Well-unknown facts
Yet another blog
Basic domain on Wheezy.. no Kerberos, no SSL/TLS
2FOREWORD:
As you already know Active Directory is a powerful tool for network resource management, however did you know that its basic component LDAP can also help you to enhance and regulate collaborative processes between network users?
By using a centralized user/customer database you can connect apparently different applications and turn them into one (more or less 
) solid software solution.
Oh, and what about SSL and TLS? It means that the server we are going to build won’t implement any kind of encrypted authentication, but it will use so-called “plain” method.
OK, stop crying and think about the opportunities opening up to you: this guide doesn’t force you to use any specific encryption method, so you can decide to implement one later (which is highly recommended).
MY RECOMMENDATIONS:
I prefer starting from scratch, which means a fresh Debian Wheezy installation (you can set up one by using Debian netinst ISO).
Also I would recommend using a minimalistic configuration: without a standard desktop environment and as a consequence – no useless GUI applications pulled in automatically (by saying “useless” I mean that we don’t need word processing software or games on a Debian server).
So let’s start with package installation. First of all make sure that your /etc/apt/sources.list contains at least these few rows otherwise insert them and update your APT catalogs:
deb http://ftp.debian.org/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free
Now you can install a desktop environment and some handy GUI tools, such as terminal emulator:
apt-get install gdm3 gnome-terminal gedit gparted iceweasel
Personally I avoid to install GUI stuff or at least remove it when the server goes to production.
INITIAL SETUP:
Let’s start with real stuff now. First of all install basic domain components such as Samba, OpenLDAP and integration tools for these applications.
apt-get -f install samba samba-doc slapd ldap-utils smbldap-tools Insert OpenLDAP root password Insert Samba Workgroup/DOMAIN ...
When installation is finished you must add Samba schema in OpenLDAP, then create a temporary conf file in order to import Samba and some other schemes.
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema nano schema_convert.conf
Now paste the following content into this new file:
include /etc/ldap/schema/samba.schema
Now let’s generate a ldif file
mkdir -p /tmp/ldif_output
slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > /tmp/cn=new_schema.ldif
nano /tmp/cn=new_schema.ldif
Edit the output file and remove “{12}” from line 1 and 3 so you will have this header:
dn: cn=samba,cn=schema,cn=config objectClass: olcSchemaConfig cn: samba
..oh and remove lines below (placed at the end of the file):
structuralObjectClass: olcSchemaConfig entryUUID: bd8a7a82-3cb8-102f-8d5f-070b4e5d16f8 creatorsName: cn=config createTimestamp: 20100815125953Z entryCSN: 20100815125953.198505Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20100815125953Z ...
Now you can merge the ldif file you’ve just exported ldif with your OpenLDAP database:
ldapadd -Y EXTERNAL -H ldapi:/// -f ./tmp/cn=new_schema.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=samba,cn=schema,cn=config"
Now create another ldif file for samba indexes:
cat > samba_indexes.ldif
# file content
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
..and import it and restart OpenLDAP server:
ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
UPDATE, thanks to hyc I discovered that the instruction below are potentially harmful:
/etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
DAEMON CONFIGURATION:
Create or edit the /etc/ldap/ldap.conf file in order to set basic domain settings such as domain base name and master/slave addresses:
BASE dc=company,dc=com URI ldap://127.0.0.1 ldap://127.0.0.1
Now modify Samba settings, you can use an example conf file as a template:
cp /usr/share/doc/smbldap-tools/examples/smb.conf.example /etc/samba/smb.conf nano /etc/samba/smb.conf
Modify the configuration file as follows:
# line 2: change workgroup name to any one you like workgroup = COMPANY # line 25: specify ldap server passdb backend = ldapsam:"ldap://127.0.0.1/" # line 26: change to ldap ssl = no # line 27: change LDAP admin DN (LDAP server's one) ldap admin dn = cn=admin,dc=server,dc=world # line 39: change LDAP suffix (LDAP server's one) ldap suffix = dc=company,dc=com # append somewhere in [global] section, pay attention to duplicate entries Dos charset = CP932 Unix charset = UTF-8 display charset = UTF-8 hide unreadable = yes hide dot files = no restrict anonymous = 0 admin users = Administrator root addmachine username map = /etc/samba/usermap realm = COMPANY.COM guest ok = no map to guest = Bad User null passwords = no wins support = yes idmap uid = 10000-90000 idmap gid = 10000-90000 idmap backend = ldap:ldaps://127.0.0.1 name resolve order = wins lmhosts host bcast dns proxy = no load printers = no smb ports = 139 ### Speed up #### strict locking = no sync always = no wide links = no getwd cache = true load printers = false printcap name = /dev/null use sendfile = yes read raw = yes write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65536 SO_RCVBUF=65536
Now add Samba shares and create logon script, then append/modify shares at the bottom of /etc/samba/smb.conf file:
[ NETLOGON ] path = /home/netlogon browseable = no share modes = no [ PROFILES ] path = /home/profiles comment = Profiles read only = no profile acls = yes browsable = no root preexec = /etc/samba/scripts/mk_profile "%u" [ PUBLIC ] path = /home/public comment = Shared data storage read only = no
When creating logon script pay attention to Carriage Return/Linefeed (CR/LF).
Below there is an example of domain configuration with roaming user profiles enabled, if you don’t need/want it – just leave logon path parameter empty.
logon home = \\%L\%U\ logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat OR logon.bat
Insert Administrator user and insert it into Samba usermap ():
smbldap-groupadd -a Administrator smbldap-useradd -am -g Administrator Administrator smbldap-passwd Administrator Changing UNIX and samba passwords for domainadm New password: Retype new password: cat > /etc/samba/usermap addmachine = COMPANY.COM\addmachine/admin root = COMPANY.COM\root/admin Administrator = COMPANY.COM\Administrator/admin
Finally you can check the conf file for errors by running “testparm” command.
Now let’s start to implement Samba< ->OpenLDAP integration. First of all insert a new password for Samba administration account:
smbpasswd -W add LDAP admin's password Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb New SMB password: Retype new SMB password:
I have bad news for you now: in Debian Squeezy (and lower) there was a possibility to configure the Samba and OpenLDAP integration automatically by using configure.pl script, but for some odd reason it’s not available in Wheezy smbldap-tools package, even if you try to extract it from older versions and try to run you will get a lot of errors from Perl interpreter.
So just copy example configuration files to /etc/smbldap-tools folder and change them as follows.
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/smbldap_bind.conf cp /usr/share/doc/smbldap-tools/examples/smbldap.conf /etc/smbldap-tools/smbldap.conf
Edit /etc/smbldap-tools/smbldap.conf file first:
nano /etc/smbldap-tools/smbldap.conf
# Replace the SID value below with the result of "net getlocalsid" command
SID="S-1-5-21-00000000000-0000000000000-000000000000"
# Change the following domain name value
sambaDomain="COMPANY.COM"
# Configure master and slave DC servers addresses and ports, duplicate settings if you don't have a slave controller:
slaveLDAP=127.0.0.1
slavePort="389"
masterLDAP=127.0.0.1
masterPort="389"
# As I said no SSL and TLS
ldapTLS="0"
ldapSSL="0"
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=company,dc=com"
# Where are stored Users
usersdn="ou=Users,${suffix}"
# Where are stored Computers
computersdn="ou=Computers,${suffix}"
# Where are stored Groups
groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server)
idmapdn="ou=Idmap,${suffix}"
# Where to store next uidNumber and gidNumber available for new users and groups
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Default scope Used
scope="sub"
# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
password_hash="SSHA"
# if password_hash is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
password_crypt_salt_format="%s"
# Default Login Shell
userLoginShell="/bin/bash"
# Home directory
userHome="/home/%U"
# Default mode used for user homeDirectory
userHomeDirectoryMode="700"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="513"
# Default Computer (Samba) GID
defaultComputerGid="515"
# Skel dir
skeletonDir="/etc/skel"
# Treat shadowAccount object or not
shadowAccount="1"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"
# The UNC path to home drives location (%U username substitution)
userSmbHome="\\SRV\%U"
# The UNC path to profiles locations (%U username substitution)
userProfile="\\SRV\profiles\%U"
# The default Home Drive Letter mapping
userHomeDrive="U:"
# The default user netlogon script name (%U username substitution)
userScript="logon.bat"
# Domain appended to the users "mail"-attribute
mailDomain="mail.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
Now let’s edit /etc/smbldap-tools/smbldap_bind.conf as follows:
slaveDN="cn=admin,dc=company,dc=com" slavePw="Plain text password" masterDN="cn=admin,dc=company,dc=com" masterPw="Plain text password"
Then it’s /etc/ldap/slapd.conf turn:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Where the pid file is put. The init.d script
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used for indexing.
tool-threads 1
# Backend specific directives apply to this backend until another 'backend' directive occurs
backend hdb
# The base of your directory in database #1
suffix "dc=company,dc=com"
# rootdn directive for specifying a superuser on the database. This is needed for syncrepl.
rootdn "cn=admin,dc=company,dc=com"
# Admin password hashed
rootpw {SSHA}RoeqPPUTZfRvS3hkA3ubqVtB7KgcTXid
#SYNC LOOK AT THE END OF THE FILE
moduleload syncprov
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq,pres
index uid,uidNumber,gidNumber,memberUid eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index loginShell eq,pres
index displayName pres,sub,eq
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index sambaGroupType eq
index sambaSIDList eq
index uniqueMember eq
index default sub
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Access query settings
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet,krbPrincipalKey
by dn="cn=admin,dc=company,dc=com" write
by dn="uid=replicant,dc=company,dc=com" read
by anonymous auth
by self write
by * write
# Change this too
access to dn.base="" by * write
# The admin dn has full write access, everyone else can read everything.
access to *
by dn="cn=admin,dc=company,dc=com" write
by * read
# Master< ->Slave sync parameters, you might need it in the future ;D
# timelimit 30
# bind_timelimit 30
# bind_policy soft
# nss_initgroups_ignoreusers root,ldap
Finally we can try to start the entire “thing” by starting each server individually (the execution order is very important):
/etc/init.d/slapd restart /etc/init.d/samba restart /etc/init.d/winbind restart
If you get some errors please keep in mind that all of these services store their logs in /var/log/*, those are priceless for troubleshooting your domain issues 
WINDOWS 7 COMPATIBILITY TWEAKS:
As first step add these rows into your /etc/samba/smb.conf file:
winbind uid = 10000-90000 winbind gid = 10000-90000 winbind enum users = yes winbind enum groups = yes winbind separator = + password server = server_name winbind use default domain = Yes encrypt passwords = yes
Then modify Windows registry on client computers by using the reg file below (needs restart to take effect):
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "GlobalMaxTcpWindowsSize"=dword:00020148 "TcpWindowsSize"=dword:00020148 "Tcp1323Opts"=dword:00000003
WHAT’S NEXT?
Now you are ready for domain administration and client configuration.
If you are a Microsoft-oriented administrator you would prefer using a Windows GUI solution rather than using bash, I personally like LDAPAdmin, it’s intuitive, but still very powerful. It has one big limitation it does not provide support for “secure” domains implementing TLS (only SSL). Give a try:
http://ldapadmin.sourceforge.net/index.html
I would like to go on with domain stuff by sharing my experience in OpenLDAP-based service installation and consolidation (such as MediaWiki, Redmine/Bugzilla, Subversion, Pure-FTP, SOGo, IMAP/SMTP servers etc).
Please contact me if you have any correction to commit to this guide or simply if you need a clarification on installation process, I will be always glad to help you.
P.S. My next post will be about the obvious connection between ACTA and SOPA/PIPA, actually the complete title is: “Who is Manny Acta? Sopa anti-piracy soup. Pippa is bored of misspells.”
Manny Acta, baseball manager who wants to stop piracy in Europe
Sopa (just "soup" in Spanish). Really?
"Stop PIPA" or "stop Pippa", what is the right spelling
Dusting off the old NAS
Hey-hey, I’m back to blogging once again…
So as you may have already guessed from the title – this time we will learn how to
give a second chance to your D-Link DNS-3X3 NAS. Prerequisites:
D-Link DNS-3X3 series NAS - [check]: I got DNS-313 Hard disk drive - [check]: Samsung Spinpoint F3 1,5 Tb USB printer cable - [check] Ethernet cable - [check] A Linux PC - [check]: Asus 1215N with Debian Testing/Wheezy x64
STEP 1:
Extract the latest firmware for your DNS-3X3 series NAS to a QEMU virtual machine and styp-by-step modify it or download a Debian (Lenny) tarball from Internet.
In this article I will use DNS-313_Lenny_RevB tarball provided by andry which is pretty fast and stable.
STEP 2:
Plug you NAS in USB mode to your Linux computer and edit its partition table as follows:
#Filesystem Size Mounted on /dev/sda3 5.0G / /dev/sda2 248M /mnt/HD_a2 /dev/sda4 1.4T /mnt/HD_a4
STEP 3:
Create a mount directory for the NAS root partition and extract Debian tarball:
mount /dev/sdb1 /mnt/exh3 tar -xvf Debian_Lenny_RevB.tgz -C /
STEP 4:
Unplug the device, turn it off ans switch to ‘network mode’ by plugging in the Ethernet cable. Now turn the NAS on and wait until the hard disk led becomes green.
STEP 5:
Connect to your NAS using telnet or ssh (both are available).
Note: the login information provided below is valid only for andry’s tarball. Sometimes login server fails, don’t panic, just retry.
telnet 192.168.1.5 Trying 192.168.1.5... Connected to 192.168.1.5. Escape character is '^]'. Debian GNU/Linux 5.0 DNS-313 login: root Password: passwd
STEP 6:
Add new repos and update APT archives:
cat > /etc/apt/sources.list deb http://ftp.de.debian.org/debian lenny main deb http://security.debian.org/ lenny/updates main contrib non-free deb http://backports.debian.org/debian-backports lenny-backports main deb-src http://backports.debian.org/debian-backports lenny-backports main deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free deb-src http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free deb http://ftp.de.debian.org/debian/ lenny-proposed-updates main contrib deb-src http://ftp.de.debian.org/debian/ lenny-proposed-updates main contrib
Now you can upgrade Debian packages.
sudo apt-get update && sudo apt-get upgrade -qy
Note: if you have problems during libc6 update installation try this workaround:
mv /usr/lib/librt.so.1 /usr/lib/librt.so.1.bak && dpkg -a --configure && apt-get install
STEP 7:
Both lenny and lenny-backports repos contain
Transmission 1.X versions, so in order to have the ultimate features and bug fixes you will have to download and compile Transmission tarball and its dependencies.
First of all install build tools and dependencies:
sudo apt-get install gcc build-essential automake autoconf libtool \ pkg-config libcurl4-openssl-dev intltool libxml2-dev libevent-dev
Now download the desired version of Transmission and compile it:
wget http://download.transmissionbt.com/files/transmission-verXY.tar.bz2 tar -zxvf transmission-verXY.tar.gz cd transmission-verXY ./configure --disable-gtk --disable-nls make make install
You will probably get the warning regarding the outdated version of libevent.
Since the latest libevent-dev available in Debian Lenny is 1.2 and 1.4 in lenny-backports you will have to compile and install a newer version of it:
wget http://github.com/downloads/libevent/libevent/libevent-2.0.10-stable.tar.gz tar -zxvf libevent-2.0.10-stable.tar.gz cd libevent-2.0.10-stable ./configure make make install
After installing Transmission you will have to set up a daemon for it. I will supply an example of it below.
So create a new file with the following content:
cat > /etc/init.d/transmission-daemon
#! /bin/sh
### BEGIN INIT INFO
# Provides: transmission-daemon
# Required-Start: networking
# Required-Stop: networking
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Short-Description: Start the transmission BitTorrent daemon client.
### END INIT INFO
# ----- CONFIGURATION -----
# The name of the user that should run Transmission.
# It's RECOMENDED to run Transmission in it's own user,
# by default, this is set to 'transmission'.
# For the sake of security you shouldn't set a password
# on this user
USERNAME=transmission
# ----- END OF CONFIGURATION -----
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DESC="bittorrent client"
NAME=transmission-daemon
DAEMON=$(which $NAME)
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS
#
# Function that starts the daemon/service
#
do_start()
{
# Export the configuration/web directory, if set
if [ -n "$TRANSMISSION_HOME" ]; then
export TRANSMISSION_HOME
fi
if [ -n "$TRANSMISSION_WEB_HOME" ]; then
export TRANSMISSION_WEB_HOME
fi
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --chuid $USERNAME --start --pidfile $PIDFILE --make-pidfile \
--exec $DAEMON --background --test -- -f $TRANSMISSION_ARGS > /dev/null \
|| return 1
start-stop-daemon --chuid $USERNAME --start --pidfile $PIDFILE --make-pidfile \
--exec $DAEMON --background -- -f $TRANSMISSION_ARGS \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/10/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
echo "Starting $DESC" "$NAME..."
do_start
case "$?" in
0|1) echo " Starting $DESC $NAME succeeded" ;;
*) echo " Starting $DESC $NAME failed" ;;
esac
;;
stop)
echo "Stopping $DESC $NAME..."
do_stop
case "$?" in
0|1) echo " Stopping $DESC $NAME succeeded" ;;
*) echo " Stopping $DESC $NAME failed" ;;
esac
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
echo "Restarting $DESC $NAME..."
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0|1) echo " Restarting $DESC $NAME succeeded" ;;
*) echo " Restarting $DESC $NAME failed: couldn't start $NAME" ;;
esac
;;
*)
echo " Restarting $DESC $NAME failed: couldn't stop $NAME" ;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
Since my daemon is configured with default user set to transmission I had to add this user:
adduser --disabled-password transmission Enter the new value, or press ENTER for the default Full Name []: Transmission Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y
Fix service file permissions:
chmod +x /etc/init.d/transmission-daemon chown root:root /etc/init.d/transmission-daemon
Before starting Transmission make sure that the configuration file exists and contains at least some basic parameters.
cat > /home/transmission/.config/transmission-daemon/settings.json
{
"rpc-enabled": true,
"rpc-whitelist": "127.0.0.1,192.168.1.*"
"rpc-port": 9091,
"download-dir": "/mnt/HD_a4/Downloads",
"incomplete-dir": "/mnt/HD_4a/Downloads",
}
STEP 8:
MiniDLNA is a server software with the aim of being fully compliant with DLNA/UPnP-AV clients.
This software is not provided by Debian lenny and lenny-backports repos, so you will have to build it from the source tarball:
wget http://sourceforge.net/projects/minidlna/files/minidlna/1.0.XX/minidlna_1.0.XX_src.tar.gz tar -zxvf transmission-verXY.tar.gz cd minidlna_1.0.XX_src ./genconfig.sh ERROR! Cannot continue. The following required libraries are either missing, or are missing development headers: libavcodec libavformat libavutil libflac libvorbis libogg libid3tag libexif libjpeg
You can solve this issue by installing the following packages and try to build MiniDLAN again:
apt-get -f install libflac-dev libavcodec-dev libavformat-dev libjpeg62-dev libexif-dev libid3tag0-dev
Create the following file and fill it with the content below (check it first, it might be outdated): /etc/init.d/minidlna
#!/bin/sh
# chkconfig: 345 99 10
# description: Startup/shutdown script for MiniDLNA daemon
### BEGIN INIT INFO
# Provides: minidlna
# Required-Start:
# Required-Stop:
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start/stop MiniDLNA daemon
# Description: Startup/shutdown script for MiniDLNA daemon
### END INIT INFO
#
# $Id: minidlna.init.d.script,v 1.2 2009/07/02 00:33:15 jmaggard Exp $
# MiniUPnP project
# author: Thomas Bernard
# website: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
MINIDLNA=/usr/sbin/minidlna
ARGS='-f /etc/minidlna.conf'
test -f $MINIDLNA || exit 0
. /lib/lsb/init-functions
case "$1" in
start) log_daemon_msg "Starting minidlna" "minidlna"
start-stop-daemon --start --quiet --pidfile /var/run/minidlna.pid --startas $MINIDLNA -- $ARGS $LSBNAMES
log_end_msg $?
;;
stop) log_daemon_msg "Stopping minidlna" "minidlna"
start-stop-daemon --stop --quiet --pidfile /var/run/minidlna.pid
log_end_msg $?
;;
restart|reload|force-reload)
log_daemon_msg "Restarting minidlna" "minidlna"
start-stop-daemon --stop --retry 5 --quiet --pidfile /var/run/minidlna.pid
start-stop-daemon --start --quiet --pidfile /var/run/minidlna.pid --startas $MINIDLNA -- $ARGS $LSBNAMES
log_end_msg $?
;;
*) log_action_msg "Usage: /etc/init.d/minidlna {start|stop|restart|reload|force-reload}"
exit 2
;;
esac
exit 0
Set execution rights on daemon files:
chmod +x /etc/init.d/minidlna chown root:root /etc/init.d/minidlna
STEP 9:
You can manage your services by installing sysv-rc-conf utility:
Terminal interface is perfect for NAS
STEP 10:
Even on the stock firmware Samba server is already installed, but I think that it’s confiruration is not optimal for low performance devices such as DNS-313.
Below you can find a Samba configuration file example (usually it is placed in /etc/samba/smb.conf). This config has been optimized for embedded systems and NAS (pay attention to extra spaces on square brackets).
[ global ] server string = %h server security = SHARE obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072 SO_KEEPALIVE load printers = No printcap name = /dev/null dns proxy = No panic action = /usr/share/samba/panic-action %d printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [ homes ] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [ public ] comment = Main share path = /mnt/HD_a4 force user = root read only = No create mask = 0777 guest only = Yes guest ok = Yes hide files = /lost+found/
In order to avoid share issues in Windows 7 edit /etc/security/limits.conf:
just scroll down to the end of the file and add the following line:
nano /etc/security/limits.conf
..and append this line at the end of the file:
* - nofile 16384
STEP 1!:
You might wish to manage your NAS remotely. The easiest way to accomplish that is to install Webmin, but I wouldn’t do that because of low memory available on the system.
CONCLUSION:
When yesterday’s technology is obsolete tomorrow the only way to stay sane is to try to squeeze all the juice from your today’s hardware.
So overclock, voltmod, cook and then flash custom firmwares instead of buying new gadgets.
The next time we will investigate on Apocalipsy’s decision to leave the Teletubbies Show during the first season shooting.
Most likely I will share all the unreleased episodes and some pics of Apocalipsy after his “drug scandal”.
This is the only photo in which teletubbies are featuring the full composition
Mono 2.10.X? Mhmm, that’s Squeeze!!!
72 years ago
EDIT:
The method to get Mono 2.10.X described below works fine, but it is not the easiest way.
I’m currently using another method, even if it pulls in Gnome3/GTK3 packages into my system:
echo deb http://ftp.debian.org/debian experimental main >> /etc/apt/sources.list apt-get update apt-get install --reinstall mono-complete monodevelop mono-devel -t experimental
Please, remember to disable experimental repo later.
I’m currently using Debian Squeeze for my servers, because it’s so stable. The only thing that I dislike about it are the outdated packages: for example Iceweasel 3.5 or 3.6, Mono 2.6.7 etc.
Yeah, I know that the Mono version supplied with squeeze is a long support release, but even by adding squeeze-backports repository you won’t manage to get the latest version of the compiler.. that’s frustrating, isn’t it?
So it seems that the only way to get Mono 2.10.x (and higher versions) working on Squeeze is to compile it your-self.
I would like to help you to accomplish this by providing you some basic instructions.
Install the following packages:
apt-get -f install gcc build-essential autoconf \ bison flex gtk-sharp2-gapi boo gdb valac zlib1g-dev \ libcairo2-dev libpango1.0-dev libfreetype6-dev libexif-dev \ libjpeg62-dev libtiff4-dev libgif-dev libfontconfig1-dev \ libglib2.0-dev libgtk2.0-dev libglade2-dev libart-2.0-dev \ libgnomevfs2-dev libgnome-desktop-dev libgnome2-dev \ libgtkhtml3.14-cil-dev libgnomecanvas2-dev automake \ libgnomeui-dev libgnomeprint2.2-dev xulrunner-dev \ libpanel-applet2-dev librsvg2-dev libgnomeprintui2.2-dev \ libgtkhtml3.14-dev libgtksourceview2.0-dev libatk1.0-dev \ libvte-dev libwnck-dev libnspr4-dev libpng12-dev \ libwebkit-dev libvala-dev libjpeg62-dev libtiff4-dev libnss3-dev
Then chek this archive for the latest sources of Mono:
http://ftp.novell.com/pub/mono/sources/
STEP 1: First of all download, decompress and compile libgdiplus
cd /tmp wget http://ftp.novell.com/pub/mono/sources/libgdiplus/libgdiplus-2.10.tar.bz2 tar -xvf libgdiplus-2.10.tar.bz2 cd libgdiplus-2.10 ./configure --with-pango make sudo make install cd ..
* Note that “–with-pango” options allows us to use pango text engine for mono< -->libgdiplus compatibility.
STEP 2: Do the same for mono
wget http://ftp.novell.com/pub/mono/sources/mono/mono-2.10.2.tar.bz2 tar -xvf mono-2.10.2.tar.bz2 cd mono-2.10.2 ./configure --with-pango make sudo make install cd ..
STEP 4: At this point you can check if the Mono compiler works (.NET 4)
which gmcs
* Note: if the output doesn’t contain a valid compiler path please start over and read carefully “./configure”, “make” and “make install” messages.
STEP 5: download and decompress all the gtk# and gnome archives and then run these commands
cd gtk-sharp-2.12.10 ./configure make sudo make install cd ../gnome-sharp-2.24.1 ./configure make sudo make install cd ../gnome-desktop-sharp-2.24.0 ./configure make sudo make install cd ..
* Note you will probably get warnings/errors during the compilation of gnome-sharp-2.xxx package, so please follow these simple steps to fix the issue: in gnome-sharp-
Comment out that line, should look like this
#EXTRA_TARGETS = TestXfer.exe
Edit use these two lines 449 and 450 in this way
# TestXfer.exe: $(srcdir)/TestXfer.cs $(assemblies) # $(CSC) /out:TestXfer.exe $(references) -r:Mono.GetOptions.dll $(srcdir)/TestXfer.cs
STEP 6: do the same for gluezilla, gecko-sharp, webkit-sharp
cd gluezilla-2.6 ./configure make sudo make install cd ../gecko-sharp-2.0-0.13 ./configure make sudo make install cd ../webkit-sharp-0.3 ./configure make cd ..
* Oh yeah, one more annoying note. Make sure that you are using some gecko v1.9.x version, Firefox/Iceweasel 4.x will install xulrunner-dev 2.0 and that will brake the compilation process.
STEP 7: build mono-addins to provide the following namespace – Mono.Addins
(http://ftp.novell.com/pub/mono/sources/mono-addins/mono-addins-0.6.1.tar.bz2)
cd mono-addins-0.6.1 ./configure make sudo make install cd ..
STEP 8: build mono-tools
cd mono-tools-2.10 ./configure make sudo make install cd ..
STEP 9: Build Mono XSP, the webserver for ASP.NET
cd xsp-2.10.2 ./configure make sudo make install cd ../mod_mono-2.10 ./configure make sudo make install cd ..
* Note: you will probably have to install this package:
apt-get -f install build-essential libapache2-prefork-dev
you can also try to use this:
apt-get -f install build-essential libapache2-threaded-dev
STEP 10: build the Mono Debugger
cd mono-debugger-2.10 ./configure make sudo make install cd ..
STEP 11: build MonoDevelop 2.6
cd monodevelop-2.5.91 ./configure make sudo make install cd ../monodevelop-database-2.5.91 ./configure make sudo make install cd ../monodevelop-debugger-gdb-2.5.91 ./configure make sudo make install cd ../monodevelop-debugger-mdb-2.4 ./configure make sudo make install cd ..monodevelop-java-2.5.91 ./configure make sudo make install cd ..
I hope that this article will help somebody to set up Sqeeze ASP.NET server.. or maybe to get a job.. or even save the world.
The next time I will tell you where to buy iBoard right now:
It is magically stupid
Loading ...