Wednesday 24 March 2010

Network lockup during heavy load

Since karmic, the Realtek drivers for the 8169 card have become borked. If you try and copy large amounts of data your machine will hang and require a hard reset.

I got this solution from here;

1) Check to see if the r8169 module is loaded
lsmod | grep r816
r8168 41104 0
-> lspci -v
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
Subsystem: ASRock Incorporation Device 8168
Kernel driver in use: r8169
Kernel modules: r8169


2) Download the official Realtek driver
Realtek RTL8111/RTL8168

Update: I'm using the 8.017 driver but the current driver on that website is 8.018. It is possible that this version contains the same regression fault that causes this lock up behaviour as I experienced trouble after installing it. If you have trouble, download the older driver from here and add a comment to this post.

3) Remove the r8169 module
rmmod r8169
mv /lib/modules/`uname -r`/kernel/drivers/net/r8169.ko ~/r8169.ko.backup
(Note: the ` is a backtick, it is not an apostrophe or single quote )

4) Build the new r8168 module for the kernel
bzip2 -d r8168-8.009.00.tar.bz2
tar -xf r8168-8.009.00.tar
cd r8168-8.009.00
make clean modules
make install


5) Rebuild the kernel module dependencies
depmod -a
insmod ./src/r8168.ko


6) Remove the r8169 module from initrd
mv /initrd.img ~/initrd.img.backup
mkinitramfs -o /boot/initrd.img-`uname -r` `uname -r`


7) Add r8168 module to /etc/modules
echo "r8168" >> /etc/modules


Reboot, You are done!

Sunday 21 March 2010

Lucid Window Controls

The upcoming release of the next Ubuntu LTS release, "10.04 Lucid Lynx" has seen the developers suffer some sort of brain explosion causing them to move all of the Window Controls to the left, al la apple OS/X.



To put them back as they were before do the following;

Open a console or hit ALT-F2 and enter "gconf-editor"

navigate to Apps/Metacity/general

Change the "Button Layout" field to be;

:minimize,maximize,close

The menu buttons should now be back in the top right hand corner.

Bootnote: I have just realized that the new default themes are somewhat broken by putting the controls back into their correct order



Notice how the pretty rounded graphics are now messed up because we have the square minimise button in the "wrong" position?

Another yuck. What are they thinking?

As far as I can tell, the only way to "rectify" this is to use a theme such as the old "Human" or "Clearlooks" or just about any theme other than the new themes that are specially designed for Lucid.

VMware Server console "the connection was reset"

I wrote previously regarding an issue with logging in to the VMWare Server console using Firefox.

Well, it appears that with Firefox 3.5 a new problem has emerged. When you try and connect to the VMware Server console you get an error complaining that "the connection was reset" and suggesting that the site may be down.

To fix this, you need to modify a setting in Firefox.

In the address bar, enter "about:config"

Click past the mandatory warning message.

Enter "security.enable_ssl2" into the filter box and change the value from "false" to "true". You can do this by simply clicking on it.

Now your vmware console should be back to normal.

Thursday 18 March 2010

mysqldump from remote host

First you need to set the appropriate privileges on the target SQL server.

In this instance I want to use mysqldump to backup a database using a nightly script.

For this example assume the following;

mysql server host: myserver.example.org
target database: mydb
Backup host: backup.example.org
Backup username: backup

On the mysql server log in as root with;

mysql -u root -p

Enter this on the mysql console;

GRANT SELECT,LOCK TABLES ON mydb.* TO backup@backup.example.org
flush privileges;

On the backup server run this command;

mysqldump --host=myserver -u backup mydb > test.sql

Assuming that works, you can put the final command into your backup shell script or simply place it in your crontab.

Access denied for user 'debian-sys-maint'@'localhost'

Got this from the ever helpful ubuntuforums

Find your debian-sys-maint password in /etc/mysql/debian.cnf

Then use;

GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY 'password-from-above' WITH GRANT OPTION;

Saturday 13 March 2010

apt-get BADSIG 40976EAF437D05B5

As root, enter these commands;

apt-get clean
cd /var/lib/apt
mv lists lists.old
mkdir -p lists/partial
apt-get clean
apt-get update

Thanks to Luigi

Friday 12 March 2010

LDAP Client Howto (8.04 LTS)

This is where we configure our client to authenticate with our LDAP server.

PLATFORM: Ubuntu 8.04 LTS (Hardy)

We are going to set up a Hardy client on a server machine, which involves using NFS for mounting the user homes)

apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nfs-common nscd ldap-utils

You will again be asked a bunch of questions, the answers are the same;

LDAP server Uniform Resource Identifier: ldap://ldap.example.com
Distinguished name of the search base: dc=example,dc=com
ldap://ldap.example.com 3
Make local root Database admin: Yes
Does the LDAP database require login? No
LDAP account for root: cn=admin,dc=example,dc=com
LDAP root password: password

Now we need to edit the following files;

vi /etc/ldap.conf and add this line;

bind_policy soft

vi /etc/ldap/ldap.conf

BASE dc=example,dc=com
URI ldap://ldap.example.com

SIZELIMIT 0
TIMELIMIT 0
DEREF never


vi /etc/pam.d/common-account

account sufficient pam_ldap.so
account required pam_unix.so

vi /etc/pam.d/common-auth

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

vi /etc/pam.d/common-password

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 crypt

vi /etc/pam.d/common-session

session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional pam_ldap.so

vi /etc/nsswitch.conf

passwd: files ldap
group: files ldap
shadow: files ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files


Now update nss to use ldap.

nss_updatedb ldap


If you get an error;
Failed to enumerate nameservice: No such file or directory

Check that your uri line in /etc/ldap.conf is correct.

You should now be able to check the server with;

ldapsearch -x

getent passwd

Mount a directory for users homes using NFS.

Create a mountpoint

mkdir /home/users

Add the following to /etc/fstab

servername:/home/users /home/users nfs defaults 0 0

You should now be able to login via ssh using the user "fred"s credentials

For Gnome Desktop users.

Assigning users to the correct groups at login

vi /etc/security/group.conf

gdm;*;*;Al0000-9000;floppy,audio,cdrom,video,plugdev,scanner


We need to override HALs behaviourl

vi /etc/dbus-1/system.d/hal.conf

Find and remove the following lines;

<deny send_interface="org.freedesktop.Hal.Device.Volume"/>
<deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>


We also need to tell pam to use the group.conf settings;

vi /etc/pam.d/gdm

Add this line;

auth optional pam_group.so


Reboot your PC and you should be able to login to gnome using ldap!

HOWTO: LDAP Server on 8.04 Hardy Heron

So, I've been playing around with LDAP and I have finally got it working. There are lots of howto's out there but none of them worked for me.

NOTE: For an up to date howto for 10.04 Lucid Lynx see this article

So, here we go!

PLATFORM:
* Ubuntu Server 8.04 LTS (Hardy)

PREREQUISITES:
* Working DNS with fqdn.
* An NFS server exporting the users home directorys

Network overview;
* domain name: example.com
* ldap-server ldap.example.com

Install The Packages

apt-get install slapd ldap-utils migrationtools

For some reason the install process doesn't ask you all of the necessary questions so when it is done we must reconfigure slapd.

dpkg-reconfigure slapd

It will ask you a bunch of questions

Omit OpenLDAP server configuration? No
DNS domain name: example.com
Name of your organization: Example Corp
Admin Password: password
Confirm Password: password
Database Type: HDB
Do you want your database to be removed when slapd is purged? ... No
Move old database? ... Yes
Allow LDAPv2 Protocol? ... No

Note: During this process, I will use "password" for simplicities sake. This is fine for setting up a test network for educational purposes but if you intend to use this in production then you should obviously choose a more appropriate password.

Oh, also, make sure you DONT FORGET IT! You will need it later.

You can now check if you can access your ldap server by typing:

ldapsearch -x -b dc=example,dc=com

Installing phpldapadmin

apt-get install phpldapadmin
ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin


Increase php memory limit

vi /etc/php5/apache2/php.ini

Find this line and change the memory limit to 64M;

memory_limit = 64M ; Maximum amount of memory a script may consume (16MB)

Restart apache;

/etc/init.d/apache2 restart

You can then browse to http://ldap.example.com/phpldapadmin

and login using admin:password

Once you have logged in, expand the tree & you should see something like this;

+--> dc=example,dc=com (1)
---> cn=admin
---> Create new entry here


Lets add some users and groups;

cd /usr/share/migrationtools/

We need to create the default migrationtools' config file "migrate_common.ph"

vi migrate_common.ph

and add the following parameters:

$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";


Create an ldif file with the details for our ou entries

vi ~/usergroup.ldif

dn: ou=users, dc=example, dc=com
ou: users
objectclass: organizationalUnit

dn: ou=groups, dc=example, dc=com
ou: groups
objectclass: organizationalUnit

Note: If you cut and paste from this guide, ensure that there are no whitespace chars at the end of the file.

Now that the user and group info is saved in your file, we can add it to the ldap server

ldapadd -x -W -D "cn=admin,dc=example,dc=com" -f ~/usergroup.ldif

Possible errors;
ldap_add: Invalid syntax (21)
additional info: objectclass: value #0 invalid per syntax


Probable cause;
If you copy/pasted the above then check for whitespace at the end of the users_group.ldif file. You will also need to remove the first entry (ou=users stanza) if it has already gone through before or you will get "already exists" and the script will halt before reaching the second entry

ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge


Probable cause;
You have used incorrect domain details. Make sure the uri setting in /etc/ldap.conf is correct and that the server is pingable.

Now, if you hit "refresh" in the phpldapadmin gui, you should see your Users and Groups ou's are there.

Of course you could have added those ou's using the clickety-clickety gui as well but I just wanted to show how stuff can be added via command line. Yes, yes, I know, I'm a cruel bastard.

So now we want to add a new test user to the ldap tree using the phpldapadmin gui, but first we need to create a group called "users" in the Groups ou.

Click on the Groups ou and click "Create a child entry". Select "Posix Group".

Call the group "users" with Group ID 100. Click "Save Changes" when done.

Next, create a user in the Users ou with the following details;

User: fred
Group: users
Password: password
Encryption: crypt


Note: When I do this, the drop down box does not list /bin/bash as an option for loginShell. If you click "Save" you get a second screen where it is possible to alter the loginShell parameter to use /bin/bash. This is less of an issue if your users just use GDM. I use crypt instead of md5. You can use md5 if you prefer but remember to change the encryption type when setting up client hosts to match.

Well, assuming everything is working up to this point, the server is ready to authenticate your users.

Let's go on and set up a client on Hardy or Lucid