Posts Tagged linux

Free DNS Hosting?

My Bluehost renewal is coming up soon and I’m really debating cancelling it. It’s like $8/month, but with my email going directly to Gmail now, this dumb blog is the only thing of note at evanhoffman.com, and I can move that anywhere. I already copied all the content to another server but I can’t find free DNS hosting anywhere. Maybe i’ll just run my own nameserver.

MAYBE!!!

, , , ,

No Comments

Running MRTG cfgmaker across your entire subnet?

I realized recently that I had a bunch of newly-provisioned VMs that weren’t being monitored by MRTG (one of the tools we use to monitor network usage and other fun stats). Rather than manually run cfgmaker against all the new machines, I decided to script my way out of this.

Read the rest of this entry »

, , , , , ,

No Comments

Victory! Change Active Directory Password via LDAP through browser

I had to give up on PHP and go to Perl, but it turned out not to be so bad. Users can now change their Active Directory passwords via a self-service web page that doesn’t require admin credentials. The Perl code is below.  Authentication to the script is done via .htaccess LDAP authentication, so the REMOTE_USER env variable is assumed to contain the user’s username (sAMAccountName) by the time this script is called.  There is a simple check for $ENV{HTTPS} to ensure the script is called via SSL, and AD requires password changes to be done via ldaps, so the whole thing should be encrypted end to end.

Read the rest of this entry »

, , , , , , , , , , ,

No Comments

LDAP-Active Directory authentication, Part 3

So I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server).

With that piece of the puzzle largely solved, I moved on to another: how will users change their passwords (which are all stored in Active Directory)? For users running Windows this is pretty trivial — they can do it right in Windows when they’re logged into the domain. But what about Linux users? I figured the easiest thing to do would be to make a web form to do this. The user would login (with the http/LDAP auth I previously setup) and the form would ask for their password (twice) and update it in Active Directory. Sounds pretty simple to me. I think if this were OpenLDAP it probably would be, but being AD, it’s not.

Read the rest of this entry »

, , , , , , ,

1 Comment

Single sign-on with Linux clients and Active Directory LDAP, Part 2

Following up on my previous post, it turned out not to be as big of a deal as I’d originally expected to have Apache authenticate against AD and only allow users whose accounts weren’t disabled. In a nutshell, here’s what I did:

Read the rest of this entry »

, ,

No Comments

Single sign-on with Linux clients and Active Directory LDAP, Part 1

One project we’ve been working on for a while is single sign-on across all our servers and other services (e.g. SVN repository, a few other things). One thing I wanted to avoid, I guess for mostly religious reasons, was reliance on a Windows instance for any of our production environment. The logical part of my brain knows that people build huge websites with Windows farms and AD, but my gut still doesn’t trust it. So what I wanted to do was setup OpenLDAP as a “slave” to an Active Directory “master” and have all the LDAP info propagate over the slave whenever any changes were made in the master. I’ve done this with DNS – setup Bind as a slave to an AD server and everything basically works as I expect in a Bind-Bind master/slave scenario. Well, it turns out that it doesn’t work like that when it comes to LDAP. Apparently AD doesn’t follow the RFC for LDAP (surprise!) so many things that would be expected to work with OpenLDAP won’t.

Read the rest of this entry »

, , , ,

2 Comments

Everything works on my laptop except Bluetooth

This is pretty weird. Bluetooth worked fine under Win XP. The computer is an HP/Compaq nc8430. When I go to the Bluetooth control panel I get “Your computer does not have any Bluetooth adapters plugged in.” The weird thing is, sometimes I’ll see the bluetooth logo in the taskbar at the top, but then when I look again it’s gone and I have no idea how to get it back. When I booted it up this morning I noticed the icon was there so I ran some of the debugging tools for Bluetooth and checked dmesg and this time at least it looks like at least there’s proof that Linux CAN see the Bluetooth adapter, I just don’t get why it then stops recognizing it after just a minute or two, and a reboot doesn’t even consistently bring it back.

Read the rest of this entry »

, , , ,

No Comments

NILFS – A File system to make SSDs scream… in pain?

So I got this 128 gig Corsair SSD and put it in my laptop at work. After some fiddling I copied my old disk over to my new disk by booting to Knoppix and doing dd if=/dev/sda of=/dev/sdb bs=4k conv=notrunc,noerror. It’s a lot faster, but what’s really fast now is my Windows XP VM. Anyway, I was looking into other filesystems to try out on SSD to improve speed and I found this article claiming that NILFS is the best choice. So I decided to test it using the same ghetto test I always use for filesystem performance: dd!

Read the rest of this entry »

, , , ,

2 Comments

Error returning browse list: NT_STATUS_NOT_SUPPORTED

This is annoying. I’m attempting to get to my photos on my Win 7 desktop from my Linux laptop. It works in Win XP clients, but smbclient is failing:

[evan@ehoffman ~]$ smbclient -L //192.168.10.105/
Enter evan's password:
Domain=[EVAN-WOLFDALE7] OS=[Windows 7 Ultimate 7100] Server=[Windows 7 Ultimate 6.1]

	Sharename       Type      Comment
	---------       ----      -------
Error returning browse list: NT_STATUS_NOT_SUPPORTED
session request to 192.168.10.105 failed (Called name not present)
session request to 192 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled -- no workgroup available
[evan@ehoffman ~]$

Update: This appears to be resolved in Samba 3.4.3 (release notes). Since there’s no RPM for 3.4.2 for FC11 I downloaded the source and built it and tried the smbclient against my Win7 box and it worked fine.

, ,

5 Comments

How to install the 64-bit Sun Java plugin on 64-bit firefox on 64-bit Fedora Core 11 Linux (which happens to use 64 bits)

I’m giddy! I found this post on mozdev.org which was magical.

[evan@ehoffman ~]$ java -version
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Java HotSpot(TM) 64-Bit Server VM (build 14.3-b01, mixed mode)
[root@ehoffman plugins]# uname -a
Linux ehoffman 2.6.30.8-64.fc11.x86_64 #1 SMP Fri Sep 25 04:43:32 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
[root@ehoffman plugins]# pwd
/usr/lib64/mozilla/plugins
[root@ehoffman plugins]# ln -s /usr/java/jdk1.6.0_16/jre/lib/amd64/libnpjp2.so

The main thing I was missing was that the plugin isn’t libpluginjava_oji.so, or whatever I thought it was, but libnpjp2.so. Once I created the symlink into /usr/lib64/mozilla/plugins it worked (as verified on http://www.java.com/en/download/help/testvm.xml and http://www.java.com/en/download/installed.jsp).

That’s all it takes to get the Sun Java plugin working in Firefox on Linux.

, , , , ,

No Comments