Page 48 of 52

Setting up a domaincontroller with Samba

July 10, 2008 / halfgaar

I occasionally have to set up a domain controller using Samba. There are a lot of guides and howto’s available, but I made a step-by-step howto just for myself, and I thought it’d be smart to make it available on the internet for me to access anywhere.

These commands have only been tested on Debian. Some distro’s may do thing a little differently, especially when it comes to adding/modifying users and groups.

Create a Unix group for ntadmins:
# groupadd ntadmins
And assign root to that group:
# usermod –append –groups ntadmins root
Add the root user to the smb users (use a different password than the Unix root password!):
# smbpasswd -a root
Map Samba groups (the rid is important!):
# net groupmap add ntgroup=”Domain Admins” unixgroup=ntadmins rid=512 type=d
# net groupmap add ntgroup=”Domain Users” unixgroup=users rid=513 type=d
# net groupmap add ntgroup=”Domain Guests” unixgroup=nobody rid=514 type=d
Add normal user accounts which can login in the domain controller (without home dirs or shells):
# useradd -d /dev/null -s /bin/false example_username
# smbpasswd -a example_username

When adding a machine to the domain, it will ask for a username and password. Use the root username you’ve added to smbusers here. The normal user accounts are for when the machine is successfully added to the domain, and asks for user login.

The following is an example config file, with some comments:

[global]
  ; When using domains, the workgroup is the domain name
  workgroup = my_domain
  server string = my_server (Samba server %v)
  security = USER
  encrypt passwords = true
  os level = 65
  domain master = yes
  local master = yes
  preferred master = yes
  domain logons = yes
  panic action = /usr/share/samba/panic-action %d
  guest account = samba
  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  dns proxy = no

  ; Location of NT/2000/XP profiles. %L expands to the servername, %u to the user.
  ; You may also want to put in %m, which expands to the machine name, to have a 
  ; separate account for each machine. With only identical machines, it's useful to have
  ; a "roaming" profile, but you can imagine what happens when you login on a Windows 
  ; 2000 machine with an account that actually belongs to a Windows XP machine...
  ; or, even simply on machines with different versions of software packages installed.
  ; update: I think it should actually be %U. And, you may want the machine name in the path:
  logon path = \\%L\profiles\%m\%U
  ; logon path = \\%L\profiles\%u ; old one, before update.
  logon script = logon.bat

  time server = yes

  ; I don't let useradd create home dirs. I prefer to do that myself. 
  add user script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
  ; I intentionally leave out -r (remove home dir) because I don't accidentally
  ; want to remove home dirs when I happen to remove domain users 
  ; which are also unix users. Also, it means that if a user is recreated, 
  ; its data is accessible again.
  delete user script = /usr/sbin/userdel %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -a -G %g %u
  ; how does one delete a user from a group...? There doesn't seem 
  ; to be a command for that...
  ;delete user from group script = /usr/sbin/ %u %g
  add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u

[netlogon]
  ; You can add netlogon.bat here, the logon script executed by the client.
  path = /var/lib/samba/netlogon
  writable = no
  browsable = no

[profiles]
  ; This path should be chmod 777
  path = /home/samba-nt-profiles/
  browsable = no
  writable = yes
  ; You can choose to make these 0660 and 0770. If you force group = samba and put all your samba users in it, that can be convenient. It is a must when you have the machine name in the profile path, otherwise, only the first user can login on a machine.
  create mask = 0600
  directory mask = 0700

The useradd commands are for when a domain admin asks for users to be created and such. The only one I’ve needed in practice, it would seem, is the add machine script. When I add a machine called “butter” to the domain controller, this command will automatically create a user called “$butter” in your /etc/passwd, and the machine can login.

An example command to put in the netlogon.bat, is:

net use o: "\\server\networkshare"

The reason is obvious, I would say :).

An example network share accessible to anyone is:

[our_documents]
  comment = Central storage for all our documents
  path = /home/samba-our-documents
  guest ok = yes
  writeable = yes
  browseable = yes
  force group = samba
  create mask = 0660
  directory mask = 0770

And, a network share for an individual domain user with full access for that user, but read-only to the rest:

[Johns_documents]
  path = /home/samba-john-documenten
  guest ok = yes
  writeable = yes
  browseable = yes
  force group = samba
  create mask = 0640
  directory mask = 0750

I believe this is it. I will update the post with relevant info in the future.

Playing Quake3 in Linux with Skype or Teamspeak

July 10, 2008 / halfgaar

I wanted to play a game of Quake3 against someone, and have Skype or Teamspeak open at the same time, for obvious reasons. Somehow, it reported the sound device being in use: “device or resource busy”. This doesn’t make any sense, because my card can do hardware mixing, and also because all other games work fine with Skype or Teamspeak active.

I don’t know exactly what’s going on, but this is how it can be fixed:

# echo "quake3.x86 0 0 direct" > /proc/asound/card0/pcm0p/oss
# echo "quake3.x86 0 0 disable" > /proc/asound/card0/pcm0c/oss
# echo "quake3-smp.x86 0 0 direct" > /proc/asound/card0/pcm0p/oss

Happy fragging 🙂

Converting Monkey Audio to WAV in Gentoo

July 9, 2008 / Rowan Rodrik

I had the bad luck that a CD image I acquired from the Internet consisted of a .ape file for the audio and a .cue file for the track offsets. cdrdao has no problem with .cue files but .ape is the file extension for Monkey Audio files. Monkey Audio is the awkwardly licensed monkey brother of Flac. (They’re both lossless audio encoding formats.)

This is one of those I-want-to-remember-this-for-later posts which I should really do more often if I wander about investigating various technicalities. Although such posts aren’t the most comprehensive and useful to the reader, they’re invaluable to myself six months from now.

mac is a tool capable of converting .ape files to .wav files. But first, .Ape’s awkward licensing problem meant I had to find an ebuild for mac to put in my Portage overlay in $PORTDIR_OVERLAY at $PORTDIR_OVERLAY/media-sound/mac. Through references in the Gentoo Forum and the Gentoo Wiki, I came across two different bug reports with ebuilds for mac attached. Bug 52882 had the newest ebuilds attached.

$ mkdir -p /usr/local/portage/media-sound/mac
$ cd /usr/local/portage/media-sound/mac
$ wget http://bugs.gentoo.org/attachment.cgi?id=154775
$ ebuild mac-3.99.4.5-r2.ebuild manifest
$ emerge -av mac

Now, I could convert any .ape files to WAV:

$ mac CDImage.ape CDImage.wav -d

Alternatively, I could have done this using shntool, a handy front-end for all sorts of lossless audio programs:

$ emerge -av shntool
$ shntool conv -o wav CDImage.ape

Now, I could have just gone into the CDImage.cue file and change the reference to the .ape file to a reference to the .wav file:

$ sed -i -e 's/.ape/.wav/' CDImage.cue
$ cdrdao write CDImage.cue

But, first I was sidetracked to splitting the tracks (until realizing that wodim wouldn’t burn the correct pregaps).

Just grepping for “INDEX 01” didn’t generate the indexes in a format that shntool split would eat, leading to the emergence of yet another package: cuetools.

$ emerge -av cuetools
$ cuebreakpoints CDImage.cue | shntool split CDImage.wav

Mounting partititions residing inside a disk image

July 9, 2008 / halfgaar

When you’ve read a disk with dd or ddrescue into an image file, one of the things you want to do is mount the partitions inside it. But, how does one do that? The answer is using losetup, with a bit of knowledge of partition offsets.

First, you have to map the disk image to a loopback device:

# losetup /dev/loop/0 disk_image_file

Then use fdisk to print the partition table, displaying offsets in sectors:

# fdisk -lu /dev/loop/0

For my disk, that results in:

Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63   482415884   241207911   fd  Linux raid autodetect
/dev/sda2       482415885   488392064     2988090   fd  Linux raid autodetect

You can see that the first partition begins at sector 63. Now we’re going to setup a new loop device, with the proper offset. A disk sector is 512 bytes long, so an offset of 63 sectors is 32256 bytes. Therefore, you setup the first partition with this command:

# losetup -o 32256 /dev/loop/1 disk_image_file

Then you can mount that loop device:

# mount /dev/loop/1 /mnt/mountpoint

Using diff and patch to upgrade web application installations

March 13, 2008 / Rowan Rodrik

Update (July 30, 2008): I added information about making sure that the patch was successful.

When you install a big-ass web application such as WordPress or MediaWiki, you usually end with a bunch of configuration files and customizations (skins/themes, extension/plugins, uploads, etc.). This makes upgrading the files that come with the application a bit tricky. There’s a simple solution, however, which work regardless of whether you use a revision control system or not.

First of all, you do, of course, always need a revision control system. I personally recommend Git or Subversion, which are both excellent tools. But, that’s not what this post is about. I’m going to use two simple tools which are uniformly available on all (Unixy) platforms: diff and patch.

The procedure is simple:

Download the version of the application which you’re currently running. For our example, we pretend that this version is extracted into the directory webapp-1.4.3.
Then, download the version to which you’d like to upgrade. (We’re assuming that this version is extracted into the webapp-1.6.2 directory.)

Compare the two versions to create a patch file:

$ diff --unified --recursive --new-file webapp-1.4.3 webapp-1.6.2 > webapp-upgrade.diff

Apply the patch to the installation of said web app:

$ cd webapp-installed
$ patch --strip=1 --remove-empty-files < ../webapp-upgrade.diff || echo "Some failures!"

Check if everything was patched perfectly

Now, if the patch command returned a non-zero status (printing Some failures! in the above example), it's time to check which chunks of which files failed. Get a summary by searching all files with an .rej or a .orig suffix:

$ find . -name "*.rej"

After manually applying any failed hunks, what's left is to compare your directory containing the patched application to the directory with the contents of the new application archive which you've used to create the patch:

$ cd ..
$ diff --unified --recursive --new-file webapp-1.6.2 webapp-installed

Version management

Your upgrade is done. Now, if your using a revision control system, you just need to check in new files and check out deleted files. In Subversion, I do this quickly using the following command sequence:

$ svn status|sed -e '/^\?/!d; s/^\?//'|xargs svn add
$ svn status|sed -e '/^\!/!d; s/^\!//'|xargs svn del

If you'd been using Git, you could do this all a little bit more sophisticatedly, but my Git skills are not advanced enough to go around giving others advice. Also, it's nice to learn a generic method before learning more specific tools.

Humanity Lobotomy – The Importance of Net Neutrality

March 7, 2008 / halfgaar

In the early days, radio used to be a two-way communication system. Radio communication played a part in social, religious and political dialogs between people. Later, big corporations like NBC and CBS produced 97% of nighttime broadcasting in the United States; all courtesy of the Federal Communications Commission. We cannot let them do the same to the internet.

Hi, My name is Witchbane and I like witches

February 26, 2008 / Rowan Rodrik

2017-12-30: The below post was my first post on www.worldwide-wilderness.com, a project I abandoned in the form it was then intended to take: a series of blog posts and hopefully videos to enthusias young people about wilderness. Here, for posterity’s sake…

My name is Rowan. The Rowan tree is a common tree carrying small red berries of a bitter taste. Because the tree got ascribed many magical properties in the past, it used to be planted in front of farms as a protective from witches and other evil things. Hence, the old folk name witchbane. Myself, I can better identify with another folkloric name for this tree: witch wood. Druids used to lean on their witch wood staffs for support and power. Similarly, I want to support the growth of a new generation of witches by promoting the world of wilderness.

The Rowan Tree: From the misty coils of morning / there rises on the hill / In hesitating sunlight / and tendrils clinging still / Crowned it is, for power / and magic drapes its lee / In all the hues that red may show / the Rowan-berry tree

Witches to me are a symbol of unkempt wilderness, their repression a symbol of the illusion of the tamability of our wild nature. When I think of witches, I think of women—of course, enough witches are men but, as a male, I prefer to think of witches as (preferably sparsely-clad and sexy) females—women who live in the periphery of our neatly combed culture, beyond the edge of our cultivated fields and forests, in the realm of the unknown where they’re performing their unfamiliar rites and rituals. Different and deviating from the known, witches are repressed, because, for long, there has been just one right way to think about and to perceive the world in which we live. But, the world has been shrinking lately. Also, increasingly, time has been compressed and we’ve been shown that people have lived long before us, all of them in different ways. We’ve even been shown that some people are still living independently from the authoritarian belief structures which we’ve built. The evidence against the divinity of our species keeps piling up and it gets harder and harder to keep believing that anyone’s particular version of what is right and what is wrong is correct. In the right time, Darwin would have been a witch. In this time, to many, I am also a witch because my relation with wilderness is not sterile. You could even call it dirty. It’s an unhygienic blood bond, overgrown with mosses and fungi, a link rooted in ancient times which ought to not even have existed. Luckily, in this time, there are many who feel that witches are o.k. There are many witches too. So many, that soon they’ll disappear. Soon, we’ll all be witches. According to some, soon, the exploration of the unknown will (have to) move from the periphery to the mainstream. To make this a little sooner, I’m going to convince you that embracing the wilderness within and around us is stimulating and exciting. Yes, exciting! Better prepare yourself for some barely-clad, sexy hexes whom are waking up wilderness together. And now for one of those sexy witches: (You can look safely; the witch wood wizard’s staff is carefully covered with a cloth.

Rowan is moving sand from point A because he want more flowers at point B: The photograph is courtesy of and copyrighted by Jeroen Dekker, 2007

Push the limits

February 13, 2008 / halfgaar

Besides making good music, Enigma also writes meaningful lyrics. A quote from “Push the Limits”, from the album “The Screen Behind the Mirror”, by Enigma:

Don’t submit to stupid rules Be yourself and not a fool. Don’t accept average habits Open your heart and push the limits.

The irony of this is, that while most people agree with this, they don’t really understand it or put it into practice. This was true for me personally as well. It’s all too easy to accept consensus reality without a second thought. But this consensus reality is often misleading and it can be hard to oppose it, mostly because of social reasons. Anyway, my suggestion for today is: read the quote again and apply it. Allow your doubts to float to the surface and express them, because I know those doubts are there.

Ron Paul: Going the Distance

February 13, 2008 / halfgaar

Here I am again with a message about Ron Paul. He asks not to give up, even though election victories are already practically claimed, prematurely of course. He also wants to organize a march to Washington D.C., to give the media something they can’t ignore, like they usually do. Take a look at this campaign update. https://youtu.be/ryMliyeIDp4 And learn more about the revolution march.

Wilderness

January 15, 2008 / Rowan Rodrik

2018-01-03. The below was originally published by Myrna on www.worldwide-wilderness.com. I copied it here while discontinuing that site in its current form. The deepest love of my life is the World on which we live. She gave us all we have in her abundance, she will take us back into her bosom, into her breath, at the end of our lives and make us into yet another of her creations. She deserves our love and respect; our fear and disregard of her are clearly harmful to her and ourselves. The disconnect that is caused by our way of (not) looking at the World begets so many of the problems that we can observe around us. The fear of people for our Earth has its roots in a fundamental misunderstanding of her nature, mistakingly thinking of Wilderness as destructive, dangerous and brutal in her untamed state. The fear has scared out of our heads the understanding that this is just one side of the duality, overshadowing the positive and creative, which lies not only at the opposite of the destructive side, but is also to be found within it. My understanding of Wilderness is of resillience and strenght, because in that, both priciples are recognized. I often take pictures of mushrooms, flowers and insects on the roadside or in the middle of the city. It proves to me the power of Nature to incorporate and generate even in the most difficult circumstances. My preference for taking pictures of mushrooms also stems from this idea. A thing as beautiful and special as a mushroom (remember that it does not need it’s possible bright colours to attract insects for polination or anything else …) can only grow where there is dead material to feed on. This is also why I love taking pictures at my father’s place. Fifteen years ago it was a spotless garden and three meadows, and now, after much digging, piling, planting and pulling down trees, it has become a piece of Wilderness akin to my idea of paradise, where rare flowers and animals can be found. All that can be seen there depends on something else to die or live for its own journey through life, into death. Without use of massive amounts of dead plant and tree material it is a long and arduous task to stimulate the growth of new life, patiently waiting for Nature itself to undertake the task of accumulating the wealth of death on which to grow. Seeing these things, and taking part in helping them along, has taught me some of the most important things that I now know about the power of the Wilderness that brought fourth a species as strange as us humans. It has also given me the precious insight that this Wilderness lives on inside of us, its creatures, with both its destructive and creative sides showing in our actions. Accepting the dominance of Wilderness in our creation makes it easier to understand our dual nature, and steer away from the emphasis on our destructive side that is so prevalent in our current culture of fear. Recognizing, accepting and dealing with this fear should, in my view, be the main priority of our culture in the decades to come. Stimulating this in myself and others is the main motivation in everything that I do. The sight of the Earth and her human inhabitants recoiling from each other in horror is one that I long to replace by a rapt fascination for everything that is and shares our World, and through that, have all conciousness around us marvel at the beauty and wholeness of us as a part of this marvellous creation that is our World.

BigSmoke