I know, it seems obvious… but when you’ve got one of those stupid print jobs stuck in the queue and they won’t go away… using the services manager to restart the print spooler apparently a pretty effective remedy in many cases. More later if I find out anything less lame.
Archive for the ‘Computing’ Category
Windows Print Spooler Hangups
Wednesday, December 5th, 2007Oracle VM Manager on CentOS 5 i386 Install Notes
Saturday, November 17th, 2007So everybody knows by now that Oracle just jumped into the virtualization fray with their new Oracle VM product. If you’ve been under a rock, go to the oracle website to check it out. Given that I’m cheap and currently using VMWare’s free offering, I jumped at the chance to check out a supposedly ‘enterprise ready’ Xen implementation for free. The 1/3 the overhead claim is just gravy!
Anyway, as cool as Oracle Enterprise (Unbreakable?!) Linux may be, I’m running CentOS and am perfectly happy with it. Oracle VM wants a dedicated machine for the management station, which I can arrange for with a little tweaking. However, I build most of my machines up from ‘minimal’ installs. I read in the Oracle documentation that I would need libaio installed to make things go, which I did without any trouble.
However, I also needed to install the ‘bc’ package in order for the install script to work. I had to install the oracle XE .rpm by hand in order to figure this out. Note to Oracle. Get with the program and put a dependency on the ‘bc’ package! You’ll also need to install vixie-cron if you built up from minimum, as Oracle VM expects to be able to install a cron.d script.
In addition, it wasn’t entirely obvious from the documentation that’ll need a jdk installed. Well, you will. I’m using jdk-6u2-linux-i586.rpm, you can likely download it from java.sun.com.
Next, while the installer does tell you that the oc4jadmin default password is ‘oracle’, when I was asked for it I kept trying to use the passwords I’d already provided for all the other services. This didn’t work well, so bear in mind you’ll need to supply the ‘oracle’ default password at that state.
So, to recap:
yum install libaio vixie-cron bc
rpm -Uvh jdk-6u2-linux-i586.rpm
sh ./runInstaller.sh
Follow the prompts, remembering to supply 'oracle' as the oc4jadmin password.
Maybe this will save somebody the couple hours of messing around I wasted trying to get this to run! It does appear as if the install has completed, and I’m able to see the console, so look forward to an actual report soon.
LGA 775 Replacement Mounting Clips
Saturday, July 28th, 2007I’ve been trying to find these blasted mounting clips for the stock intel socket lga775 heatsink/fan units for the better part of the last month.
If you’ve ever tried to install them, or even worse, remove the heatsink after a not-perfect installation, you’ll know why I need replacements. They break easily! Well, after spending a few hours looking at complete new replacement heatsink units and noting that half of them use these pins in the first place, I renewed my search and finally found a forum post link directly to the intel site where they sell them in packs of 4!
Voila, Kit Fasteners for LGA775 fan heatsinks (set of 4)
Now, if only their store would work … grrrrrr.
So I’ve been following the Scobleizer every now and again via Google Reader, and he just won’t stop going off about facebook. I signed up a while back, but without a community and not finding anybody on there I knew, I gave it up. However, he’s right. Facebook applications are pretty darn cool, and might even motivate me to finish tweaking my blog and actually publish on a regular basis. The google reader application is cool at least. So, there you have it. Now if I could just find 1/2 as many people I know on facebook as I have found on MySpace I’ll be pleased!
Authenticating CentOS 4 against Win2k3 R2 Active Directory
Wednesday, July 18th, 2007Prescript: I wrote this over a month ago and still haven’t found an authoring plugin I like so it still looks terrible. See my next post and give me ideas or just call me lazy, thanks!
Based on http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
First, install windows 2003 R2 and install the identity management for unix option. Open control panel, select add remove programs, click add/remove windows components. It will grind a while and give you a list of possible services. You’ll need to expand ‘Active Directory Services’ and check the ‘Identify Management for Unix’ service. You will need to be in the schema admins group to do this.
In order to test, you’ll want go to the ‘Unix Attributes’ tab on a user and activate them as a unix user. You’ll need to pick a NIS domain (you’ll probably only have one if you haven’t done this before) and add a unix ID and home directory. Typically the default values will be fine to get you started.
Now, log into your unix machine. Make sure it can resolve the dns name of your active directory server(s).
Run authconfig.
Check [] Use LDAP
Check [] Use LDAP Authentication
Check [] Use Kerberos
Check [] Local authorization is sufficient
You can check [] Cache Information if you want. I wouldn’t until you know things work, as nscd can get out of sync with server and cause confusion.
Select [ Next ]
Enter your AD server dns name in the server. For example, adserver.corp.example.com
Enter your AD base DN in the Base DN field. For example, dc=corp,dc=example,dc=com
Select [ Next ]
Enter your local dns name, in ALL CAPS in the realm field. For example, corp.example.com.
Enter your server name:88 in the KDC field. For example adserver.corp.example.com:88
Enter your server name:749 in the admin server field. For example adserver.corp.example.com:749
Check [] Use DNS to resolve hosts to realms
Check [] Use DNS to locate KDCs for realms
Select [ Finish ]
Now a lot of things are set up, but of course we’re not quite done. We’ll need to add lines to /etc/ldap.conf in order to allow us to query ldap. Ideally, you’ll have created an account specifically for this purpose (Domain Users group seems to work). I use linux_auth but it truly doesn’t matter.
echo “binddn linux_auth@corp.example.com” >> /etc/ldap.conf
echo “bindpw secret” >> /etc/ldap.conf
you will also need to uncomment or add the RFC2307 AD mappings from the /etc/ldap.conf file. You can also just run this:
cat >> /etc/ldap.conf < <-ENDDOC # RFC 2307 (AD) mappings nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad ENDDOC
Test your config exactly like Scott’s directions say. Using your regular user account for the test should be fine. If you get the error kinit(5): KDC reply did not match expectations while getting initial credentials, it’s because you didn’t log in using the kerberos realm, which is in ALL CAPS! Scott’s directions aren’t real explicit about this and I spent a while figuring it out. Maybe you won’t have to.
kinit user@CORP.EXAMPLE.COM
It will ask for your password and should just return blank if it was successful. You can then use klist to check and see if you got a TGT.
getent passwd user
You’ll see something like this:
user:x:10000:10000:User:/home/user:/bin/sh
Now we’re almost done. We just need to use samba to join the computer to the domain. you’ll need the following in your smb.conf
workgroup = CORP security = ads realm = corp.example.com use kerberos keytab = true password server = adserver.corp.example.com
Then you need to destroy any old kerberos tickets
kdestroy
Then authorize kerberos with a domain admin account to join active directory
kinit Administrator@CORP.EXAMPLE.COM
Then finally join the domain
net ads join
That will grind for a little while and you’ll be all set. You should get something like this:
[root@vpc-dev0 ~]# net ads join
Using short domain name — CORP
Joined ‘VPC-DEV0′ to realm ‘CORP.EXAMPLE.COM’
Finally, you’ll need to get everybody home directories. I always use autofs, something like this:
echo /home /etc/auto.home >> /etc/auto.master echo * -rw,bg,intr,hard,rsize=32768,wsize=32768,tcp,vers=3 nfsserver:/vol/work/users_unix/& >> /etc/auto.home chkconfig autofs on service autofs start
So now the final test… try to log in with ssh!
Putty (windows ssh terminal) setup
Tuesday, June 5th, 2007I always forget the settings that get solid results connecting to my CentOS/Fedora systems under Putty. Here’s the whole nine yards, maybe someone else will be able to use ‘em as well.
Get putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. I use the installer.
Get puttycyg from http://web.gccaz.edu/~medgar/puttycyg/. Unpack the .exe files over your putty folder. This will be c:\program files (x86)\Putty if you use the installer on x64 windows. You’ll want to replace the originals.
Drag pageant.exe into your startup folder.
Download bitstream vera from http://ftp.gnome.org/pub/GNOME/sources/ttf-bitstream-vera/1.10/
Unpack the zipfile somewhere. Select all the .ttf files, right click, select install.
Start putty (you did make a quicklaunch icon, right?)
* Under keyboard, select ‘Linux’ under ‘The function keys and keypad’
* Under window, set lines of scrollback to something nice, like 10000
* Under appearance, change the font to BitSteam Sans Vera Mono, any size you like. I use 9.
* Under behavior, check ‘full screen on alt-enter’
* Under translaction set character set to UTF-8
* Under colors, adjust ANSI Blue to something like 100,100,255 (it’s too dark to read by default
* Under connection, set seconds between keepalives to 600
* Under connection-data, set terminal-type string to ‘linux’
* Under SSH-Auth, check ‘Allow Agent Forwarding’
Finally… go back to session, click ‘Default Settings’, and ‘Save’.
ASUS A7N8x Deluxe Linux (in)compatibility
Sunday, February 25th, 2007Continuing in the vein of ’stupid hardware problems’, this week I discovered that the ASUS A7N8x deluxe motherboard I’ve been trying to nurse along as the backbone of my MythTV PVR basically doesn’t play nicely with linux, period. Don’t ask me why I didn’t try searching the web a little harder before, since most of the threads I’ve referenced below are ancient. Basically there is something screwy with its ACPI implementation, SATA controller, and just about everything else.
The issues apparently come and go with varying kernel versions, although I’m sure many folks don’t notice them since they don’t put the machine under heavy load or try to use both ethernet ports. For instance, the 3com and nvidia ethernet controllers absolutely will not stay bound to the same ethX devices after a warm reboot. Disabling one or the other ethernet card in the BIOS eliminates this problem fairly effectively.
Secondly, the machine crashes consistently under heavy I/O load. Sometimes it takes an hour, other times copying a video file from one drive to another will crash it immediately.
I’ve got it running with only a few crashes per week under FC5 by using the following kernel line
kernel /vmlinuz-2.6.18-1.2257.fc5 ro root=/dev/hda2 rhgb acpi=off noapic nolapic.
I’ve not yet tried an FC6 era kernel, but at this point since the general consensus is that the board runs windows reliably, I think I’m going to try and do some shuffling in order to make using windows on it a possibility.
References:
- http://web.archive.org/web/20040117183728/http://attila.stevens-tech.edu/~dkopko/a7n8x.txt
- http://www.nvnews.net/vbulletin/showthread.php?t=6946
- http://lkml.org/lkml/2003/11/11/217
RAZR v3c disables ring style selection when closed
Monday, December 11th, 2006Edit January 7: See bottom of post.
Every person I’ve talked to with a RAZR seems to have this problem, and nobody has known how to fix it. You know what I’m talking about! You put the phone on ‘vibrate’ and stick it in your pocket, confident that when that important phone call comes in you’ll know. 3 hours pass by and nothing happens, and you pull the phone out of your pocket only to find out that it’s now on ’silent’ and you have 5 missed calls! WTF!
Well, here’s a really easy and 99% functional solution. It’s so simple it pains me that I never poked into the menus far enough to find it, but alas I was too lazy to figure out the default unlock code. As it turns out, you can lock any individual application to use require an unlock code before use. Enabling this feature for the ‘ringtone selection’ application will make it ask for your passcode every time that stupid side button gets pressed in your pocket. Since the phone is closed… no more accidental switches to silent!
On my phone, the default unlock code was 1234. I’ve also read it can be the last four digits of your phone number or 0000, so try all three. To disable the feature, open the phone. Click the center (”menu”?) button. Select Settings. Select 4. Security. Select ‘Lock Application’. At this point it will ask for your unlock code. Bang stuff in here starting with 1234 until you get in. If you can’t, get your provider to fix it for you. Scroll down the list to ‘Ring Styles’ and use the right arrow to change from ‘Unlocked’ to ‘Locked’. Voila!
Bear in mind you will have to enter your unlock code to change the ring style now, even if the phone is open, so it isn’t really the ideal fix. Resetting the unlock code to 0000 makes this just a bit less painful. You can reset your unlock code using the ‘New Passwords’ selection under 4. Security and selecting ‘Unlock Code’.
For those who care, here’s where I found this info [thread about v3c ringstyle lock](http://www.howardforums.com/showthread.php?t=843301) and
[thread about v3c unlock codes](http://www.wifi-forum.com/wf/showthread.php?p=377669). As a point of reference, I have an [Alltel](http://www.alltel.com) v3c running bone stock, but supposedly most (all?) RAZR variants are susceptible to this trick.
For those who don’t like keying in the unlock code to change ring styles, I’d love to hear of a way to just allow me to remap those outside buttons to something more useful or nothing at all, but haven’t found anything so far. Prove me wrong!
Edit January 2, 2007:
So I found the fly in the ointment. The problem is that the phone pops up the ‘enter unlock code’ screen whenever you bump a button, and along with it turns on the backlight! and never turns it off! Nice work Motorola =/.
WatchGuard Core x750e first impressions
Friday, December 8th, 2006So I finally got my WatchGuard eval unit. 2 months after I would have liked, but c’est la vie, I guess they had some employee turnover over there and my box got lost in the shuffle. Upon opening the box, everything looks very nice, and yes, its all red, and very cute looking. Turning it on, however, the LCD screen just says ‘Booting OS …’ and never makes it farther… Not a great sign.
There is, however a yellow sticker on top that says I have to install Fireware Appliance Software on the device, and that I must hold down the up arrow on the front while turning it on. This I can do. So I do. And the box just says ‘Booting OS …’ and never makes it further. So it’s time to get all sorta of ninja-hacker-style on it’s ass.
I plug in the included serial console cable, install [tutty](http://putty.dwalin.ru/) on my newly vistafied workstation and fiddle around until I determine that the watchguard is using 115200,n,8,1. This is what I see:
Press any key to continue.
So good little monkey that I am, I smash the spacebar a few times, and get this
+-------------------------------------------------------------------------+
| Red Hat Linux (2.4.26-wgrd) |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
+-------------------------------------------------------------------------+
Use the ^ and v keys to select which entry is highlighted.
Press enter to boot the selected OS, 'e' to edit the
commands before booting, 'a' to modify the kernel arguments
before booting, or 'c' for a command-line.
GRUB version 0.93 (638K lower / 515072K upper memory)
[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
Ok, so they're running a redhat variant. Well, I knew this was a linux based product, and I know redhat, so in general this is good news. 15 seconds later, grub times out and I see this:
Booting 'Red Hat Linux (2.4.26-wgrd)'
root (hd0,2)
Filesystem type is ext2fs, partition type 0x83
kernel /boot/bzImage ro root=/dev/hda3 console=ttyS0,115200 ramdisk_size=256000
ide=nodma
Error 15: File not found
Press any key to continue...
Uh ok. So this isn't such great news. Getting really fancy and setting the boot loader to boot (hd0,0)/bzImage gives me this:
Pretty standard linux boot spam, but it looks like perhaps we've got a bad CF disk, given the seek errors. The real kicker is that punching the serial number from the back of the box into the 'activate online' page of the WatchGuard website is utterly unsuccessful as well.
In its defense, the red box is at least as good looking as I imagined it, and it IS exactly the solid state Linux 1u rackmount with a lot of Ethernet interfaces i've been looking for. Unfortunately, $3000 + service contracts is an awful lot of money for a cute box with software that doesn't work!
Update 2006-12-10
I spent too much of my weekend poking around with this and posting on the [WatchGuard forum](http://forum.watchguard.com), but I'm pretty convinced that this machine is just DOA. I can't get link lights on any of the Ethernet interfaces (sort of a show stopper for a firewall), and in addition the compact flash card doesn't seem to be loaded with the rescue image, let alone a full firewall OS. I was at least able to get onto the livesecurity website, turns out I'd transposed two digits of the serial number while reading it leaning over the firewall, and caught it when I recopied it from the box.
Being able to get on the website means I was able to get the software, and found out that it requires an explorer extension to complete the installer, which means it won't finish installing on xp64 or vista64. None of it seemed to want to run on vista either, but putting it into compatability mode seems to bring it to the same point as xp, meaning it won't finish installing because I can't activate the toolbar in a way it can find it since it installs into 32 bit explorer. The good news is that the important parts of the install do seem to have completed, at least all the files are on the disk. I was able to try to use fbxinstall to reinstall my CF image, but apparently that does'nt work on the e-series boxes, so I don't know if it failed due to bum hardware or not. Maybe its just me, but it seems making your installer dependent on activating a shell extension, for a firewall product of all things, seems like some dumb decision making.
I've opened a support ticket and started some dialog, but I'm not holding a lot of hope that I'll actually get a replacement unit in here in time to have it usable over the holidays. The responses I've gotten to my post on the forums indicate that the general user base of these boxes, 'experts' included, doesn't really have a clue what the underpinnings of the system look like, which is I guess for the most part a good thing. It does, however, tend to reduce the usefulness of their responses to my questions. DOA units also seems to be outside the radar of the average forum denizen, so I'm hoping my box is an isolated case. It does start making HA failover look pretty nice though.
Update 2006-12-11
I got a call from a 'fixer' at WatchGuard who has arranged for me to get a new unit overnighted. He concurs with my assessment that the unit is very much DoA. Kudo's to my sales guy and watchguard for stepping up on this one, I'm awaiting a functional unit with baited breath!
Cisco 7960 buggy SIP firmware rev. 7.5
Sunday, November 5th, 2006I’ve been getting intermittent complaints recently that our Cisco 7960 phones are refusing to work and displaying an ‘XML Parse Error’. In inability to transfer calls seems also to be part of the equation. Well, I’ve never had the problem myself and didn’t see anything necessarily wrong with the phones or the setup so I’ve been ignoring it for the most part since power cycling the phone seems to resolve the problem for a while. Recently however we have changed our incoming caller pattern to go through a receptionist in all cases, and she’s been having the problem very consistently. Well, it turns out the problem is a deficiency in Cisco’s SIP implementation. Lots more details are available at