Authenticating CentOS 4 against Win2k3 R2 Active Directory

Posted on July 18, 2007 by erik

Prescript: I wrote this over a month ago and still haven’t found an authoring plugin I like so it still looks terrible. See my next post and give me ideas or just call me lazy, thanks!

Based on http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/

First, install windows 2003 R2 and install the identity management for unix option. Open control panel, select add remove programs, click add/remove windows components. It will grind a while and give you a list of possible services. You’ll need to expand ‘Active Directory Services’ and check the ‘Identify Management for Unix’ service. You will need to be in the schema admins group to do this.

In order to test, you’ll want go to the ‘Unix Attributes’ tab on a user and activate them as a unix user. You’ll need to pick a NIS domain (you’ll probably only have one if you haven’t done this before) and add a unix ID and home directory. Typically the default values will be fine to get you started.

Now, log into your unix machine. Make sure it can resolve the dns name of your active directory server(s).

Run authconfig.

Check [] Use LDAP
Check [] Use LDAP Authentication
Check [] Use Kerberos
Check [] Local authorization is sufficient

You can check [] Cache Information if you want. I wouldn’t until you know things work, as nscd can get out of sync with server and cause confusion.

Select [ Next ]

Enter your AD server dns name in the server. For example, adserver.corp.example.com
Enter your AD base DN in the Base DN field. For example, dc=corp,dc=example,dc=com

Select [ Next ]

Enter your local dns name, in ALL CAPS in the realm field. For example, corp.example.com.
Enter your server name:88 in the KDC field. For example adserver.corp.example.com:88
Enter your server name:749 in the admin server field. For example adserver.corp.example.com:749
Check [] Use DNS to resolve hosts to realms
Check [] Use DNS to locate KDCs for realms

Select [ Finish ]

Now a lot of things are set up, but of course we’re not quite done. We’ll need to add lines to /etc/ldap.conf in order to allow us to query ldap. Ideally, you’ll have created an account specifically for this purpose (Domain Users group seems to work). I use linux_auth but it truly doesn’t matter.

echo “binddn linux_auth@corp.example.com” >> /etc/ldap.conf
echo “bindpw secret” >> /etc/ldap.conf

you will also need to uncomment or add the RFC2307 AD mappings from the /etc/ldap.conf file. You can also just run this:

cat >> /etc/ldap.conf < <-ENDDOC
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
ENDDOC

Test your config exactly like Scott's directions say. Using your regular user account for the test should be fine. If you get the error kinit(5): KDC reply did not match expectations while getting initial credentials, it's because you didn't log in using the kerberos realm, which is in ALL CAPS! Scott's directions aren't real explicit about this and I spent a while figuring it out. Maybe you won't have to.

kinit user@CORP.EXAMPLE.COM

It will ask for your password and should just return blank if it was successful. You can then use klist to check and see if you got a TGT.

getent passwd user

You'll see something like this:

user:x:10000:10000:User:/home/user:/bin/sh

Now we're almost done. We just need to use samba to join the computer to the domain. you'll need the following in your smb.conf

  workgroup = CORP
  security = ads
  realm = corp.example.com
  use kerberos keytab = true
  password server = adserver.corp.example.com

Then you need to destroy any old kerberos tickets

kdestroy

Then authorize kerberos with a domain admin account to join active directory

kinit Administrator@CORP.EXAMPLE.COM

Then finally join the domain

net ads join

That will grind for a little while and you’ll be all set. You should get something like this:

[root@vpc-dev0 ~]# net ads join
Using short domain name — CORP
Joined ‘VPC-DEV0′ to realm ‘CORP.EXAMPLE.COM’

Finally, you’ll need to get everybody home directories. I always use autofs, something like this:

echo /home /etc/auto.home >> /etc/auto.master
echo *       -rw,bg,intr,hard,rsize=32768,wsize=32768,tcp,vers=3       nfsserver:/vol/work/users_unix/& >> /etc/auto.home
chkconfig autofs on
service autofs start

So now the final test… try to log in with ssh!

Posted in Computing, Sysadmin | Leave a comment

Putty (windows ssh terminal) setup

Posted on June 5, 2007 by erik

I always forget the settings that get solid results connecting to my CentOS/Fedora systems under Putty. Here’s the whole nine yards, maybe someone else will be able to use ‘em as well.

Get putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. I use the installer.

Get puttycyg from http://web.gccaz.edu/~medgar/puttycyg/. Unpack the .exe files over your putty folder. This will be c:\program files (x86)\Putty if you use the installer on x64 windows. You’ll want to replace the originals.

Drag pageant.exe into your startup folder.

Download bitstream vera from http://ftp.gnome.org/pub/GNOME/sources/ttf-bitstream-vera/1.10/

Unpack the zipfile somewhere. Select all the .ttf files, right click, select install.

Start putty (you did make a quicklaunch icon, right?)

* Under keyboard, select ‘Linux’ under ‘The function keys and keypad’
* Under window, set lines of scrollback to something nice, like 10000
* Under appearance, change the font to BitSteam Sans Vera Mono, any size you like. I use 9.
* Under behavior, check ‘full screen on alt-enter’
* Under translaction set character set to UTF-8
* Under colors, adjust ANSI Blue to something like 100,100,255 (it’s too dark to read by default
* Under connection, set seconds between keepalives to 600
* Under connection-data, set terminal-type string to ‘linux’
* Under SSH-Auth, check ‘Allow Agent Forwarding’

Finally… go back to session, click ‘Default Settings’, and ‘Save’.

Posted in Tweaks | Leave a comment

ASUS A7N8x Deluxe Linux (in)compatibility

Posted on February 25, 2007 by erik

Continuing in the vein of ‘stupid hardware problems’, this week I discovered that the ASUS A7N8x deluxe motherboard I’ve been trying to nurse along as the backbone of my MythTV PVR basically doesn’t play nicely with linux, period. Don’t ask me why I didn’t try searching the web a little harder before, since most of the threads I’ve referenced below are ancient. Basically there is something screwy with its ACPI implementation, SATA controller, and just about everything else.

The issues apparently come and go with varying kernel versions, although I’m sure many folks don’t notice them since they don’t put the machine under heavy load or try to use both ethernet ports. For instance, the 3com and nvidia ethernet controllers absolutely will not stay bound to the same ethX devices after a warm reboot. Disabling one or the other ethernet card in the BIOS eliminates this problem fairly effectively.

Secondly, the machine crashes consistently under heavy I/O load. Sometimes it takes an hour, other times copying a video file from one drive to another will crash it immediately.

I’ve got it running with only a few crashes per week under FC5 by using the following kernel line

kernel /vmlinuz-2.6.18-1.2257.fc5 ro root=/dev/hda2 rhgb acpi=off noapic nolapic.

I’ve not yet tried an FC6 era kernel, but at this point since the general consensus is that the board runs windows reliably, I think I’m going to try and do some shuffling in order to make using windows on it a possibility.

References:

  • http://web.archive.org/web/20040117183728/http://attila.stevens-tech.edu/~dkopko/a7n8x.txt
  • http://www.nvnews.net/vbulletin/showthread.php?t=6946
  • http://lkml.org/lkml/2003/11/11/217
Posted in Hardware, HTPC | Leave a comment

Tyan Thunder K8W (s2885) Compatibility Notes

Posted on February 25, 2007 by erik

For some reason in the last 2 weeks I’ve been confronted with resolutions to a couple of ‘in-your-face’ long term compatibility problems. What is particularly annoying is that I’ve had the hardware in question for the better part of 3 years and just placed blame elsewhere. In any case, I’m just throwing this out there in case anyone is searching the web the way I was. Basically, the Tyan s2885 (Thunder k8w) dual opteron board has a buggy AGP chipset and/or windows drivers. I’ve had intermittent problems with various video cards culminating in purchasing a brand new Geforce 6800XT just so I could run Windows Vista with Aero enabled. I installed Vista just fine, and tried to boot it up for the first time, and the machine hung EVERY time it tried to enable Aero during the login. No amount of tweaking was able to get past the login screen.

A coworker of mine with the same machine had the exact same problem with Vista. After reinstalling back down to windows XP, he’s getting intermittent screen freezes throughout the day. I seem to only get them when I try to activate the intellimouse ‘zoom’ feature it so helpfully bound to my mouse button directly under my pinkie. Trying to start directX games will keel the machine over immediately as well.

Lending credence to the problem being in the chipset itself, last time I tried to run a linux desktop with FC5 or CentOS 4 I was basically unable to use it effectively due to screen lockups. At the time I was inclined to blame the x.org drivers for my video card. In any case, hopefully this saves some poor soul an hour or two of troubleshooting an intermittent display lockup problem.

Posted in Uncategorized | Leave a comment

Alltel Data Tethering with RAZR v3c

Posted on December 15, 2006 by erik

I’ve got a RAZR v3c and alltel, and have enjoyed the prevalent 1xRTT data tethering for the last year or so whenever I’m out and about, even in the car. However, recently I upgraded my laptop and lost the configuration settings, and forgot the specific details. As of today, the needed settings are as follows:

Phone Number: #777
Username: nxxnxxxxx@alltel.com
Password: alltel

where nxxnxxxxxx is your Alltel mobile number.

Also, for ease of reference, heres the skinny on Alltel data plans,
from the [Howardforums Alltel Data Thread](http://www.howardforums.com/showthread.php?t=1026028)

SPEEDS
1XRTT: Gives you about 100k down speed and is supported by all phones and running in most areas

EV-DO: Gives you about 500k down speed and is currently supported by only some models, this speed is only available in some places but is rapidly expanding and is indicated by a EV icon next to the signal strength on your handset
QNC: Gives you about 10k down speed and is supported by all phones but this is being discontinued in some areas

PLANS
FST1: This allows unlimited 1xrtt and evdo data usage for anything you want and minutes are used just as they are in a phone call (so that means ulimited on nights and weekends!). You must have this on your plan/account for 1xrtt or evdo to work at all, it comes on most but if you do not have this it can be added for free with a call to *611

Axcess My Mins: This gives you unlimited 1xrtt and evdo when it is used for on-phone axcess services (sorry, no dialup allowed on this plan) and it does not use your minutes and is for normal handsets only. Cost: $10/month per line

Axcess Data Connection: This gives you unlimited 1xrtt and evdo for anything you want without using your mnutes and is only for normal handsets. Cost: $25/month per line

Smartphone: This gives unlimited 1xrtt and evdo to smartphones only for anything you want without using your minutes. Cost: $30/month per line

Axcess National Unlimited: This gives you unlimited 1xrtt and evdo for your PC card. Cost: $80/month per line, $60/month per line if you already have a current voice plan

NO DATA IS CHARGED PER KILOBYTE!

I’ve had FST1 on my phone for over a year, and have had great luck just using data against my minutes, and for my usage pattern its absolutely perfect. Usually, I’m just on 1xRTT which usually ends up giving around 128kbps, which makes for a pretty decent web browsing experience. Ping times to the office under 400ms under PPTP makes for reasonably usable ssh sessions, but really slow RDS.

Today, however, I’m connected using EVDO in ohio, which appears to be able to saturate my ‘Motorala USB Modem’s 1Mbit maximum serial connection speed downloading. I was able to get 128kB/sec downloading the Python 2.5 installer for windows, which is pretty darn impressive for a cell phone connection in my book. I’m getting consistent sub 200ms pings under PPTP also, which is resulting in darn near usable RDS sessions.

Posted in Uncategorized | Leave a comment

RAZR v3c disables ring style selection when closed

Posted on December 11, 2006 by erik

Edit January 7: See bottom of post.

Every person I’ve talked to with a RAZR seems to have this problem, and nobody has known how to fix it. You know what I’m talking about! You put the phone on ‘vibrate’ and stick it in your pocket, confident that when that important phone call comes in you’ll know. 3 hours pass by and nothing happens, and you pull the phone out of your pocket only to find out that it’s now on ‘silent’ and you have 5 missed calls! WTF!

Well, here’s a really easy and 99% functional solution. It’s so simple it pains me that I never poked into the menus far enough to find it, but alas I was too lazy to figure out the default unlock code. As it turns out, you can lock any individual application to use require an unlock code before use. Enabling this feature for the ‘ringtone selection’ application will make it ask for your passcode every time that stupid side button gets pressed in your pocket. Since the phone is closed… no more accidental switches to silent!

On my phone, the default unlock code was 1234. I’ve also read it can be the last four digits of your phone number or 0000, so try all three. To disable the feature, open the phone. Click the center (“menu”?) button. Select Settings. Select 4. Security. Select ‘Lock Application’. At this point it will ask for your unlock code. Bang stuff in here starting with 1234 until you get in. If you can’t, get your provider to fix it for you. Scroll down the list to ‘Ring Styles’ and use the right arrow to change from ‘Unlocked’ to ‘Locked’. Voila!

Bear in mind you will have to enter your unlock code to change the ring style now, even if the phone is open, so it isn’t really the ideal fix. Resetting the unlock code to 0000 makes this just a bit less painful. You can reset your unlock code using the ‘New Passwords’ selection under 4. Security and selecting ‘Unlock Code’.

For those who care, here’s where I found this info [thread about v3c ringstyle lock](http://www.howardforums.com/showthread.php?t=843301) and
[thread about v3c unlock codes](http://www.wifi-forum.com/wf/showthread.php?p=377669). As a point of reference, I have an [Alltel](http://www.alltel.com) v3c running bone stock, but supposedly most (all?) RAZR variants are susceptible to this trick.

For those who don’t like keying in the unlock code to change ring styles, I’d love to hear of a way to just allow me to remap those outside buttons to something more useful or nothing at all, but haven’t found anything so far. Prove me wrong!

Edit January 2, 2007:
So I found the fly in the ointment. The problem is that the phone pops up the ‘enter unlock code’ screen whenever you bump a button, and along with it turns on the backlight! and never turns it off! Nice work Motorola =/.

Posted in Tweaks | Leave a comment

WatchGuard Core x750e first impressions

Posted on December 8, 2006 by erik

So I finally got my WatchGuard eval unit. 2 months after I would have liked, but c’est la vie, I guess they had some employee turnover over there and my box got lost in the shuffle. Upon opening the box, everything looks very nice, and yes, its all red, and very cute looking. Turning it on, however, the LCD screen just says ‘Booting OS …’ and never makes it farther… Not a great sign.

There is, however a yellow sticker on top that says I have to install Fireware Appliance Software on the device, and that I must hold down the up arrow on the front while turning it on. This I can do. So I do. And the box just says ‘Booting OS …’ and never makes it further. So it’s time to get all sorta of ninja-hacker-style on it’s ass.

I plug in the included serial console cable, install [tutty](http://putty.dwalin.ru/) on my newly vistafied workstation and fiddle around until I determine that the watchguard is using 115200,n,8,1. This is what I see:


Press any key to continue.

So good little monkey that I am, I smash the spacebar a few times, and get this


 +-------------------------------------------------------------------------+
 | Red Hat Linux (2.4.26-wgrd)                                             |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 +-------------------------------------------------------------------------+
      Use the ^ and v keys to select which entry is highlighted.
      Press enter to boot the selected OS, 'e' to edit the
      commands before booting, 'a' to modify the kernel arguments
      before booting, or 'c' for a command-line.

    GRUB  version 0.93  (638K lower / 515072K upper memory)

 [ Minimal BASH-like line editing is supported.  For the first word, TAB
   lists possible command completions.  Anywhere else TAB lists the possible

Ok, so they're running a redhat variant. Well, I knew this was a linux based product, and I know redhat, so in general this is good news. 15 seconds later, grub times out and I see this:


  Booting 'Red Hat Linux (2.4.26-wgrd)'

root (hd0,2)
 Filesystem type is ext2fs, partition type 0x83
kernel /boot/bzImage ro root=/dev/hda3 console=ttyS0,115200 ramdisk_size=256000
 ide=nodma

Error 15: File not found

Press any key to continue...

Uh ok. So this isn't such great news. Getting really fancy and setting the boot loader to boot (hd0,0)/bzImage gives me this:

Pretty standard linux boot spam, but it looks like perhaps we've got a bad CF disk, given the seek errors. The real kicker is that punching the serial number from the back of the box into the 'activate online' page of the WatchGuard website is utterly unsuccessful as well.

In its defense, the red box is at least as good looking as I imagined it, and it IS exactly the solid state Linux 1u rackmount with a lot of Ethernet interfaces i've been looking for. Unfortunately, $3000 + service contracts is an awful lot of money for a cute box with software that doesn't work!

Update 2006-12-10

I spent too much of my weekend poking around with this and posting on the [WatchGuard forum](http://forum.watchguard.com), but I'm pretty convinced that this machine is just DOA. I can't get link lights on any of the Ethernet interfaces (sort of a show stopper for a firewall), and in addition the compact flash card doesn't seem to be loaded with the rescue image, let alone a full firewall OS. I was at least able to get onto the livesecurity website, turns out I'd transposed two digits of the serial number while reading it leaning over the firewall, and caught it when I recopied it from the box.

Being able to get on the website means I was able to get the software, and found out that it requires an explorer extension to complete the installer, which means it won't finish installing on xp64 or vista64. None of it seemed to want to run on vista either, but putting it into compatability mode seems to bring it to the same point as xp, meaning it won't finish installing because I can't activate the toolbar in a way it can find it since it installs into 32 bit explorer. The good news is that the important parts of the install do seem to have completed, at least all the files are on the disk. I was able to try to use fbxinstall to reinstall my CF image, but apparently that does'nt work on the e-series boxes, so I don't know if it failed due to bum hardware or not. Maybe its just me, but it seems making your installer dependent on activating a shell extension, for a firewall product of all things, seems like some dumb decision making.

I've opened a support ticket and started some dialog, but I'm not holding a lot of hope that I'll actually get a replacement unit in here in time to have it usable over the holidays. The responses I've gotten to my post on the forums indicate that the general user base of these boxes, 'experts' included, doesn't really have a clue what the underpinnings of the system look like, which is I guess for the most part a good thing. It does, however, tend to reduce the usefulness of their responses to my questions. DOA units also seems to be outside the radar of the average forum denizen, so I'm hoping my box is an isolated case. It does start making HA failover look pretty nice though.

Update 2006-12-11

I got a call from a 'fixer' at WatchGuard who has arranged for me to get a new unit overnighted. He concurs with my assessment that the unit is very much DoA. Kudo's to my sales guy and watchguard for stepping up on this one, I'm awaiting a functional unit with baited breath!

Posted in Hardware, Netadmin | Leave a comment

Cisco 7960 buggy SIP firmware rev. 7.5

Posted on November 5, 2006 by erik

I’ve been getting intermittent complaints recently that our Cisco 7960 phones are refusing to work and displaying an ‘XML Parse Error’. In inability to transfer calls seems also to be part of the equation. Well, I’ve never had the problem myself and didn’t see anything necessarily wrong with the phones or the setup so I’ve been ignoring it for the most part since power cycling the phone seems to resolve the problem for a while. Recently however we have changed our incoming caller pattern to go through a receptionist in all cases, and she’s been having the problem very consistently. Well, it turns out the problem is a deficiency in Cisco’s SIP implementation. Lots more details are available at , but apparently downgrading to revision 7.4 solves the problem. I have no idea if the bug persists in newer (8.x) versions or not.

Posted in VOIP | Leave a comment

Fedora Core 5 ATI driver with theater_out tv support

Posted on November 5, 2006 by erik

I have a radeon 9200 video card in my HTPC, since when I bought it all the HTPC enthusiasts over at seemed to think ATI was better for tv output. I also wanted the possibility of using a component adapter cable (which I never bought). For years I’ve been happily using the ATI proprietary FGLRX drivers under linux to drive my Toshiba 27″ TV with an svideo cable. Alas, all good things come to an end. Xorg 7.0 came along with my Fedora Core 5 and MythTV 0.20 upgrade, and with it came FGLRX breakage. Or to be precise, along with it came an FGLRX upgrade.

After entirely too much digging, I discovered that versions of FGLRX greater than 0.20 have broken XV scaling. No, it doesn’t appear to be documented anywhere at ATI, but what happens is the video only uses part of the screen and appears to be clipped out of the top left corner of the frame. I fought with it for an hour or two thinking I was just drawing offscreen or something, but eventually realized it wasn’t happening.

Finally I gave up and just left XV disabled entirely, which seems to be ok for recorded TV, but DVD playback is noticeably choppy. In both cases CPU usage is well over 50% (most of it being eaten by the X server) on my Athlon XP 2500+, which is ludicrous.

In any case, the poor performance drove me to look for other options. The default ati driver included with x.org unfortunately doesn’t include any tv output support, but the gatos driver folks do support it, so I built up a new version of the latest ATI driver with their patch applied and lo and behold it works! Kudo’s to the fedora x.org packagers for splitting out the drivers so nicely. Here’s a patch against the most recent fc5 ati driver specfile.


--- SPECS/xorg-x11-drv-ati.spec 2006-04-25 21:22:36.000000000 -0400
+++ SPECS/xorg-x11-drv-ati-theater_out.spec     2006-11-05 15:56:11.000000000 -0500
@@ -13,7 +13,7 @@
 Summary:   Xorg X11 ati video driver
 Name:      xorg-x11-drv-ati
 Version:   6.5.8.0
-Release:   1
+Release:   1.theater_out
 URL:       http://www.x.org
 License:   MIT/X11
 Group:     User Interface/X Hardware Support
@@ -24,6 +24,8 @@
 Source2:   r128.xinf
 Source3:   radeon.xinf
 Patch0:    xorg-x11-drv-ati-6.5.7.3-radeon-metamodes-SEGV-fix.patch
+#Patch1:          xorg7-6.5.8.0-tv_output.patch.gz
+Patch1:           http://megahurts.dk/rune/stuff/xorg7-6.5.8.0-tv_output.patch.gz

 ExclusiveArch: %{ix86} x86_64 ia64 ppc alpha sparc sparc64

@@ -42,6 +44,7 @@
 %prep
 %setup -q -n %{tarball}-%{version}
 #%patch0 -p2 -b .radeon-metamodes-SEGV-fix
+%patch1 -p1 -b .theater_out

 %build
 %configure --disable-static
@@ -79,12 +82,16 @@
 %{moduledir}/multimedia/theatre200_drv.so
 %{moduledir}/multimedia/theatre_detect_drv.so
 %{moduledir}/multimedia/theatre_drv.so
+%{moduledir}/multimedia/theater_out_drv.so
 #%dir %{_mandir}/man4x
 %{_mandir}/man4/ati.4*
 %{_mandir}/man4/r128.4*
 %{_mandir}/man4/radeon.4*

 %changelog
+* Sat Nov 04 2006 Erik LaBianca  6.5.8.0-1.theater_out
+- Added gatos theater out patch
+
 * Tue Apr 25 2006 Adam Jackson  6.5.8.0-1
 - Updated to stable branch release from upstream.

The relevant sections of the xorg.conf file needed to make this go are here:


Section "Monitor"
        Option "DPMS"
        HorizSync    30.0 - 40.0
        VertRefresh  60
        Identifier   "Monitor0"
EndSection

Section "Device"
        Driver      "ati"
        Option      "IgnoreEDID" "True"
        Option      "TVOutput" "NTSC"
        Option      "MonitorLayout" "AUTO, NONE"
        Identifier  "ATI Graphics Adapter"
        BusID       "PCI:3:0:0"
EndSection

Section "Screen"
        Identifier "Screen0"
        Device     "ATI Graphics Adapter"
        Monitor    "Monitor0"
        DefaultDepth     24
        SubSection "Display"
                Viewport   0 0
                Depth     24
                Modes    "800x600"
        EndSubSection
EndSection

This all does indeed work, and reasonably well. My picture isn’t perfectly centered, and the UI screens in Myth have a bit of flicker, but it does work, and is even open source, so I’m pretty happy with the change. I’m not sure of the licensing implications of actually distributing an x.org binary with a gpl patch included, so I’m not posting the RPMS here directly.

Posted in HTPC | Leave a comment

IVTV Autoloading on Fedora Core 5

Posted on November 5, 2006 by erik

My MythTV system has been in place for several years now, and has seen many versions of Fedora. Ensuring the IVTV modules were loaded correctly after a system restart has always been a bit of a black art, however, and with Fedora Core 5 this seems to be no less of an exception. However, I think I have got it partially figured out, so here it is.

First things first. Modern 2.6 linux kernels apparently fully support hardware autodetection. I understand that to mean you aren’t support to need to manually (or in a script) modprobe ivtv nor should you have to explicitly put any configuration into modprobe.conf. If your IVTV kernel modules are installed correctly, it’s supposed to be automatically detected, and then udev is supposed to create the relevant devices for you. This is working for me, however changing the permissions on video devices in /etc/udev/rules.d/50-udev.rules isn’t working. I tried to use this line to do it, but it appears to be ignored in general. 


KERNEL=="video*",               MODE="0666"

The default is 0660 and I get this:


crw------- 1 mythtv root 81, 0 Nov  4 15:16 /dev/video0

My guess is that ivtv doesn’t play nice with udev, or I just don’t know enough about udev to use it effectively. I did find some good udev documentation so perhaps I’ll figure it out eventually.

Regardless, on my frontend system I also need my hauppauge pvr-250 remove receiver to work, and this is where things got sticky. I had some settings in place for Fedora Core 3 from Jarrod’s guide trying to preload lirc-i2c before loading ivtv which were hanging up on startup, so I had commented them out. That was allowing ivtv to load, but my remote didn’t work. A quick hack to those lines fixed the problem, however. It appears as if nowadays ivtv wants to load first, and then have lirc_i2c stuff in on top, so this seems to work well.


cat > /etc/modprobe.d/ivtv.conf <<-EOF
install ivtv /sbin/modprobe --first-time --ignore-install ivtv; \
    { /sbin/modprobe lirc_dev; /sbin/modprobe lirc_i2c; }
EOF
Posted in HTPC | Leave a comment