Tuesday, October 6, 2009

Apple Snow Leopard Rant

I recently became an OS X server admin and after the first week I want to share my opinion of this "marvel" as some people want to call it.

This is a post that I wrote on the Apple Discussions.
Ok, so my school bought a brand spanking new xserve, and I started configuring it. After the initial setup, I mounted my linux NFS export to the xserve. The way I did it coming from a Linux background is: I created a folder on / and then mounted by NFS my linux exported folder. After a few seconds, I press command-shift+G and type / and there it is. I can access the folder perfectly.

Then I exported all my users from my Ubuntu LDAP server (850 of them) in an LDIF format and tried to import them using this thing called Workgroup Management. What do you know, it does not accept the LDIF format!!! I then exported the users to a standard CSV file, used that WGM again to do the mapping of the fields to the CSV file and pressed import but to no avail. Countless of hours later, I come to find out that the only way to import into an Open Directory server I needed to purchase this other software called Passenger. $$$ later, I exported all my users to a format that is only readable by OD. The information was VERY basic. Full name, short name (which I guess in the Mac world is username), userID, primary groupID and the most important homeDirectory. All passwords were set to type crypt and the same one word. My user structure is pretty simple. All teachers have a home directory at
/ldaphomes/teachers/username
students have
ldaphomes/students/username

Now the next step was to figure out if I had to create a static entry on each client computer in /etc/fstab (around 80 laptops and iMacs) or use automount using AFP. I opened up some other nice GUI called server admin and went to sharing. Then I clicked a butting called share points, selected the drive I had mounted earlier with NFS, click the checkbox to use this for user homes, enabled guest access as it was suggested by the countless mac geniuses, clicked OK and everything seemed to work good.

So I fired up an 10.6 MacBook Pro set it up as an OD client, put in a domain username and password and it logged in. It worked, but the documents of the user were not showing up. I dropped down to the terminal and did a pwd. The result was /ldaphomes/teachers/username ...What happened?

Back at the server, I go the the user's account and saw that there are 2 home directories listed in the LDAP record. /ldaphomes/teachers/username and another with an afp://\server/.../ldaphomes/username .....Why did this get imported wrong? I tried to change it but I could not.

A few hours went by playing around with AFP until eventually the server crapped out. Ever since I can only be logged on the server with ARD for a few hours and then it crashes. I can ping the server but I cannot control it or ssh to it. I need to do a hard reset to get back in. Has anyone that is still reading experienced something like this? I have not mentioned DNS but host ip-address works and hostname works too.


My Linux servers have been sharing network drives over 6TB each on my network for over 3 years. The only time I had a problem with network folders was when the power went out and the server sis not boot up. There I had an NFS stale drive. Reboot clients and everything is perfect.

This stupid AFP protocol is totally useless. It is the lease reliable network sharing protocol that I have worked with. Sometimes the shares are there, sometimes they are not and sometimes they never appear. NFS will always be available, hell even samba is reliable. I would rather work with 100 virus stiken, spyware crippled windows 98 machines than try to share folders between 2 Apple computers using AFP.

I set up an Ubuntu LDAP server with 900 users in 3 days using only the command line but with "the most advance server" OS X 10.6 it still has not happened.

Why do people waste upwards of 7k on a server that is worse than a self build $1500 Linux server? Is it the nice shiny silver box? The nice GUIs that dont work? The "Mac Geniuses" that are always helping some teenager transfer settings on their iPod? The Apple help docs that tell you what checkbox to check but never explain what the hell that checkbox does?

So I guess if you have the money to waste, send it to me and I will send you back a nice powerful Linux server and I promise I will paint a nice Penguin on the side eating an apple.

Tuesday, April 28, 2009

Setup Ubuntu 9.04 as an LDAP Client

So the new Ubuntu version is out and it looks much more refined and polished than any before and could be used as a windows replacement for desktop applications like office, checking email and surfing.

I had a Dell Precision 530 lying around and I tried to install it but there was no video. The video card that came with the box was an ATI FireGL2 128MB. After a couple of hours of trying to find a workaround, I tossed the card and installed a GeForce MX2 and everything installed fine.

The new theme and images, notifications and fell is great. As an adventurous person though, I wanted to make this machine an LDAP Client since all 900 users of my network are on an LDAP server. Installing webmin and configuring an LDAP client did not work, so I found the official documentation here and followed it completely.

I was not surprised to see that it did not work. Apparently, Canonical and the Ubuntu developers do not feel that LDAP is something that needs to work on Ubuntu distributions. I wish we did not have to jump through hoops to get LDAP working.

To get it to work perform the following
sudo pico /etrc/ldap.conf

Find this line
uri ldapi:///xxx.xxx.xxx.xxx

And change to this
uri ldap://xxx.xxx.xxx.xxx

The solution seems very simple but it took me a day to figure it out. Hope this works for anyone with the same problem.

Tuesday, March 24, 2009

Adobe Flash 10 64 bit on Ubuntu 8.04 Working

If you are reading this, you are most probably trying to get flash 10 working on your 64 bit Ubuntu System. I followed a bunch of tutorials, downloaded a bunch of .sh scripts that claim to be working and do the installation automatically. This specific script:
#!/bin/bash
# Script created by
# Romeo-Adrian Cioaba romeo.cioaba@spotonearth.com

echo "Stopping any Firefox that might be running"
sudo killall -9 firefox

echo "Removing any other flash plugin previously installed:"
sudo apt-get remove -y --purge flashplugin-nonfree gnash gnash-common mozilla-plugin-gnash swfdec-mozilla libflashsupport nspluginwrapper
sudo rm -f /usr/lib/mozilla/plugins/*flash*
sudo rm -f ~/.mozilla/plugins/*flash*
sudo rm -f /usr/lib/firefox/plugins/*flash*
sudo rm -f /usr/lib/firefox-addons/plugins/*flash*
sudo rm -rfd /usr/lib/nspluginwrapper


echo "Installing Flash Player 10"
cd ~
wget http://download.macromedia.com/pub/labs/flashplayer10/libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz
tar zxvf libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz
sudo cp libflashplayer.so /usr/lib/mozilla/plugins/

echo "Linking the libraries so Firefox and apps depending on XULRunner (vuze, liferea, rsswol) can find it."
sudo ln -sf /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/firefox-addons/plugins/
sudo ln -sf /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/xulrunner-addons/plugins/

# now doing some cleaning up:
sudo rm -rf libflashplayer.so
sudo rm -rf libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz

claims just that. But it does not work. Here is the original post. I have an edubuntu server 64 bit and I was trying to get it to work for a while but this script only downloads the plugin.

To get it to work after you run it, you need to open a terminal window and type firefox. When Firefox loads, you will see some errors like
failed to initialize shared library /usr/lib/mozilla/plugins/libflashplayer.so [libnss3.so: cannot open shared object file: No such file or directory]


Run the following
sudo apt-get install libnss3-0d libnss3-1d libnspr4-0d
sudo killall -9 firefox

After you start firefox again everything should be ok.

Wednesday, January 28, 2009

Ubuntu 8.04 LDAP Server with Edubuntu 8.04 LTSP servers as clients

In one of my previous posts,I tried to explain how I would setup an LDAP server on ubuntu 8.04 32Bit and two Edubuntu 8.04 Servers. After a month of testing and setup, I believe it is working almost perfectly. Following is the way I set everything up.

First, the LDAP server is installed on a DELL Poweredge 2500 with 6 SCSI 36GB drives on a RAID-5 array. The OS was install with the LAMP package and webmin was added later. The next item on the list was the LDAP server. After a lot of research, I stumbled upon this
site. I would like to extend my thanks to the author of this package. Following the instructions on that site, I installed the server which was OpenLDAP 2.4.9. I run into an issue getting the sambaID of the machine but after a search on Google, the issue was resolved.

Second, I built 2 servers for my Edubuntu installations, which are used as LDP clients. Specs are:
RAM 8GB Reg
CPU XEON Quadcore 2.33 12M
RAID 3Ware 9650 S
HD 4 500GB Seagate 32M Cache
MB Asus DSBV-DX

On the first I installed Edubuntu 8.04 32bit and on the second Edubuntu 8.04 64bit. Why? Well I am a masochist and like to run into as many problems as possible.

Third, I realized that I needed a central storage solution for all my users (about 1000 users). The 1.5TB on each server is sufficient for this amount and for the current usage which is web browsing and word processing. For other uses though, like video downloads, and video editing, I needed more storage space. The Dell Powervault MD1000 was perfect for the job. I placed 15 SATA Seagates 500GB in it and created a RAID 5 array. The total is ~6TB of storage. Some will argue that it is better to have a RAID 10 or 0+1 or 1+0 but I had a drive fail on it already and there is almost no down time. The MD1000 was attached on the 64bit box with a PERC5.

The drive was shared as an NFS export. This is a line in /etc/exports
/ldaphomes 192.168.xxx.xxx(rw,sync,no_subtree_check,no_root_squash) 192.168.xxx.xxx(rw,sync,no_subtree_check)


Make sure that you have the option no_root_squash there for the LDAP server in order to get root permissions. You will need those when you are creating users. On each of "clients", I modified /etc/fstab to include the following:
192.168.xxx.xxx:/ldaphomes /ldaphomes nfs rw,hard,intr 0 0

Make sure that you have an empty directory on each client of course at /ldaphomes

Next, I run the install script from the link above (majen.net) to configure the LDAP clients. Also, there is a perfect guide here. Webmin was installed on both LDAP clients. This does not complete the job though. I had to go to the webmin interface on all the server (including the LDAP server) and go to "System"->"LDAP Client". On that page, click "Validate Configuration" or "Configure as LDAP client".

Now, we need to create the users. On the LDAP server, open a terminal. The scripts are located in /usr/sbin
/usr/sbin/smbldap-groupadd
/usr/sbin/smbldap-groupdel
/usr/sbin/smbldap-groupmod
/usr/sbin/smbldap-groupshow
/usr/sbin/smbldap-passwd
/usr/sbin/smbldap-populate
/usr/sbin/smbldap-useradd
/usr/sbin/smbldap-userdel
/usr/sbin/smbldap-userinfo
/usr/sbin/smbldap-userlist
/usr/sbin/smbldap-usermod
/usr/sbin/smbldap-usershow
/usr/share/smbldap-configure

Each of these scripts has a vary detailed man page. Ex:
man smbldap-useradd

To add a user type the following:
sudo smbldap-useradd -d /ldaphomes/<username> -m -a -g -P

You can view the arguments in the man page.

Finally, attach up to 30-35 thin clients on each server, fire them up and everything should work. In this setup I have about 70 users working concurrently with only a few issues. The most frequent issue is when the user turns off the thin client without logging off. This does not kill the running processes and when the user logs back in some applications like Firefox are already running. To resolve this, read on of my previous posts and use the script there to logoof the user from the command line.

The next problem that I wish to solve, and I would appreciate any comments, is that I cannot add any Windows clients on the LDAP server. I run sudo smbldap-useradd -w and the workstation is added. When I try to add the windows box to the domain, it fails.

My Blog List