Thursday, October 29th, 2009
I have moved to Debian as my primary distro and using squeeze (currently labelled testing, but soon to be stable) on my laptop. Unfortunely my laptop has a nvidia graphics card, and it pains me to have to enable the non-free repositories. Virtual Richard Stallman (vrms) got pissed.
On laptops, there usually is a Fn button to change between displays. On nvidia hardware, there is an ACPI event sent that the nvidia driver reacts internally to. This does not happen in the current driver in squeeze and was a major flaw for me. Using acpi_listen i saw that there was no acpi event even sent out. (This worked fine in Ubuntu, acpi event and everything).
Then I found disper: http://willem.engen.nl/projects/disper/
It is meant to switch between video outputs and adjust the resolution automaticly.
To get the image on the laptop screen:
disper -s
And to get it on the LCD screen (connected with VGA in my case)
disper -S
Wednesday, October 28th, 2009
To disbale the PC speaker, just blacklist the module pcspkr
echo "blacklist pcspkr" >> /etc/modprobe.d/blacklist.conf
rmmod pcpskr
Thursday, September 3rd, 2009
I have a Dell Latitude D620 and a D-Port replicator and had never succeeded in getting the sound jack on the dock to work. I found a solution on Ubuntu forums: http://ubuntuforums.org/showthread.php?t=80193
Its quite simple. You just have to enable IEC958
- Open Volume control
- If you dont see the “Switches” tab:
- Click Preferences and check “IEC958″
- Open the Switches tab and Check the “IEC958″.
The jack in the dock seems to be a “line-out” so you can’t use Alsa to change the volume. So if you have earphones without volume control – you should continue to plug it into the jack on the computer.
Friday, August 28th, 2009
Installing cups and HP 1018 on Debian Lenny on a NSLU-2. I used the foo2zjs driver, but you could also use hplib.
Install cups and foo2zjs. Go and have a cup of coffee or an icecream – this will take a while
apt-get install cupsys foo2zjs
Now install the hp1018 driver.
getweb 1018
By default cups doesnt allow anything but localhost to access the web-interface. And with the NSLU not having any VGA output, this is pretty useless unless you are planning on using SSH tunnels (wich is slow on the poor little NSLU). So will have to change that.
Go ahead and edit /etc/cups/cupds.conf. You have to change the listening address and allow connections to the <Location> directives (i added my whole internal network for this).
# Restrict access to the server...
<Location />
Allow from 192.168.1.0/24
Order allow,deny
<Location>
# Restrict access to the admin pages...
<Location /admin>
Allow from 192.168.1.0/24
Order allow,deny
<Location>
# Restrict access to configuration files...
<Location /admin/conf>
Allow from 192.168.1.0/24
AuthType Default
Require user @SYSTEM
Order allow,deny
<Location>
Then go to http://your-slug:631/ and add the printer. Thats pretty straight forward, just enter what you would like to call it, location and so on, choose the foo2zjs driver and off you go!
When I set up Outlook Anywhere on Exchange 2007 and Windows 2008 I used the official MS tool (which I have to admit is actually pretty good) www.testexchangeconnectivity.com . I kept getting this error:
Attempting to ping RPC Endpoint 6004 (NSPI Proxy Server)
RPC_S_SERVER_UNAVAILABLE error (0×6ba) was thrown by the RPC Runtime
After 2 days of endless head-scratching I could isolate the problem. This is what I found out:
- This can only happen on a system where all the Exchange Servers are on the same server, Client Access, Hub transport and Mailbox server.
- It happens because Windows uses by default IPv6. You can disable it for your ethernet interfaces but Windows does not give you any control over the loopback interface.When all the Exchange servers are on the same machine, windows uses the loopback interface to intreact with the Client Access server. Thus it uses IPv6 which for some reason unknown to humanity, does not work.
Solution
The solution is suprisingly simple. Just open your hosts file and comment out both localhost sections (both the IPv4 one and the IPv6, ::1) . Now write the servers (local) IP address and (local) hostname and FQDN like this.
Note: It was pointed out to me in the comments that you don’t have to comment out the localhost lines. I wrote this a few months back and I don’t remember why I commented it out. The system is in a production environment and I don’t want to mess with it now.
#127.0.0.1 localhost
#::1 localhost
10.1.1.2 mailserver
10.1.1.2 mailserver.domain.local
Hope this saves somebody a headache.
Error:
MailScanner: Attempt to hide real filename extension (document.xml.rel)
This is becuase M$ Office 2007 documents (.docx, .xlsx etc, etc.) seem to be archived XML documents and MailScanner does not like that.
The solution is to put this in filename.rules.conf
allow \.xml\.rel$ - -
allow \.rel$ - -
allow \.docx$ - -
allow \.xlsx$ - -
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.bin$ - -
allow \.wmf$ - -
allow \.dat$ - -
Put this just above the “# Deny all other double file extensions..” line
allow .doc$ - -
allow .xls$ - -
And in MailScanner.conf change Maximum Archive Depth to 3
Maximum Archive Depth = 3
This makes MailScanner recognize the Office 2007 XML stuff as legit files and deliever them. Or take the alternative route and install OpenOffice for everybody. 
If you have multiple mail relays and are (like me) using postfix and MailScanner here is a (very) simple bash script to cynronize the configs. Just put it in your crontab.
SERVER=server.domain.tld
# Sync files for postfix
/usr/bin/rsync root@$SERVER:/etc/postfix/main.cf /etc/postfix/main.cf
/usr/bin/rsync root@$SERVER:/etc/postfix/relay_domains /etc/postfix/relay_domains
/usr/bin/rsync root@$SERVER:/etc/postfix/relay_recipients /etc/postfix/relay_recipients
/usr/bin/rsync root@$SERVER:/etc/postfix/sender_access /etc/postfix/sender_access
/usr/bin/rsync root@$SERVER:/etc/postfix/transport /etc/postfix/transport
/usr/bin/rsync root@$SERVER:/etc/postfix/virtual /etc/postfix/virtual
# postmap
/usr/sbin/postmap /etc/postfix/relay_domains
/usr/sbin/postmap /etc/postfix/relay_recipients
/usr/sbin/postmap /etc/postfix/sender_access
/usr/sbin/postmap /etc/postfix/transport
/usr/sbin/postmap /etc/postfix/virtual
# sync files for MailScanner
/usr/bin/rsync root@$SERVER:/etc/MailScanner/*.conf /etc/MailScanner/
Might save somebody a little time
Wednesday, May 27th, 2009
This is made hugely complicated and twisted.
First off, there are two ways to obtain a signed SSL certificate. One is like StartSSL do it – you verfify your domain ownership by following a link sent in a mail to e.g. hostmaster@domain and then you get both your certificate (a signed public key) or you send a CSR key and then you obtain your signed certificate. The latter one seems to be the more common.
The problem with Windows/Exchange/IIS here seems to be that it does all it can to hide you private key from you. The only way to obtain it is with a .pfx file (personal information exchange).
Here are the steps to obtain a signed certicate using a CSR with Windows Server 2008 and Exchange 2008.
- DigiCert have a handy tool to simplyfy this process: https://www.digicert.com/easy-csr/exchange2007.htm
- Open “Exchange management shell” and paste the command the DigiCert tool gave you. This will place a .csr file in the root of your C: drive.
- Get yourself a certificate.
- Now we need to import the certificate (the signed public key) into the depths of Windows. Open up the “Exchange management shell” again and write:
Import-ExchangeCertificate -Path C:\path-to-certificate.cer
- Enable-ExchangeCertificate -Thumbprint <thumbprint> -Services IIS
Now should Windows/IIS/Exchange be aware of the certificate (the public key should now be signed). This means that you can now use it for you OWA. If you are getting errors about a missing private key, read below.
- Open “IIS Manager” and select your server, then open “Server Certificates”. Now you should see your new certificate there. If you want to export it, you can export it here as a .pfx file.
- In order to make OWA use your new certificate go to:
Sites -> Default Web Site -> Click “Bindings” in the “Actions” tab on the right.
- Choose HTTPS and click on Edit.
- Choose the certificate. Exchange as probably labelled it “Microsoft Exchange” for you. Click on “View certificate” too check. Use the thumbprint to verify it. Click OK.
- Restart IIS: cmd -> IISReset
- All done!
If you are getting errors about “missing private key”:
- Open MMC and add a “Certificates” snap-in.
- Choose “computer account”
- If you don’t see your certificate there (mine did since i managed to use Import-ExchangeCertificate) you might have to import it: Right click on Personal and choose All tasks -> Import.
- Certificate Store: Personal
- Double-click on the cert and go to the “Details” tab. Find “Serial Number” and jot it down.
- Start -> Run -> cmd
- certutil -repairstore my <insert Serial Number here>
Also, If you have come to hate Windows/IIS/Exchange – fear not, you are not alone!
Any hints on where the actual private key resides are welcome.
I have decided to start blogging again, but since I am a systems administrator – the logical thing to do is to start blogging about tech stuff. Wich I will.
I have recently set up a monitoring system on one of the sites I work on. The choice was Hobbit (a few days later the project was renamed Xymon because of legal issues). Hobbit is a wonderful thing, but the docs are lacking.
I have written set-up instructions (for the client side) wich are avalible on http://system.keilir.net/ – my hopes are that Google will find them soon.
The problem is that Hobbit does not provide any good documents on how it all comes together, it is rather hard to understand how it actually works if you have never set it up before.
But I came across this page – http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon