tag:blogger.com,1999:blog-41632965532734141612024-03-14T12:03:04.679-04:00The Diary of an IT ManOpen source all the way!!!Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-4163296553273414161.post-74486462696847546152016-01-29T13:43:00.003-05:002016-01-29T13:43:41.677-05:00Goodbye Java plugin - You will not be missed<div dir="ltr" style="text-align: left;" trbidi="on">
Wonderful news: http://www.bbc.com/news/technology-35427685<br />
<br />
<br /></div>
Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-36365931692059916112014-07-25T19:21:00.001-04:002014-07-25T19:23:03.533-04:00Freeradius Access By SSID<div dir="ltr" style="text-align: left;" trbidi="on">
I use the Meraki products for wireless and they were supposed to be the super-advanced-easy-interface-with-custom-configuration-no-issue APs with cloud manager, MDM, 600 horse power, 4wd, etc, etc.<br />
<br />
If you need to setup a wireless network with a few SSIDs and all your users have the same access, then it works. If you also want to have your users limited to one device, it works too. But if you need certain users to have limited access and certain users to have regular access then good luck. The only option available on the Meraki system is to assign policies per device. Therefore, if you have devices that multiple users use, then you are out of luck.<br />
<br />
I had an SSID set and then I configured a Freeradius server and everyone authenticated using the Radius server that connected to a MySQL database and pulled user info.<br />
<br />
Since I work in a school, I wanted to have different access for Staff and different access for Students. The Meraki support team told me that it is not possible to assign policies on a per username basis even if you have Active Directory, LDAP or Radius.<br />
<br />
So, after a lot of searching I figured out a way to do it through the Freeradius server. It turned out to be pretty simple in the end.<br />
<br />
First in the policy.conf file you add the following:<br />
<br />
<blockquote class="tr_bq">
<div class="p1">
rewrite_called_station_to_ssid {</div>
<div class="p1">
if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-$</div>
<div class="p1">
update request {</div>
<div class="p1">
Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"</div>
<div class="p1">
Called-Station-SSID := "%{7}"</div>
<div class="p1">
}</div>
<div class="p1">
}</div>
<div class="p1">
else {</div>
<div class="p1">
noop</div>
<div class="p1">
}</div>
<div class="p1">
}</div>
</blockquote>
When the client sends an authorization request to the radius server, the packet has the attribute of Called-Station-Id and the value of the mac address of the AP then ":" and then the SSID that the user is trying to authenticate to. View <a href="http://wiki.freeradius.org/guide/Mac-Auth" target="_blank">here</a> the complete instructions. So what that does is to split the value into the mac address of the AP and the SSID in two. The SSID is saved in the Called-Station-SSID.<br />
<br />
Then in the dictionary file (it should be in the freeradius directory), add<br />
<blockquote class="tr_bq">
<pre>ATTRIBUTE Called-Station-SSID 3010 string</pre>
</blockquote>
Then open up the file sites-enabled/default. In that file there are sections separated with {}. Find the section authorize and add<br />
<blockquote class="tr_bq">
<pre>rewrite_called_station_id</pre>
</blockquote>
after the preprocess.<br />
<br />
Next add a table in your database with 2 columns; groupname and groupssid. Then add this to the file sites-enabled/default in the post_auth section:<br />
<br />
<blockquote class="tr_bq">
if("%{sql:SELECT COUNT(*) FROM radusergroup,radgroupssid WHERE radusergroup.groupname = radgroupssid.groupname and radusergroup.username= '%{User-Name}' AND radusergroup.groupname='Staff' and radgroupssid.ssid= '%{Called-Station-SSID}'} >0"){<br />
ok<br />
}<br />
else {<br />
reject<br />
}<br />
sql</blockquote>
<br />
This assumes that you have freeradius configured with MySQL and your users belong in groups and that your controller sends the attribute Called-Station-Id as mentioned above. This will not allow access to SSIDs that you do not have listed in your database.</div>
Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-36241663213957915962013-04-04T17:00:00.002-04:002013-04-04T17:00:23.945-04:00Dovecot, Amavis-new, Auto subscribe<div dir="ltr" style="text-align: left;" trbidi="on">
I have followed the excellent tutorial located here http://workaround.org/ispmail/squeeze/content-scanning-amavis and I have setup an email server on Debian. Everything was up and running with a few differences (I have my users in a different server but wanted the mail stored on the localhost).<br />
<br />
The only issue I had was when an email client was connecting, and a spam email came to dovecot, the sieve would work as in the tutorial but the headers would not be added to the message itself. After a lot of searching I figured out that if the folder did not exist, then dovecot would just deliver the email to the inbox. So to create the default folders for every user just edit /etc/dovecot/dovecot.conf and add the following:<br />
<script src="https://gist.github.com/nroussi/5314294.js"></script><br />
<br />
Now to figure out how to install Horde Groupware 5 on this server...<br />
<br /></div>
Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-52096571926442446542012-06-20T15:07:00.001-04:002012-06-20T15:07:49.039-04:00FreeNAS, OpenFiler or Ubuntu Server<div dir="ltr" style="text-align: left;" trbidi="on">
Lately, I have been thinking that I will digitize everything in the house and I researched for a while on what to do and what to use.<br />
<br />
First, the media front. I read the Roku, Boxee Box, etc reviews, but they were not for me. SO I decided to go with XBMC. I am very familiar with Ubuntu and most plugins are Ubuntu native in XBMC but unfortunately the new version of Ubuntu comes with Unity. I went against my hatred for the new layout and stupid desktop environment and since I could not be bothered to remove Unity for another environment...what the hell, I said I'll try it.<br />
<br />
The hardware was pretty simple:<br />
<br />
<ul style="text-align: left;">
<li><a href="http://gan.doubleclick.net/gan_click?lid=41000000028007181&pid=ASI2913&adurl=http%3A%2F%2Fwww.technooutlet.com%2Fasi2913.html%3Fmr%3AtrackingCode%3D197926D3-C990-E111-B508-001B21BCC0BC%26mr%3AreferralID%3DNA&usg=AFHzDLvJPdB4xz5GWt2uzJnXTKyGBVbElg&pubid=553866" rel="nofollow">Intel BLKDH67BLB3 Motherboard Desktop Board DH67BL Media Series</a></li>
<li>CPU: <a href="http://gan.doubleclick.net/gan_click?lid=41000000028007181&pid=ASI2974&adurl=http%3A%2F%2Fwww.technooutlet.com%2Fasi2974.html%3Fmr%3AtrackingCode%3DA17326D3-C990-E111-B508-001B21BCC0BC%26mr%3AreferralID%3DNA&usg=AFHzDLvGTg2yG_KLefAEmtm3avf1WQk1SA&pubid=553866" rel="nofollow">Intel BX80623G860 G860 Cpu 3.00GHZ 3M Cache</a></li>
<li>TVTuner Hauppaege WinTV 2250 (get another one. Not fully functional)</li>
<li>Video Card <a href="http://gan.doubleclick.net/gan_click?lid=41000000005217789&pid=23342385&adurl=http%3A%2F%2Fwww.officemax.com%2Ftechnology%2Fperipherals%2Fgraphics-video-cards%2Fproduct-prod4020734%3Fcm_mmc%3DPerformics-_-Technology-_-Peripherals-_-Graphics%2520and%2520Video%2520Cards%26ci_src%3D14110944%26ci_sku%3D23342385&usg=AFHzDLvAu64ad32m7Phy1Yj_UlCjbl9tig&pubid=553866" rel="nofollow">EVGA GeForce GT430 PCI Express 2.0 1GB DDR3 01G-P3-1431-KR</a></li>
<li>OS Disk <a href="http://gan.doubleclick.net/gan_click?lid=41000000028007181&pid=ASI6339&adurl=http%3A%2F%2Fwww.technooutlet.com%2Fasi6339.html%3Fmr%3AtrackingCode%3DE08526D3-C990-E111-B508-001B21BCC0BC%26mr%3AreferralID%3DNA&usg=AFHzDLuEH_SMjJ-COVwjrMEAftwem00Ijg&pubid=553866" rel="nofollow">Western Digital WD1002FAEX 1TB SATA3.0 7200RPM 64MB Cache Desktop Bare Drive</a></li>
<li>Network: <a href="http://gan.doubleclick.net/gan_click?lid=41000000028007181&pid=DHWMP600N&adurl=http%3A%2F%2Fwww.technooutlet.com%2Fdhwmp600n.html%3Fmr%3AtrackingCode%3D084C1AFD-60CB-DF11-82EF-001B21631C34%26mr%3AreferralID%3DNA&usg=AFHzDLtJQdpcTRLbawxwevyUW-POY3nUrw&pubid=553866" rel="nofollow">Linksys WMP600N Wireless - N DB Desktop Adapter</a></li>
<li>Router Netgear 4500N</li>
<li>Boxee Remote. This is $50 but it is totally worth it.</li>
<li>Bluetooth Dongle and a mini bluetooth keyboard</li>
<li>8GB RAM</li>
<li>Blu Ray player</li>
</ul>
<div>
I installed Ubuntu 11.10 with OpenSHH server, then XBMC. As soon as XBMC was up and running, I installed the extra repositories. Addons installed include Pandora for XBMC, Swiss Army Knife, mythtv for XBMC. Then I installed MythTV and configured the TVTuner Card. Very buggy and does not work properly.</div>
<div>
<br /></div>
<div>
So now I am ripping my DVD collection, arranging my pictures and fixing my music files. Now comes the time to figure out what to do for disk space. I looked at Synology, Promise, QNap which are the more respectable names in NAS boxes. Then I remembered that I installed and configured FreeNAS a long time ago so I started reading about FreeNAS and OpenFiler. A lot of people recommend the former than the latter and that reminded me why I had chosen it as well so long ago. </div>
<div>
<br /></div>
<div>
The decision was made and I dug some hardware I had in the closet, bought some hard drives and started building. The hardware is a bit ridiculous but they used to belong in a former gaming rig.</div>
<div>
<ul style="text-align: left;">
<li>Asus A8N32-SLI Deluxe Motherboard</li>
<li>AMD FX-55</li>
<li>I could not use the 8800GTX (too much power) so I just got a $20 video card</li>
<li>1 80 GB drive I found lying around and 3x2TB</li>
<li>4 GB of RAM</li>
</ul>
<div>
I read a lot about ZFS file system and I was intrigued so I installed freeNAS and I created a RAIDZ array. I could not change the configuration and it kept crashing all the time so I removed it and installed openFiler. Even worse...<br />
<br />
So I saw that ZFS is natively supported in Ubuntu. I installed Ubuntu 11.10 server, added the ZFS repository, installed ZFS, created a RAIDZ array and everything was good to go. Then I wanted a time machine backup for my laptop and I came across a huge article on how to install netatalk(TODO) . That did not work. All you have to do is sudo apt-get install netatalk and add 2 configuration lines. After that was done, I installed and configured SAMBA.<br />
<br />
Time Machine backup, Windows Backup, reliable NAS storage for any OS. Now why would people not choose this?<br />
[Update]<br />
Eventually I had to remove Unity and use Xfce because the video was very choppy and there was a line in the middle of the TV. </div>
</div>
</div>Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com012225 SW 101st Terrace, Miami, FL 33186, USA25.674020710596242 -80.392799377441425.645398710596243 -80.432281377441413 25.702642710596241 -80.3533173774414tag:blogger.com,1999:blog-4163296553273414161.post-40763102262959750772012-02-17T12:03:00.002-05:002012-02-17T12:03:59.753-05:00HTML5 Canvas Drawing Library<div dir="ltr" style="text-align: left;" trbidi="on">
This library will allow you to create as many Canvas elements as you wish on a single page. It does not matter if you have the canvas element inside multiple elements or if the page is too long (scrollable).<br />
<br />
There are a few tutorials online on how to create a canvas drawing app but most assume that you are placing them on a regular HTML page. I tried most of them but since I wanted to use it in my AJAX web application where I load everything inside DIV elements the mouse positioning was always off when the container scrolled up or down.<br />
<br />
This is also compatible with mobile browsers. I have tested it on iOS and Android browsers. It will detect a touch event or a mouse event based on the client. This was built to be unobtrusive but the only drawback is that you need jQuery to run this. You do not need to know anything about jQuery jus thow to include it.<br />
<br />
The following is the HTML that you need to create 2 canvases. Place this in the body tag of your document.<br />
<br />
<script src="https://gist.github.com/1854307.js?file=canvas_main.html">
</script>
<br />
What you need to make sure is that the ID of the container is pallete_"CANVASID", the ID of the canvas element itself should be the CANVASID and when the object is created it needs to be with CANVASID.<br />
Now for the Javascript:
<script src="https://gist.github.com/1854341.js?file=canvas_draw.js">
</script><br />
jQuery is only used to get the position of the cursor in this function <b>getCoords(e)</b><br />
I had previously used <a href="http://www.quirksmode.org/js/findpos.html" target="_blank">this</a> function but it does not work if the container is scrollable.<br />
<br />
Canvas is a very powerful element with a huge potential and I cannot wait for the day that we will reminisce and say "Remember that really buggy application that drove everyone crazy? It did not work on Linux, Mac and had so many security issues in Windows....What was it called? Ah, yes Flash." </div>Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-70443747862640654242011-09-19T12:46:00.000-04:002011-09-20T09:08:57.859-04:00LTSP Cluster With Ubuntu 11.04<div dir="ltr" style="text-align: left;" trbidi="on">
More than a year after I tried the ltsp-cluster package that came with Lucid, I decided that it was time to actually go ahead and try this setup on actual hardware and not VMs. Now though, 11.04 is the current version and of course there is no documentation for anything on this version. The ubuntu developers changed the DHCP server executables, then they most probably smoked some crack and decided to add the Unity Desktop as a default, etc, etc. Before I started, I had a lot of questions that could not be answered:<br />
<ul style="text-align: left;">
<li>I have a few servers that I can use. 1 that had 16GB RAM with 2 Quad Xeons and some that are way less powerful. Which server should be the most powerful one? The root or the app server?</li>
<li>Is there a monitoring tool or an accounting tool? I am sure that we need to keep an eye on what the students are doing.</li>
<li>How can I add one more app server on the cluster and is it simple.</li>
<li>Will I get the same functionality as a regular LTSP server.</li>
<li>How the hell can I remove Unity? </li>
<li>Who can help me if I get stuck?</li>
</ul>
Well the answer to the last question would be the nice folks over at IRC on freenode in channel #ltsp. They are always helpful, just install a client, connect to the IRC ask your question (politely) and someone will answer eventually. I will explain in this post how to configure and setup the root server. Then in the following post I will explain how to setup the application server and try to answer the questions. If you have any questions please ask.<br />
<br />
On to the setup; first you need to download ubuntu server 11.04 (64 or 32 bit) and the edubuntu desktop DVD. Some of my servers did not have DVD drives so I downloaded the Ubuntu Desktop CD and then run "sudo apt-get install edubuntu-desktop".<br />
<br />
The hardware setup is based on my previous post <a href="http://nroussi.blogspot.com/2010/05/ltsp-cluster-with-ubuntu-1004-lucid.html">here.</a><br />
So make sure that your root server has 2 network cards.<br />
<br />
<b><span style="font-size: large;">Root Server</span></b><br />
<br />
Boot from the CD and follow all steps. When you reach the tasksel step (it will ask you which services you want installed) select only the openSSH server. Run the following after you log in for the first time:<br />
<pre class="brush: cpp">sudo apt-get update && sudo apt-get dist-upgrade</pre>
<br />
There is a very big possibility that Ubuntu will not have enabled the second network card upon install. So in order to make sure open up the interface file and add the following (I explain the subnet declaration for eth0 later):<br />
<pre class="brush: cpp">auto lo
iface lo inet loopback
auto eth1
iface eth1 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.8.1
netmask 255.255.252.0</pre>
<br />
You should then run sudo /etc/init.d/networking restart. The script will complain that this is deprecated but I could not find the "proper" way to do this anywhere.<br />
<br />
Next run<br />
<pre class="brush: cpp">sudo apt-get install ltsp-server isc-dhcp-server</pre>
<br />
This will install the ltsp server that will be used to serve the image to all clients and the DHCP server that has changed name, package name and executable name without being documented ANYWHERE. If you are going to do something do it well or don't do it at all, thats what I always say but lets continue.<br />
<br />
Now we need to edit the configuration file for the DHCP server so lets open that file<br />
<pre class="brush: cpp">sudo pico /etc/dhcp/dhcpd.conf</pre>
<br />
The idea here is that since you are looking to create a cluster with a lot of thin clients, you will need to have a large pool of IP addresses. I am giving you an example here with a supernetted Class C network that gives us over 1000 usable IPs. A standard Class C or /24 subnet will work as well.<br />
<br />
<br />
<pre class="brush: cpp">ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.8.0 netmask 255.255.252.0 {
option domain-name-servers 192.168.2.97;//this is your DNS server
option routers 192.168.8.1;
range 192.168.8.50 192.168.11.253;
next-server 192.168.8.1;
filename "/ltsp/i386/pxelinux.0";
}</pre>
<br />
Make sure that this file /etc/default/isc-dhcp-server has the following line<br />
<pre class="brush: cpp">INTERFACES="eth0"</pre>
<br />
The interface here needs to be the one that will be on the "inside", meaning the one that the thin clients are going to be connected to. Now restart your DHCP server<br />
<pre class="brush: cpp">sudo /etc/init.d/isc-dhcp-server restart</pre>
<br />
Connect a regular PC on the switch that is connected to eth0 (your thin client side). If you get an IP then everything up to now is working as expected. You will not be able to access the Internet from that PC yet. Now build the thin client environment<br />
<pre class="brush: cpp">sudo ltsp-build-client --arch=i386 --ltsp-cluster --fat-client --fat-client-desktop=edubuntu-desktop</pre>
<br />
I build fat clients since the computers I am using have 2GB RAM and dual core processors. After the image is build, you will be asked for a Server Name, Port, Use SSL, enable inventory and request timeout. Make sure the server name is the IP of the server for the thin client interface card. All your answers are saved in this file: /opt/ltsp/i386/etc/ltsp/getltscfg-cluster.conf<br />
If you need to enable root in the LTSP environment you need to enter the chroot. There is a command now that you can use to change into it, so issue the following:<br />
<pre class="brush: cpp">sudo ltsp-chroot
</pre>
<br />
You then issue the command passwd and enter your new password, then type exit. Once you are out of the chroot, if you type ltsp and tap the tab button twice (without having a space after ltsp) you will see all available ltsp commands that come with 11.04.
<br />
<br />
The cluster control uses PostgreSQL, so you have to install that and the management tool for it. Run<br />
<pre class="brush: cpp">sudo apt-get install ltsp-cluster-control postresql</pre>
<br />
<pre class"brush:="" cpp"="">sudo apt-get install phppgadmin
</pre>
<br />
Now edit apache2.conf<br />
<pre class"brush:="" cpp"="">sudo pico /etc/apache2/apache2.conf</pre>
<br />
and add the following line at the end<br />
<pre class"brush:="" cpp"="">Include /etc/phppgadmin/apache.conf</pre>
<br />
Then edit<br />
<pre class="brush: cpp">sudo pico /etc/phppgadmin/apache.conf
</pre>
and uncomment (remove the # sign) from the beginning of the line that says "Allow from all". Next comment (add the # at the beginning of the line) where it says "allow from 127.0.0.1".<br />
Restart apache.<br />
<pre class="brush: cpp">sudo service apache restart</pre>
<br />
After all that you have to edit a php file<br />
<br />
<pre class="brush: cpp">sudo pico /etc/ltsp/ltsp-cluster-control.config.php</pre>
<pre class="brush: cpp"> </pre>
Make sure you do NOT have any characters, even a white space before or after the php tags: <? or ?><br />
<pre class="brush: php"> $CONFIG['save'] = "Save";
$CONFIG['lang'] = "en";
$CONFIG['charset'] = "UTF-8";
$CONFIG['use_https'] = "false"; #Force https
$CONFIG['terminal_auth'] = "false";
$CONFIG['db_server'] = "localhost"; #Hostname of the database server
$CONFIG['db_user'] = "ltsp"; #Username to access the database
$CONFIG['db_password'] = "ltsp"; #Password to access the database
$CONFIG['db_name'] = "ltsp"; #Database name
$CONFIG['db_type'] = "postgres"; #Database type (only postgres is supported)
$CONFIG['auth_name'] = "EmptyAuth";
$CONFIG['loadbalancer'] = "192.168.8.1"; #Hostname of the loadbalancer
$CONFIG['first_setup_lock'] = "TRUE";
$CONFIG['printer_servers'] = array("192.168.8.1","another IP here if you want etc"); #Hostname(s) of your print servers
$CONFIG['rootInstall'] = "/usr/share/ltsp-cluster-control/Admin/";</pre>
<br />
Create a new database using the password and database name as in the PHP file that you edited above<br />
<pre class="brush:cpp">sudo -u postgres createuser -SDRIP ltsp
Enter password for new role:
Enter it again:
sudo -u postgres createdb ltsp -O ltsp </pre>
Create the tables in the database<br />
<br />
<pre class="brush: cpp">cd /usr/share/ltsp-cluster-control/DB/
cat schema.sql functions.sql | psql -h localhost ltsp ltsp
Password for user ltsp:
</pre>
<br />
Next become root
<br />
<pre class="brush: cpp">sudo su
</pre>
<br />
Download 2 files. contol-center.py and rdp+ldm.config. I downloaded them from <a href="http://bazaar.launchpad.net/~ltsp-cluster-team/ltsp-cluster/ltsp-cluster-control/files/106/scripts/">here</a><br />
You can issue this command to get them on your server with no gui:
<br />
<pre class="brush: cpp">wget http://bazaar.launchpad.net/~ltsp-cluster-team/ltsp-cluster/ltsp-cluster-control/view/106/scripts/control-center.py
wget http://bazaar.launchpad.net/~ltsp-cluster-team/ltsp-cluster/ltsp-cluster-control/view/106/scripts/rdp%2Bldm.config
</pre>
<br />
Edit the file control-center.py and make the necessary changes so that the variables are equal to the values you set for your DB.<br />
<pre class="brush: cpp">pico control-center.py</pre>
<br />
This is the file:<br />
<pre class="brush: python">#/usr/bin/python
import pgdb, os, sys
#FIXME: This should be a configuration file
db_user="ltsp"
db_password="ltsp"
db_host="localhost"
db_database="ltsp"
</pre>
<br />
Install the python package for PGSQL.
<br />
<pre class="brush: cpp">apt-get install python-pygresql</pre>
<br />
Issue the following commands:<br />
<pre class="brush: cpp">service apache2 stop
python control-center.py rdp+ldm.config
service apache2 start
exit</pre>
<br />
Next install the loadbalancer and edit the xml file with the app servers that you are going to install in the next step.
<br />
<pre class="brush: xml"><lbsconfig>
<lbservice listen="*:8008" max-threads="1" refresh-delay="60" returns="$IP">
<lbslave is-slave="false">
<mgmtservice enabled="true" listen="*:8001">
<nodes>
<group default="true" name="natty">
<node address="http://192.168.8.2:8000" name="ltsp-appserv01">
<node address="http://192.168.8.3:8000" name="ltsp-appserv02">/*Keep adding app servers here as nodes*/
</node></node></group>
</nodes>
<rules>
<variable name="LOADAVG" weight="50">
<rule capacity=".7">
</rule></variable>
<variable name="NBX11SESS" weight="25">
<rule capacity="$CPUFREQ*$CPUCOUNT*$CPUCOUNT/120" critical="$CPUFREQ*$CPUCOUNT*$CPUCOUNT/100">
</rule></variable>
<variable name="MEMUSED" weight="25">
<rule capacity="$MEMTOTAL-100000">
</rule></variable>
</rules>
</mgmtservice></lbslave></lbservice></lbsconfig>
</pre>
<br />
Now on to the configuration of the root server. We need to access the web interface phppgadmin to add items that you need to appear in the lts.conf file for ltsp client customization. There are a few options in the database, but if you need to add a few more open a browser and go to http://<ip of="" root-server="">/phppgadmin/</ip><br />
Click the PostgreSQL link on the left and type your credentials. Username should be ltsp and the password is what you set above for the database. Once logged in, click the link labeled "Tables". In the right window, you will see a list of table names and buttons next to each name. Click the button labeled "Browse" next to the name "attributesdef". If everything went fine, the table contents are displayed, think of this as a spreadsheet. The column names should read, Actions, id, name, attributeclass, attributetype, mask, editable. Scroll your page to the end, you should be able to see 4 links: Back, Expand, Insert and Refresh.<br />
<br />
<ul style="text-align: left;">
<li>Click Insert and for "name" add LDM_XSESSION and leave everything else as is. </li>
<li>Click "Insert and Repeat". For name add LDM_THEME and for attributetype put the number 1. </li>
<li>Click "Insert and Repeat". Name is LDM_LIMIT_ONE_SESSION and attributetype is 1.</li>
<li>Click "Insert and Repeat". Name is LDM_LIMIT_ONE_SESSION_PROMPT and attributetype is 1.</li>
<li>Click "Insert". </li>
<li>Get the id for LDM_THEME, LDM_LIMIT_ONE_SESSION, LDM_LIMIT_ONE_SESSION_PROMT</li>
<li>Click tables again from the left.</li>
<li>Click the browse button for table "attributesdefdict"</li>
<li>Click Insert. In the attributesdef_id field, add the id of LDM_THEME from the step above and the value add edubuntu</li>
<li>Click Insert and Repeat. Add id of LDM_THEME again and value ubuntu.</li>
<li>Insert and Repeat. Add id of LDM_LIMIT_ONE_SESSION and the value True</li>
<li>Insert and Repeat. Add id of LDM_LIMIT_ONE_SESSION and the value False</li>
<li>Insert and Repeat. Add id of LDM_LIMIT_ONE_SESSION_PROMPT and the value True</li>
<li>Insert and Repeat. Add id of LDM_LIMIT_ONE_SESSION_PROMPT and the value False</li>
<li>Click Insert.</li>
</ul>
<div>
Done with editing the database. Now go to http://<ip of="" root-server="">/ltsp-cluster-control/Admin/</ip></div>
<div>
Select from the dropdown then click add for the following or whatever other options you want.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh91qmOzBN0M7zgNbTx7gqvvbO-R7yiTyzDwa_e1ZH4-kwkxu2Csq0IgTj1A0JRYfIYi7AKjmNjVXwxaS9a-4aLO7UiH5hQOgopI4vXs2oG5CNrMDHMa-fd4koDqIZ6vXwP_y8g0riJvAA/s1600/Screen+shot+2011-09-19+at+12.24.10+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="189" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh91qmOzBN0M7zgNbTx7gqvvbO-R7yiTyzDwa_e1ZH4-kwkxu2Csq0IgTj1A0JRYfIYi7AKjmNjVXwxaS9a-4aLO7UiH5hQOgopI4vXs2oG5CNrMDHMa-fd4koDqIZ6vXwP_y8g0riJvAA/s320/Screen+shot+2011-09-19+at+12.24.10+PM.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Make sure the for LDM_XSESSION you add this: gnome-session --session=classic-gnome. If you do not, the clients will log in but the desktop will not load (I tried this in 4 different hardware setups) because Unity will try to load. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Next you need to add static IPs for the application servers that you will use. You can see on the XML file from above that I am using 192.168.8.2 and 192.168.8.3 for app-server01 and app-server02 respectively. You can do this by installing webmin (wget http://prdownloads.sourceforge.net/webadmin/webmin_1.560_all.deb) and then sudo dpkg -i webmin_1.560_all.deb and then sudo apt-get install -f. You have to edit the config files for the DHCP server of webmin to reflect the newly named config files in your system.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLONklTFlsl2jwGgG1lJ5U9gGO7RoKWx6dTPafpTHn-vPzsPgZZyKETSifdeuyCsdRGlrZFoFw6qATtAEvGRCFweJHtAGtV6guVyonSoaS0ZVjjFTjvaa9Obq4_Q58R_nu9oGr6TcDClM/s1600/Screen+shot+2011-09-19+at+12.32.57+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLONklTFlsl2jwGgG1lJ5U9gGO7RoKWx6dTPafpTHn-vPzsPgZZyKETSifdeuyCsdRGlrZFoFw6qATtAEvGRCFweJHtAGtV6guVyonSoaS0ZVjjFTjvaa9Obq4_Q58R_nu9oGr6TcDClM/s320/Screen+shot+2011-09-19+at+12.32.57+PM.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Once done you can only log into webmin with root so enable root from the command line (sudo passwd).</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Next edit hosts file (pico /etc/hosts) and add your application servers. </div>
<pre class="brush: cpp">127.0.0.1 localhost
127.0.1.1 ltsp-root
192.168.8.2 ltsp-appserv01
192.168.8.3 ltsp-appserv02
</pre>
<br />
--Forgot the NATing---
You need to enable NAT on this server. To do that issue these commands:<br />
<pre class="brush: cpp">
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables --table nat --append POSTROUTING --jump MASQUERADE --source 192.168.8.0/22
sudo sh -c 'iptables-save > /etc/ltsp/nat'
</pre><br />
Then edit the interfaces file (/etc/network/interfaces) and for eth0 make sure it looks like this:
<pre class="brush: cpp">
auto eth0
iface eth0 inet static
address 192.168.8.1
netmask 255.255.252.0
up iptables-restore < /etc/ltsp/nat
</pre><br />
Restart the DHCP server.
<pre class="brush: cpp">
sudo /etc/init.d/isc-dhcp-server restart
</pre><br />
All done with the root server.</div>
Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com5tag:blogger.com,1999:blog-4163296553273414161.post-42622226408911927312011-04-28T18:34:00.003-04:002011-04-28T19:00:44.678-04:00Ubuntu 11.04 Unity DesktopIf you upgraded to Ubuntu 11.04 today then you will see an unfamiliar interface upon login. Unfortunately the Ubuntu Team (or Canonical) is trying to imitate the Mac OS X interface with a great failure. The user interface is completely unintuitive and being a long time Ubuntu user I was lost. <br /><br />I use a Mac for development, Windows for gaming and Linux for large deployments at my job and servers. The users have grown accustomed to the drop down menus of 8.04, 10.04 etc. Since Ubuntu is changing faces completely every release, I will look for another distribution that is more consistent in regards to User Interface and functionality. In the beginning Ubuntu had the manual network interface configuration where you could do whatever you wanted and then they screwed up the network applet manager. Grub was finally working good then the messed it up by adding Grub2. I am not even going to say anything about the sound issues and then they added the dreaded indicator panel that uses a crapload of resources. If you run an LTSP server you need to look for another distribution since indicator panel will eat up all resources and it does not work as intended anyway. Sabayon ---what a joke. My opinion is that the people over at Canonical are just throwing crap against the wall to see what sticks.<br /><br />To remove the ridiculous failed attempt at a UI you can see the instructions <a href="http://www.ubuntugeek.com/how-to-install-gnome3-on-ubuntu-11-04-nattyubuntu-10-10-maverick.html">here</a><br /><br />Now for the new distro. May openSuse? Next post will be about that...hopefully.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com3tag:blogger.com,1999:blog-4163296553273414161.post-15875794322695655232010-06-21T13:02:00.000-04:002010-06-21T13:02:58.681-04:0064-bit Flash for Linux dropped as Adobe preps next versionI thought Adobe said that flash was available for ALL platforms. KISS MY ASS Adobe. Death to Flash<br /><br /><a href="http://feeds.arstechnica.com/%7Er/arstechnica/everything/%7E3/bofwrnmO11Q/64-bit-flash-for-linux-dropped-as-adobe-preps-next-version.ars">64-bit Flash for Linux dropped as Adobe preps next version</a>: "<a href="http://arstechnica.com/open-source/news/2010/06/64-bit-flash-for-linux-dropped-as-adobe-preps-next-version.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss"><br /> <img src="http://static.arstechnica.com/brief_icons/open-source-brief.png" align="right" border="0" height="129" hspace="4" vspace="4" width="230" /><br /> </a><br /> <br /> <p>Adobe has discontinued its experimental 64-bit Flash player for Linux, citing the need for significant architectural changes to the software. The company assures users that the project hasn't been abandoned.</p><br /><br /><p>When the 64-bit plugin was initially made available for testing purposes through an Adobe Labs project in 2008, the company promised that it would deliver full 64-bit support for Linux, Windows, and Mac OS X in the next major version of Flash. Two years later, we are still waiting. In its statement about the termination of the current 64-bit Linux plugin, Adobe reaffirmed its commitment to eventually achieve full 64-bit support across all three operating systems.</p><br /><br /><p>'We are fully committed to bringing native 64-bit Flash Player for the desktop by providing native support for Windows, Macintosh, and Linux 64-bit platforms in an upcoming major release of Flash Player,' the company wrote. 'We intend to provide more regular update information on our progress as we continue our work on 64-bit versions of Flash Player.'</p><br /><br /><p>It's likely that the push for 64-bit compatibility took a back seat while the company focused on improving support for mobile computing products. Flash's notoriously poor performance and excessive energy consumption have kept it from making inroads on handheld devices. Adobe claims that the new 10.1 version, which was released last week, will address these long-standing problems.</p><br /><br /><p>Mozilla recently started providing experimental 64-bit Firefox builds for Mac OS X and Linux, but these do not currently support 32-bit plugins. Most modern 64-bit Linux distributions already ship native 64-bit browser builds and use nspluginwrapper to support the 32-bit Flash player.</p><br /><br /><p>It's not clear exactly when Adobe will fulfill its promise of cross-platform 64-bit support. We're starting to wonder if it will be sometime around the official release of the HTML5-based <a href="http://arstechnica.com/gaming/reviews/2006/04/forever.ars">Duke Nukem Forever</a>.</p> <br /> <br /> <br /> <p><a href="http://arstechnica.com/open-source/news/2010/06/64-bit-flash-for-linux-dropped-as-adobe-preps-next-version.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss&comments=1#comments-bar">Read the comments on this post</a></p><p></p><img src="http://feeds.feedburner.com/%7Er/arstechnica/everything/%7E4/bofwrnmO11Q" height="1" width="1" />"Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-46853089209846198552010-05-12T12:33:00.004-04:002010-05-12T18:59:21.698-04:00LTSP Cluster with Ubuntu 10.04 Lucid LynxWhen Lucid Lynx came out I downloaded the ISO and started playing with it on a VM. First impression is that it looks way different than previous versions, and very polished. While I was reading LTSP documentation and looking through the available packages for Lucid, I came across a package called LTSP-Cluster. This package has been in the works for some time now and it should be the way to go if you have a lot of thin clients in your organization.<br /><br />The idea is that there is a root server that is used to give out DHCP and the image of the thin client. On the root server, you install also the load balancer and cluster control. Then you keep adding application servers that will be used by the thin clients to run their desktop on. What I did after much trial and error, I configured first the root server to be an LDAP client and NFS client for the /homes. That did not work, so I configured the application server to as LDAP client and NFS client. That seemed to do the trick.<br /><br />I am attaching an image of the setup that I used. All this was done in VMs, so the root server, application server and thin client were installed and tested in VirtualBox in my iMac. When I roll out the hardware solution, I will post a guide of how I did it exactly.<br /><br />The ubuntu guide (HowTo) is not complete and there are several steps missing. I will include how to configure Lucid as an LDAP client and NFS server as well.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSZJtMBKjHQgjaHCaDPiYddkfCGgyQ6kSHBEBViFYc7RBLC1ISfPDQlHCNB-J_i5aSnbHtfxJ2Uoruof1I4Ma3AE8HYqT-t9rpHTJcI2PQ4wHMt5_s5zhXb4dWzp9YtXtVBXmD_nnb_Xk/s1600/networkTopology.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSZJtMBKjHQgjaHCaDPiYddkfCGgyQ6kSHBEBViFYc7RBLC1ISfPDQlHCNB-J_i5aSnbHtfxJ2Uoruof1I4Ma3AE8HYqT-t9rpHTJcI2PQ4wHMt5_s5zhXb4dWzp9YtXtVBXmD_nnb_Xk/s400/networkTopology.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5470521744441125122" /></a>Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com4tag:blogger.com,1999:blog-4163296553273414161.post-83645162740658780312010-04-26T15:20:00.002-04:002010-04-26T15:49:19.658-04:00Apple VS AdobeI am certainly not an Apple Fanboy but I must say that I applaud the latest move from Apple to restrict API access to a number of applications. Basically, they are trying to limit Flash.<br /><blockquote>3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).</blockquote><br /><br />Good for them. Of course you have the hardcore <a href="http://www.mikechambers.com/blog/2010/04/20/on-adobe-flash-cs5-and-iphone-applications/">flash developers</a> that are criticizing Apple and threatening that they will stop development on the iPhone and iPad and go to Android. Who cares?<br /><br />This guy says in the last two paragraphs that he will open source his development and then he goes on to say:<br /><blockquote>We are at the beginning of a significant change in the industry, and I believe that ultimately open platforms will win out over the type of closed, locked down platform that Apple is trying to create. I am excited about Flash Player 10.1 and Adobe AIR 2.0 and all of the opportunities that they will make available to Flash developers across multiple platforms (desktop, Android, Palm, Windows Phone 7, RIM, etc…).</blockquote><br /><br />REALLY??? In the list of platforms there I don't see Linux specifically and maybe that is because Adobe does not give a crap about it. I do see desktop but most probably that only includes the fully supported Windows. <br /><br />Someone could argue that Apple is promoting HTML5 which is the true open platform and that is where I want to believe that we are headed in the future. Someone could also argue that Apple just wants to stop their App Store from pouring over to Android but it is a for profit company and they are allowed to do that.<br /><br />How the times change. Flash could not work on the Linux platform and you had to do a million hacks to get it to work especially on 64bit architectures and now this developer says he will only develop for the linux based Android. <br /><br />I really hope I get to see the end of Flash.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-22427821251029413772009-10-06T00:55:00.005-04:002009-10-06T01:25:48.112-04:00Apple Snow Leopard RantI recently became an OS X server admin and after the first week I want to share my opinion of this "marvel" as some people want to call it.<br /><br />This is a post that I wrote on the Apple Discussions.<br /><blockquote>Ok, so my school bought a brand spanking new xserve, and I started configuring it. After the initial setup, I mounted my linux NFS export to the xserve. The way I did it coming from a Linux background is: I created a folder on / and then mounted by NFS my linux exported folder. After a few seconds, I press command-shift+G and type /<folder> and there it is. I can access the folder perfectly.<br /><br />Then I exported all my users from my Ubuntu LDAP server (850 of them) in an LDIF format and tried to import them using this thing called Workgroup Management. What do you know, it does not accept the LDIF format!!! I then exported the users to a standard CSV file, used that WGM again to do the mapping of the fields to the CSV file and pressed import but to no avail. Countless of hours later, I come to find out that the only way to import into an Open Directory server I needed to purchase this other software called Passenger. $$$ later, I exported all my users to a format that is only readable by OD. The information was VERY basic. Full name, short name (which I guess in the Mac world is username), userID, primary groupID and the most important homeDirectory. All passwords were set to type crypt and the same one word. My user structure is pretty simple. All teachers have a home directory at<br />/ldaphomes/teachers/<span style="font-style: italic;">username </span><br />students have<br />ldaphomes/students/<span style="font-style: italic;">username</span><br /><br />Now the next step was to figure out if I had to create a static entry on each client computer in /etc/fstab (around 80 laptops and iMacs) or use automount using AFP. I opened up some other nice GUI called server admin and went to sharing. Then I clicked a butting called share points, selected the drive I had mounted earlier with NFS, click the checkbox to use this for user homes, enabled guest access as it was suggested by the countless mac geniuses, clicked OK and everything seemed to work good.<br /><br />So I fired up an 10.6 MacBook Pro set it up as an OD client, put in a domain username and password and it logged in. It worked, but the documents of the user were not showing up. I dropped down to the terminal and did a pwd. The result was /ldaphomes/teachers/<span style="font-style: italic;">username </span>...What happened?<br /><br />Back at the server, I go the the user's account and saw that there are 2 home directories listed in the LDAP record. /ldaphomes/teachers/<span style="font-style: italic;">username </span>and another with an afp://\<span style="font-style: italic;">server</span>/.../ldaphomes/<span style="font-style: italic;">username </span>.....Why did this get imported wrong? I tried to change it but I could not.<br /><br />A few hours went by playing around with AFP until eventually the server crapped out. Ever since I can only be logged on the server with ARD for a few hours and then it crashes. I can ping the server but I cannot control it or ssh to it. I need to do a hard reset to get back in. Has anyone that is still reading experienced something like this? I have not mentioned DNS but host <span style="font-style: italic;">ip-address</span> works and hostname works too.<br /></folder></blockquote><br /><br />My Linux servers have been sharing network drives over 6TB each on my network for over 3 years. The only time I had a problem with network folders was when the power went out and the server sis not boot up. There I had an NFS stale drive. Reboot clients and everything is perfect.<br /><br />This stupid AFP protocol is totally useless. It is the lease reliable network sharing protocol that I have worked with. Sometimes the shares are there, sometimes they are not and sometimes they never appear. NFS will always be available, hell even samba is reliable. I would rather work with 100 virus stiken, spyware crippled windows 98 machines than try to share folders between 2 Apple computers using AFP.<br /><br />I set up an Ubuntu LDAP server with 900 users in 3 days using only the command line but with "the most advance server" OS X 10.6 it still has not happened.<br /><br />Why do people waste upwards of 7k on a server that is worse than a self build $1500 Linux server? Is it the nice shiny silver box? The nice GUIs that dont work? The "Mac Geniuses" that are always helping some teenager transfer settings on their iPod? The Apple help docs that tell you what checkbox to check but never explain what the hell that checkbox does?<br /><br />So I guess if you have the money to waste, send it to me and I will send you back a nice powerful Linux server and I promise I will paint a nice Penguin on the side eating an apple.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-73638232926421306632009-04-28T11:54:00.003-04:002009-04-28T12:13:37.592-04:00Setup Ubuntu 9.04 as an LDAP ClientSo the new Ubuntu version is out and it looks much more refined and polished than any before and could be used as a windows replacement for desktop applications like office, checking email and surfing.<br /><br />I had a Dell Precision 530 lying around and I tried to install it but there was no video. The video card that came with the box was an ATI FireGL2 128MB. After a couple of hours of trying to find a workaround, I tossed the card and installed a GeForce MX2 and everything installed fine.<br /><br />The new theme and images, notifications and fell is great. As an adventurous person though, I wanted to make this machine an LDAP Client since all 900 users of my network are on an LDAP server. Installing webmin and configuring an LDAP client did not work, so I found the official documentation <a href="https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html#openldap-auth-config">here</a> and followed it completely.<br /><br />I was not surprised to see that it did not work. Apparently, Canonical and the Ubuntu developers do not feel that LDAP is something that needs to work on Ubuntu distributions. I wish we did not have to jump through hoops to get LDAP working.<br /><br />To get it to work perform the following<br /><blockquote>sudo pico /etrc/ldap.conf</blockquote><br />Find this line<br /><blockquote>uri ldapi:///xxx.xxx.xxx.xxx</blockquote><br />And change to this<br /><blockquote>uri ldap://xxx.xxx.xxx.xxx</blockquote><br />The solution seems very simple but it took me a day to figure it out. Hope this works for anyone with the same problem.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-82249137813550019652009-03-24T14:18:00.003-04:002009-03-24T14:26:09.886-04:00Adobe Flash 10 64 bit on Ubuntu 8.04 WorkingIf you are reading this, you are most probably trying to get flash 10 working on your 64 bit Ubuntu System. I followed a bunch of tutorials, downloaded a bunch of .sh scripts that claim to be working and do the installation automatically. This specific script:<br /><blockquote>#!/bin/bash<br /># Script created by<br /># Romeo-Adrian Cioaba romeo.cioaba@spotonearth.com<br /><br />echo "Stopping any Firefox that might be running"<br />sudo killall -9 firefox<br /><br />echo "Removing any other flash plugin previously installed:"<br />sudo apt-get remove -y --purge flashplugin-nonfree gnash gnash-common mozilla-plugin-gnash swfdec-mozilla libflashsupport nspluginwrapper<br />sudo rm -f /usr/lib/mozilla/plugins/*flash*<br />sudo rm -f ~/.mozilla/plugins/*flash*<br />sudo rm -f /usr/lib/firefox/plugins/*flash*<br />sudo rm -f /usr/lib/firefox-addons/plugins/*flash*<br />sudo rm -rfd /usr/lib/nspluginwrapper<br /><br /><br />echo "Installing Flash Player 10"<br />cd ~<br />wget http://download.macromedia.com/pub/labs/flashplayer10/libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz<br />tar zxvf libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz<br />sudo cp libflashplayer.so /usr/lib/mozilla/plugins/ <br /><br />echo "Linking the libraries so Firefox and apps depending on XULRunner (vuze, liferea, rsswol) can find it."<br />sudo ln -sf /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/firefox-addons/plugins/<br />sudo ln -sf /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/xulrunner-addons/plugins/<br /><br /># now doing some cleaning up:<br />sudo rm -rf libflashplayer.so <br />sudo rm -rf libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz<br /></blockquote><br />claims just that. But it does not work. <a href="http://www.myscienceisbetter.info/2008/11/install-native-64bit-flash-player-10-on-linux.html">Here</a> is the original post. I have an edubuntu server 64 bit and I was trying to get it to work for a while but this script only downloads the plugin. <br /><br />To get it to work after you run it, you need to open a terminal window and type firefox. When Firefox loads, you will see some errors like <br /><blockquote>failed to initialize shared library /usr/lib/mozilla/plugins/libflashplayer.so [libnss3.so: cannot open shared object file: No such file or directory]</blockquote><br /><br />Run the following<br /><blockquote>sudo apt-get install libnss3-0d libnss3-1d libnspr4-0d<br />sudo killall -9 firefox</blockquote><br />After you start firefox again everything should be ok.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-41739671736057121932009-01-28T17:41:00.010-05:002009-02-13T16:55:13.856-05:00Ubuntu 8.04 LDAP Server with Edubuntu 8.04 LTSP servers as clientsIn one of my previous posts,I tried to explain how I would setup an LDAP server on ubuntu 8.04 32Bit and two Edubuntu 8.04 Servers. After a month of testing and setup, I believe it is working almost perfectly. Following is the way I set everything up.<br /><br />First, the LDAP server is installed on a DELL Poweredge 2500 with 6 SCSI 36GB drives on a RAID-5 array. The OS was install with the LAMP package and webmin was added later. The next item on the list was the LDAP server. After a lot of research, I stumbled upon this <br /><a href="http://www.majen.net/smbldap/">site</a>. I would like to extend my thanks to the author of this package. Following the instructions on that site, I installed the server which was OpenLDAP 2.4.9. I run into an issue getting the sambaID of the machine but after a search on Google, the issue was resolved.<br /><br />Second, I built 2 servers for my Edubuntu installations, which are used as LDP clients. Specs are:<br /><blockquote>RAM 8GB Reg <br />CPU XEON Quadcore 2.33 12M<br />RAID 3Ware 9650 S<br />HD 4 500GB Seagate 32M Cache<br />MB Asus DSBV-DX</blockquote><br />On the first I installed Edubuntu 8.04 32bit and on the second Edubuntu 8.04 64bit. Why? Well I am a masochist and like to run into as many problems as possible. <br /><br />Third, I realized that I needed a central storage solution for all my users (about 1000 users). The 1.5TB on each server is sufficient for this amount and for the current usage which is web browsing and word processing. For other uses though, like video downloads, and video editing, I needed more storage space. The Dell Powervault MD1000 was perfect for the job. I placed 15 SATA Seagates 500GB in it and created a RAID 5 array. The total is ~6TB of storage. Some will argue that it is better to have a RAID 10 or 0+1 or 1+0 but I had a drive fail on it already and there is almost no down time. The MD1000 was attached on the 64bit box with a PERC5.<br /><br />The drive was shared as an NFS export. This is a line in /etc/exports<br /><blockquote>/ldaphomes 192.168.xxx.xxx(rw,sync,no_subtree_check,no_root_squash) 192.168.xxx.xxx(rw,sync,no_subtree_check)</blockquote><br /><br />Make sure that you have the option no_root_squash there for the LDAP server in order to get root permissions. You will need those when you are creating users. On each of "clients", I modified /etc/fstab to include the following:<br /><blockquote>192.168.xxx.xxx:/ldaphomes /ldaphomes nfs rw,hard,intr 0 0</blockquote><br />Make sure that you have an empty directory on each client of course at /ldaphomes<br /><br />Next, I run the install script from the link above (majen.net) to configure the LDAP clients. Also, there is a perfect guide <a href="https://wiki.ubuntu.com/SmbLdapInstaller">here</a>. Webmin was installed on both LDAP clients. This does not complete the job though. I had to go to the webmin interface on all the server (including the LDAP server) and go to "System"->"LDAP Client". On that page, click "Validate Configuration" or "Configure as LDAP client". <br /><br />Now, we need to create the users. On the LDAP server, open a terminal. The scripts are located in /usr/sbin<br /><blockquote>/usr/sbin/smbldap-groupadd<br />/usr/sbin/smbldap-groupdel<br />/usr/sbin/smbldap-groupmod<br />/usr/sbin/smbldap-groupshow<br />/usr/sbin/smbldap-passwd<br />/usr/sbin/smbldap-populate<br />/usr/sbin/smbldap-useradd<br />/usr/sbin/smbldap-userdel<br />/usr/sbin/smbldap-userinfo<br />/usr/sbin/smbldap-userlist<br />/usr/sbin/smbldap-usermod<br />/usr/sbin/smbldap-usershow<br />/usr/share/smbldap-configure</blockquote><br />Each of these scripts has a vary detailed man page. Ex:<br /><blockquote>man smbldap-useradd</blockquote><br />To add a user type the following:<br /><blockquote>sudo smbldap-useradd -d /ldaphomes/<<span style="font-weight:bold;">username</span>> -m -a -g <span style="font-weight:bold;"><primary group></span> -P <span style="font-weight:bold;"><username></span></blockquote><br />You can view the arguments in the man page.<br /><br />Finally, attach up to 30-35 thin clients on each server, fire them up and everything should work. In this setup I have about 70 users working concurrently with only a few issues. The most frequent issue is when the user turns off the thin client without logging off. This does not kill the running processes and when the user logs back in some applications like Firefox are already running. To resolve this, read on of my previous posts and use the script there to logoof the user from the command line. <br /><br />The next problem that I wish to solve, and I would appreciate any comments, is that I cannot add any Windows clients on the LDAP server. I run sudo smbldap-useradd -w <workstation-name> and the workstation is added. When I try to add the windows box to the domain, it fails.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-74238913297074825732008-10-17T10:53:00.003-04:002008-10-17T11:28:32.118-04:00Using NFS to make home directories available centrallyLets say we have 3 servers and are heading towards an LDAP kind of configuration where we want to have a single sign on our servers. The first step is to export the /home directories from each server that is holding user directories.<br /><br />This is a work in progress of course and the reason for this setup is because I already have a server with users on it. So, S1 and S2 are servers with existing users on them. LD is the server that we want all home directories on. All these servers have static IPs, S1 has 192.168.0.2, S2 192.168.0.3 and LD 192.168.0.10.<br /><br />On S1 and S2 we install nfs server and portmap:<br /><br /><blockquote><pre>sudo apt-get install portmap nfs-kernel-server<br /></pre></blockquote>Then we edit the /etc/exports:<br /><br /><blockquote><pre>/home 192.168.0.10(rw,sync,no_subtree_check)<br />/usr/local 192.168.0.10(rw,sync,no_subtree_check)<br /></pre></blockquote>The first part (/home) is the directory that you want to share or export to the central server. The IP address (192.168.0.10) is the address that is allowed to access this share. I recommend that you use IPs and not IP ranges with subnets.<br />And we activate the exports. Every time you edit /etc/exports you need to run this command:<br /><blockquote>sudo exportfs -ra</blockquote>Now on the central server (LD) we need to install the nfs client services:<br /><br /><blockquote>sudo apt-get install portmap nfs-common<br /></blockquote>Next, create EMPTY directories on LD to use as mount points<br /><br /><blockquote>sudo mkdir /homeS1<br />sudo mkdir /homeS2</blockquote>We will need to mount statically the directories that we are sharing from S1 and S2 so on LD we edit the /etc/fstab file. At the bottom of the file we add these entries:<br /><br /><blockquote>192.168.0.3:/home /homeS2 nfs rw,hard,intr 0 0<br />192.168.0.2 /home /homeS1 nfs rw,hard,intr 0 0<br /></blockquote>We save and exit the file and run the following command.<br /><br /><blockquote>sudo mount -a</blockquote>We are all set. If we go to /homeS1 on LD we will see all home directories from S1. Next is the challenge of adding an LDAP configuration that will hopefully come next.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0tag:blogger.com,1999:blog-4163296553273414161.post-69469898992258404402008-10-07T13:43:00.002-04:002008-10-07T14:58:33.726-04:00Edubuntu LTSP User locked out IssueSome of the servers I manage are Edubuntu 8.04 servers and for this post I would like to share a very common problem that I encounter almost daily and how to solve it.<br />We all know that users NEVER do what the server admin tells them. When you have a lot of users that are logged in to an LTSP server from thin client A and then they log in from thin client B, and then try to work with a browser like Firefox, they cannot. To make matters worse, if the server crashes or restarts, that user (or all users logged in) may get locked out of the LTSP environment.<br />After a lot of trials and errors, I found a nice little script that helps me kill every process of a specific user.<br />First create a file anywhere<br /><blockquote>sudo pico test.sh</blockquote>Then paste this code:<br /><br /><blockquote>#!/bin/bash<br />USER=$1<br />MYNAME=`basename $0`<br />if [ ! -n "$USER" ]<br />then<br />echo "Usage: $MYNAME username" >&2<br />exit 1<br />elif ! grep "^$USER:" /etc/passwd >/dev/null<br />then<br />echo "User $USER does not exist!" >&2<br />exit 2<br />fi<br />while [ `ps -U$USER | grep -v PID | wc -l` -gt 0 ]<br />do<br />PIDS=`ps -U$USER | grep -v PID | awk '{print $1}'`<br />echo "Killing " `echo $PIDS | wc -w` " processes for user $USER."<br />for PID in $PIDS<br />do<br />kill -9 $PID 2>&1 >/dev/null<br />done<br />done<br />echo "User $USER has 0 processes still running."</blockquote><br />Exit and save the file. To run the file<br /><br /><blockquote>sudo test.sh username</blockquote>Replace username with the login of the user that is locked out. Of course you need to make this file executable first.Anonymoushttp://www.blogger.com/profile/00872068510526082983noreply@blogger.com0