Basic domain on Wheezy.. no Kerberos, no SSL/TLS

Debian domain

FOREWORD:

As you already know Active Directory is a powerful tool for network resource management, however did you know that its basic component LDAP can also help you to enhance and regulate collaborative processes between network users?
By using a centralized user/customer database you can connect apparently different applications and turn them into one (more or less :D) solid software solution.

Oh, and what about SSL and TLS? It means that the server we are going to build won’t implement any kind of encrypted authentication, but it will use so-called “plain” method.

OK, stop crying and think about the opportunities opening up to you: this guide doesn’t force you to use any specific encryption method, so you can decide to implement one later (which is highly recommended).

MY RECOMMENDATIONS:

I prefer starting from scratch, which means a fresh Debian Wheezy installation (you can set up one by using Debian netinst ISO).
Also I would recommend using a minimalistic configuration: without a standard desktop environment and as a consequence – no useless GUI applications pulled in automatically (by saying “useless” I mean that we don’t need word processing software or games on a Debian server).

So let’s start with package installation. First of all make sure that your /etc/apt/sources.list contains at least these few rows otherwise insert them and update your APT catalogs:

deb http://ftp.debian.org/debian/ wheezy main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free

deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free
deb-src  http://security.debian.org/ wheezy/updates main contrib non-free

Now you can install a desktop environment and some handy GUI tools, such as terminal emulator:

apt-get install gdm3 gnome-terminal gedit gparted iceweasel

Personally I avoid to install GUI stuff or at least remove it when the server goes to production.

INITIAL SETUP:

Let’s start with real stuff now. First of all install basic domain components such as Samba, OpenLDAP and integration tools for these applications.

apt-get -f install samba samba-doc slapd ldap-utils smbldap-tools

Insert OpenLDAP root password
Insert Samba Workgroup/DOMAIN
...

When installation is finished you must add Samba schema in OpenLDAP, then create a temporary conf file in order to import Samba and some other schemes.

zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema
nano schema_convert.conf

Now paste the following content into this new file:

include /etc/ldap/schema/samba.schema

Now let’s generate a ldif file

mkdir -p /tmp/ldif_output
slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > /tmp/cn=new_schema.ldif
nano /tmp/cn=new_schema.ldif

Edit the output file and remove “{12}” from line 1 and 3 so you will have this header:

dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba

..oh and remove lines below (placed at the end of the file):

structuralObjectClass: olcSchemaConfig
entryUUID: bd8a7a82-3cb8-102f-8d5f-070b4e5d16f8
creatorsName: cn=config
createTimestamp: 20100815125953Z
entryCSN: 20100815125953.198505Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20100815125953Z
...

Now you can merge the ldif file you’ve just exported ldif with your OpenLDAP database:

ldapadd -Y EXTERNAL -H ldapi:/// -f ./tmp/cn=new_schema.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=samba,cn=schema,cn=config"

Now create another ldif file for samba indexes:

cat > samba_indexes.ldif
# file content
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub

..and import it and restart OpenLDAP server:

ldapmodify -Y EXTERNAL -H ldapi:/// -f samba_indexes.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"

UPDATE, thanks to hyc I discovered that the instruction below are potentially harmful:

/etc/init.d/slapd restart

Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.

DAEMON CONFIGURATION:

Create or edit the /etc/ldap/ldap.conf file in order to set basic domain settings such as domain base name and master/slave addresses:

BASE    dc=company,dc=com
URI    ldap://127.0.0.1 ldap://127.0.0.1

Now modify Samba settings, you can use an example conf file as a template:

cp /usr/share/doc/smbldap-tools/examples/smb.conf.example /etc/samba/smb.conf
nano /etc/samba/smb.conf

Modify the configuration file as follows:

# line 2: change workgroup name to any one you like
workgroup = COMPANY

# line 25: specify ldap server
passdb backend = ldapsam:"ldap://127.0.0.1/"

# line 26: change to
ldap ssl = no

# line 27: change LDAP admin DN (LDAP server's one)
ldap admin dn = cn=admin,dc=server,dc=world

# line 39: change LDAP suffix (LDAP server's one)
ldap suffix = dc=company,dc=com

# append somewhere in [global] section, pay attention to duplicate entries
Dos charset = CP932
Unix charset = UTF-8
display charset = UTF-8

hide unreadable = yes
hide dot files = no
restrict anonymous = 0

admin users = Administrator root addmachine
username map = /etc/samba/usermap
realm = COMPANY.COM

guest ok = no
map to guest = Bad User
null passwords = no
wins support = yes
idmap uid = 10000-90000
idmap gid = 10000-90000
idmap backend = ldap:ldaps://127.0.0.1
name resolve order = wins lmhosts host bcast
dns proxy = no
load printers = no
smb ports = 139

### Speed up ####
strict locking = no
sync always = no
wide links  = no
getwd cache = true
load printers = false
printcap name = /dev/null
use sendfile = yes
read raw = yes
write raw = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65536 SO_RCVBUF=65536

Now add Samba shares and create logon script, then append/modify shares at the bottom of /etc/samba/smb.conf file:

[ NETLOGON ]
   path = /home/netlogon
   browseable = no
   share modes = no

[ PROFILES ]
  path = /home/profiles
  comment  = Profiles
  read only = no
  profile acls = yes
  browsable = no
  root preexec = /etc/samba/scripts/mk_profile "%u"

[ PUBLIC ]
   path = /home/public
   comment = Shared data storage
   read only = no

When creating logon script pay attention to Carriage Return/Linefeed (CR/LF).
Below there is an example of domain configuration with roaming user profiles enabled, if you don’t need/want it – just leave logon path parameter empty.

logon home = \\%L\%U\
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat OR logon.bat

Insert Administrator user and insert it into Samba usermap ():

smbldap-groupadd -a Administrator
smbldap-useradd -am -g Administrator Administrator
smbldap-passwd Administrator

Changing UNIX and samba passwords for domainadm
New password:
Retype new password:

cat > /etc/samba/usermap
addmachine = COMPANY.COM\addmachine/admin
root = COMPANY.COM\root/admin
Administrator = COMPANY.COM\Administrator/admin

Finally you can check the conf file for errors by running “testparm” command.
Now let’s start to implement Samba< ->OpenLDAP integration. First of all insert a new password for Samba administration account:

smbpasswd -W
add LDAP admin's password

Setting stored password for "cn=admin,dc=server,dc=world" in secrets.tdb

New SMB password:
Retype new SMB password:

I have bad news for you now: in Debian Squeezy (and lower) there was a possibility to configure the Samba and OpenLDAP integration automatically by using configure.pl script, but for some odd reason it’s not available in Wheezy smbldap-tools package, even if you try to extract it from older versions and try to run you will get a lot of errors from Perl interpreter.
So just copy example configuration files to /etc/smbldap-tools folder and change them as follows.

cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/smbldap_bind.conf
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf /etc/smbldap-tools/smbldap.conf

Edit /etc/smbldap-tools/smbldap.conf file first:

nano /etc/smbldap-tools/smbldap.conf

# Replace the SID value below with the result of "net getlocalsid" command
SID="S-1-5-21-00000000000-0000000000000-000000000000"

# Change the following domain name value
sambaDomain="COMPANY.COM"

# Configure master and slave DC servers addresses and ports, duplicate settings if you don't have a slave controller: 
slaveLDAP=127.0.0.1
slavePort="389"

masterLDAP=127.0.0.1
masterPort="389"

# As I said no SSL and TLS
ldapTLS="0"
ldapSSL="0"

# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=company,dc=com"

# Where are stored Users
usersdn="ou=Users,${suffix}"

# Where are stored Computers
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Default scope Used
scope="sub"

# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
password_hash="SSHA"

# if password_hash is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
password_crypt_salt_format="%s"

# Default Login Shell
userLoginShell="/bin/bash"

# Home directory
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Treat shadowAccount object or not
shadowAccount="1"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

# The UNC path to home drives location (%U username substitution)
userSmbHome="\\SRV\%U"

# The UNC path to profiles locations (%U username substitution)
userProfile="\\SRV\profiles\%U"

# The default Home Drive Letter mapping
userHomeDrive="U:"

# The default user netlogon script name (%U username substitution)
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
mailDomain="mail.com"

with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

Now let’s edit /etc/smbldap-tools/smbldap_bind.conf as follows:

slaveDN="cn=admin,dc=company,dc=com"
slavePw="Plain text password"
masterDN="cn=admin,dc=company,dc=com"
masterPw="Plain text password"

Then it’s /etc/ldap/slapd.conf turn:

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include        /etc/ldap/schema/nis.schema
include        /etc/ldap/schema/inetorgperson.schema
include        /etc/ldap/schema/samba.schema

# Where the pid file is put. The init.d script
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        none

# Where the dynamically loaded modules are stored
modulepath    /usr/lib/ldap
moduleload    back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used for indexing.
tool-threads 1

# Backend specific directives apply to this backend until another 'backend' directive occurs
backend        hdb

# The base of your directory in database #1
suffix          "dc=company,dc=com"

# rootdn directive for specifying a superuser on the database. This is needed for syncrepl.
rootdn          "cn=admin,dc=company,dc=com"

# Admin password hashed
rootpw          {SSHA}RoeqPPUTZfRvS3hkA3ubqVtB7KgcTXid

#SYNC LOOK AT THE END OF THE FILE
    moduleload syncprov
    index entryCSN,entryUUID eq
    overlay syncprov
    syncprov-checkpoint 100 10
    syncprov-sessionlog 200

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index objectClass eq,pres
index uid,uidNumber,gidNumber,memberUid     eq,pres
index ou,cn,mail,surname,givenname    eq,pres,sub
index loginShell                        eq,pres
index displayName                       pres,sub,eq
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID    eq
index sambaPrimaryGroupSID    eq
index sambaDomainName    eq
index sambaGroupType eq
index sambaSIDList eq
index uniqueMember eq
index default                           sub

# Save the time that the entry gets modified, for database #1
lastmod         on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint      512 30

# Access query settings
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet,krbPrincipalKey
       by dn="cn=admin,dc=company,dc=com" write
   by dn="uid=replicant,dc=company,dc=com" read
       by anonymous auth
       by self write
       by * write

# Change this too
access to dn.base="" by * write

# The admin dn has full write access, everyone else can read everything.
access to *
       by dn="cn=admin,dc=company,dc=com" write
       by * read

# Master< ->Slave sync parameters, you might need it in the future ;D
# timelimit 30
# bind_timelimit 30
# bind_policy soft
# nss_initgroups_ignoreusers root,ldap

Finally we can try to start the entire “thing” by starting each server individually (the execution order is very important):

/etc/init.d/slapd restart
/etc/init.d/samba restart
/etc/init.d/winbind restart

If you get some errors please keep in mind that all of these services store their logs in /var/log/*, those are priceless for troubleshooting your domain issues ;)

WINDOWS 7 COMPATIBILITY TWEAKS:

As first step add these rows into your /etc/samba/smb.conf file:

winbind uid = 10000-90000
winbind gid = 10000-90000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
password server = server_name
winbind use default domain = Yes
encrypt passwords = yes

Then modify Windows registry on client computers by using the reg file below (needs restart to take effect):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"GlobalMaxTcpWindowsSize"=dword:00020148
"TcpWindowsSize"=dword:00020148
"Tcp1323Opts"=dword:00000003

WHAT’S NEXT?

Now you are ready for domain administration and client configuration.
If you are a Microsoft-oriented administrator you would prefer using a Windows GUI solution rather than using bash, I personally like LDAPAdmin, it’s intuitive, but still very powerful. It has one big limitation it does not provide support for “secure” domains implementing TLS (only SSL). Give a try:

http://ldapadmin.sourceforge.net/index.html

I would like to go on with domain stuff by sharing my experience in OpenLDAP-based service installation and consolidation (such as MediaWiki, Redmine/Bugzilla, Subversion, Pure-FTP, SOGo, IMAP/SMTP servers etc).

Please contact me if you have any correction to commit to this guide or simply if you need a clarification on installation process, I will be always glad to help you.

P.S. My next post will be about the obvious connection between ACTA and SOPA/PIPA, actually the complete title is: “Who is Manny Acta? Sopa anti-piracy soup. Pippa is bored of misspells.”

acta-law

Manny Acta, baseball manager who wants to stop piracy in Europe

sopa

Sopa (just "soup" in Spanish). Really?

pipa or pippa

"Stop PIPA" or "stop Pippa", what is the right spelling

Posted in Debian, Linux, Microsoft, Sweeties Tagged with: , , , , , , , , , ,

Dusting off the old NAS

DNS-313 image

Hey-hey, I’m back to blogging once again…
So as you may have already guessed from the title – this time we will learn how to
give a second chance to your D-Link DNS-3X3 NAS. Prerequisites:

D-Link DNS-3X3 series NAS - [check]: I got DNS-313
Hard disk drive - [check]: Samsung Spinpoint F3 1,5 Tb
USB printer cable - [check]
Ethernet cable - [check]
A Linux PC - [check]: Asus 1215N with Debian Testing/Wheezy x64

STEP 1:

Extract the latest firmware for your DNS-3X3 series NAS to a QEMU virtual machine and styp-by-step modify it or download a Debian (Lenny) tarball from Internet.
In this article I will use DNS-313_Lenny_RevB tarball provided by andry which is pretty fast and stable.

STEP 2:

Plug you NAS in USB mode to your Linux computer and edit its partition table as follows:

#Filesystem	Size	Mounted on
/dev/sda3	5.0G	/
/dev/sda2	248M	/mnt/HD_a2
/dev/sda4	1.4T	/mnt/HD_a4

STEP 3:

Create a mount directory for the NAS root partition and extract Debian tarball:

mount /dev/sdb1 /mnt/exh3
tar -xvf Debian_Lenny_RevB.tgz -C /

STEP 4:

Unplug the device, turn it off ans switch to ‘network mode’ by plugging in the Ethernet cable. Now turn the NAS on and wait until the hard disk led becomes green.

STEP 5:

Connect to your NAS using telnet or ssh (both are available).
Note: the login information provided below is valid only for andry’s tarball. Sometimes login server fails, don’t panic, just retry.

telnet 192.168.1.5
Trying 192.168.1.5...
Connected to 192.168.1.5.
Escape character is '^]'.
Debian GNU/Linux 5.0
DNS-313 login: root
Password: passwd

STEP 6:

Add new repos and update APT archives:

cat > /etc/apt/sources.list

deb http://ftp.de.debian.org/debian lenny main
deb http://security.debian.org/ lenny/updates main contrib non-free

deb http://backports.debian.org/debian-backports lenny-backports main
deb-src http://backports.debian.org/debian-backports lenny-backports main

deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free

deb http://ftp.de.debian.org/debian/ lenny-proposed-updates main contrib
deb-src http://ftp.de.debian.org/debian/ lenny-proposed-updates main contrib

Now you can upgrade Debian packages.

sudo apt-get update && sudo apt-get upgrade -qy

Note: if you have problems during libc6 update installation try this workaround:

mv /usr/lib/librt.so.1 /usr/lib/librt.so.1.bak && dpkg -a --configure && apt-get install

STEP 7:

Both lenny and lenny-backports repos contain
Transmission 1.X versions, so in order to have the ultimate features and bug fixes you will have to download and compile Transmission tarball and its dependencies.

First of all install build tools and dependencies:

sudo apt-get install gcc build-essential automake autoconf libtool \
pkg-config libcurl4-openssl-dev intltool libxml2-dev libevent-dev

Now download the desired version of Transmission and compile it:

wget http://download.transmissionbt.com/files/transmission-verXY.tar.bz2
tar -zxvf transmission-verXY.tar.gz
cd transmission-verXY
./configure --disable-gtk --disable-nls
make
make install

You will probably get the warning regarding the outdated version of libevent.
Since the latest libevent-dev available in Debian Lenny is 1.2 and 1.4 in lenny-backports you will have to compile and install a newer version of it:

wget http://github.com/downloads/libevent/libevent/libevent-2.0.10-stable.tar.gz
tar -zxvf libevent-2.0.10-stable.tar.gz
cd libevent-2.0.10-stable ./configure
make
make install

After installing Transmission you will have to set up a daemon for it. I will supply an example of it below.
So create a new file with the following content:

 cat > /etc/init.d/transmission-daemon 
#! /bin/sh
### BEGIN INIT INFO
# Provides:          transmission-daemon
# Required-Start:    networking
# Required-Stop:     networking
# Default-Start:     2 3 5
# Default-Stop:      0 1 6
# Short-Description: Start the transmission BitTorrent daemon client.
### END INIT INFO

# ----- CONFIGURATION -----
# The name of the user that should run Transmission.
# It's RECOMENDED to run Transmission in it's own user,
# by default, this is set to 'transmission'.
# For the sake of security you shouldn't set a password
# on this user
USERNAME=transmission
# ----- END OF CONFIGURATION -----

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DESC="bittorrent client"
NAME=transmission-daemon
DAEMON=$(which $NAME)
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS

#
# Function that starts the daemon/service
#

do_start()
{
    # Export the configuration/web directory, if set
    if [ -n "$TRANSMISSION_HOME" ]; then
         export TRANSMISSION_HOME
    fi
    if [ -n "$TRANSMISSION_WEB_HOME" ]; then
         export TRANSMISSION_WEB_HOME
    fi

    # Return
    #   0 if daemon has been started
    #   1 if daemon was already running
    #   2 if daemon could not be started
    start-stop-daemon --chuid $USERNAME --start --pidfile $PIDFILE --make-pidfile \
           --exec $DAEMON --background --test -- -f $TRANSMISSION_ARGS > /dev/null \
           || return 1
    start-stop-daemon --chuid $USERNAME --start --pidfile $PIDFILE --make-pidfile \
           --exec $DAEMON --background -- -f $TRANSMISSION_ARGS \
           || return 2
}

#
# Function that stops the daemon/service
#
do_stop()
{
       # Return
       #   0 if daemon has been stopped
       #   1 if daemon was already stopped
       #   2 if daemon could not be stopped
       #   other if a failure occurred
       start-stop-daemon --stop --quiet --retry=TERM/10/KILL/5 --pidfile $PIDFILE --name $NAME
       RETVAL="$?"
       [ "$RETVAL" = 2 ] && return 2

       # Wait for children to finish too if this is a daemon that forks
       # and if the daemon is only ever run from this initscript.
       # If the above conditions are not satisfied then add some other code
       # that waits for the process to drop all resources that could be
       # needed by services started subsequently.  A last resort is to
       # sleep for some time.

       start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
       [ "$?" = 2 ] && return 2

       # Many daemons don't delete their pidfiles when they exit.
       rm -f $PIDFILE

       return "$RETVAL"
}

case "$1" in
 start)
       echo "Starting $DESC" "$NAME..."
       do_start
       case "$?" in
               0|1) echo "   Starting $DESC $NAME succeeded" ;;
               *)   echo "   Starting $DESC $NAME failed" ;;
       esac
       ;;
 stop)
       echo "Stopping $DESC $NAME..."
       do_stop
       case "$?" in
               0|1) echo "   Stopping $DESC $NAME succeeded" ;;
               *)   echo "   Stopping $DESC $NAME failed" ;;
       esac
       ;;
 restart|force-reload)
       #
       # If the "reload" option is implemented then remove the
       # 'force-reload' alias
       #
       echo "Restarting $DESC $NAME..."
       do_stop
       case "$?" in
         0|1)
               do_start
               case "$?" in
                   0|1) echo "   Restarting $DESC $NAME succeeded" ;;
                   *)   echo "   Restarting $DESC $NAME failed: couldn't start $NAME" ;;
               esac
               ;;
         *)
               echo "   Restarting $DESC $NAME failed: couldn't stop $NAME" ;;
       esac
       ;;
 *)
       echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
       exit 3
       ;;
esac

Since my daemon is configured with default user set to transmission I had to add this user:

adduser --disabled-password transmission
Enter the new value, or press ENTER for the default
Full Name []: Transmission
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
y

Fix service file permissions:

chmod +x /etc/init.d/transmission-daemon
chown root:root /etc/init.d/transmission-daemon

Before starting Transmission make sure that the configuration file exists and contains at least some basic parameters.

cat > /home/transmission/.config/transmission-daemon/settings.json
{
   "rpc-enabled": true,
   "rpc-whitelist": "127.0.0.1,192.168.1.*"
   "rpc-port": 9091,
   "download-dir": "/mnt/HD_a4/Downloads",
   "incomplete-dir": "/mnt/HD_4a/Downloads",
}

STEP 8:

MiniDLNA is a server software with the aim of being fully compliant with DLNA/UPnP-AV clients.
This software is not provided by Debian lenny and lenny-backports repos, so you will have to build it from the source tarball:

wget http://sourceforge.net/projects/minidlna/files/minidlna/1.0.XX/minidlna_1.0.XX_src.tar.gz
tar -zxvf transmission-verXY.tar.gz
cd minidlna_1.0.XX_src
./genconfig.sh
ERROR! Cannot continue. The following required libraries are either missing, or are missing development headers:
libavcodec libavformat libavutil libflac libvorbis libogg libid3tag libexif libjpeg

You can solve this issue by installing the following packages and try to build MiniDLAN again:

apt-get -f install libflac-dev libavcodec-dev libavformat-dev libjpeg62-dev libexif-dev libid3tag0-dev

Create the following file and fill it with the content below (check it first, it might be outdated): /etc/init.d/minidlna

#!/bin/sh
# chkconfig: 345 99 10
# description: Startup/shutdown script for MiniDLNA daemon
### BEGIN INIT INFO
# Provides: minidlna
# Required-Start:
# Required-Stop:
# Default-Start:  3 4 5
# Default-Stop: 0 1 6
# Short-Description: start/stop MiniDLNA daemon
# Description: Startup/shutdown script for MiniDLNA daemon
### END INIT INFO
#
# $Id: minidlna.init.d.script,v 1.2 2009/07/02 00:33:15 jmaggard Exp $
# MiniUPnP project
# author: Thomas Bernard
# website: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/

MINIDLNA=/usr/sbin/minidlna
ARGS='-f /etc/minidlna.conf'

test -f $MINIDLNA || exit 0

. /lib/lsb/init-functions

case "$1" in
start)  log_daemon_msg "Starting minidlna" "minidlna"
      start-stop-daemon --start --quiet --pidfile /var/run/minidlna.pid --startas $MINIDLNA -- $ARGS $LSBNAMES
      log_end_msg $?
      ;;
stop)   log_daemon_msg "Stopping minidlna" "minidlna"
      start-stop-daemon --stop --quiet --pidfile /var/run/minidlna.pid
      log_end_msg $?
      ;;
restart|reload|force-reload)
      log_daemon_msg "Restarting minidlna" "minidlna"
      start-stop-daemon --stop --retry 5 --quiet --pidfile /var/run/minidlna.pid
      start-stop-daemon --start --quiet --pidfile /var/run/minidlna.pid --startas $MINIDLNA -- $ARGS $LSBNAMES
      log_end_msg $?
      ;;
*)      log_action_msg "Usage: /etc/init.d/minidlna {start|stop|restart|reload|force-reload}"
      exit 2
      ;;
esac
exit 0

Set execution rights on daemon files:

chmod +x /etc/init.d/minidlna
chown root:root /etc/init.d/minidlna

STEP 9:

You can manage your services by installing sysv-rc-conf utility:

Terminal interface is perfect for NAS

STEP 10:

Even on the stock firmware Samba server is already installed, but I think that it’s confiruration is not optimal for low performance devices such as DNS-313.

Below you can find a Samba configuration file example (usually it is placed in /etc/samba/smb.conf). This config has been optimized for embedded systems and NAS (pay attention to extra spaces on square brackets).

[ global ]
server string = %h server
security = SHARE
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072 SO_KEEPALIVE
load printers = No
printcap name = /dev/null
dns proxy = No
panic action = /usr/share/samba/panic-action %d
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j

[ homes ]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No

[ public ]
comment = Main share
path = /mnt/HD_a4
force user = root
read only = No
create mask = 0777
guest only = Yes
guest ok = Yes
hide files = /lost+found/

In order to avoid share issues in Windows 7 edit /etc/security/limits.conf:
just scroll down to the end of the file and add the following line:

nano /etc/security/limits.conf

..and append this line at the end of the file:

* - nofile 16384

STEP 1!:

You might wish to manage your NAS remotely. The easiest way to accomplish that is to install Webmin, but I wouldn’t do that because of low memory available on the system.

CONCLUSION:

When yesterday’s technology is obsolete tomorrow the only way to stay sane is to try to squeeze all the juice from your today’s hardware.

So overclock, voltmod, cook and then flash custom firmwares instead of buying new gadgets.

The next time we will investigate on Apocalipsy’s decision to leave the Teletubbies Show during the first season shooting.
Most likely I will share all the unreleased episodes and some pics of Apocalipsy after his “drug scandal”.

This is the only photo in which teletubbies are featuring the full composition

Posted in Debian, Linux, Sweeties Tagged with: , , , , , , ,

Mono 2.10.X? Mhmm, that’s Squeeze!!!

EDIT:
The method to get Mono 2.10.X described below works fine, but it is not the easiest way.
I’m currently using another method, even if it pulls in Gnome3/GTK3 packages into my system:

echo deb http://ftp.debian.org/debian experimental main >> /etc/apt/sources.list
apt-get update
apt-get install --reinstall mono-complete monodevelop mono-devel -t experimental 

Please, remember to disable experimental repo later.

I’m currently using Debian Squeeze for my servers, because it’s so stable. The only thing that I dislike about it are the outdated packages: for example Iceweasel 3.5 or 3.6, Mono 2.6.7 etc.
Yeah, I know that the Mono version supplied with squeeze is a long support release, but even by adding squeeze-backports repository you won’t manage to get the latest version of the compiler.. that’s frustrating, isn’t it?
So it seems that the only way to get Mono 2.10.x (and higher versions) working on Squeeze is to compile it your-self.
I would like to help you to accomplish this by providing you some basic instructions.

Install the following packages:

apt-get -f install gcc build-essential autoconf \
bison flex gtk-sharp2-gapi boo gdb valac zlib1g-dev \
libcairo2-dev libpango1.0-dev libfreetype6-dev libexif-dev \
libjpeg62-dev libtiff4-dev libgif-dev libfontconfig1-dev \
libglib2.0-dev libgtk2.0-dev libglade2-dev libart-2.0-dev \
libgnomevfs2-dev libgnome-desktop-dev libgnome2-dev \
libgtkhtml3.14-cil-dev libgnomecanvas2-dev automake \
libgnomeui-dev libgnomeprint2.2-dev xulrunner-dev \
libpanel-applet2-dev librsvg2-dev libgnomeprintui2.2-dev \
libgtkhtml3.14-dev libgtksourceview2.0-dev libatk1.0-dev \
libvte-dev libwnck-dev libnspr4-dev libpng12-dev \
libwebkit-dev libvala-dev libjpeg62-dev libtiff4-dev libnss3-dev

Then chek this archive for the latest sources of Mono:

http://ftp.novell.com/pub/mono/sources/

STEP 1: First of all download, decompress and compile libgdiplus

cd /tmp
wget http://ftp.novell.com/pub/mono/sources/libgdiplus/libgdiplus-2.10.tar.bz2
tar -xvf libgdiplus-2.10.tar.bz2
cd libgdiplus-2.10
./configure --with-pango
make
sudo make install
cd ..

* Note that “–with-pango” options allows us to use pango text engine for mono< -->libgdiplus compatibility.

STEP 2: Do the same for mono

wget http://ftp.novell.com/pub/mono/sources/mono/mono-2.10.2.tar.bz2
tar -xvf mono-2.10.2.tar.bz2
cd mono-2.10.2
./configure --with-pango
make
sudo make install
cd ..

STEP 4: At this point you can check if the Mono compiler works (.NET 4)

which gmcs

* Note: if the output doesn’t contain a valid compiler path please start over and read carefully “./configure”, “make” and “make install” messages.

STEP 5: download and decompress all the gtk# and gnome archives and then run these commands

cd gtk-sharp-2.12.10
./configure
make
sudo make install
cd ../gnome-sharp-2.24.1
./configure
make
sudo make install
cd ../gnome-desktop-sharp-2.24.0
./configure
make
sudo make install
cd ..

* Note you will probably get warnings/errors during the compilation of gnome-sharp-2.xxx package, so please follow these simple steps to fix the issue: in gnome-sharp-/sample/gnomevfs/Makefile go to line 221.

Comment out that line, should look like this

#EXTRA_TARGETS = TestXfer.exe

Edit use these two lines 449 and 450 in this way

# TestXfer.exe: $(srcdir)/TestXfer.cs $(assemblies)
# $(CSC) /out:TestXfer.exe $(references) -r:Mono.GetOptions.dll $(srcdir)/TestXfer.cs

STEP 6: do the same for gluezilla, gecko-sharp, webkit-sharp

cd gluezilla-2.6
./configure
make
sudo make install
cd ../gecko-sharp-2.0-0.13
./configure
make
sudo make install
cd ../webkit-sharp-0.3
./configure
make
cd ..

* Oh yeah, one more annoying note. Make sure that you are using some gecko v1.9.x version, Firefox/Iceweasel 4.x will install xulrunner-dev 2.0 and that will brake the compilation process.

STEP 7: build mono-addins to provide the following namespace – Mono.Addins
(http://ftp.novell.com/pub/mono/sources/mono-addins/mono-addins-0.6.1.tar.bz2)

cd mono-addins-0.6.1
./configure
make
sudo make install
cd ..

STEP 8: build mono-tools

cd mono-tools-2.10
./configure
make
sudo make install
cd ..

STEP 9: Build Mono XSP, the webserver for ASP.NET

cd xsp-2.10.2
./configure
make
sudo make install
cd ../mod_mono-2.10
./configure
make
sudo make install
cd ..

* Note: you will probably have to install this package:
apt-get -f install build-essential libapache2-prefork-dev
you can also try to use this:
apt-get -f install build-essential libapache2-threaded-dev

STEP 10: build the Mono Debugger

cd mono-debugger-2.10
./configure
make
sudo make install
cd ..

STEP 11: build MonoDevelop 2.6

cd monodevelop-2.5.91
./configure
make
sudo make install
cd ../monodevelop-database-2.5.91
./configure
make
sudo make install
cd ../monodevelop-debugger-gdb-2.5.91
./configure
make
sudo make install
cd ../monodevelop-debugger-mdb-2.4
./configure
make
sudo make install
cd ..monodevelop-java-2.5.91
./configure
make
sudo make install
cd ..

I hope that this article will help somebody to set up Sqeeze ASP.NET server.. or maybe to get a job.. or even save the world.

The next time I will tell you where to buy iBoard right now:



It is magically stupid

Posted in Debian, Linux, Programming Tagged with: , , , , , , ,

Site language:

Polls

What do you want me to write about? (stupid question, really)

View Results

Loading ... Loading ...