Nixadmins.net » Linux

Quick Tip: Installing Linux from USB-stick

Mats Hellman — Wed, 25 Nov 2009 11:28:46 +0000

This is a short tip so I will remember how to do this the next time I need to. It’s not a lengthy article or in-depth howto. Anyway, today I wanted to try out the latest Ubuntu (9.10) on my Lenovo X200s and my docking station was at work so I had no access to a dvd drive.

Installing from a USB-stick should be trivial so I decided to try it out and googled around to find some information on how to put Ubuntu on my Kingston Datatraveler.

Googling I found this wonderful program that, if needed, even downloads the files for you. But since I already had the Ubuntu ISO I could just start up UNetBootin and have it set Ubuntu on my USB-stick.

To do this just download http://unetbootin.sourceforge.net/ and start it. Select your ISO and the destination drive and you’re done. After that you have a fully functional USB Linux.

Are 64-bit operating systems ready for the desktop?

Mats Hellman — Mon, 27 Apr 2009 11:00:48 +0000

I’ve been asking myself this for a while now. 64-bit has been a standard for several years now and still computers are sold with 32-bit operating systems. Why is this?

The only reliable 64-bit OS I’ve used was my MacBook Pro which I sold. It worked and I never really had any driver issues with it. So why are PC’s still sold with XP or Vista 32-bit. XP and Vista both have 64-bit versions and still vendors don’t supply decent drivers. Why? It makes me almost mad to be using a 64-bit OS only to notice I can’t get this or that working on it since there are no drivers. Which naturally makes me ask, has Linux passed Windows in hardware compatibility when it comes to 64-bit?

I recently got my Lenovo X200s and it came with Windows Vista business 32-bit. I ran it for a while but since it had 4Gb of RAM I wanted to try out Vista Enterprise 64-bit. Vista 64 has been a ride of ups and downs. The Intel graphics controller driver keeps crashing, even after several updates and the one thing I miss the most is my Targus USB-to-Serial cable. As I work with network appliances I need a serial connection and these days it’s almost impossible to get a serial port in a laptop so the fallback is a usb-to-serial cable. Targus does not supply 64-bit drivers for the cable so I have to keep an old IBM T42 for this purpose.

What is it that makes the normally fast moving computer industry to keep on feeding the 32-bit OS? Is it really to much to ask to get drivers for my 64-bit OS?

Do you have similar feelings or does your 64-bit computer work like a charm? Please comment.

Running OpenVPN-gui 2.X in Windows Vista

Mats Hellman — Fri, 13 Feb 2009 21:30:24 +0000

This is a short short note how to get OpenVPN-GUI 2.X working under Windows Vista.

First of all you have to set it to always run as administrator. Go to the folder where it is installed and in the Bin folder you’ll find the OpenVPN-GUI executable. On the Compatibility tab you find Privilege Level, set it to Run this program as an Administrator

In your the parent folder find the config folder and open the config file. Add the following lines to the file.

route-method exe

route-delay 2

Linux ready for the masses/desktops?

Mats Hellman — Fri, 06 Feb 2009 19:43:09 +0000

Being a fairly active StumbleUpon user I see these posts about Linux being ready for the desktops all the time. Actually I’ve been reading about it since I started using Linux back in 2002. Still Linux has not made a big leap into the home user market or the enterprise market. Why is this? Linux is a stable operating system that just keeps on working and you might think the TCO’s should help Linux on it’s way to world domination also. Still we see Microsoft and their products are dominating the market. The article/post that got me to write this one can be found at the breakingitdownblog.com.

After commenting I got a nice reply from the author, and I do understand his worries about dealing with the Linux community, but I give the Linux community a lot of credit and hope any comments here are sensible and wont start a war. That was never my intention.

If you start reading this, please read all of it. Don’t comment after reading only half because you won’t get the point.

Jungle of choice

As I see it there are a few things that makes Linux something administrators don’t want on their desktops. First of all, and this is something the open source community will hate, the number of choices. There are so many alternatives out there. Should you use RedHat, Novell, Ubuntu, Debian, Gentoo etc etc etc. Choice and competition is a good thing, but this is borderline ridiculous. If I don’t like your distribution or the way you manage your open source project I’ll just start my own. This is good right? No. This makes the jungle of open source products even worse. Let’s take a simple example, my parents. Go tell them to install Linux. First of all, how would they find a distribution? Would they read why a certain distribution is good for them? No. Never. They buy a computer and are happy to pay the Microsoft toll because they are able to use it.

And when it comes down to it, that’s exactly what most people want to do with their computers. Use them, not find bugs, submit bug reports or join mailing lists.

Office

I work in an organization with around 1500 users. We like so many others use Microsoft Office in our day to day work. Why? Well I guess because so many others are. That might seem like a stupid reason but try to tell a user that he/she can’t open the document just received by email because we only use OpenOffice.org, the possibility of it going the other way around is very small. This was visible already when the new Office 2007 suite was launched, because it saves documents in docx by default and Office 2003 does not open them.

Thank god there is a document converter for Office 2003 so we dodged that bullet, by installing it for anyone needing it and now it’s going out by group policies. Next you’ll try to tell me well this might, and only might be true for the corporate users but how about home users. Well I’ll tell you the same thing here. If I receive documents to my personal mail it’s almost certainly written in Microsoft’s Office, not necessarily 2007 but a version of it anyway. Well if it is written in a previous version I might get lucky and the document, spreadsheet or whatever might work as it should, but for most cases it won’t, Microsoft macros work in mysterious ways. If it is in the 2007 .docx format, well then I have some work to do. To be clear, I’m not saying this is OOo’s fault. On the contrary, I guess Microsoft doesn’t go easy on projects like this. And looking at their market situation why would they.

Let’s get on with it. If I’m running Microsoft Windows I can get the compatibility pack, or use an online converter, t to a .doc and then open it it OOo. And that’s just it, you can’t expect the average user to do this, or even be interested in doing it. They might google it and find the office converter install it and expect it to work. And it does.

Being a geek, word processors are not something that make me jump up and down of excitement, but I have tried OOo more than a few times. And it just doesn’t feel right, I can’t get it to do the things I want it to, not in the timeframe of learning I’m willing to use. I count my time in hard cash, and 3 hours of trying to make something work adds up to a Microsoft Office student license which you as a home user can buy and use, if your not making money with it.

You could argue that it took time to learn to use Office also, well it did. And that’s another reason for keeping it, why throw all those hours of training out the window if another program cant offer anything else than a smaller bill getting the software. It would be just plain madness.

Management

This is a big argument for me. I work with networks and servers and I like to keep the users as restricted as possible without making their daily work suffer. Also I want to be able to centrally manage users, passwords, desktop security settings, local firewalls and the installed software. Some of these are in fact possible to do in Linux. But it’s not as easy to manage as Microsoft’s Active Directory with systems center configuration manager.

Group policies are another thing making Active directory more attractive. We can handle system settings like services, WLAN, well just about anything via this sleek and fast interface, and most of the time it just works.

I do admit Microsoft’s products do have faults, but the good old pro/con list just doesn’t tip over to the advantage of Linux, at least not yet.

File Servers

As I said above I’ve been using Linux since 2002 and I still can’t always get file/folder permission set like I want them to. If you use shared folders, and I’d say every company today does you need a sane way of managing the shares. I like Microsoft’s approach to the security settings. Share and local settings are separated and in my little mind I can manage the settings just fine.

Nested groups helps a lot to. Since providing a group access to another groups files or folders helps to keep the rights simple. And if you manage a large file share it has to be easy and logical.

Distributed File System is another really nice feature of the Microsoft Server family. I wont go in-depth here but if you’re not familiar with it take a look at Microsoft DFS pages.

To clear this up, I’m not saying these things are impossible to accomplish in other systems, I’m just saying it takes more work. And work hours cost money.

Places I promote Linux

Well after my short and maybe even evil rant about why Linux has issues I’m going to turn the table a little, because there are places I’d rather use Linux than any Microsoft product. To mention a few:

Databases with information that could save/take lives. Like patient journals.
Backup systems, we use EMC Networker as our backup solution and it runs stable as a castle. I wouldn’t even dream of using Microsoft products as a foundation for this when it’s available for Linux.
Some web applications. Because Apache is a great software and it runs so smooth on a Linux server.

Use the best tool for the job

To everyone out there who now wants to dig me a grave and make me suffer I have a few finishing words. The point of this article was to point out that you, at least in general, cannot say Linux or Windows or even OS X is better than one of it’s competitors. It all depends on who you are and what you are doing.

Let’s stop these flame wars now and agree that everyone should use the best tool available for their task at hand.

Getting wireless network working on CentOS 5 and Thinkpad T42

Mats Hellman — Mon, 15 Dec 2008 08:04:29 +0000

I pulled an old IBM Thinkpad T42 to use as a “light” and “mobile” laptop on the daily train ride to Helsinki. It’s not new but more than usable with 768Mb RAM and CentOS 5 installed. This gives me a full development environment to work with on the train. What I noticed was the problem to get the wireless network up on this thing.
I tried editing /etc/wpa_supplicant/wpa_supplicant.conf, I ran iwconfig. I scanned etc. And it just didn’t want to work.
The hardware seemed to be working, but not the network settings. Why?

Google to the rescue

As always when you are troubleshooting the place to start is google.com.After reading a lot of pages, some better some worse I found NetworkManager. How could I have missed this? Later I even found a document at centos.org describing how to use this.

Using NetworkManager

Finding I should use NetworkManager I started up the service and stopped the network service. I got a list of the Wireless networks and 10 seconds later I was surfing with the wireless network.
To set NetworkManager to start automatically you should do the following

[root@localhost ~]$ chkconfig –level 345 NetworkManager on
[root@localhost ~]$ service NetworkManager start
[root@localhost ~]$ chkconfig –level 2345 network off
[root@localhost ~]$ service network stop

You should now have a nice network icon in your Gnome system tray and clicking it should show the wireless networks available.

Installs

To be clear this is what I installed.

The , to get a lot of packages. And after setting up rpmforge I just pulled firmware for the network card.

[root@localhost ~]$ yum install ipw2200-firmware

This page is mostly a note for myself but if it helps someone else out then all the better.

Installing Microsoft Corefonts on CentOS 5

Mats Hellman — Fri, 12 Dec 2008 08:12:04 +0000

This is a thing I always have to google when I need to install Microsoft’s fonts in my CentOS installs so I thought I’d post a short dirty note here to remind me how to do it.

First of all we need some tools to build ourselves the RPM for msttcorefonts, so fire up your terminal and

[root@localhost ~]$ yum install cabextract rpm-build

When finished run the following as root

[root@localhost build]$ wget http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec
[root@localhost build]$ rpmbuild -ba msttcorefonts-2.0-1.spec
[root@localhost build]$ rpm -ivh /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
[root@localhost build]$ /sbin/service xfs reload

That’s it. You should now have Microsoft’s standard fonts installed and ready to go.

Using htaccess to create a subdomain on apache

Mats Hellman — Wed, 20 Feb 2008 19:25:50 +0000

I’ve been thinking of starting a blog to keep my thoughts and ideas together in one place. To do this I wanted to use a simple subdomain to nixadmins.net like blog.nixadmins.net. To do this in a simple way without touching too much of the configuration I did it using the Apache’s .htaccess file.

The htaccess file can be used to many things, in this short short story I’ll only go in to creating a working subdomain. But you can find a lot more in the htaccess tutorial.

If you have a .htaccess file you can modify it, if not just create a new one in any editor.
Put the following lines in it, and of course change the values to suite your need.

RewriteEngine on
# Rewrite for Wordpress blog
RewriteCond %{HTTP_HOST} blog.nixadmins.net
RewriteCond %{REQUEST_URI} !blog/
RewriteRule ^(.*)$ blog/$1 [L]

After that, create a DNS cname record, of blog.nixadmins.net that points to the same server, for me www.nixadmins.net. And you are done.

When you begin your Linux experience.

Mats Hellman — Fri, 08 Feb 2008 10:10:11 +0000

I remember the first year I tried Linux, I was so totally hyped about it. I started by trying out server software and pretty soon I was hooked on using it. It was great, I could run my own webserver, email server, SQL server and … and … and …, well you get the point I had to try everything. The best part was that everything ran on a 120MHz Cyrix with 64Mb RAM and 8Gb hard drive. It wasn’t fast but it did get me started.

Distro shopping

First I had to go trough a really huge bunch of distributions, my friends should agree that in the beginning an Linux installation had an average lifespan of 2 days on my desktop before I moved on to the next one. There were so many to try and I’ve always been a little of a operating system freak. After a while I realized that I had to get a place to store my settings and downloads centrally because every time I reinstalled I reformatted the drives. I know I could have saved /home but back then I didn’t really care, I had a new distribution and I just had to try it. This is when I got started with my first server.

Servers and hardware

So the first server was up and it ran nicely for quite some time. Then came the hardware shopping, I just had to get a lot of hardware I could run Linux on. This resulted in a bunch of REALLY old Mac’s lying around every corner, my girlfriend wondering if I lost it and my friends probably thinking, “Well that’s what you get from running Linux”. After I had installed Linux on almost every old Mac I got the hunger was still there, I had to try something else, so I got myself a Sun SPARCStation 5.

It had 110Mhz microSPARC II processor, 128 Mb RAM, 1Gb hard drive, 21″ Sun monitor. As you might guess it wasn’t really a nice desktop but eventually I had it running Debian as a development and test server. It was a stable little server but it really lacked power of a modern computer, no wonder since it was released in the 1990’s.

Look where it got me

I sometimes wonder how much I’ve paid the electric company for my servers running 24/7 at home and how much I’ve put money in this process but I then quickly remind myself that any hobby costs money and it eventually pushed me into IT where I work now.

To the point

What inspired me to write this little post was this short video bellow that really reminds me of myself back in the early stages of my Linux experience. I hope you have as much fun watching it as I did.

The #1 reason for programers / Gentoo users to be slacking of

Mats Hellman — Thu, 07 Feb 2008 09:59:46 +0000

I found this xckd comic very funny. Being a Linux user and using Gentoo from time to time. I compile some programs and in Gentoo, you should know if you tried it, you compile almost everything.

From installation to Active Directory client with CentOS 4.2 – Part two

Mats Hellman — Tue, 22 Aug 2006 19:54:46 +0000

This is the second part of an article I started a _long_ time ago explaining how to connect a Linux desktop to Microsofts Active Directory, this time with the CentOS distribution. The first part can be found here. Hopefully you now have CentOS setup and are getting eager to get the domain logins working. We will get to that in a minute. First let’s discuss the process overall and what you already need to know or have setup. This guide has no guarantee on working, you should also backup any important data before proceeding. If you run in to trouble post in our forums and we’ll do our best to help you. A good practice is to backup the configuration file you are about to edit, so if you run into problems you can reset it to the original file. Remember, playing with authentication can get you locked out of your system!

You need:

Working Windows domain with Active Directory.
CentOS 4 installed on a desktop or virtual machine (VMWare, Microsoft Virtual PC or server).

Also you need to have the following information at hand:

Your Windows domain name.
The name of the Active directory domain controller.
User account and password for an administrative account in the domain.

That’s it. Now let’s get on with configuring the system.

In this article:

Installing OpenLDAP.
Configuring Samba .
Starting the winbind daemon.
Adding the workstation to the domain.
Configuring /etc/nsswitch.conf
Testing winbind
Testing Windows to Linux account conversion.
Editing /etc/sysconfig/samba.
Editing PAM settings.
Starting the daemons.
Further reading.
Troubleshooting.

Installing OpenLDAP.

Well start by installing OpenLDAP and the clients also we need nss_ldap. YUM handles the installations for us nicely so we don’t have to worry about dependencies. Just fire up a terminal because that’s where well spend a lot of time in this part of the article.

[root@wrkst1~]$yum install openldap-clients openldap

Configuring kerberos.

When OpenLDAP is installed we can move on to configuring the different authentication handlers. Let’s start by configuring the network authentication protocol Kerberos.
We need to tell Kerberos the windows realm and a few other things. Kerberos configuration file resides in /etc/krb5.conf so fire up your favourite editor, I’m using both Emacs and Vi depending on the situation so no editor wars here, and open the file for editing.
You should see something like this:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

Now let’s edit the file. You did back it up like I told you didn’t you . Remember this file IS case sensitive, so default is not the same as DEFAULT. Remember to change the values if you copy/paste.

#/etc/krb5.conf

[libdefaults]
ticket_lifetime = 600
default_realm = NIXADMINS.NET
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
NIXADMINS.NET = {
kdc = ad-server.nixadmins.net
default_domain = nixadmins.net
}

[domain_realm]
.nixadmins.net = NIXADMINS.NET
nixadmins.net = NIXADMINS.NET

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

Save the file and exit. Next let’s make the system a little more error tolerant, in case the DNS service goes down the workstation won’t be able to authenticate the domain users so we add the Active Directory PDC server to the /etc/hosts file. Add the following line to /etc/hosts:

# /etc/hosts

1.2.3.4 ad-server.nixadmins.net ad-server

Next we need to test to see if our Kerberos settings are working. Just type the following in your terminal, all it does is return you to the prompt if everything is working.

[root@wrkst1~]$ kinit aduser@NIXADMINS.NET

That’s it for Kerberos, it wasn’t that hard now was it.

Configuring Samba

Samba is used to set some Windows domain information and the machine name. Also we define where and how the user directories are and which the default user shell is. Here is my smb.conf, read it trough and change at least the values workgroup (the wins domain name), realm (the domain DNS name in capitals) and password server (your PDC).

# /etc/samba/smb.conf

[global]
workgroup = NIXADMINS
netbios name = wrkst1
server string = Linux workstation 1
security = ADS
log file = /var/log/samba/samba.%m
max log size = 50
local master = no
preferred master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
encrypt passwords = yes
dns proxy = no
realm = NIXADMINS.NET
password server = ad-server.nixadmins.net
wins proxy = no

Before we move on let’s check our /etc/samba/smb.conf file to see if there are any errors in it.

[root@wrkst1~]$ testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = NIXADMINS
realm = NIXADMINS.NET
server string = Linux workstation 1
security = ADS
password server = ad-server.nixadmins.net
log file = /var/log/smb/samba.%m
max log size = 50
preferred master = No
local master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /bin/bash

Starting the winbind daemon.

Let’s start the winbind daemon that is responsible for the queries against Active Directory and find out if our setup is working. Before you do this be sure to check that neither smbd or nmbd are running.

[root@wrkst1 ~]# service smb status
smbd is stopped
nmbd is stopped
[root@wrkst1 ~]# service winbind start
Starting Winbind services: [ OK ]
[root@wrkst1 ~]#

Adding the workstation to the domain.

Now that we have a working winbind we can add the workstation to the Windows domain. Run the following command. Use the Windows Administrator account or another account that has the rights to add a computer to the domain.

[root@wrkst1 ~]# net ads join -U Administrator
Administrator’s password:
Using short domain name — NIXADMINS
Joined ‘WRKST1′ to realm ‘NIXADMINS.NET’
[root@wrkst1 ~]#

That’s it. The workstation should now be located in the computers holder in the Windows domain.

Configuring /etc/nsswitch.conf.

Edit the file top part of the file /etc/nsswitch.conf.

Before:
# some text before this part
passwd: files
shadow: files
group: files
# and some after also, let them be

After:
# some text before this part
passwd: compat winbind
shadow: compat
group: compat winbind
# and some after also, let them be

Testing winbind

Now let’s test winbind to see if we really are communicating with Active Directory. To do this we use the command wbinfo with the switches -u and -g, -u to query users and -g to query groups.
First let’s query for users in the directory, you output should look something like below.

[root@wrkst1 ~]# wbinfo -u
NIXADMINSAdministrator
NIXADMINS*******
NIXADMINS*******
………….
[root@wrkst1 ~]#

And next let’s query for groups.

[root@wrkst1 ~]# wbinfo -g
NIXADMINSHelpServicesGroup
NIXADMINSTelnetClients
NIXADMINSDomain Computers
NIXADMINSDomain Controllers
………….
[root@wrkst1 ~]#

Testing Windows to Linux account conversion.

We need to be sure this is working properly or our users won’t be able to log in to the workstation. The command getent shows us all accounts or groups.
First let’s check the users, run the following

[root@wrkst1 ~]# getent passwd

And then the groups

[root@wrkst1 ~]# getent group

Editing /etc/sysconfig/samba.

Add -D to the winbindoptions part of /etc/sysconfig/samba, the file should look like this

# Options to smbd
SMBDOPTIONS="-D"
# Options to nmbd
NMBDOPTIONS="-D"
# Options for winbindd
WINBINDOPTIONS="-D"

Editing PAM settings.

IMPORTANT! Make a backup of the whole /etc/pam.d folder before you continue.

Made the backup? Ok, let’s continue.
Let’s edit the file that handles the logins. Edit your /etc/pam.d/login to look like this

#%PAM-1.0
auth	required	pam_securetty.so
auth	sufficient	pam_winbind.so
auth	sufficient	pam_unix.so use_first_pass
auth	required	pam_stack.so service=system-auth
auth	required	pam_nologin.so
account	sufficient	pam_winbind.so
account	required	pam_stack.so service=system-auth
password	required	pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session	required	pam_mkhomedir.so skel=/etc/skel umask=0022
session	required	pam_selinux.so close
session	required	pam_stack.so service=system-auth
session	required	pam_loginuid.so
session	optional	pam_console.so
# pam_selinux.so open should be the last session rule
session	required	pam_selinux.so open

Note: we adde