tmp/slappassword

# generate {SSHA} encoding of password secret
slappasswd -s secret

# generate {MD5) encoding of password secret
slappasswd -s secret -h {MD5}


To place the output in LDIF or slapd.conf, save to a file and copy, paste to
relevant file if GUI editing tools are being used. If vi is being used,
navigate to location in file where password is to be inserted then use :r
!slappasswd [opts] - this runs the command and inserts stdout into editing file at last cursor position. Alternatively save the output of slappasswd to a file, navigate to insert location in vi and execute :r /path/to/file - inserts file
contents into last cursor location.

When you're done, write and close the file.

Now, add your entries to the LDAP:

stop LDAP daemon: /etc/init.d/slapd stop

delete the content that was automatically added at installation:
rm -rf /var/lib/ldap/*

add the new content: slapadd -l init.ldif

correct permissions on the database:
chown -R openldap:openldap /var/lib/ldap

start LDAP daemon: /etc/init.d/slapd start

Your LDAP Server is up and running.

Wednesday, June 22, 2011

startup script ubuntu

When creating a new script to be executed at the startup of Ubuntu, create a script in /etc/init.d

For example 'foo', google for examples of startup scripts, can be anything...

Make the script executable: sudo chmod +x foo

And finally update the list of startup scripts: sudo update-rc.d foo defaults

Simple as that.

Tuesday, May 17, 2011

Increase duration of ringtones

When you get a call on your mobile, the duration of the dialing tone is 15s for most of the Belgian mobile providers before forwarding to voice mail. For some people this is too short, so here's a list how you can increase the dialing tone for the various Belgian mobile providers. Just enter the code and press the dial button to activate the new duration. In the examples I set the duration to 30s.

Proximus: **61*+32475151516*11*30# or **61*+32475151516**30#
Base: **61*+32486191933**30# or *61*+32486191933**30#
Mobistar: **61*5555**30#
Telenet: **61*5555**30#

Apparently for Proximus you can only use this code if you have post-paid formula, with Pay-And-Go (pre-paid) numbers the codes don't work.

Thursday, February 3, 2011

ssh with passphrase authentication

i need to ssh quite a lot and i'm getting tired of always entering my password, so I finally decided to make use of the passphrase authentication.

By far this is the easiest way:
ssh-copy-id -i path/to/id_rsa.pub user@ipaddress

You can do this also manually, which is does the same as the ssh-copy-id command:

1. Check if you have already an rsa key-pair in ~/.ssh directory. You should have the files id_rsa and id_rsa.pub (or another name-combo, f.e. loboloco and loboloco.pub)
If there isn't such a file combo, proceed with the next step, otherwise skip to step 3.
2. first generate an rsa key-pair on your local machine in ~/.ssh:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dewolfth/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/loboloco/.ssh/id_rsa.
Your public key has been saved in /home/loboloco/.ssh/id_rsa.pub.
The key fingerprint is:
d9:c5:65:7d:6b:38:fe:a2:d5:d4:d9:fc:c9:88:a9:01 loboloco@blackfrancis
The key's randomart image is:
+--[ RSA 2048]----+
| o. |
| . o o|
| o . o|
| o . o ++|
| ES . . oo+|
| . o.= o|
| . o o.+.|
| o .. . |
| . .. . |
+-----------------+
loboloco@blackfrancis:~$

3. Copy the .pub file to the destination server (scp, rsync)
4. Connect to the server via ssh
5. Copy the .pub file to the file ~/.ssh/authorized_keys: cat id_rsa.pub >> .ssh/authorized_keys

That should be it, when you connect again you won't have to enter your password anymore. Very handy if you have to commit code via ssh.

Wednesday, January 19, 2011

EID card reader on Ubuntu... what a mess

Installing a card reader on ubuntu isn't that hard, there exists even good documentation... but Ubuntu seems to mess up the middleware with some updates, kernel updates seem to be most likely.

So each time I need my card reader (let's say 1 time every three months), it has become out of order when trying to connect to a site with my EID, giving either error:

"ssl_error_handshake_failure_alert" or "ssl_error_bad_cert_alert"

This is what helps for me:

A. Reinstall middleware:
1. Download the middleware: here
If the link doesn't work, try this page (in Dutch) which contains a link to the binary.
2. Unpack the .tgz file: tar xvf beid-middlew...tgz
3. cd install
4. Execute "sudo ./install.sh" and follow the instructions. The execution can end with the following lines:

libqtgui4 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
./install.sh: 390: [[: not found
checking pcscd running...
./install.sh: 390: [[: not found
./install.sh: 390: [[: not found
Follow the instructions in the documentation to:
- register the software in Firefox.
- set the environment variable MOZILLA_CERTIFICATE_FOLDER

Please read the README file and licensing information for more information about
libraries this software and the software it is depending on


Try again in Firefox to connect to site with EID.

B. Certificate issues
1. uninstall the beid add-on in firefox, if already installed.
2. Open Firefox
3. Go to this page.
4. Click "Add to firefox".
5. Click "Install Now"
6. Restart firefox.
7. Go to Edit > Preferences > Advanced > Encryption and click View Certificates
8. On Authorities tab, select Belgium CA Root certificate and click Edit.
9. Select the 3 available options and click OK until you return to firefox.
10. Restart firefox to complete the update.

Hooray for ubuntu updates... next time take care of the middleware