Allow Standard User to connect to wifi on Ubuntu

Still using Ubuntu 12.04, and one of the problem we’ve encountered is it requires normal user to authenticated the designated admin user’s password when connecting to wireless network, which in my opinion doesn’t make sense. How can a normal user access internet over wifi if they aren’t allowed to do so?

Check what google search has to offer, I finally found a fix for this. Adding policykit rules for wifi users.

Create or modify a file  etc/polkit-1/localauthority/50-local.d/52-wifi-management.pkla

$> sudo gedit etc/polkit-1/localauthority/50-local.d/52-wifi-management.pkla

and then enter the following

[Wifi management]
Identity=unix-group:netdev
Action=org.freedesktop.NetworkManager.*
ResultAny=no
ResultInactive=no
ResultActive=yes

and save on exit.

Add the user to the netdev group

$> sudo usermod -a -G ftp jerry

Restart the system and standard user should now be able to connect to wifi..

Done.

How to block facebook on your linux based firewall

For most corporate network, social network are not allowed, and since facebook is one of the most popular social network site, it continuously add new IP address frequently. So blocking IP known to you alone is not enough. Here’s a better way to block IP owned by facebook (Only if you wish to block it in your network)

#> /usr/bin/whois -h whois.radb.net '!gAS32934' | head -n -1 | tail -n -1 | /usr/bin/xargs --max-args=1 | /usr/bin/xargs -I {} --max-args=1 /sbin/iptables -t mangle -I POSTROUTING -d {} -j DROP

 

 

Ubuntu 12.04 /etc/resolv.conf 127.0.0.1 implementation with dnsmasq

On the current version of Ubuntu (12.04), you might notice that the current /etc/resolv.conf file always record a nameserver 127.0.0.1 which then resolv dns via dnsmasq, but most of the time after test few things, I found it more problematic. It always disregard my local DNS server, and goes directly to the DNS of my ISP.

If you’re having the same problem like mine, here’s a quickfix:

1. Modify the configuration /etc/NetworkManager/NetworkManager.conf

$> sudo gedit /etc/NetworkManager/NetworkManager.conf

2.  Comment the line that contain “dns=dnsmasq“

[main]
...
#dns-masq

3. Then restart the network-manager

$> sudo  service network-manager restart

4. Done

 

 

Installing KVM with OpenVSwitch on Ubuntu 12.04

Here’s a good article from http://blog.allanglesit.com/, I myself tried it my in test server and it’s working great, though I’m still new with OpenVSwitch.

The article has been released for Ubuntu 12.04 system. I also found out that the KVM version currently available in Ubuntu 12.04 has better performance compare to 10.04, which I think is a good sign when planning to deploy KVM host for your VMs.

The actual URL: http://blog.allanglesit.com/2012/03/linux-kvm-ubuntu-12-04-with-openvswitch/

Done.

Novell iManager workstation on Ubuntu 11.04

Currently unning a Novell eDirectory  LDAP service and wonder how to use iManager on your Ubuntu workstation.

Here’s how:

1. Download the latest iManager Workstation for Linux in Novell Download Center

2. Extract the package (for me usually in $HOME/Desktop)

3. Install the necessary packages and libraries for alien (alien, libstdc++5, gcc), installing alien package also includes rpm in the requirements.

4.  Prepare NICI for installation.

$> cd  $HOME/Desktop/imanager
$> cd  NICI/linux
$> sudo alien -d --scripts nici.i386.rpm
$> sudo dpkg -i nici_2.7.3-1.01_i386.deb

5. Modify the current  iManager.sh in the bin folder ($HOME/Desktop/imanager/bin) and remove the word  ”function” in every functions of the script.

example:

function CHECK_PERMISSIONS()
{
 echo "Test permissions" > $IMANAGER_BIN_NATIVE_DIR/perm.txt
 ....
}

should be

CHECK_PERMISSIONS() 
{ 
echo "Test permissions" > $IMANAGER_BIN_NATIVE_DIR/perm.txt 
.... 
}

5.  In the STARTMANAGER() function, remove the CHECK_NICI;

6.  Save the script and do  some test run.

$> cd $HOME/Desktop/imanager/bin
$> ./iManager.sh

7. Done.

Ubuntu 11.04 Shutdown and Restart Problem with CIFS

UPDATE(07/29/2011): The GRUB thing didn’t work at all, back to basic trapping signal via upstart scripts in /etc/init/dbus.conf.  I tried it before using /etc/init/network-manager.conf but on Ubuntu 10.10, it’s not working anymore. Here’s another test and works for me.

1. Modify the current /etc/init/dbus.conf.

$> sudo vi /etc/init/dbus.conf

2. Add a pre-stop script, which looks like this:

pre-stop script
       trap "TERM signal" TERM
      /bin/umount -a -t cifs -l -f
      trap - TERM
end script 

3. Save the script and have a test.

4. Done.

UPDATE(07/28/2011): Found a better alternative via GRUB, link here. Mainly you just need to modify the  /etc/default/grub. Here’s the details:

1. Edit the /etc/default/grub

$> sudo vi /etc/default/grub

2. Add “reboot=pci” on the GRUB_CMDLINE_LINUX line, it should look something like this:

... GRUB_CMDLINE_LINUX="reboot=pci" ...

3. Update the grub

$> sudo update-grub

 

4. Done

—————

It’s an ancient bug (here), which still exist in Ubuntu 11.04, or even in other distros. When you got a mounted samba shares before the shutdown or restart process, the machine waits for around 10 minutes before it complete the operation. Very troublesome that’s why I tried various workaround but none of them  works with Ubuntu 11.04. Not even the /etc/rc6.d/K*  or the upstart /etc/init configurations, nor the old python script I posted before (here’s the link).

After few considerations, I made a desperate workaround, creating a script that triggers before the /sbin/shutdown, /sbin/reboot and /sbin/restart commands.

1. Rename the current shutdown, reboot and restart commands in /sbin.

#> mv /sbin/shutdown /sbin/shutdown2
#> mv /sbin/reboot /sbin/reboot2
#> mv /sbin/restart /sbin/restart2 

2. Then create scripts with names of the previous commands in /sbin, which contains the following:

#!/bin/sh
umount -t cifs -a -f -l
/sbin/shutdown2 $@
exit 0 

3. Make similar script for reboot and restart command which also points to /sbin/reboot2 and /sbin/restart2.

4.  Until the dbus implementation of stop on deconfiguring-networking comes to Ubuntu 11.04, which I think working with
Ubuntu 11.10 oneiric. I think this is the least workaround that works for me.

5. Done

Recover Deleted or Corrupted Files in Linux

In most cases, the data stored in your memory cards or USB drives likely being corrupted and there are some files you accidentally deleted and removed in trash. Fear not, there is another chance to recover them back again.

I tried scalpel but didn’t work our right, then tried foremost, and it works like a charm. I’ve been always a victim of corrupted memory cards every time I extracted or deleted something using memory card readers or even using the delete utility of my digital camera.

Well, here’s the basic command to recover things in your memory cards  or USB thumb drives.

1. First, install foremost

$> sudo apt-get install foremost

2. Then, determine the target device, mines is /dev/sdb1

$> sudo fdisk -l

3. Finally, issue the foremost command\

$> sudo foremost -t all -i /dev/sdb1 -o output_dir

4. Done

passwd: Module is unknown

After modifying your workstation authentication and adds optional LDAP or KERBEROS authentication, you end up messing your pam configurations. Here’s a quick fix that works for me:

$ sudo pam-auth-update --force

I hope it works in your case too.

SAMBA PDC on Centos 5.5

This guide will help to install and configure a SAMBA Windows File Server that acts as a PDC using tbsam, Although it is suggested to have it configured with LDAP authtentication backend, many small office still cater this kind of configuration.

Here’s the details:

1. Install the Samba File Server and necessary packages.

#> yum groupinstall "Windows File Server"

2. Prepare the necessary directories needed for netlogon.

#> mkdir -p /home/samba/netlogon

3. For new users to have a directory called profile in their home directory, add a folder called “profiles” in the /etc/skel. For existing users, just add the folder “profiles” to their home directories and change the ownership to their corresponding owners.

4. Backup the existing /etc/samba/smb.conf file first before using the configuration below:

[global]
 #Server Declaration
 workgroup = MYDOMAIN
 netbios name = FILESERVER001
 server string = File Server  %v

 #Security Properties
 security = user
 domain master = yes
 preferred master = yes
 local master = yes
 domain logons = yes
 wins support = yes
 os level = 65
 name resolve order = wins bcast hosts

 #Login Configurations
 logon path = \\%L\%U\profiles
 logon drive = H:
 logon home = \\%L\%U
 logon script = logon.bat

 #User Scripts
 add group script = /usr/sbin/groupadd '%g'
 delete group script = /usr/sbin/groupdel '%g'
 add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
 delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
 add user script = /usr/sbin/useradd -m -G users '%u'
 add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
 delete user script = /usr/sbin/userdel -r '%u'
 idmap uid = 1000 - 20000
 idmap gid = 1000 - 20000

 #Passwords
 passdb backend = tdbsam:/etc/samba/passdb.tdb
 passwd program = /usr/bin/passwd '%u'
 passwd chat = "*Enter\snew\sUnix\spassword:*" %n\n "*retype\snew\sUnix\spassword:" %n\n. "*updated successfuly*"
 passwd chat debug = yes
 encrypt passwords = yes
 unix password sync = yes
 enable privileges = yes
 username map = /etc/samba/smbusers

 # Log File
 log file = /var/log/samba/%m.log
 log level = 3
 max log size = 50

 #Other Configurations
 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
 printing = cups
 printcap name = cups
 show add printer wizard = No

#============================ Share Definitions ==============================

[netlogon]
 path = /home/samba/netlogon
 admin users = root
 guest ok = yes
 browsable = no
 valid users = %U
 read only = no
 admin users = Administrator

[profiles]
 path = /home/%U/profiles
 create mode = 0600
 directory mode = 0700
 profile acls = Yes
 read only = No

[homes]
 comment = Home Directories
 browseable = no
 writeable = yes
 valid users = %S
 create mode = 777
 directory mode = 777

[printers]
 comment = All Printers
 path = /var/spool/samba
 browseable = no
 guest ok = no
 writable = no
 printable = yes

5. Modify the /etc/nsswitch.conf, your hosts line should look like this:

hosts:  files wins dns

6. Modify the /etc/samba/smbusers, the root usermap should look like this:

root = administrator Administrator admin

7.  Link SAMBA and Linux user groups, from root access, execute the following commands:

#>  net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d 
#>  net groupmap add ntgroup="Domain Users"  unixgroup=users rid=513 type=d
#>  net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d

After each commands, the system should response with the following message.

Successfully added group Domain ... to the mapping db as a domain group

8. To additional groups, perform the following:

#> groupadd <linux group>
#> net groupmap add ntgroup="<windows group>" unixgroup=<linux group> type=d

Note: the rid value should be the succeeding number of the previously entered value.

9.  Add root to the samba users, to be used in domain authentication on windows workstations.

#> smbpasswd -a root
#> smbpasswd -e root

10. Check your configurations and verify that you have entered the correct settings.

#> testparm

11.Restart the samba service, also start the winbind service it not yet running.

#> service smb restart
#> service winbind start

12. Test the Administrator access first

#> smbclient -L localhost -U
   enter the root password

12. To add new users, you can use the basic commands:

#> useradd -m -G users <username>
#> passwd <username>
#> smbpasswd -a <username>

Also note that new users and groups should be in range from 1000 to 20000, else modify the idmap declarations in /etc/samba/smb.conf.

13. Restart the samba service again, and check of the new user will be authenticated when accessing the samba shares.

$> smbclient -L localhost -U <username>
enter the <username's> password

14. Configure the windows workstation and join them to your new samba file server using the details below:

Domainname: MYDOMAIN
Administrator Account: Administrator
Password: <your root password>

15. Done.

UDEV: Mount and Unmount External Drive

I got three sets of USB External Hard Drive I’m using for my system backup. Need it to have a hotplug capability to have multiple copies of backup. The backup operations are done midnight of the schedule date.

Here’s my list:

1. Daily Backup – two (2) sets of hard drive of 500GB
2. Weekly Backup – two (2) sets of hard drive with capacity of 1TB
3. Monthly  Backup one (1) set capacity of 1TB

The previous problem I’ve encoutered is that I need to manually mount them as:

/backup/daily
/backup/weekly
/backup/monthly

My backup script tend to use them on that location. So I made this udev script that will fix them and automatically mount and umount them. Though the umount should be safely done, but in case you forgot to umount the drive, the script will umount them for you.

Here’s my /etc/udev/rules.d/10-backupdrives.rules

ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPD*", RUN+="/bin/mount /dev/%k /backup/daily",OPTIONS="last_rule"
ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPW*", RUN+="/bin/mount /dev/%k /backup/weekly",OPTIONS="last_rule"
ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPM*", RUN+="/bin/mount /dev/%k /backup/monthly",OPTIONS="last_rule"
ACTION=="remove",KERNEL=="sd[b-z][1-9]",RUN+="/bin/umount /dev/%k",OPTIONS="last_rule"