Powered By Blogger

Monday, 12 March 2012

DB2 database on Ubuntu

Downloading DB2

The express edition is free, and can be downloaded from Download DB2 Express-C. You’ll need to register for an IBM id if you don’t already have one.
Download DB2 Express C Using HTTP

Extracting and installing

Use the command tar -zvxf db2exc_975_LNX_x86.tar.gz to extract the gzipped file. Run the installer using sudo ./db2setup, and choose “Install a Product” on the left menu. The installation process is quite straightforward after this point.
DB2 Setup Launchpad - Install a Product as root

Troubleshooting libaio.so.1 'not found' when running db2setup

I faced the following problem when I ran the setup script:

$ sudo ./db2setup
ERROR: 
   The required library file libaio.so.1 is not found on the system. 
   Check the following web site for the up-to-date system requirements
   of IBM DB2 9.7
   http://www.ibm.com/software/data/db2/udb/sysreqs.html
   http://www.software.ibm.com/data/db2/linux/validate  
  Aborting the current installation ...
  Run installation with the option "-f sysreq" parameter to force the installation.
To fix it, I had to run sudo apt-get install libaio-dev to install the missing package.

Verifying the Installation

The following command verifies the db installation and configured instances:
sudo /opt/ibm/db2/V9.7/bin/db2val -a

Creating a database

Switch to the user account that is the owner of the instance (db2inst1 is the default).
$ su db2inst1
Switch to the bash shell if necessary:
$ bash
Under this user account, you can run DB2 commands as illustrated below. Note that the create database command takes time - it took several minutes on my machine.

$ db2 create database test
DB20000I  The CREATE DATABASE command completed successfully.
$ db2 connect to test

   Database Connection Information

 Database server        = DB2/LINUX 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = TEST

$ db2 "create table test.technonstop(id int, username varchar(200))"
DB20000I  The SQL command completed successfully.
$ db2 "INSERT INTO test.technonstop VALUES(1, 'abdullah')"
DB20000I  The SQL command completed successfully.

Troubleshooting

If you're unable to run any db2 command, the db2 environment variables may not have been sourced. To do it, run the following command at the terminal, replacing db2inst1 with the instance owner.
. /home/db2inst1/sqllib/db2profile
Posted by at No comments:

Protecting Your Pages with htaccess

When you create a .htaccess file, all of the files within that directory, as well as
any subdirectories, are protected by that .htaccess file. Any .htaccess files above
 that directory are also used.
You can control access to specific files or specific types of files by using wildcards or
 filenames in the opening <Files> tag of the .htaccess file.
Use multiple <Files> tags in a single .htaccess file to restrict files with different access controls.

Example of .htaccess content to limit the access of the website to Local Area Network only.

 # limit access to local area network only
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 192.168.151.0/24
# This will limit the access only from 192.168.151.0 to 192.168.151.255
</Limit>

 To add password protection to your pages, you need to do the following two things:

  1. Create a text file on your server that will store your username and password.
  2. Create a special file called .htaccess in the folder you want to protect.

1,Creating the password file

The first step is to create a simple text file that will store your username and password, separated by a colon (:). The small catch is that the password must be encrypted. Luckily, there are many free web-based utilities that will encrypt the password for you. Try one of these:
Simply enter your desired username and password in one of these pages and submit the form. You'll get back a string similar to the following:


2,Creating the .htaccess file


you need to put the following code in your .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
 
 
/full/path/to/.htpasswd should be the full path to the .htpasswd file that you uploaded earlier. The full path is the path to the file from the Web server's volume root - for example, /home/username/.htpasswd or C:\wwwroot\username\.htpasswd. (If you're not sure of the full path to your site or home directory, ask your Web hosting company for this info.)
The above .htaccess file will password protect all files in the folder that it is placed in, and all sub-folders under that folder too. So if you wanted to password protect your entire site, you would place the .htaccess file in your Web root folder.

Protecting a file

To password protect just a single file in a folder, use the following .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"

<Files "mypage.html">
  Require valid-user
</Files>
This will password protect just the mypage.html file in the folder where you put the .htaccess file.
Posted by at No comments:

Friday, 9 March 2012

HylaFAX.- open source fax server

Installation

Based on http://www.aboutdebian.com/fax.htm
  • Install hylafax 
aptitude update
aptitude install hylafax-server
  • Connect the external modem. Make sure you have a parallel cable to serial cable. External Modem needs to be connected to a serial port. Then:

Configure

faxsetup
  • press Enter and you'll see a lot of text fly by. Answer Yes to adding a Fax Master alias.
  • For a user to received fax-related mail enter the user account you created for yourself during the Debian installation.
  • Four configuration parameters will be listed and you'll be prompted as to their correctness. Press Enter to accept these values. You'll then be asked if you want to run faxaddmodem to set up the software to use the modem. Press Enter to accept the default Yes response.
  • Enter the correct ttyS designation for the serial port(make sure your modem is connected to serial port not the parallel port) your fax-modem is connected to (ttyS0 is for COM1). You'll be prompted for quite a few values. For most you can accept the default values by pressing Enter. The values you'll want to enter are: 
        * Country code (1 for US)
        * Area code
        * Phone number of fax modem
        * Local identification string (this should be something like 'My Fax Server' as it is printed on the tag line of outgoing faxes)
        * Long distance dialing prefix (1 in US)
        * International dialing prefix (011 in US)
        * Dial string rules file (accept the default)
        * Tracing during normal server operation (accept the default)
        * Tracing during send and receive operations (accept the default)
        * Protection mode for received fax - enter 0644
        * Protection mode for session logs - enter 0644
        * Protection mode for ttySx - enter 0666
        * Rings to wait before answer
          Note: The default is 1 but setting it to 0 establishes your server as a "Send Only" fax system
        * Modem speaker volume (valid values are OFF QUIET LOW MEDIUM HIGH (you may want to set it to HIGH for testing purposes as you can change it to OFF later)
        * Command line arguments for getty (accept the default)
        * Pathname of TSI ACL file (accept the default)
        * Pathname of Caller-ID ACL file (accept the default)
        * Tag line font file (accept the default)
        * Tag line format string (accept the default)
        * Time before purging UUCP lock (accept the default)
        * Hold UUCP lockfile during data calls (accept the default)
        * Hold UUCP lockfile during voice calls (accept the default)
        * Percent good lines to accept (accept the default)
        * Max consecutive bad lines to accept (you may want to reduce the default 5 to 3)
        * Max number of pages to accept in a received fax (you may want to increase the default value of 25)
        * Syslog facility name for ServerTracing messages (the default is 'daemon' but you could change it to 'local7' if you're logging to a remote syslog server)
        * Set UID to 0 (accept default)
        * Use priority job scheduling (accept default)
  • You'll then be asked to confirm the values that you entered and then the utility will query to modem to determine the fax classes that it supports.
  • Even if your modem supports both Class 1 and Class 2 you should set it to Class 1 for compatibility with all fax machines.
  • You will then be asked for values specific to the modem. Just press Enter to accept the default values as they are a result of the modem query and the class you selected. You'll then be prompted to confirm these values by pressing Enter.
  • The non-default scheduler values will then be displayed with a confirmation prompt. The Area Code may not be correct. If so, answer No and correct any erroneous values. You may also want to increase the time value for "Timeout when converting PostScript documents" if you fax long documents but you can just press Enter to accept the default values for the rest of the values.
  • Answer No when asked if you want to configure another modem.
  • Accept the default Yes answer to run faxmodem on your newly configured modem to verify settings. You'll then be returned to the shell prompt.
  • If you want to manually edit the file that contains these settings do so with the command: 
vi /etc/hylafax/config.ttyS0
  • You have to run the faxaddmodem utility to create this file first though.
  • Next we'll set up HylaFAX to run automatically when you boot the system. Check the configuration file: 
vi /etc/default/hylafax
  • to make sure there's no # character at the beginning of the line containing RUN_HYLAFAX=1. Exit the editor.

Configure Incoming Settings

  • One last item that is to let HylaFAX know who is allowed to send faxes. You can use a modified subnet address to let everyone on your network submit faxes to the server. Edit the hosts.hfaxd file with the command: 
vi /etc/hylafax/hosts.hfaxd
  • As an example, if your using a subnet address for your network of 192.168.10.0 enter the following line into the hosts.hfaxd file: 
192\.168\.10\.:::
  • Likewise, if your using a subnet address of 172.16.0.0 your hosts.hfaxd file entry would be: 
172\.30\.:::
  • You can enter as "wide" of a network address or multiple narrower address entries as you'd like. If you'd like to restrict access to specific users you can enter their individual IP addresses. When done, save the file and exit the editor. 
NOTE:  You will see the paths /var/spool/hylafax and /var/spool/hylafax/etc specified in HylaFAX documentation and utilities. Do NOT edit the files in these directories. The files are duplicated in the /etc/hylafax directory. If you ever want to manually edit the configuration files, only edit the files in the /etc/hylafax directory.
  • Reboot the system by typing reboot and you'll have yourself a fax server!(Reboot is not necessary. Restart of hylafax would do just fine.)

Fax Status

  • To see a status of a fax server. Type 
faxstat -s

Sending Fax

In general the list of all the software is here, but you can just go to the once we reference below. http://www.hylafax.org/content/Client_Software

Linux

You can use Gfax or Kde Print Fax. You install it Gfax by: 
apt-get update
apt-get install gfax
Then Go to Application then Office then Gfax.
  • This needs to be tested but: 
Now i can do fax from OpenOffice, TextEditor, etc..

1. Install GFax from apt-get install gfax
2. Configure GFax with your Fax Server (HylaFAX).. I hope you know how to do it..
   Ok, you can test your GFax configuration by test send a fax with Text Editor (Applications -
Accessories)
3. To make it work with openoffice, run /usr/lib/openoffice/program/spadmin  (with root access), you
 do sudo -i, or whatever.
4. You add fax / pdf converter from spadmin GUI, fill the command with: gfax (TMP)
5. That's it... you save the configuration
6. Try fax an openoffice document

1st time i try fax with Fax Printer, it hang..
then i tried fax with PDF Converter and set the PDF Folder, then after fax, i close the GFax and not
hang.

Windows

  • On windows you would use this Win print Hylafax software. You can download it at http://winprinthylafax.sourceforge.net/
  • To get the addressbook working with winprinthylfax, you can setup folder called hylafaxaddressbook and i int create 2 empty files called "names.txt and numbers.txt"
  • ADMINISTRATION:Download program called WHFC which will tell you the status of the hylafax servers.

Mac

PBX, Dial 9 before number

  • Add this to your config.ttyS14 files, you can replace 9 with 8 or any other number. 
ModemDialCmd: ATDT9,%s
  • Pause: The comma (,) dial modifier causes the modem to pause while dialing ATD9,17731231234
  • Pause and wait for dial tone: The W causes a modem to wait for an dial tone signal before dialing the number that follow the W. ATDT 9 W 17731231234 
ModemDialCmd: ATDT9,W%s
  • Final Modem Dial Cmd on the system could look like this: 
ModemDialCmd: ATDT9,W%s
  • 9 says dial 9; comma says wait; W says wait for dial tone; %s says dial this number
  • Also see ModemAtCommandSet
  • If you experience no dial tone in your logs try something like: 
ModemDialCmd:     ATX3DT8,,,%s
AT - picks up the phone, X3- disables dial tone check, DT tells it to use tone, dial 8, then ",,," for wait, then the phone number.

Adding users

  • You need a user on your system 
adduser dept1
  • Fill in the username and password, etc
  • Then add user to hylafax. First find out what is your new user UID
  • Type: 
cat /etc/group
  • Find your user. It should be something like dept1:x:1001: so this user UID is 1001
  • Now tell hylafax about it 
faxadduser -p password -u 1001 username
  • To see what users are already in do: 
cat /var/spool/hylafax/etc/hosts.hfaxd

Hardware

Modem Model:
  1. US Robotics 56K External Fax modem; 5686E (Does not come with cable) (around $100)
  2. Amigo AME-CA95 RS232, External V.92 DATA/FAX/TAM Modem or External Conexant V.92 modem (around $25 or less)-(newegg.com)
Serial Card:
  1. Startech.com 4 Multi Port Serial PCI Card
  2. Startech.com 2 Port Serial PCI Card

Done with simple setup

Done. Everything beyond this point is for setting up multiple incoming/outgoing fax modems.

Multiple Incoming Fax Lines

Multi port Serial PCI card, ttyS

  • There's really no limit to the number of serial cards Linux can support, but there is a kernel configuration parameter for the number of supported serial ports.(CONFIG_SERIAL_8250_NR_UARTS)
  • Currently the limit in Debian supported ports is 4. (read on for more then 4 port support)
  • So if you have a 2 port serial card you want to add to your pc, here is what you do.
  • If you connect more modems or when you buy a serial pci card you will want to know which ttyS port they are using. You can do it by : 
dmesg |grep tty
  • You should see something like: 
faxserver:~# dmesg |grep ttyS
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS14 at I/O 0xdf08 (irq = 209) is a 16550A
ttyS15 at I/O 0xdf10 (irq = 209) is a 16550A
  • If you installed another serial pci card (2 port or 4 port), you can see if it was detected by typing: 
lspci -v
This should list something like: 
0000:02:00.0 Serial controller: NetMos Technology PCI 9835 Multi-I/O Controller (rev 01) (prog-if 02 [16550])
        Subsystem: LSI Logic / Symbios Logic 2S (16C550 UART)
        Flags: medium devsel, IRQ 209
        I/O ports at df08 [size=8]
        I/O ports at df10 [size=8]
        I/O ports at df18 [size=8]
        I/O ports at df20 [size=8]
        I/O ports at df28 [size=8]
        I/O ports at df30 [size=16]
  • As you can see the IRQ should be the same as the one specified in dmesg.
  • Install setserial. This program will let you control serial port better. 
apt-get update
apt-get install setserial
  • Then try: 
setserial -g /dev/ttyS*
  • If you don't see a ttyS#(ex. ttyS14) in /dev/ you will need to create ttyS14 device. 
ls /dev/ttyS*
  • So in my case I am missing ttyS14, ttyS15 in /dev/ folder 
MAKEDEV ttyS14
MAKEDEV ttyS15
  • Now run setserial -g /dev/ttyS* again and you should see your new serial ports.
  • Plug in your modems and Run: 
faxaddmodem
  • Select the new ttyS and you are done setting up multiple fax machines.

Fax Dispatch

  • Fax dispatch is a custom script that one can create for Hylafax to specify nonstandard delivery options. (Standard is /var/spool/hylafax/recvq/)
  • If you want to have multiple fax destination folders for each fax you have. (ttyS1, ttyS14, ttyS15, etc...)
  • Create Fax Dipatch file in /etc/hylafax/ 
touch /etc/hylafax/FaxDispatch
  • Sample Fax Dispatch file might look like this: http://www.infocopter.com/know-how/hylafax/fax-dispatch.html
  • Copy and past below to your /etc/hylafax/FaxDispatch. This will dispatch faxes to different folders based on device.
  • Make sure you have created appropriate folders. (In this case dept1, dept2, and change device names to your names. 
##      $Id: FaxDispatch,v 1.2 2003/05/04 23:49:41 darren Exp $
##
## Default FaxDispatch file - routes all inbound faxes to FaxMaster as PDF
##
## Consult the faxrcvd(8C) man page for more information
##

#SENDTO=faxMaster;                               # by default email to FaxMaster
#FILETYPE=pdf;                                   # in PDF format


##
## This excerpt from the man page gives you an idea of what's possible here
##
## You can route by sender's TSI
#case "$SENDER" in
#       *1*510*526*1212*) SENDTO=sam;;          # Sam's test rig in Berkeley
#       *1*415*390*1212*) SENDTO=raster@asd;;   # 7L Xerox room, used for scanning
#       *5107811212)      SENDTO=peebles@mti;;  # stuff from home
#esac

## and/or by device
#case "$DEVICE" in
#       ttyS1)            SENDTO=john;;         # all faxes received on ttyS1
#       ttyLT0)           SENDTO=mary@home;;    # all faxes received on ttyLT0
#       ttyS2)            SENDTO=myemail@example.com,myotheremail@example3.com;;         # all faxes received on ttyS1
#esac

## and/or by device
FOLDER="/var/spool/hylafax/recvq/"
FULLPATH="${FOLDER}${FILENAME}.tif"
case "$DEVICE" in
ttyS14)   mv $FULLPATH /var/spool/hylafax/recvq/dept1/;;    # all faxes received on ttyS14
ttyS15)   mv $FULLPATH /var/spool/hylafax/recvq/dept2/;;    # all faxes received on ttyS15
esac

## and/or by caller id
#case "$CIDNUMBER" in
#       435*)        SENDTO=lee; FILETYPE=pdf;; # all faxes from area code 435
#       5059627777)  SENDTO=amy; FILETYPE=tif;; # Amy wants faxes in TIFF
#esac
  • If you would like to print and then move the file you would replace the relevant code with this below:
  • Make sure you install printer first. DebianPrinting
  • Size of a page was added here to make sure 11x14 pages are printed properly. 
## and/or by device
FOLDER="/var/spool/hylafax/recvq/"
FULLPATH="${FOLDER}${FILENAME}.tif"
case "$DEVICE" in
ttyS14)   /usr/bin/tiff2ps -w 8.5 -h 11 -a $FILE |lpr -P kyocera; mv $FULLPATH /var/spool/hylafax/recvq/dept1/;;    # all faxes received on ttyS14
ttyS15)   /usr/bin/tiff2ps -w 8.5 -h 11 -a $FILE |lpr -P kyocera; mv $FULLPATH /var/spool/hylafax/recvq/dept2/;;    # all faxes received on ttyS15
esac

FaxNotify

  • When fax fails to send, user gets an email notifying of a failure. Default is to just sent an email with a job number. To make sure they get a copy of what they actually sent we need to add FaxNotify to /etc/hylafax.
  • Create FaxNotify in /etc/hylafax/
  • Inside put 
RETURNFILETYPE=pdf;

View faxes through internet browser

  • To do that install apache web server 
apt-get update
apt-get install apache2
  • Now add a link to your faxes 
cd /var/www
ln -s /var/spool/hylafax/recvq fax
Now open a broswer and go to http://localhost/fax/, or by your ip address
Posted by at 1 comment:

Create a Local Ubuntu Repository using Apt-Mirror and Apt-Cacher

Apt-Mirror

The first method makes use of a tool called “apt-mirror”. It is a perl-based utility for downloading and mirroring the entire contents of a public repository. This may likely include packages that you don't use and will not use, but anything stored in a public repository will also be stored in your mirror.
To configure apt-mirror you will need the following:
  • apt-mirror package (sudo aptitude install apt-mirror)
  • apache2 package (sudo aptitude install apache2)
  • roughly 15G of storage per release, per architecture
Once these requirements are met you can begin configuring the apt-mirror tool. The main items that you'll need to define are:
  • storage location (base_path)
  • number of download threads (nthreads)
  • release(s) and architecture(s) you want
The configuration is done in the /etc/apt/mirror.list file. A default config was put in place when you installed the package, but it is generic. You'll need to update the values as mentioned above.
Below I have included a complete configuration which will mirror Ubuntu 8.04 LTS for both 32 and 64 bit installations. It will require nearly 30G of storage space, which I will be putting on a removable drive. The drive will be mounted at /media/STORAGE/.
# apt-mirror configuration file



##

## The default configuration options (uncomment and change to override)

##

#

set base_path /media/STORAGE/

# set mirror_path $base_path/mirror

# set skel_path $base_path/skel

# set var_path $base_path/var

#

# set defaultarch <running host architecture>

set nthreads 20

#



# 8.04 "hardy" i386 mirror

deb-i386 http://us.archive.ubuntu.com/ubuntu hardy main restricted universe 
multiverse

deb-i386 http://us.archive.ubuntu.com/ubuntu hardy-updates main restricted 
universe multiverse

deb-i386 http://us.archive.ubuntu.com/ubuntu hardy-security main restricted 
universe multiverse

deb-i386 http://us.archive.ubuntu.com/ubuntu hardy-backports main restricted 
universe multiverse

deb-i386 http://us.archive.ubuntu.com/ubuntu hardy-proposed main restricted 
universe multiverse



deb-i386 http://us.archive.ubuntu.com/ubuntu hardy main/debian-installer 
restricted/debian-installer universe/debian-installer multiverse/debian-installer

deb-i386 http://packages.medibuntu.org/ hardy free non-free



# 8.04 "hardy" amd64 mirror

deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy main restricted universe 
multiverse

deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy-updates main restricted 
universe multiverse

deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy-security main restricted 
universe multiverse

deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy-backports main restricted 
universe multiverse

deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy-proposed main restricted 
universe multiverse



deb-amd64 http://us.archive.ubuntu.com/ubuntu hardy main/debian-installer 
restricted/debian-installer universe/debian-installer multiverse/debian-installer

deb-amd64 http://packages.medibuntu.org/ hardy free non-free



# Cleaning section

clean http://us.archive.ubuntu.com/

clean http://packages.medibuntu.org/
It should be noted that each of the repository lines within the file should begin with deb-i386 or deb-amd64. Formatting may have changed based on the web formatting.
Once your configuration is saved you can begin to populate your mirror by running the command:
apt-mirror
Be warned that, based on your internet connection speeds, this could take quite a long time. Hours, if not more than a day for the initial 30G to download. Each time you run the command after the initial download will be much faster, as only incremental updates are downloaded.
You may be wondering if it is possible to cancel the transfer before it is finished and begin again where it left off. Yes, I have done this countless times and I have not run into any issues.
You should now have a copy of the repository stored locally on your machine. In order for this to be available to other clients you'll need to share the contents over http. This is why we listed Apache as a requirement above. In my example configuration above I mirrored the repository on a removable drive, and mounted it at /media/STORAGE. What I need to do now is make that address available over the web. This can be done by way of a symbolic link.
cd /var/www/
sudo ln -s /media/STORAGE/mirror/us.archive.ubuntu.com/ubuntu/ ubuntu
The commands above will tell the filesystem to follow any requests for “ubuntu” back up to the mounted external drive, where it will find your mirrored contents. If you have any problems with this linking double-check your paths (as compared to those suggested here) and make sure your link points to the ubuntu directory, which is a subdirectory of the mirror you pulled from. If you point anywhere below this point your clients will not properly be able to find the contents.
The additional task of keeping this newly downloaded mirror updated with the latest updates can be automated by way of a cron job. By activating the cron job your machine will automatically run the apt-mirror command on a regular daily basis, keeping your mirror up to date without any additional effort on your part.
To activate the automated cron job, edit the file /etc/cron.d/apt-mirror. There will be a sample entry in the file. Simply uncomment the line and (optionally) change the “4” to an hour more convenient for you. If left with its defaults it will run the apt-mirror command, updating and synchronizing your mirror, every morning at 4:00am.
The final step needed, now that you have your repository created, shared over http and configured to automatically update, is to configure your clients to use it. Ubuntu clients define where they should grab errata and security updates in the /etc/apt/sources.list file. This will usually point to the default or regional mirror. To update your clients to use your local mirror instead you'll need to edit the /etc/apt/sources.list and comment the existing entries (you may want to revert to them later!)
Once you've commented the entries you can create new entries, this time pointing to your mirror. A sample entry pointing to a local mirror might look something like this:
deb http://192.168.0.10/ubuntu hardy main restricted universe multiverse
deb http://192.168.0.10/ubuntu hardy-updates main restricted universe multiverse
deb http://192.168.0.10/ubuntu hardy-security main restricted universe multiverse
Basically what you are doing is recreating your existing entries but replacing the archive.ubuntu.com with the IP of your local mirror. As long as the mirrored contents are made available over http on the mirror-server itself you should have no problems. If you do run into problems check your apache logs for details.
By following these simple steps you'll have your own private (even portable!) Ubuntu repository available within your LAN, saving you future bandwidth and avoiding redundant downloads.

Apt-Cacher

The second method of mirroring Ubuntu packages is through the use of a tool called Apt-Cacher.
Apt-Cacher differs from apt-mirror in that it does not mirror the entire repository contents, but simply caches (stores) any packages requested by clients within the network. In other words, it works as a middle man between the public repository and the LAN clients, sharing any common downloads internally.
Each time any client requests a package, whether it be a security update or a new application to install, the apt-cache server will request the package from the public repository, store it and pass it back to the original requesting client. The package is then made available to any future requests from the internal network.
This method is best suited for those with minimal storage availability, or those that may simply want to make updates more efficient.
To configure this method you will need the following:
  • apt-cacher package (sudo aptitude install apt-cacher)
  • apache2 package (sudo aptitude install apache2)
  • available storage (size varies based on the number of requested packages stored)
Once you've installed the required packages you'll need to activate the service. This is done by editing the /etc/default/apt-cacher file and changing the value of AUTOSTART:
"AUTOSTART=0" to "AUTOSTART=1"
You can also limit access to the cache within the /etc/apt-cacher/apt-cacher.conf file. Update the value for allowed_hosts to match the individual hosts or subnets that you want to allow. Once these access rules are set you can start the caching system:
sudo /etc/init.d/apt-cacher restart
The final step in configuring apt-cacher is the configuration of the clients. Each machine within your network will need to be configured to work with this caching system, otherwise it will be ineffective.
The way that I prefer to do this is by defining an apt proxy setting within the /etc/apt/apt.conf.d/ directory. The way you can do this is by creating a new file called 90-apt-proxy.conf and entering the line:
Acquire::http::Proxy "http://repository-cache:3142";
Note, make sure you replace "repository-cache" with the IP address or URL of the machine you installed apt-cacher on.
Now, any time that client is able to access the URL (repository-cache:3142) it will use the cache. If the URL is not available it should default back to the entries in the /etc/apt/sources.list file. If it does not, and you see 404 errors or similar, simply comment out the "Acquire::http::Proxy" line that you populated in the file above.
This step should be repeated for any and all machines that you want to access the cache. With each additional system you configure you're saving potential bandwidth and adding to the pool of cached packages. There is no limit on the number of machines you can point to an apt-cache.
Posted by at No comments:

Remote windows share on ubuntu

Two methods, depending on share host

  • cifs
  • smbfs
smbfs is the "original" method.
However, smbfs is not compatible with security signatures, which are enabled by default and not recommended to disable on Windows Server 2003 and later. If a share is served by Windows Server 2003 or later, you should use cifs.

Prerequisites

You must have a windows machine (or other machine running Samba) with an accessible share.
The 'samba' package itself is not necessary if you only need a smb client.
The "smbfs" package provides the tools needed to mount "smbfs" and "cifs" filesytems. You may have smbfs installed on your machine. If not, run 
sudo apt-get install smbfs
Update the unmount order to prevent CIFS from hanging during shutdown. 
sudo update-rc.d -f umountnfs.sh remove
sudo update-rc.d umountnfs.sh stop 15 0 6 .

Setup

Single User

Note the UID of the single user which is to have access to the share. For a user named $username, the following command outputs the UID 
grep $USERNAME /etc/passwd | cut -d: -f3

Multiple Users

If multiple users are to have the same level of access to the share, then create a new user group, presumably named after the share.
Navigate to "System" -> "Administration" -> "Users and Groups" -> "Manage Groups". -> "Add Group" and select a name, Group ID (GID), and group members. Note the GID -- you will need it later.

Credentials File

Warning- this method is not completely secure, any user with root access could see your password in plain text.
Create a file called .smbcredentials, probably in the home directory of the primary user of the share. In this file put username an equals sign and the windows username (and domain if loging into a domain) on the first line, put password an equals sign and the password for that user account on the second line of the file. The file should look like: 
username=MyUsername
password=MyPassword

# OR:
# username=MyUsername@MyDomain
# password=MyPassword

# OR: (for cifs on Windows Serve 2003)
# username=MyDomain/MyUsername
# password=MyPassword
On the command line, in the directory of .smbcredentials type 
sudo chown root .smbcredentials
sudo chmod 600 .smbcredentials
this will ensure that only root can access this file.
Note: Regretfully as from version 3.3.2-1ubuntu3.2 (October 2009) this approach is no longer possible together with the "user" option. A security fix prevents reading the credentials file if you don't have read access to it. You will have to pin the packages at version 3.3.2-1ubuntu3 or 3.3.2-1ubuntu3.1 to continue using this approach as non-root.

Editing fstab

Warning- editing the fstab file can be dangerous, please back it up before continuing.
Note: if servername or sharename has a literal space (i.e. ' '), substitute \040 instead, so that 'server name' becomes 'server\040name'
Add a line at the bottom of your /etc/fstab file that specifies:
//$SERVER/$SHARE $MOUNTPOINT $FS_TYPE credentials=$SMB_CREDENTIALS,uid=$UID,gid=$GID 
# e.g.
SERVER=apollo
SHARE=install_files
MOUNTPOINT=/path/to/mnt
FS_TYPE=smbfs
SMB_CREDENTIALS=/path/to/.smbcredentials
UID=1000
GID=1000

smbfs, group perms

  • FS_TYPE=smbfs
  • GID=1234 # the newly created group's ID
  • don't include uid=$UID, which defaults to that of root 
//apollo/install_files /path/to/mnt smbfs iocharset=utf8,credentials=/path/to/.smbcredentials,gid=1234 0 0
Note: many directories are set so that only the user can write to the directory and that the group can only read (permissions 0755), if this is the case then when it is mounted the group will still not be able to write to the directory regardless of their permission on the share. To give the group write permissions on the mount then use the following. 
//apollo/install_files /path/to/mnt smbfs iocharset=utf8,credentials=/path/to/.smbcredentials,dir_mode=0775,gid=1234 0 0

smbfs, user perms

  • FS_TYPE=smbfs
  • UID=1000 # particular user's uid
  • don't include gid=$GID, which defaults to $UID 
//apollo/install_files /path/to/mnt smbfs iocharset=utf8,credentials=/path/to/.smbcredentials,uid=1000 0 0

cifs, group perms

  • FS_TYPE=cifs
  • GID=1234 # the newly created group's ID
  • don't include uid=$UID 
//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,gid=1234 0 0
Note: many directories are set so that only the user can write to the directory and that the group can only read (permissions 0755), if this is the case then when it is mounted the group will still not be able to write to the directory regardless of their permission on the share. To give the group write permissions on the mount then use the following. 
//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,dir_mode=0775,gid=1234 0 0

cifs, user perms

  • FS_TYPE=cifs
  • UID=1000 # the user's uid
  • don't include gid=$GID 
//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,uid=1000 0 0

Ensure

  • The entire expression MUST all be on one line in your fstab file
  • use "//" and "/" instead of "\\" and "\" when specifying the share location
  • /path/to/mnt is a directory that exists (and is empty)

Completing Setup

Reload fstab: 
sudo mount -a

Troubleshooting

cifs will not mount

Note:- cifs by default does not resolve netbios names so you may get an error message when you try to mount that the name could not be resolved into an address and "could not find target server". In order to enable netbios resolution you need to edit /etc/nsswitch.conf and add the winbind package:
  • edit /etc/nsswitch.conf 
sudo gedit /etc/nsswitch.conf
change the line from 
hosts: files dns
to 
hosts: files wins dns
  • next install winbind 
sudo aptitude install winbind
Now you should be able to mount the directory.
Note: If you experience slow dns resolution after making these changes, you can change the order of the entries to the following and you may see an improvement. 
hosts: files dns wins

Server is down, filesystem is hung

If the client somehow loses contact with the Samba server, then the filesystem will probably get hung. Basically, it becomes a blackhole, eating things that try to read to/write from it (e.g. ls) and refusing to go away (e.g., umount says that the "device is busy").
Sometimes, all you need to do is restart the Samba daemon on the server machine. 
sudo /etc/init.d/samba restart
If that doesn't work, or for some reason you can't do anything on the server side, then try 
sudo umount -lf /mount/point
The -f option forces (possibly unclean) unmounting, and the -l option is for "lazy unmounting", and seems to work around "device is busy" errors that occur with just -f.

CIFS remote ownership enforcement

When you connect using CIFS to a server which supports Unix permissions (e.g. Samba), CIFS will by default try to enforce remote Unix ownership UIDs and Unix permissions when you try to access the share. i.e. if a file is owned by UID 502 on the remote server, then the local kernel will try to enforce the same permissions if it were owned by UID 502 on the local machine. Note: This has nothing to do with the remote server's security settings. This is an extra local ownership enforcement by the filesystem driver. It is a feature to allow use of remote share as a local drive with full Unix permissions enforcement if users match.
But if this is a public share, then chances are, the remote UIDs will not make sense locally. A remote UID might be a completely different user or might not exist at all on the local machine. If remote UIDs and local UIDs do not match, then local users will have trouble using the share. To disable this, use the "noperm" mount option. Remote permissions and UIDs will still be visible, but they will not be enforced locally.

System Hangs on Shutdown

Sometimes during shutdown, networking will be turned off before the network share is unmounted. This will cause the computer to display the below code for a few minuets before shutting down (the numbers seem to change after each boot). 
CIFS VFS: server not responding
CIFS VFS: no response for cmd ## mid ###
To fix this problem, and allow the computer to shut down smoothly, just change when the network share is unmounted by the file system. This can be done by running the following commands: 
sudo update-rc.d -f umountnfs.sh remove
sudo update-rc.d umountnfs.sh stop 15 0 6 .
A better solution for those using Gnome: http://ubuntuforums.org/showthread.php?t=1347340

Login without Credentials

If you want to mount the share without the credentials file you can use the entry below. I believe that by adding the _netdev in the entry below, it will not mount the share if you are not connected to the same network that the share is on or if you are not connected to a network at all.
  • # /etc/fstab: static file system information. #
    # <file system> <mount point> <type> <options> <dump> <pass>
    //<server>/<share> <mount point> cifs rw,_netdev,user=<username>,password=<password>,uid=<uid>,gid=<gid> 0 0
Here is an example of the last line //gurnee/projects /home/jcrow/GurneeServer cifs rw,_netdev,user=DOMAIN/user,password=password,uid=1000,gid=100 0 0
The server being connected to is Gurnee, the shared folder is projects, the mount point is /home/jcrow/GurneeServer

Connect when network available

The _netdev option is also used for systems that only have networking started at user login (as when using the Gnome Network Manager package). For having network connections enabled at boot up (without requiring a user login) then tools that write to the /etc/network/interfaces file may have to be used. It is probably good policy to always use _netdev for all automatic network mounts.
Posted by at No comments:
Subscribe to: Comments (Atom)