January 6, 2012 at 8:37 pm · Filed under Linux, Networking, Security
I’ve got a (fake – i.e. OpenVZ) VM with BHost.net and use it as a VPN gateway amongst other things for accessing my home network. This works great with OpenVPN in a site-to-site configuration – I use a port knocking app on my iPhone to open up a port for SSH on the VM, shell in using a cert, and then from there I can access my home network via the site-to-site OpenVPN link. Alternatively if I’m after more than SSH, I knock again, connect via OpenVPN to the VM and then access the internal network across the tunnel.
This works great for PCs/Macs – but it’s no good for my iPhone/iPad which don’t have support for OpenVPN unless you jailbreak. So reluctantly I setup PPTP this evening, and when trying to connect the iPhone was telling me that it “Cannot connect. Contact your system administrator.” or words to that effect. On the server I was seeing this error logged in /var/log/messages:
Jan 6 23:00:51 orbit pppd[9820]: Using interface ppp0
Jan 6 23:00:51 orbit pppd[9820]: Connect: ppp0 <–> /dev/pts/1
Jan 6 23:00:51 orbit pppd[9820]: LCP terminated by peer (MPPE required but peer negotiation failed)
Jan 6 23:00:51 orbit pppd[9820]: Hangup (SIGHUP)
Jan 6 23:00:51 orbit pppd[9820]: Modem hangup
Jan 6 23:00:51 orbit pppd[9820]: Connection terminated.
A quick bit of Googling and I worked out that you had to have both of these lines in your /etc/ppp/pptpd-options file:
require-mschap-v2
require-mppe-128
(128-bit encryption requires MS-CHAPv2…)
Et voila!
August 15, 2011 at 2:12 pm · Filed under Database, MySQL
I recently moved some data between an XAMPP MySQL DB and a fully-fledged MySQL DB using Navicat’s (excellent!) Data Transfer tool. Unfortunately this caused a problem due to the versions of MySQL used for both being different, and so the table wasn’t created in the correct manner on the target server. This meant when it came to moving the data again I was getting the infamous error:
Column count of mysql.proc is wrong. Expected 20, found 16.
Curiously mysqlcheck declared that the table was fine, but undeterred I ran mysql_fix_privilege_tables anyway:
root@ajax:~# mysql_fix_privilege_tables –password=yourpasswordhere
This script updates all the mysql privilege tables to be usable by
the current version of MySQL
done
root@ajax:~# service mysql restart
Followed by a restart, the problem was fixed 
July 8, 2011 at 11:55 pm · Filed under Uncategorized
Whenever I setup an NFS share, I always forget about portmap and run into trouble with errors such as:
Error. Cannot mount remote directory.
mount: RPC: Unable to receive; errno = Connection refused
So in addition to adding the necessary line in /etc/exports as follows:
/opt/solaris 192.168.x.x(rw,no_root_squash,no_subtree_check)
You also need to configure portmap to allow the connection, using /etc/hosts.allow:
portmap : ip_of_remote_machine ip_of_this_machine
Restart both services (nfs-kernel-server and portmap) using the appropriate init.d script or using the upstart scripts, and you should be ready to go.
June 17, 2011 at 11:25 pm · Filed under Database, Oracle
I’ve been getting to grips with ODI 11g over the past few days, specifically using it for moving data from an Oracle DB to a Teradata data-warehouse.
Despite Oracle’s (/Sun’s) excellent documentation, I struggled trying to find where/how I should install the Teradata JDBC driver JARs, and was receiving the following error when trying to setup the agent/data-server where the agent couldn’t locate the driver:
Could not load JDBC driver class [com.teradata.jdbc.TeraDriver]
The two JARs, terajdbc4.jar and tdgssconfig.jar, should be placed in the following location:
C:\oracle\product\11.1.1\Oracle_ODI_1\oracledi\agent\drivers
Your agent (local in my case) should now be able to successfully connect.
You’ll need to restart the agent using agentstop.bat in the bin directory for the classes to be loaded, you should see confirmation when starting the agent that they have been
You’ll probably then move on to reverse-engineering a model for the DB, and will again run into a similar error regarding ODI being unable to load the necessary TeraDriver class. The same two JARs also need to be placed in:
C:\Documents and Settings\\Application Data\odi\oracledi\userlib
Restart ODI Studio for the classes to be loaded
Et voila, you should now be able to move on to reverse engineering the Teradata database.
I’ve got ODI installed on an XP development VM, so your absolute paths will no doubt be different – hopefully the relative paths are identical!
June 3, 2011 at 11:27 am · Filed under Linux
If you’re trying to install the J2EE SDK in 11.04 and it’s getting stuck at 45%, cancel the installation, restart it, and untick ‘Install Update Tool’.
(As a side note – it’s ridiculous that you can’t install Java EE SDK without having X11 installed, i.e. you can’t do a command line only installation).
June 1, 2011 at 11:47 pm · Filed under Java EE, Web Development
The relevant versions for this post are: Eclipse Helios, Vaadin 6.6.0
As a run-up to my upcoming dissertation, I’ve started to play about with Vaadin, the Java based UI framework. I started with Netbeans and the Vaadin plug-in, and whilst it’s competent, compiling widgets (Vaadin’s equivalent to plug-ins/addons) was a headache.
Reading through the Vaadin documentation, it’s very much (read: almost completely) geared towards development within Eclipse. I’m a big Netbeans fan/convert, so having to move back to using Eclipse for anything is something I never look forward to.
The one benefit of using Eclipse was supposedly the automatic compilation of ‘Widgetsets’. Unfortunately I had some problems when trying to compile my custom widgets (the excellent treetable widget to be specific), and would receive the following error:
SEVERE: Widgetset compilation failed
java.lang.ClassNotFoundException: com.google.gwt.dev.GWTCompiler
at java.net.URLClassLoader$1.run(Unknown Source)
Both the gwt-dev and gwt-user libraries were added (as part of the plug-in) and show as such within the libraries tree branch.
If I remove them, and try and add gwt-dev and gwt-user manually (after downloading them direct from Google), the compiler starts, but then would complain in the following way:
Compiling widgetset com.example.learningvaadin.widgetset.LearningvaadinWidgetset
Updating GWT module description file…
29-May-2011 00:17:40 com.vaadin.terminal.gwt.widgetsetutils.ClassPathExplorer getAvailableWidgetSets
INFO: Widgetsets found from classpath:
com.vaadin.terminal.gwt.DefaultWidgetSet in jar:file:C:/Users/Luke/workspace/LearningVaadin/WebContent/WEB-INF/lib/vaadin-6.6.0.jar!/
com.example.learningvaadin.widgetset.LearningvaadinWidgetset in file://C/Users/Luke/workspace/LearningVaadin/src
com.vaadin.addon.treetable.TreetableWidgetset in jar:file:C:/Users/Luke/workspace/LearningVaadin/WebContent/WEB-INF/lib/vaadin-treetable-1.2.0.jar!/
29-May-2011 00:17:40 com.vaadin.terminal.gwt.widgetsetutils.ClassPathExplorer getAvailableWidgetSets
INFO: Search took 5ms
Done.
Starting GWT compiler
Compiling module com.example.learningvaadin.widgetset.LearningvaadinWidgetset
Validating newly compiled units
[ERROR] Errors in ‘jar:file:/C:/Users/Luke/workspace/LearningVaadin/WebContent/WEB-INF/lib/vaadin-6.6.0.jar!/com/vaadin/terminal/gwt/client/ui/ShortcutActionHandler.java’
[ERROR] Line 170: The method scheduleDeferred(Scheduler.ScheduledCommand) in the type Scheduler is not applicable for the arguments (new Command(){})
[ERROR] Line 177: The method scheduleDeferred(Scheduler.ScheduledCommand) in the type Scheduler is not applicable for the arguments (new Command(){})
[ERROR] Line 208: The method scheduleDeferred(Scheduler.ScheduledCommand) in the type Scheduler is not applicable for the arguments (new Command(){})
……..
I resolved the problem by carrying out the following steps:
- Downloaded the latest GWT SDK from Google
- Removed the existing gwt-dev and gwt-users libraries that were added by the Vaadin Eclipse plugin, and added the new ones
- Project > Properties > Java Class Path
- Highlight the two libs (VAADIN_DOWNLOAD/…/gwt-dev.jar and VAADIN_DOWNLOAD/../gwt-user.jar), and click remove
- Click ‘Add External JAR’, navigate to where you’ve extracted the GWT SDK and select both gwt-dev.jar and gwt-user.jar
- Order and Export tab, check both tickboxes for the two libraries and move them to the top of the list
- Added the vaadin-treetable-1.2.0.jar to the WEB-INF/lib folder
- Refreshed the project, clicked OK when prompted to recompile widgetsets
And that was that – the widget sets should now compile
This information was also posted over at the Vaadin forums, where another poster (perhaps a Vaadin developer?) suggested another solution
July 10, 2010 at 10:39 am · Filed under Uncategorized
As part of a new project I’ve been working on I’ve had to install and configure an Exchange 2007 server within my home network. I’ve managed to finally get delivery to both Exim and Exchange working, dependent on the address mail is being sent to. Exim works as both a smarthost for Exchange and an independent mail server.
So for example, lm @nothingbutreboots.com goes to Exim (and then onto Cyrus via LMTP), which can be accessed using RoundCube. However, mail to luke.morgan @nothingbutreboots.com gets passed to Exchange. Similarly, Exchange uses my Exim box as it’s smarthost for outbound mail.
Here’s a quick look at the relevant bits of the Exim config files which may give somebody trying to do a similar thing a few pointers:
/etc/exim4/conf.d/router/200_exim4-config_primary
virtual:
driver = redirect
domains = dsearch;/etc/exim4/virtual/
data = ${lookup{$local_part}lsearch{/etc/exim4/virtual/$domain}}
#one_time
no_more
send_to_smart_host:
debug_print = “R: attempting to send to Exchange”
driver = manualroute
domains = ad.nothingbutreboots.com
transport = remote_smtp
route_data = “ad.nothingbutreboots.com”
no_more
send_to_cyrus:
debug_print = “R: attempting to send to cyrus $local_part@$domain”
driver = manualroute
domains = zivi.nothingbutreboots.com
transport = LOCAL_DELIVERY
route_list = +local_domains
no_more
So then you have the relevant domain listings within your virtual folder, which the virtual router will then parse as above and decide which transport to send the mail onto:
/etc/exim4/virtual/nothingbutreboots.com
luke.morgan luke.morgan@ad.nothingbutreboots.com
lm lm@nothingbutreboots.com
For the above to work you’ll obviously need correct MX entries within your BIND config and within your Windows DNS.
July 10, 2010 at 10:09 am · Filed under Uncategorized
Following on from this post, it came to a point where I had to face facts – I had to completely reinstall IIS. IIS was working fine, but I was trying to install RSA’s web agent to allow OWA to be secured using SecurID, and the installer was insisting that IIS wasn’t installed. Even after (rather bashfully) running a batch script to register every DLL in the inetsrv folder, it still wasn’t right.
Finally, I decided to give up rooting around in the registry and just reinstall. This is somewhat of a trivial task on a ‘normal’ IIS server, but when you combine it with the half a dozen web apps that Exchange installs, it becomes a little more complex.
Luckily there’s a guide for doing exactly this over at Microsoft’s Support site. However, if you followed the guide and then got the following (all too common) error when trying to access Outlook Web Access (OWA):
Outlook Web Access did not initialize. An event has been logged so that the system administrator can resolve the issue. Please contact technical support for your organization.
This error is commonly caused by a permissions or authentication problem. First, ensure that the owa subdirectory (usually under the ‘Default website’ tree) within IIS Manager has the following authentication methods set:
OWA – Basic
8.1.240.5 – Enable anonymous access
auth – Enable anonymous access
Bin – Enable anonymous access
Current – Basic
forms – Basic
Help – Basic
smime – Basic
spell – Basic
Do an iisreset and try OWA again. If you’re still having problems, your IUSR accounts may have changed password during the reinstall, and IIS won’t be aware of the new ones. Follow this guide here, followed by an iisreset, and hopefully you should now have a functioning OWA.
July 1, 2010 at 7:42 pm · Filed under Server, Windows
This post details problems I’ve had with a Windows 2003 Enterprise x64 R2 install, and more specifically the Internet Information Services Manager, and the certicate wizard within.
I’ve had a couple of strange problems with a Windows 2003 install I’ve been carrying out over the past couple of days.
The first is the fact that despite every component Internet Information Services showing as being fully installed in the ‘Windows Add/Remove’ Components dialog, the IIS manager couldn’t be found within Administrator Tools.
The fact that I got the IIS default install webpage when visiting http://localhost confirmed that it was indeed installed. However, if I tried to run iismgr via the command line, the MMC would open with the red cross informing me that “MMC could not create the snap-in”. After a little digging I found a solution to the problem, which is caused by the IIS manager DLL not being registered (for reasons unbeknownst to me). To fix it, run the following in a command prompt (or from Run):
regsvr2 %windir%\system32\inetsrv\inetmgr.dll
You should get the confirmation message box telling you that the DLL has been successfully registered. Close and reopen any IIS MMC and all should now be right.
The next strange problem was found when trying to install an SSL certificate within the IIS manager. Right clicking on the ‘Default Website’ branch and selecting properties, and then clicking on ‘Server Certificate’ within the ‘Directory Security’ tab wouldn’t open the certficate wizard. Clicking on ‘Edit’ had the same result, the certificate wizard just wouldn’t open. Again, this problem is caused by a component not being registered, run the following command to register the Certificate Manager OCX:
regsvr32 %systemroot%\system32\inetsrv\certmap.ocx
Again, you should receive confirmation that the component has registered successfully. Now, if you go back into IIS Manager you’ll see that you can now click on the ‘Edit’ button, but clicking on ‘Server Certificate’ still does nothing. That means that there’s still one more component to register, certwiz.ocx – do so by running the following:
regsvr32 %systemroot%\system32\inetsrv\certwiz.ocx
Et voila! You should now be able to run the certificate wizard.
I haven’t a clue why these two problems have occurred with this particular installation, I’ve done nearly a dozen near-identical installs and never ran into this problem before. I’m just glad it didn’t result in a complete reinstall
June 17, 2010 at 11:28 pm · Filed under Linux
This post has been saved as a draft for a long time, and unfortunately I can’t remember the exact specifics. I’m publishing just in case it (albeit in a very rough, unfinished form) may help someone!
For the past couple of days I’ve been trying to get the Netgear MA401 wireless card working with my WPA2 secured wireless network.
In order to do this, yo
Stop the PCMCIA card from using IRQ3 by putting the following line in /etc/pcmcia/config.opts
exclude irq 3
Install hostap-utils, which should automatically blacklist the orinoco drivers:
apt-get install hostap-utils
If after a lsmod | grep orinoco they’re still in use, blacklist the orinico modules within /etc/modprobe.d/blacklist:
blacklist orinoco
blacklist orinoco_cs
The hostap modules should be automatically loaded. If not, run:
modprobe hostap_cs
If you do a iwconfig, you should see a wlan1 and a wifi0. The fact that udev has renamed it from wlan0 to wlan1 will cause problems with the prism2_srec program we’ll use to flash the card later, so change the device name by editing /etc/udev/rules.d/70-persistent-net.rules
# PCMCIA device 0×7300:0x000b (hostap_cs)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:09:5b:28:0b:48″, ATTR{type}==”1″, KERNEL==”wlan*”, NAME=”wlan1″
# PCMCIA device 0×7300:0x000b (hostap_cs)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:09:5b:28:0b:48″, ATTR{type}==”1″, KERNEL==”wlan*”, NAME=”wlan0″
You can implement this change immediately by running udevadm trigger, or if you have problems try a restart.
You should now be able to probe the card by using the hostap_diag utility:
vaio:~# hostap_diag wlan0
Host AP driver diagnostics information for ‘wlan0′
NICID: id=0x800c v1.0.0 (PRISM II (2.5) PCMCIA (SST parallel flash))
PRIID: id=0×0015 v1.0.7
STAID: id=0x001f v1.3.6 (station firmware)
vaio:~#
So as you can see, I’m using v1.0.7 of the Primary Firmware, and v1.3.6 of the Station Firmware. I intend to update mine to v1.1.1 and v1.8.4 as various places online report that they work with WPA2 (though I’m sure earlier/later firmwares do too).
So next we need to flash the Prism firmware on the MA401 to enable support for WPA/WPA2. You can download the firmware here (**zip file**). [1]
Now, if you try and flash the card using prism2_srec as shown below (and as detailed at Jun Sun’s blog), you’ll no doubt get an error as shown:
Downloading to non-volatile memory (flash).
Note! This can take about 30 seconds. Do _not_ remove card during download.
Odd.. Download request for the kernel driver failed.
Are you sure you have compiled (and loaded the correct version of)
hostap.o module with PRISM2_DOWNLOAD_SUPPORT definition in
driver/module/hostap_config.h?
In addition, non-volatile download requires PRISM2_NON_VOLATILE_DOWNLOAD
to be defined.
ioctl[PRISM2_IOCTL_DOWNLOAD]: Operation not supported
You’ll also get the following message in dmesg:
wifi0: non-volatile downloading not enabled
Once you’ve extracted the firmware, you will need to recompile your kernel to allow support for the firmware flashing. First off, install the necessary packages:
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
Download the appropriate kernel source from www.kernel.org – for my laptop I used 2.6.26.
cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2
Unpack the source and create a symlink:
tar xjf linux-2.6.18.1.tar.bz2
ln -s linux-2.6.18.1 linux
cd /usr/src/linux
Copy your current kernel config to the sources directory:
cp /boot/config-`uname -r` ./.config
Now, ensuring we’re within the /usr/src/linux folder, run:
make menuconfig
You’ll be presented with a ncurses GUI, select “Load an Alternate Configuration File”, and then specify .config (should already be specified).
Then within the ncurses GUI navigate to the following:
Device Drivers —>
Network device support —>
Wireless LAN (non-hamradio) —>
IEEE 802.11 for Host AP (Prism2/2.5/3 and WEP/TKIP/CCMP)
Support downloading firmware images with Host AP driver
Support for non-volatile firmware download
Host AP driver for Prism2.5 PCI adaptors
Ensure that the “Support for non-volatile firmware download” is marked with an asterisk (change it by using space bar). Once that’s selected, keep selecting ‘Exit’ to leave the GUI. You’ll be prompted to ask if you want to save the new kernel configuration, select Yes.
Now you can build the kernel using the following commands:
make-kpkg clean
fakeroot make-kpkg –initrd –append-to-version=-hostap kernel_image kernel_headers
This can take a few hours (it’s advisable to do the kernerl build on your most powerful machine; once the kernel has been recompiled you can transfer it to any other system and install it there).
Once the kernel has compiled, you should be able to see the .deb packages within /usr/src.
Install them using dpkg:
dpkg -i linux-image-2.6.18.1-custom_2.6.18.1-custom-10.00.Custom_i386.deb
dpkg -i linux-headers-2.6.18.1-custom_2.6.18.1-custom-10.00.Custom_i386.deb
Once they’re installed, reboot, and then check that the new kernel has loaded by running:
uname -r
This should display something like 2.6.26-2-486-hostap.
In Kernel:
Device Drivers —>
Network device support —>
Wireless LAN (non-hamradio) —>
IEEE 802.11 for Host AP (Prism2/2.5/3 and WEP/TKIP/CCMP)
Support downloading firmware images with Host AP driver
Support for non-volatile firmware download
Host AP driver for Prism2.5 PCI adaptors
[1] http://linux.junsun.net/intersil-prism/
Next entries »
