Turn Your FreeNAS Box Into the Ultimate Anonymous Downloading Machine:

Here’s how to turn your FreeNAS box into the ultimate downloading machine so you can download safely and monitor its activity from anywhere.

(Via lifehacker.com)

Great in-depth article by Nathan Grigg. Everything you ever wanted to know about launchd and how job scheduling can be easily done under OSX.

If you try to install Ubuntu 10.10 under parallels desktop 6.0 on OSX — atleast as of the writing of this article — you’ll soon discover that although your entire installation is done in a high (eg: 1920×1080) resolution, as soon as the install is done and you reboot, your VM is stuck at 1024×768. You can install the parallel tools using the menu option and it still won’t help — although it helps with 3D (ie: compiz). Under Gnomes System/Preferences/Monitors the highest resolution available is 1024×768 :-(. After searching around the net for the past week or so and trying just about every remedy — which did not work — I was about to give up, then I found the magic command that “makes it go” :-).

I’ve now got Ubuntu 10.10 running with PT/compiz under parallels 6.0 @ 1920×1080. No problem. Normally if you go inside ~/.config/ directory (.config folder under your home directory) you’ll notice that there is no “monitors.xml” file in there. That’s the per user X config file that gets the ball rolling. Generating the file is really easy. Open a teminal and issue the following command:

xrandr

This will generate (hopefully) the following output:

Note that 1024×768 is the default. Now if you go inside ~/.config/ directory you’ll find a “monitors.xml” file (below). Once you’ve got this file you can go to System/Preferences/Monitors and choose the higher resolution options (eg:1920×1080). The xrandr command should generate the file for you. If it doesn’t (not sure why), here is my version for parallel 6.0. I think it’s pretty generic so you should be able to cut and paste the content:

<monitors version="1">
  <configuration>
      <clone>no</clone>
      <output name="default">
          <vendor>???</vendor>
          <product>0x0000</product>
          <serial>0x00000000</serial>
          <width>1920</width>
          <height>1200</height>
          <rate>60</rate>
          <x>0</x>
          <y>0</y>
          <rotation>normal</rotation>
          <reflect_x>no</reflect_x>
          <reflect_y>no</reflect_y>
          <primary>no</primary>
      </output>
  </configuration>
</monitors>

If you’ve recently installed Ubuntu 10.10 and have installed Nvidia and/or ATI drivers — or installed ubuntu under emulation — you’ll end up with a (butt) ugly splash screen. In my case under parallel 6.0 I ended up with a text boot screen that just read “Ubuntu 10.10″……Ughhh. Here is a quick tutorial on how to get a nice splash restored. This procedure also works in 10.04. Keep in mind that I’m doing everything with 1280×1024 screen size. your mileage might vary (ie: you might want 1024×768). You’ll need to get a terminal session opened for this:

• Get the nice splash screen installed

  sudo apt-get install v86d

• Edit your grub config file and add the following

  sudo vi /etc/default/grub

• Look for this line:

  GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

• and replace it with this (note: 1280×1024 screen res…..your mileage might vary):

  GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset video=uvesafb:mode_option=1280x1024-24,mtrr=3,scroll=ywrap"

• Still in the same file look for this line:

  #GRUB_GFXMODE=640x480

• and replace it with this (note: 1280×1024 screen res…..your mileage might vary):

  GRUB_GFXMODE=1280x1024

Your /etc/default/grub file should look like this once you’re done (partial screenshot):

• Save the file and issue the following command to start editing /etc/initramfs-tools/modules file:

  sudo vi /etc/initramfs-tools/modules

• The file should be mostly commented out. At the end of the file insert the following line (note: 1280×1024 screen res…..your mileage might vary):

  uvesafb mode_option=1280x1024-24 mtrr=3 scroll=ywrap

Your /etc/initramfs-tools/modules file should look like this once you’re done:

• Save the file and issue the following command:

  echo FRAMEBUFFER=y | sudo tee /etc/initramfs-tools/conf.d/splash

• Finally issue the following two command to update grub:

  sudo update-grub2

  sudo update-initramfs -u

Reboot and Enjoy :-)

It’s been a while since I’ve had the pleasure (read: pain) of working with Sloowaris, but now that we have two 48TB Sun X4540 Thumpers in house, I have to…..Uggghhhh :-). Here are some notes:

• Remember sudo -i does not work. Use “su -” to get the root environment through ssh (login as regular user).
• The machine has 6 Controllers with 8 Disks each for a total of 48 disks.
• To find out all the disks that are available on your system and their Labels…..root # format
Searching for disks...done

  AVAILABLE DISK SELECTIONS:

• To see the status of the zpool runroot # zpool status
  pool: pool1
  state: ONLINE
  status: The pool is formatted using an older on-disk format. The pool can
  still be used, but some features are unavailable.
  action: Upgrade the pool using 'zpool upgrade'. Once this is done, the
  pool will no longer be accessible on older software versions.
  scrub: none requested
  config:

  NAME STATE READ WRITE CKSUM
  pool1 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c0t3d0 ONLINE 0 0 0
  c1t3d0 ONLINE 0 0 0
  c2t3d0 ONLINE 0 0 0
  c3t3d0 ONLINE 0 0 0
  c4t3d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c5t3d0 ONLINE 0 0 0
  c0t7d0 ONLINE 0 0 0
  c1t7d0 ONLINE 0 0 0
  c2t7d0 ONLINE 0 0 0
  c3t7d0 ONLINE 0 0 0
  spares
  c4t7d0 AVAIL
  c5t7d0 AVAIL

  errors: No known data errors

• Our zpool is at version 10 and the latest is version 15, so we upgrade:root # zpool upgrade
  This system is currently running ZFS pool version 15.

  The following pools are out of date, and can be upgraded. After being
  upgraded, these pools will no longer be accessible by older software versions.

  VER POOL
  --- ------------
  10 pool1

  Use 'zpool upgrade -v' for a list of available versions and their associated
  features.
  root # zpool upgrade -v
  This system is currently running ZFS pool version 15.

  The following versions are supported:

  VER DESCRIPTION
  --- --------------------------------------------------------
  1 Initial ZFS version
  2 Ditto blocks (replicated metadata)
  3 Hot spares and double parity RAID-Z
  4 zpool history
  5 Compression using the gzip algorithm
  6 bootfs pool property
  7 Separate intent log devices
  8 Delegated administration
  9 refquota and refreservation properties
  10 Cache devices
  11 Improved scrub performance
  12 Snapshot properties
  13 snapused property
  14 passthrough-x aclinherit
  15 user/group space accounting
  For more information on a particular version, including supported releases, see:

  http://www.opensolaris.org/os/community/zfs/version/N

  Where 'N' is the version number.
  root #
  root # zpool upgrade pool1
  This system is currently running ZFS pool version 15.

  Successfully upgraded 'pool1' from version 10 to version 15

• zpools are like autonomous raid subsystems that will eventually be added into a pool (which is similar to a LV). There are 3 types of pools raidz (raid-5 like), raidz2 (raid-6 like) and mirror.
• C0T0D0 and C1T0D0 are kinda special and can’t be included in a zpool…..something about SVM metadb…..blahblahblah. Leave it out.root # metadb -i
flags first blk block count
a m p luo 16 8192 /dev/dsk/c0t0d0s7
a p luo 8208 8192 /dev/dsk/c0t0d0s7
a p luo 16400 8192 /dev/dsk/c0t0d0s7
a p luo 16 8192 /dev/dsk/c1t0d0s7
a p luo 8208 8192 /dev/dsk/c1t0d0s7
a p luo 16400 8192 /dev/dsk/c1t0d0s7
r - replica does not have device relocation information
o - replica active prior to last mddb configuration change
u - replica is up to date
l - locator for this replica was read successfully
c - replica's location was in /etc/lvm/mddb.cf
p - replica's location was patched in kernel
m - replica is master, this is replica selected as input
W - replica has device write errors
a - replica is active, commits are occurring to this replica
M - replica had problem with master blocks
D - replica had problem with data blocks
F - replica had format problems
S - replica is too small to hold current data base
R - replica had device read errors
• The following commands created the extra zpools needed:root # zpool add pool1 raidz1 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c0t1d0
root # zpool add pool1 raidz1 c1t1d0 c2t1d0 c3t1d0 c4t1d0 c5t1d0
root # zpool add pool1 raidz1 c0t2d0 c1t2d0 c2t2d0 c3t2d0 c4t2d0
root # zpool add pool1 raidz1 c1t4d0 c2t4d0 c3t4d0 c4t4d0 c5t4d0
root # zpool add pool1 raidz1 c0t5d0 c2t5d0 c3t5d0 c4t5d0 c5t5d0
root # zpool add pool1 raidz1 c0t6d0 c1t6d0 c3t6d0 c4t6d0 c5t6d0
• This leaves the following 4 disks to be added to spare:root # zpool add pool1 spare c5t2d0 c0t4d0 c1t5d0 c2t6d0
• Now for the fun part…..finding out what the heck all this did to the system:root # zpool status
  pool: pool1
  state: ONLINE
  scrub: none requested
  config:

  NAME STATE READ WRITE CKSUM
  pool1 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c0t3d0 ONLINE 0 0 0
  c1t3d0 ONLINE 0 0 0
  c2t3d0 ONLINE 0 0 0
  c3t3d0 ONLINE 0 0 0
  c4t3d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c5t3d0 ONLINE 0 0 0
  c0t7d0 ONLINE 0 0 0
  c1t7d0 ONLINE 0 0 0
  c2t7d0 ONLINE 0 0 0
  c3t7d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c2t0d0 ONLINE 0 0 0
  c3t0d0 ONLINE 0 0 0
  c4t0d0 ONLINE 0 0 0
  c5t0d0 ONLINE 0 0 0
  c0t1d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c1t1d0 ONLINE 0 0 0
  c2t1d0 ONLINE 0 0 0
  c3t1d0 ONLINE 0 0 0
  c4t1d0 ONLINE 0 0 0
  c5t1d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c0t2d0 ONLINE 0 0 0
  c1t2d0 ONLINE 0 0 0
  c2t2d0 ONLINE 0 0 0
  c3t2d0 ONLINE 0 0 0
  c4t2d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c1t4d0 ONLINE 0 0 0
  c2t4d0 ONLINE 0 0 0
  c3t4d0 ONLINE 0 0 0
  c4t4d0 ONLINE 0 0 0
  c5t4d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c0t5d0 ONLINE 0 0 0
  c2t5d0 ONLINE 0 0 0
  c3t5d0 ONLINE 0 0 0
  c4t5d0 ONLINE 0 0 0
  c5t5d0 ONLINE 0 0 0
  raidz1 ONLINE 0 0 0
  c0t6d0 ONLINE 0 0 0
  c1t6d0 ONLINE 0 0 0
  c3t6d0 ONLINE 0 0 0
  c4t6d0 ONLINE 0 0 0
  c5t6d0 ONLINE 0 0 0
  spares
  c4t7d0 AVAIL
  c5t7d0 AVAIL
  c5t2d0 AVAIL
  c0t4d0 AVAIL
  c1t5d0 AVAIL
  c2t6d0 AVAIL

  errors: No known data errors
root # zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
pool1 36.2T 222K 36.2T 0% ONLINE -
root # zfs list
NAME USED AVAIL REFER MOUNTPOINT
pool1 161K 28.5T 28.8K /vol1

• To create a CX special mount point we do:root # zfs create pool1/CX
root # zfs list
NAME USED AVAIL REFER MOUNTPOINT
pool1 201K 28.5T 28.8K /vol1
pool1/CX 33.6K 28.5T 33.6K /vol1/CX
• When compiling iRODS on X4540 you might/will get an error like “make: Fatal error in reader: config/config.mk………Unexpected end of line seen“. This is caused because by default the system is configured for Sun’s make command (in /usr/ccs/bin/make) rather than the gnu make command which resides in /usr/sfw/bin/gmake under Solaris 10. To fix this add /usr/sfw/bin in front of your $PATH variable, export it and use gmake instead of make (read the INSTALL.txt file that comes with iRODS to find out how you can do the steps manually instead of using irodssetup command).

I came across this problem this morning, while writing the newly downloaded moblin USB image file. The concept is straight forward, plugin a 1GB+ USB stick into a functioning Linux or Windows box, make sure the stick is not mounted and use dd to write the disk image to the stick. Under OSX however the instructions for unmounting are slightly different, so here are the quick steps:

1. Download the desired .img file
2. Open a Terminal (under Utilities)
3. Run diskutil list to get the current list of devices
4. Insert your flash media
5. Run diskutil list again and determine the device node assigned to your flash media (e.g. /dev/disk2)
6. Run diskutil unmountDisk /dev/diskN (replace N with the disk number from the last command; in the previous example, N would be 2)
7. Execute sudo dd if=/path/to/downloaded.img of=/dev/diskN bs=1m (replace /path/to/downloaded.img with the path where the image file is located.
8. Run diskutil eject /dev/diskN and remove your flash media when the command completes

That should do it…..

Okay so I’ve been playing around with openfiler for the past couple of months. We’re trying to setup a Student homedirectory NAS device and have a mirror machine that would take over if our primary dies. Our machines are hand built 13-TB NAS servers using 16 x 1TB Seagate disks and a 16 channel sata2 raid controller from 3Ware. There are several problems that one needs to overcome in this type of setup so I will try to cover it, bit by bit as I finish confirming it at work. As I said we’re using a Super Micro case and motherboard (Dual Quadcore Xeon) and we’ve stuffed a 16 channel 3ware 9650 controller in there. The first issue we had was with hardware and the fact that we had some screwy new firmware on the controller that was not working nicely with our 16 x 1TB seagate drives. We downgraded the firmware and got the machine to post. Then we created a (roughly) 14 TB container in raid-6 mode (16 drives, less 2). We further devided up the space into a 20GB boot partition (using the bios setting in 3ware bios) and a giant (rougly) 13TB partition that will hold our student data. The 20 GB partition will later on hold our swap space and non essential (frequently updated) folders under /var (lock, log, etc.)

We have physically 2 separate machines that are exact copies of each other hardware-wise. The plan initiallly was to use DRBD and heartbeat service to create a High availability NAS cluster, but since we are tying to authenticate (for smb) with our Windows system, we could not get that configuration working (and frankly I still don’t trust DRBD, as good as it is). So we decided to create two USB sticks images. One for master and another for slave. The master will be a machine enrolled into our Active directory domain and the slave will be a passive (private) rsync server. The master USB image is configured with all the AD stuff and two interfaces. One interface serves as the NAS and another runs rsync against our slave/rsync server. When/If the master fails (ie: motherboard failure) beyond recognition, we simply plug the master USB stick into our slave machine and reboot it. Since the machines are exact copies of one another the (old slave) will now be master and once the (old) master is fixed, it will become the new slave/rsync server. Real simple.

So here is Chapter one – How do you get Openfiler 2.3 to boot off a USB stick:

Before you start you’ll need the following:

1. Four USB Sticks 2GB+ that are the same brand, size.
2. Openfiler 2.3 install CD
3. A non openfiler rescue disk (I used a Ubuntu LiveCD) used to fix (reinstall) grub on the USB stick.

Insert your USB stick, and boot from the OpenFiler 2.3 installation CD. At the boot prompt, type expert (for text mode type expert text, I used graphical mode). Manually configure your partitions. I just had one 2Gb partition (ext2) on /. I used ext2 since it has no journal and won’t constantly write to the USB stick. No Swap partition at this point. After the install I noticed that something between 600 and 700 Mb was used for the system, so you might be able to use about 200-300Mb for swap if really needed (however, I doubt the use for a swap partition, as USB storage is really slow). The installer will breeze through to the end. Note that it is realllyyy slow. It took more than an hour on my config. Reboot at the end and get the OF2.3 CD booting again in rescue mode by typing “linux rescue” at the prompt. Once you’re at the prompt mount the USB stick manually (fdisk -l might help as it will print out info about all the disks). My USB stick was /dev/sdc, hence the commands below:

mount /dev/sdc1 /mnt/source
chroot /mnt/source

Now you’ve got the partition mounted and your shell chrooted to the root of the USB stick. We next copy the initrd on the USB stick into a temporary directory (on the stick) and uncompress it so we can modify it. You need to do this so that grub can initialize the bootloader ram disk off the USB stick (ie: makes OF installation bootable from USB).

cp /boot/initrd-2.X.X.img /tmp/initrd.gz
gunzip /tmp/initrd.gz
mkdir /tmp/a
cd /tmp/a
cpio -i < /tmp/initrd

At this point we need to edit the “init” file (text file containing kernel module listings that are required during boot). I used vi to do this, not sure if there is another editor available during rescue mode. Find the line containing “insmod /lib/sd_mod.ko” and insert the following snippet under it:

insmod /lib/sr_mod.ko
insmod /lib/ehci-hcd.ko
insmod /lib/uhci-hcd.ko
sleep 5
insmod /lib/usb-storage.ko
sleep 8

Save the file and follow along with the following commands to physically copy the appropriate kernel modules to the temp directory.

cd /lib/modules/insert-kernel-folder-here-or-just-use-TAB-key/kernel/drivers
cp usb/storage/usb-storage.ko /tmp/a/lib
cp usb/host/ehci-hcd.ko /tmp/a/lib
cp usb/host/uhci-hcd.ko /tmp/a/lib
cp scsi/sr_mod.ko /tmp/a/lib
cd /tmp/a
find . | cpio -c -o | gzip -9 > /boot/usbinitrd.img

IMPORTANT – Now adjust grub config (/boot/grub/grub.conf) to reflect the change to initrd filename. You should also repeat this on kernel upgrades (but then again, never touch a working system ;)).
Reboot.

More than likely it’s a no go, since the installer did not install grub properly. Now take out your Ubuntu (or other favourite rescue CD) out and boot from it. Don’t use the OF2.3 CD in rescue mode…..IT DOES NOT WORK. Once booted, mount the USB stick on the system and use the following commands to re-install grub:

mount /dev/sdc1 /mnt/source
grub-install --root-directory=/mnt/source /dev/sdc

Reboot and you should be good to go (you will get a couple of Errors during boot about modules already loaded stuff…..ignore). At some point you do want to move some of those auxiliary directories (/tmp/ /var/log /var/lock and others) and swap file off the stick and onto the 20GB portion of our raid-6 we prepped earlier on. Below you find the fdisk -l listing of that “logical disk” (/dev/sdb in our system):

Disk /dev/sdb: 21.4 GB, 21474835968 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 1 609 4891761 83 Linux
/dev/sdb2 610 621 96390 83 Linux
/dev/sdb3 622 671 401625 83 Linux
/dev/sdb4 672 2610 15575017+ 5 Extended
/dev/sdb5 672 673 16033+ 83 Linux
/dev/sdb6 674 2610 15558921 82 Linux swap / Solaris


here is a breakdown of what goes where (/dev/sdb6 is obviously swap which was prepared with “mkswap” command):

tmpfs /tmp tmpfs defaults,noatime 0 0
tmpfs /var/tmp tmpfs defaults,noatime 0 0
/dev/sdb1 /var/log ext2 defaults 1 1
/dev/sdb2 /var/run ext2 defaults 1 1
/dev/sdb3 /var/cache ext2 defaults 1 1
/dev/sdb5 /var/lock ext2 defaults 1 1
/dev/sdb6 swap swap defaults 0 0


You need to make the above changes to your USB stick’s /etc/fstab, but before rebooting you need to use “cp -a” command to copy all the folders from the appropriate location on the USB stick to the above partitions (by mounting the partitions temporarily/one-at-a-time), just to make sure no process would go crazy if it didn’t find the lock directory (or cache, run, etc.).

Next we want to make four copies of this stick. You can use a Mac or Win (using rawrite) or better yet Linux. It’s important that the stick your copying is not booted. Use the Ubuntu/whatever CD you used ealier and boot it into rescue mode. Go to command line and use “dd” command to create three more copies of the stick you just preped.

Two copies (one for safe keeping) will become your Master USB sticks to boot the machine in Master mode (as described earlier in this article). The other two copies (one for safe keeping) will become your Slave sticks.

NOTES:

These notes have nothing to do with the installation. I’m just putting them down here for safe keeping. Only use these if you’re in trouble.

- If you want to create a “Home Share” and you don’t get the “Make Home Share” button on the interface, something has gone wrong with one of the xml config files. No worries, find and edit the file /opt/openfiler/etc/homespath.xml . Inside it will look something like this:
<?xml version="1.0"?>
<homespath value="/mnt/bigvg/studentvol/studenthome/"/>
This is where the problem is. The php code that drives the interface for sharing thinks that there already is a “homes” directory defined, but you know that’s not the case. Since only one homes entry is allowed, the web interface will not give you the option to make your new share the “Home Share”. To fix this we need to take out what’s inside the quotes as the value of homespath. So once that’s done the file will look like this:
<?xml version="1.0"?>
<homespath value=""/>
Save this file and go back to the share tab in the web interface and you will now get a “Make Home Share” button again.

- If you have upgraded to a Windows 2008 R2 (Win2k8 r2) AD domain and you’re getting authentication errors when accessing your openfiler shares (although everything was working fine under R1) like the ones below:
/var/log/messages shows:

Nov 16 08:42:02 openfiler winbindd[3316]: [2009/11/16 08:42:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789)
Nov 16 08:42:02 openfiler winbindd[3316]: rpc_api_pipe: Remote machine dc.domain.tld pipe \NETLOGON fnum 0x4005 returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
and
/var/log/samba/winbind.log shows:

[2009/11/16 08:43:12, 1] winbindd/winbindd_util.c:trustdom_recv(269)
Could not receive trustdoms
then your problem (more than likely) is the version of Samba that comes with openfiler 2.3. You need to upgrade to 3.4.5. Run “conary updateall” or do “System Update” from the interface, let it update everything and reboot your machine. Once your machine is back up, leave the AD domain and rejoin it and everything should be fine.

- If you’re having problems accessing a samba share you just created on your brand new openfiler, you might want to check the following. Lets say you have a Volume Group called “bigvg” and a Volume inside that called “studentvol” where you have a share called “test”. If you’re having problems accessing the share by just using something like smb://openfiler-servername/test you might want to try connecting to the following instead:
smb://openfiler-servername/bigvg.studentvol.test
This is because by default openfiler tries to be smart and adds the volume group and volume name infront of the sharename you give it. Now, if you have a small installation this can be a pain. The easy way to fix this is to use the “Override SMB/Rsync share name:” field under the “Shares/Edit share” screen. I tend to use the same sharename I initially used (ie: “test” in this case), just to keep it simple. The only thing to remember here is that you want to make sure you don’t override with a duplicate name…..that’s gonna blowup real good.

- Couple of useful commands for Samba troubleshooting…..
To see a list of shares on your openfiler server (note that the unix command will give you those long sharenames:
Unix: smbclient -L OpenfilerServername -U domainloginid
Win: net view \\OpenfilerServername

- There is another issue with this master/slave setup and that is UID/GID synchronization for samba. This comes into play since we’re rsyncing our files from master to slave. This process also transfers their respective UID/GID to the slave machine. If the master fails, our procedure is to turn if off and reboot the slave using the masters USB stick. This works, but all those rsync’ed UID/GID’s will not match when the slave machine is booted using the masters USB stick (samba voodoo that translates windows UID/GID’s to linux UID/GID is kinda random)…..UNLESS YOU DO THE FOLLOWING (taken from Samba How-To):

The idmap_rid facility is a new tool that, unlike native winbind, creates a predictable mapping of MS Windows SIDs to UNIX UIDs and GIDs. The key benefit of this method of implementing the Samba IDMAP facility is that it eliminates the need to store the IDMAP data in a central place. The downside is that it can be used only within a single ADS domain and is not compatible with trusted domain implementations.

This alternate method of SID to UID/GID mapping can be achieved using the idmap_rid plug-in. This plug-in uses the RID of the user SID to derive the UID and GID by adding the RID to a base value specified. This utility requires that the parameter “allow trusted domains = No” be specified, as it is not compatible with multiple domain environments. The idmap uid and idmap gid ranges must be specified.

The idmap_rid facility can be used both for NT4/Samba-style domains and Active Directory. To use this with an NT4 domain, do not include the realm parameter; additionally, the method used to join the domain uses the net rpc join process.

An example smb.conf file for and ADS domain environment is shown below:
# Global parameters
[global]
workgroup = KPAK
netbios name = BIGJOE
realm = CORP.KPAK.COM
server string = Office Server
security = ADS
allow trusted domains = No
idmap backend = idmap_rid:KPAK=500-100000000
idmap uid = 500-100000000
idmap gid = 500-100000000
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
printer admin = "Domain Admins"
In a large domain with many users it is imperative to disable enumeration of users and groups. For example, at a site that has 22,000 users in Active Directory the winbind-based user and group resolution is unavailable for nearly 12 minutes following first startup of winbind. Disabling enumeration resulted in instantaneous response. The disabling of user and group enumeration means that it will not be possible to list users or groups using the getent passwd and getent group commands. It will be possible to perform the lookup for individual users, as shown in the following procedure.

The use of this tool requires configuration of NSS as per the native use of winbind. Edit the /etc/nsswitch.conf so it has the following parameters:
...
passwd: files winbind
shadow: files winbind
group: files winbind
...
hosts: files wins
...
The following procedure can use the idmap_rid facility:

1. Create or install an smb.conf file with the above configuration.
2. Edit the /etc/nsswitch.conf file as shown above.
3. Execute:
root# net ads join -UAdministrator%password
Using short domain name -- KPAK
Joined 'BIGJOE' to realm 'CORP.KPAK.COM'
An invalid or failed join can be detected by executing:
root# net ads testjoin
BIGJOE$@'s password:
[2004/11/05 16:53:03, 0] utils/net_ads.c:ads_startup(186)
ads_connect: No results returned
Join to domain is not valid
The specific error message may differ from the above because it depends on the type of failure that may have occurred. Increase the log level to 10, repeat the test, and then examine the log files produced to identify the nature of the failure.
4. Start the nmbd, winbind, and smbd daemons in the order shown.
5. Validate the operation of this configuration by executing:
root# getent passwd administrator
administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash

Please note that the update version of SAMBA that gets installed after you do “conary updateall” (see above) has a option for this under “Advance” tab of the Accounts section.

 I’ve had this question a couple of times in the past few months (since I posted the command line version of this method here ). To make it short and sweet, yes you can use Putty in a windows environment to setup ssh tunnels. Here is the specific scenario with pics for setting up a tunnel to your mysql server (assuming mysql server is running on a machine that you have ssh access to) using putty. This allows you to run mysql-gui-tools under windows and connect thru ssh to your server, without having to open the server to accept connections from the network.

1. Download Putty full install package 
2. Run putty and your’ll see the following screen. Fill in the hostname of the DB server and choose SSH as protocol.

3. Go down to SSH and Tunnels options. Fill in 3306 for Source port, 127.0.0.1:3306 for local Destination port and click Add. This will forward (through SSH) all traffic sent to 127.0.0.1:3306 (aka. localhost:3306) to the remote host’s (DB Server) port 3306. You’ll see how this works in a second.

4. Now go back to Sessions, Give the session a meaningful name (eg: MYSQLTunnel) and click Save so that it’s saved.

So now you’re done. If you need to access your mysql server, first run putty, load the session we just saved, connect and you’re good to go. You can use any network based mysql frontend and even the ODBC connector under windows and point them at host: 127.0.0.1 and port: 3306, the SSH tunnel will then take the traffic and safely transfer it to your mysql server box. This way you can run your mysql server in local mode — where it will not accept connections from outside network — for safety reasons and have network access to it when you need.

A lot of people seem to be running into weird network problems with Vista (MS’s latest abortion). The symptoms might include:

- Windows messenger issues (disconnects, slowness)
- Large network file copies get interrupted or are slowwwww
- Network file transfers that seem to hang for no reason
- Network ghosts turning on/off the network subsystem
- Routers having issues that lead to router reboot
- Outlook having synchronization issues

A possible solution is turning off auto-tuning. You see Vista being Vista, wants to always be in control, even when it gets on the network with others. MS has built a new feature into it’s network stack that allows Vista to auto-tune the size of the send/receive windows…..why would you want to do this by default when half the worlds firewalls discard non-standard packet sizes is a mystery (apparently only known to MS ppl). So guess what happens when the firewall downstream of you decides that your packets are “non-standard”……it drops them, along with your connection. So how do you fix this, simple, you do what MS should have done before they shipped you the abortion called Vista, you disable it. Here is how:

1) Get a command prompt in administrator mode. To do this go to Start/All Programs/Accessories and RIGHT CLICK on command prompt’s icon and choose “Run as Administrator”. On the next prompt press “Continue”.
2) Make sure the Title of the newly opened command prompt window says “Administrator: Command Prompt”, if not go back to 1).
3) Now type the following into the command prompt window. This will disable autotuning.
netsh int tcp set global autotuninglevel=disabled
4) You should get a OK. in the command prompt window. REBOOT NOW.
5) If you need to turn it back on (why?) do the 1) and 2) and issue the following command
netsh int tcp set global autotuninglevel=normal
To check the status of this dumb setting (before or after you change it) do 1) and 2) and type the following command
netsh int tcp show global
Of course you could always reboot, format and install Linux and save your sanity and time :-)

If you like to get rid of the stripes in the list view of the new Leopard Finder, open a Terminal Window and type in the following two commands:defaults write com.apple.finder FXListViewStripes -bool FALSE
killall Finder
If you want the fancy stripes back at some point later, type the following two commands in Terminal:defaults write com.apple.finder FXListViewStripes -bool TRUE
killall Findermore to come soon…..

Just noticed that if you place your dock on either side of the screen you get a flat dock, instead of that floating 3d look. As much as I like the 3D look, I liked the flat look even more, so after poking around I found out how to disable the 3D look. Open a Terminal window and type in the following two commands:
defaults write com.apple.dock no-glass -boolean YES
killall Dock

To get the 3D floating dock back you open a Terminal and type the “opposite” two commands:
defaults write com.apple.dock no-glass -boolean NO
killall Dock

Keep coming back…..there will be more soon :-)

Okay so this all started with our users not being able to share files on our webserver. We use SSH only for upload/download and interactive access (ie: no ftp). Through trial and error we found out that the default umask (under OSX Server) for sftp uploaded files are 0033 (ie: rwxr–r–) and directories are 0022 (ie: rwxr-xr-x). This creates a problem when one user uploads a file and another user downloads/modifies and tries to re-upload it — they simply can’t because the group permissions are wrong.

If we were using ftp (which we are not) there are some solutions on the net that allow you to modify the startup parameters for the ftp server so that the default umask for all files is 0013 — which would allow a group of people to share/overwrite each others files — but we are using ssh only.

So we came up with two other solutions — a shared upload account and/or a cron job that would modify the group permissions on the website directory to allow group sharing. We went with the second solution and that’s where I ran into so many problems that I decided to create this post. You see normally Unix users know that spaces (and strange characters) in filenames are a no-no. Well that’s not true for Windows and Mac users, they use spaces and other odd characters in their filenames/folders all the time.

I started writing — what I thought was — a simple “for loop” script to go through the website folder and change the group permissions. Of course on the first try things didn’t work nicely because of spaces, so I started compensating for that and came up with:
for i in `find /Path/to/www -type d -print0 |xargs -0 -n 1`
This kinda worked, but the for loop would still split the lines when it hit spaces in filenames. I tried to mess around with it and gave up. After RTFMing a bit more I tried:
for i in `find /Path/to/www -type d -exec echo \"{}\" \;`
The thinking behind this was that the exec would echo the filenames quoted and it should work….well it didn’t, the for loop still split the input lines at spaces.

Finally after a latenight RTFM session (and lots of cursing), I think I’ve found the ultimate file handling loop statement:
find /Path/to/www -type d ! -perm -g=wx -print0 | while IFS= read -rd $'\0' filename
Okay so this version uses “while” rather than “for” but it works like a charm and chews through spaces and all other kinds of weird chars and creates a output stream that’s ready to be used by your choice of commands (chmod in my case).

After trimming and optimizing the script a bit, here is the final product:
# The following find will search for
# all files under /Path/to/www, that
# are NOT symlinks, and do NOT have
# group write permission. The list is
# "\0" seperated and the while portion
# will loop around this character and
# ignore everything else in the path.
find /Path/to/www ! -type l ! -perm -g=w -print0 | while IFS= read -rd $'\0' filename
do
# We've found a directory with no group
# write permission, so fix it.
if [ -d "$filename" ]
then
chmod g+rwx "$filename"
# echo Directory changed
stat -l "$filename"
fi
# We've found a file with no group
# write permission, so fix it.
if [ -f "$filename" ]
then
chmod g+rw "$filename"
# echo File changed
stat -l "$filename"
fi
done

Hopefully you’ll find this code (or portions of it) useful for your own day-to-day hack-and-slash solutions to annoying problems. Let me know if you come up with an even better solution :-)

So after hearing from people at work how great the “screen” command was (yeah welcome to gnuland boys and girls), I decided to do a short tutorial on screen. This way I can stop telling them to RTFM and instead tell them to RTFB (Blog). Anyways, What is “screen” first of all….From the pages of wikipedia:

GNU Screen is a free terminal multiplexer developed by the GNU Project. It allows a user to access multiple separate terminal sessions inside a single terminal window or remote terminal session. It is useful for dealing with multiple programs from the command line, and for separating programs from the shell that started the program. GNU Screen can be thought of as a text version of graphical window managers, or as a way of putting virtual terminals into any login session. It is a wrapper that allows multiple text programs to run at the same time, and provides features that allow the user to use the programs within a single interface productively.

Think of screen as a Virtual Machine (I know it’s not but bear with me). Once you run the command, the ‘virtual machine’ takes over and allows you to create multiple interactive command line sessions. In each of those sessions you can run commands that are either interactive (menu based) or serialized. Once you’re done you can disconnect the session — keeping in mind that the session is actually alive and running, including all the programs that were spawned inside that session — go to another computer and ‘restore’ the session with all the programs still running. By far one of the coolest things about screen is that it automatically allows you to nohup your commands, by just disconnecting the session and reconnecting to it later. So without any further due here is screen:

Obviously you need to run it, so first step is to type screen at the command line. When you do that you get a new shell window and the adventure starts. Remember that pretty much all screen commands start with Ctrl-a followed usually by a character (ie: you press Ctrl button and c together, let go, and follow it with the character).

So now you have a new shell, run a command (ie: pine, vi or something). Okay so now we can simulate you leaving your machine and detaching your session.

- To Detach : Ctrl-a d (this will detach the session but your command is still running inside that screens shell….you’ll see)
- To Reattach : screen -r (without the quotes. You should get the session back with whatever command you were running in it).

So now you’ve got the very basics of screen. Detaching allows you to run commands, leave them halfway, detach and go somewhere else and use Re-attach to restore the session.

Now, how about multiple sessions. Yeah you can do that too, one screen process with multiple sessions inside it.

- Use screen -r to reattach to your process (If you haven’t done so already). Note that your program is still running (say vi). If you now want to run lynx for example you can use the Ctrl-a c command to create another session (c for create). So now you have two sessions inside your “screen virtual machine”.
- Use Ctrl-a n and Ctrl-a p to flip between sessions (n for next and p for previous). You can also create more screens with Ctrl-a c. Lets create 2-3 more sessions.
- Use Ctrl-a followed by a number between 0-9 to switch between up to 10 recently created sessions.
- Now use Ctrl-a d to detach from the session, logoff (don’t reboot, that will kill the screen process) and log back in. Now reattach to the process using screen -r. Note that all your sessions are still there (you can check using Ctrl-a n and Ctrl-a p to cycle through the sessions).

One last thing before I take away the training wheels, to kill your screen process (and all sessions running inside it) use Ctrl-a Ctrl-\.

Okay, so here is a small list of the many screen options and commands:

- Ctrl-a “ : gives you a full screen list of all your sessions and you can scroll down to the one you want to switch to and press Enter (remember to get “ you have to use Shift-’ and ESC gets you out of the list).
- Ctrl-a A : (that’s a shift-a) allows you to give a meaningful name to your session window.
- Ctrl-a k : allows you to kill your current session (not all sessions spawned inside a screen process, just the current session).
- Ctrl-a S : will split your current session screen in half. It is easy to confuse Ctrl-a S, which uses a capital ‘S’ with Ctrl-a s, which uses a lower case ‘s’. The upper case command causes screen to be vertically split (that is, with one region on top of the other), while the lower case command causes the parent terminal to freeze (Scroll Lock). To unfreeze the parent terminal, use the Ctrl-a q command.
- Ctrl-a : will jump between the regions in a split session. Keep in mind that the new region will have nothing in it until you designate another open session to pop in there using Ctrl-a p and/or Ctrl-a n which will cycle the next or previous session into the new split region.
- Ctrl-a X : (that’s a shift-x) will close a region (ie: split region goes back to full).
- Ctrl-a + : will enlarge the current region (and shrink the other).
- Ctrl-a - : will shrink the current region (and enlarge the other).
- Ctrl-a M : (that’s a shift-m) allows you to monitor the current window for output. I use the MSN command line client pebrot occasionally, and always set its window to notify me when something happens (ie: a join message).
- Ctrl-a _ : does the same thing as above, but in a opposite way. It switches into the monitoring mode for 15 seconds of silence, which triggers a notification in xterm’s status area. So when our compile finishes, we will be told so even in another session.
- Ctrl-a [ : will place you in copy mode. Use this when you need to copy some text from one session to another. Do Ctrl-a [ in the source session to enter copy mode (you can exit copy mode using ESC). Move around using cursor keys to the beginning of where you want to start copying and press Spacebar to mark the beginning. Now move to the end and press Spacebar again to mark the end of your copy block. You can now switch to another session, move to where you want to paste the block and press Ctrl-a ] to paste what was put in the buffer.

Here are a couple of more useful startup screen commands:

- screen -ls : will list all the screen processes running under your userid (yes you can run multiple screen processes with multiple sessions inside each).
- screen -r screenname : restores a specific screen process.
- screen -R : will try to reattach if there is a detached process, if not it will start a new process.
- screen -D -RR : this is the “I want control now” command. It will detach already attached clients and attach to the first session listed.

As usual screen is controlled via .screenrc file for configuration parameters (there is a system wide file in /etc/screenrc and the personal one in your home directory, under ~/.screenrc). You can add the following commands in your personal .screenrc to make life a bit simpler:

#kill startup message
startup_message off
# define a bigger scrollback, default is 100 lines
defscrollback 1024
# An alternative hardstatus to display a bar at the bottom listing the
# windownames and highlighting the current windowname in blue. (This is only
# enabled if there is no hardstatus setting for your terminal)
hardstatus on
hardstatus alwayslastline
#hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "
#hardstatus string "%{= mK}%-Lw%{= KW}%50>%n%f* %t%{= mK}%+Lw%< %{= kG}%-=%D %d %M %Y %c:%s%{-}"
#hardstatus string "%{= kG}%-Lw%{= kW}%50> %n%f* %t%{= kG}%+Lw%< %{= kG}%-=%c:%s%{-}"
#hardstatus string "%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %d/%m %{W}%c %{g}]"
hardstatus string "%{gk}[ %{G}%H %{g}][%= %{wk}%?%-Lw%?%{=b kR}(%{W}%n*%f %t%?(%u)%?%{=b kR})%{= kw}%?%+Lw%?%?%= %{g}][%{Y}%l%{g}]%{=b C}[ %m/%d %c ]%{W}"


As usual there is a lot more to screen, so once you’ve got the basics nailed, take a peek at the man pages for more goodies and don’t forget…..Command line is your friend :-).

From the pages of really useful, well designed websites comes Mango. The webapp (flash 9.0) is simple to use, well layed out and generally works well. It offers 11 Free language courses (Brazilian Portuguese, Polish, Spanish, French, German, Greek, Italian, Japanese, Mandarin Chinese, Pig Latin and Russian). So head over, sign up and learn something new. It’s FREE!!!

For all the people who dreamed about being able to track their vehicles by just sending SMS messages to their car, here is an article on Developing a vehicle tracker with the Telit GM862-GPS module. Great article that goes into a lot of detail on how you too can accomplish this.

Yeah, you heard right, I’m gonna show you how the mouse pointer on your computer really works. To do this we have to zoom in a portion of the screen. When you move to the next page, move the mouse to the centre of your screen and have a look. Also try clicking your mouse button. Now you know the secret…You are a true NERD :-)