Wednesday, January 31, 2007

US Daylight Saving Time 2007

In North America, Daylight Saving Time is coming a few weeks early. You may need to update your computer to deal with it.

If your Linux is up to date then it's probably ready. Best way of testing that I have found is:

zdump -v /etc/localtime | grep 2007


and the output should look like this:

/etc/localtime Sun Mar 11 07:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 CST isdst=0 gmtoff=-21600
/etc/localtime Sun Mar 11 08:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 CDT isdst=1 gmtoff=-18000
/etc/localtime Sun Nov 4 06:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 CDT isdst=1 gmtoff=-18000
/etc/localtime Sun Nov 4 07:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 CST isdst=0 gmtoff=-21600

If not, then I suggest that you go read this thread.




Tuesday, January 23, 2007

Setting up Sun Rays on Solaris 10

I am committing a bunch of notes to blog. Somebody, somewhere may find this useful, and they won't find it if it's locked away in my $HOME.

  1. Install Solaris 10

  2. Apply latest cluster patch

  3. Install latest PC/SC SRCOM Bypass package (available to download from the Sun download Center http://www.sun.com/download/products.xml?id=42c5d3d9 ). This was not obvious in the supplied installation documentation. This must be installed for smartcards and hot-desking to work. This is only required for Solaris 10.

  4. download and unzip the latest Sun Ray Server Software from http://www.sun.com/software/sunray/getit.jsp

  5. run srss3.1/utinstall – this will install the software

  6. reboot

  7. connect up Sun Ray DTU's

  8. It seems that if you only have one NIC on your server box then you can only do a shared network configuration. So run: /opt/SUNWut/sbin/utadm -A

  9. The defaults values looked incomplete to me, so I suggest not accepting them. Instead, go through all the questions and answer them with the correct information.

bash-3.00# ./utadm -A bge0 Error: unable to resolve network name: "bge0"
bash-3.00# ./utadm -A 192.168.1.0
### Configuring /etc/nsswitch.conf
### Configuring Service information for Sun Ray
### Disabling Routing
Selected values for subnetwork "192.168.1.0"
net mask: 255.255.255.0
no IP addresses offered
auth server list: 192.168.1.10
firmware server: 192.168.1.10
Accept as is? ([Y]/N): n
netmask: 255.255.255.0 (cannot be changed - system defined netmask)
Do you want to offer IP addresses for this subnet? (Y/[N]): y
new first Sun Ray address: [192.168.1.245] 192.168.1.100
number of Sun Ray addresses to allocate: [155] 10
auth server list: 192.168.1.10
To read auth server list from file, enter file name:
Auth server IP address (enter to end list): 192.168.1.10
Auth server IP address (enter to end list):
If no server in the auth server list responds,
should an auth server be located by broadcasting on the network? ([Y]/N):
new firmware server: [192.168.1.10]
new router: [192.168.1.1]
Selected values for subnetwork "192.168.1.0"
net mask: 255.255.255.0
first unit address: 192.168.1.100
last unit address: 192.168.1.109
auth server list: 192.168.1.10
firmware server: 192.168.1.10
router: 192.168.1.1
Accept as is? ([Y]/N): y
### Configuring firmware version for Sun Ray
### Successfully enabled tftp for firmware downloads
All the units served by "demo" on the 192.168.1.0
network interface, running firmware other than version
"3.1_32,REV=2005.08.24.08.55" will be upgraded at their next power-on.
### Configuring Sun Ray Logging Functions
### Turning on Sun Ray LAN connection NOTE:
utrestart must be run before LAN connections will be allowed
DHCP is not currently running, should I start it? ([Y]/N): y
  1. run /opt/SUNWut/sbin/utconfig

bash-3.00# ./utconfig Configuration of Sun Ray server Software
This script automates the configuration of the Sun Ray server software
and related software products.
Before proceeding, you should have read the Sun Ray server 3.1 Installation
Guide and filled out the Configuration Worksheet.
This script will prompt you for the values you filled out on the Worksheet.
For your convenience, default values (where applicable) are shown in brackets.
Continue ([y]/n)?
Enter Sun Ray admin password:
Re-enter Sun Ray admin password:
  1. This script will automatically set up apache as the admikn console for you.
    If you are already using apache for something else, then answer no here.
Configure Sun Ray Web Administration? ([y]/n)? y
An installation of Apache Web Server version 1.3 has been detected at /etc/apache.
This script can configure the Apache server on this server for you.
Warning: if you choose to configure Apache, the existing Apache configuration
file will be over-written.
If this server is presently configured as a Webserver and you want to preserve your
current configuration, you must answer "NO" and merge the configuration file manually
by following the instructions in the Administration Guide on how to configure the
Apache server.
Would you like to configure this server to host the Sun Ray Web Administration? ([y]/n)? y
Enter port number [1660]:
Enter CGI username [utwww]:
Enable remote server administration? (y/[n])?
  1. Controlled Access Mode is the Sun Ray term for kiosk mode. If you wish to use it, you must say yes here. If you say no and change your mind, then you need to come back and rerun utconfig. Same goes for failover groups.

Configure Controlled Access Mode? (y/[n])? n
Configure this server for a failover group? (y/[n])? n
About to configure the following software products:
Sun Ray Data Store 2.1
Hostname: demo
Sun Ray root entry: o=utdata
Sun Ray root name: utdata
Sun Ray utdata admin password: (not shown)
SRDS 'rootdn': cn=admin,o=utdata
Apache Web Server 1.3
Apache Web Server port number: 1660
Remote server administration: no
CGI username: utwww Sun Ray server 3.1
Failover group: no
Controlled Access Mode: no
Continue ([y]/n)? y
Updating Sun Ray Data Store schema ...
Updating Sun Ray Data Store ACL's ...
Creating Sun Ray Data Store Datastore ...
Restarting Sun Ray Data Store ...
Starting Sun Ray Data Store daemon .
Mon Oct 16 15:23 : utdsd starting
Loading Sun Ray Data Store ...
Executing '/usr/bin/ldapadd -p 7012 -D cn=admin,o=utdata' ...
adding new entry o=utdata adding new entry o=v1,o=utdata
adding new entry utname=demo,o=v1,o=utdata
adding new entry utname=desktops,utname=demo,o=v1,o=utdata
adding new entry utname=users,utname=demo,o=v1,o=utdata
adding new entry utname=logicalTokens,utname=demo,o=v1,o=utdata
adding new entry utname=rawTokens,utname=demo,o=v1,o=utdata
adding new entry utname=multihead,utname=demo,o=v1,o=utdata
adding new entry utname=container,utname=demo,o=v1,o=utdata
adding new entry utname=properties,utname=demo,o=v1,o=utdata
adding new entry cn=utadmin,utname=demo,o=v1,o=utdata
adding new entry utname=smartCards,utname=demo,o=v1,o=utdata
adding new entry utordername=probeorder,utname=smartCards,utname=demo,o=v1,o=utdata
adding new entry utname=policy,utname=demo,o=v1,o=utdata
adding new entry utname=resDefs,utname=demo,o=v1,o=utdata
adding new entry utname=prefs,utname=demo,o=v1,o=utdata
adding new entry utPrefType=resolution,utname=prefs,utname=demo,o=v1,o=utdata
adding new entry utPrefClass=advisory,utPrefType=resolution,utname=prefs,utname=demo,o=v1,o=utdata
Added 18 new LDAP entries.
Creating Sun Ray server Configuration ...
Adding user account for 'utwww' (ut admin web server cgi user) ...
/usr/apache/bin/apachectl restart: httpd not running,
trying to start /usr/apache/bin/apachectl restart: httpd started
Unique "/etc/opt/SUNWut/gmSignature" has been generated.
Restarting Sun Ray Data Store ...
Stopping Sun Ray Data Store daemon .Sun Ray Data Store daemon stopped
Starting Sun Ray Data Store daemon .
Mon Oct 16 15:23 : utdsd starting
Adding user admin ...
User(s) added successfully!
***********************************************************
The current policy has been modified.
You must restart the authentication manager to activate the changes.
***********************************************************
Configuration of Sun Ray server has completed.
Please check the log file, /var/adm/log/utconfig.2006_10_16_15:16:55.log,
for errors.
bash-3.00#
  1. Synchronise the firmwares on the DTU's.

bash-3.00# ./utfwsync
Stopping Authentication Managers on demo ...
Will restart Authentication Managers in 5 seconds
Restarting Authentication Managers ...
bash-3.00#
  1. Reboot the server


Other points of Note


If you need to change anything in utconfig, then you get a cleaner change by unconfiguring and then reconfiguring from scratch:


/opt/SUNWut/sbin/utconfig -u /opt/SUNWut/sbin/utconfig 
 

Setting up postfix with midco as a smarthost

This is specifically for Midcontinent's ISP, but it should work for any place where the smarthost requires authentication, and is picky about your mail headers.

1. Install Postfix

Installed by default on Ubuntu. On centos, I di the yum install postfix before I did the yum remove sendmail as it meant yum wouldnt try to remove a whole bunch of stuff where an MTA is a dependancy.

2. Configure mail relaying

add the following to /etc/postfix/main.cf

relayhost = smtp.midco.net


Midco also require you to authenticate before it will receive mail. So you need to add the following. You also need to tell postfix a username and password - we'll see that later.

smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=

Next, midco rejects mail with a bad from address. So, you need to masqquerade all outgoing mail. Add this to /etc/postfix/main.cf:

smtp_generic_maps = hash:/etc/postfix/generic


3. Edit /etc/postfix/sasl_passwd

Put your midco mail username and password in here. Use the following format:
relayhost username:password
so it should look something like this:

smtp.midco.net your.mailbox@bis.midco.net:yourmailboxpassword


4. Edit /etc/postfix/generic

Here you make a list of what you want to masquerade from and to. So, we want everything going out to look like it is part of the midco happy family. I solved this problem for a trixbox installation, so my file looked like this:

@asterisk1.local my.mailbox@bis.midco.net


This tells postfix to replace anthing from the host asterisk1.local (which is the trixbox) with my midco email address. It may look confusing to the recipient, which is unfortunate. You may be able to mess with the bit before the @ sign, but the stuff after has to be a proper domain name.

5. Make these files readable by postfix.

You need to encode the files you have just created.

postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/generic
You should now see /etc/postfix/sasl_passwd.db and /etc/postfix/generic.db

6. Secure your files.

There are passwords in plaintext, so lets secure them.

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd


7. Restart Postfix and test.

/etc/init.d/postfix restart

Now send an email somewhere. Watch the logs in /var/log/maillog. All being well, the mail should sail on through the mail system.

Saturday, January 20, 2007

Winter Sun


IMG_2974, originally uploaded by mr-potter.

It was quite warm today. The temperature reached the high 30's F (about 4C), which compared to -15F (-26C) at the beginning of the week, it felt pretty warm.

So, while the weather was balmy, we went barmy, and played outside. We had doors and windows open and aired the house out.

So here we are, sitting on deck chairs in the sunshine, with a snow drift behind us. Talk about crazy. Although, do bear in mind that if we were real North Dakotans, we would be sitting out there in short sleeves.