totalnetsolutions.net » Open Source Software

What date is XX days from today?

Robert — Thu, 26 Jan 2012 03:30:27 +0000

A quick CLI reference for perl people…
perl -e ' my @t=localtime(time() + $ARGV[0]*24*60*60); $t[4]++; $t[5]+=1900; print "$t[4]/$t[3]/$t[5]\n";' XX
I’ve needed this 2x today already, and hope it helps you!

Edit:
Someone made a comment, as people on the internet are prone to do, so here’s the long-form non-one-liner version:

#!/usr/bin/perl my $addDays = shift; my ($second, $minute, $hour, $day, $month, $year, $dayOfWeek, $dayOfYear, $daylightSavings) = localtime(time()); my ($fsecond, $fminute, $fhour, $fday, $fmonth, $fyear, $fdayOfWeek, $fdayOfYear, $fdaylightSavings) = localtime(time() + $addDays*24*60*60);


#fix 0 = 1 values, and "0 = 1900" problem:

$month++;

$fmonth++;

$year+=1900;

$fyear+=1900;

print "today is: $month/$day/$year\n"; print "$addDays days from today is: $fmonth/$fday/$fyear\n";

Run it as:
rob@laptop:~$ fdate.pl 50 today is: 1/25/2012 50 days from today is: 3/15/2012

Dynamic MTU in Debian/Ubuntu

Robert — Wed, 05 Oct 2011 19:53:00 +0000

I know it’s probably an unusual situation, but in the lab we have Jumbo frames turned on for all the servers and test boxes. It makes a huge difference copying ISOs between hosts, and doing network backups. However, my Kubuntu laptop isn’t always in the lab network. This means that I almost never remember to change the MTU when I’m back in the office, OR I remember in the middle of a transfer, when it’s already too late to gain the benefits.

So I wrote a little script, and put it in /etc/network/if-up.d/ named “jumbo-frames.sh”. The if-*.d/ structure is designed for exactly this purpose: run a script when an interface comes up. The basic premise is: If I’m plugged into a wired network (eth0) in the lab (domain or IP address match certain parameters), then set the MTU to 9000 (jumbo frame support), otherwise assume the network has a normal MTU (1500). This allows the system to reconfigure on the fly if I put it to sleep and go visit a customer.

Here’s the code:
#!/bin/sh # Set support for jumbo frames when at home on wired network, else do not. # Determine home network based on IP address and DNS-determined name. # $IFACE should be set by the caller.


PATH=/sbin:/bin:/usr/sbin:/usr/bin
IFC=/sbin/ifconfig

INT="eth0"

MTU=9000

DEFMTU=1500

#name of the DNS domain to assume as "home"

HOMED="totalnetsolutions.net"

#IP Subnet to assume as "home" if DNS test fails

HOMEN="10.0.0."
test -x $IFC || exit 0
# Don't make changes to the wireless (wlan) or loopback (lo) interfaces

if [ "$IFACE" != "$INT" ]; then

    exit 0

fi
# if dhcpd is still working on writing our resolv.conf, just wait a while (it's a hack, but it works).

test -f /etc/resolv.conf || sleep 15
DOM=`awk '/search/ { print $2 }' /etc/resolv.conf`

NET=`ip addr show dev $IFACE | awk '/inet / { print $2 }' | awk -F. '{ print $1 "." $2 "." $3 "." }'`

if [ "$DOM" = "$HOMED" ]; then $IFC $IFACE mtu $MTU elif [ "$NET" = "$HOMEN" ]; then $IFC $IFACE mtu $MTU else $IFC $IFACE mtu $DEFMTU fi

HowTo: Create a dummy / empty / blank krb5.keytab file

Robert — Fri, 08 Jul 2011 03:29:39 +0000

We had an issue recently where we needed a dummy krb5.keytab file for an operation prior to creating the real keytab:
echo -e "\0005\0002\c" >/etc/krb5.keytab

ypcat passwd: No such map passwd.byname. Reason: No such map in server’s domain

Robert — Mon, 23 May 2011 20:19:23 +0000

We ran into this bit of fun while setting up a NIS domain for testing in the lab today:
rob@rob-kubuntu3:~$ ypcat -d nisdom -h rhel5-64-2 passwd.byname No such map passwd.byname. Reason: No such map in server's domain
It turns out this was a problem with the /var/yp/securenets file, but I’m still not sure what is wrong. The man page for ypserv shows:

A sample securenets file might look like this:

# allow connections from local host — necessary
host 127.0.0.1
# same as 255.255.255.255 127.0.0.1
#
# allow connections from any host
# on the 131.234.223.0 network
255.255.255.0 131.234.223.0

So we set up our securenets to look like this:

host 127.0.0.1
255.255.255.0 10.10.10.0

And tried to connect to the server:rob@rob-kubuntu3:~$ ip addr show dev wlan0 |grep "inet " inet 10.10.10.210/24 brd 10.10.10.255 scope global wlan0 rob@rob-kubuntu3:~$ ypcat -d nisdom -h rhel5-64-2 passwd.byname No such map passwd.byname. Reason: No such map in server's domain rob@rob-kubuntu3:~$ ping -c1 rhel5-64-2 PING rhel5-64-2 (10.10.10.213) 56(84) bytes of data. 64 bytes from rhel5-64-2 (10.10.10.213): icmp_req=1 ttl=64 time=0.823 ms

--- rhel5-64-2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.823/0.823/0.823/0.000 ms

Removing the /var/yp/securenets file allowed us access, so it wasn’t firewall or rpc or portmap issues, to the best I can determine. Adding “host 10.10.10.210″ also worked and allowed the client access. So what’s wrong with the format / man page?

Retaining mid-pipeline exit status

Robert — Thu, 10 Feb 2011 18:40:03 +0000

I had a Bourne Shell (sh) script I needed to capture the exit status of, but it was being run through “tee” to capture a log file, so “$?” always returned the exit status of “tee”, not the script. In a nutshell, it went something like this:
#!/bin/sh DO_LOG=$1 LOGNAME="`hostname`.out" if [ "$DO_LOG" -eq "1" ]; then # Logging is turned on, so relaunch ourself with logging disabled, and tee the output to the logfile sh $0 0 | tee $LOGNAME exit $? fi #... Do lots of things in the script exit $ERRORCODE

Now, the important thing here is that the script sets very specific error codes (we have 16 defined) based on different error states, so that a tool like HP Opsware can give us different reports based on the exit status. When run with “0″ for no logging, this works great, but it requires the controlling tool to capture logs, and not all do (especially cheap “for” loops in a shell script.)

But when run with logging enabled, all of the fancy error code handling (45 lines of subroutines’ worth) gets lost, because “$!” is equal to the status code of the “tee” command. Bash scripters out there will say “but what about $PIPESTATUS ?” If we could use bash, the code would be:
#!/bin/sh DO_LOG=$1 LOGNAME="`hostname`.out" if [ "$DO_LOG" -eq "1" ]; then # Logging is turned on, so relaunch ourself with logging disabled, and tee the output to the logfile sh $0 0 | tee $LOGNAME exit ${PIPESTATUS[0]} fi #... Do lots of things in the script exit $ERRORCODE

(Note the single line change in the conditional exit.)

But, I don’t have the luxury of bash (thanks AIX and FreeBSD and Solaris 8), so we needed to get fancy…
#!/bin/sh DO_LOG=$1 LOGNAME="`hostname`.out" if [ "$DO_LOG" -eq "1" ]; then # Logging is turned on, so relaunch ourself with logging disabled, and tee the output to the logfile cp /dev/null $LOGNAME tail -f $LOGNAME & TAILPID=$! sh $0 0 >> $LOGNAME 2>&1 RETURNCODE=$? kill TAILPID exit $RETURNCODE fi #... Do lots of things in the script exit $ERRORCODE

In this last example, we’re creating the empty logfile by copying /dev/null to the logname, then starting a backgrounded “tail” command on the empty file. Because we haven’t disconnected STDOUT in the backgrounding, we will still get the screen output we desire from “tail”. The script now only writes *its* output, with redirected STDOUT and STDERR, to the log file, which is already being tailed to the actual screen. At the end of the script, we capture the true exit code, clean up the tail ugliness, and exit with the desired status code.

This does have a serious downside that if the script encounters and error and exits, the “tail” is left running indefinitely on Linux and Solaris, since the kernel there will simply scavenge the process to be owned by init. So, if you take this method, be very careful to capture all errors you may possibly encounter. Or, just use a better scripting tool.

K9Mail Hosted Exchange ActiveSync Errors Solved

Robert — Sat, 10 Jul 2010 18:43:36 +0000

I’ve been fighting K9Mail for weeks now, trying to get it to sync with MailStreet who hosts “exchange.ms”) hosted Exchange. If you’ve already followed the instructions at the K9Mail Wiki with no success, read on.

Thanks to the k9mail wiki on debugging connection issues and the fact that I already had the Android SDK installed, I was able to solve the 2 related errors I was getting. I would either get an “HTTP 404 not found” or an “HTTP 501 Not Implemented” depending on the settings I chose. With no additional settings other than suggested in the Wiki, I’d get a “501 not implemented”. If I tried to set a mailbox path, or a WebDAV path, I’d get the HTTP 404 Not Found.

In the debugging log, I saw that the system was calling “http://mail.$domain.exchange.ms/”$webDAVpath/Inbox – if I set it to a full URL, the full URL was getting appended. When I attempted to hit those same paths in a full browser, I’d always get an HTTP 404. So, digging in my history in Firefox, I found the following (cleaned) path:

http://mail.$domain.exchange.ms/exchange/$emailaddress/

In this case $emailaddress was my Exchange mail address with the “@” stripped out. Appending “Inbox” to the end of this path resulted in a valid load of my OWA inbox.

Plugging then: /exchange/$emailaddress/ into the WebDAV box in K9Mail, and my email immediately loaded up.

Now I have Android syncing my calendars and contacts, and k9mail is handling my massive inbox!

Turn off console beep on Ubuntu 9.04

Robert — Mon, 04 May 2009 18:53:56 +0000

It used to be that you could edit /etc/modprobe.d/blacklist and add “blacklist pcspkr” to turn off the console beeps entirely on Ubuntu / Kubuntu. As of 9.04, the module is now called “snd_pcsp”.

So, to turn off console (not X terminal, but tty) beeps, you can do one of the following:
1) (This is my preference)
echo blacklist snd_pcsp >> /etc/modprobe.d/blacklist.conf

2) (I’ve done this, but it doesn’t affect all software)
for i in 1 2 3 4 5 6 do setterm -blength 0 > /dev/tty$i done

3) (Only works per shell if ~/.inputrc is included)
echo set bell-style visible >> ~/.inputrc

Enjoy more-sane editing from ttyX in the future!

Samba on Likewise Open – errors with machine accounts

Robert — Thu, 05 Mar 2009 18:56:48 +0000

We’ve had a few customers and Open users posting about problems with machine accounts trying to access Samba shares and getting denied with:
smbd/sesssetup.c:reply_spnego_kerberos(439) Username DOM\COMPUTER1$ is invalid on this system
The “$” at the end of the account name means it’s a computer account, not a user. We’re seeing this for Citrix MetaFrame application servers on shared storage, startup scripts not stored on a DC, and several other cases.

On a Samba server joined to AD with winbind, this is easy to deal with because Samba’s winbind can treat the computer accounts just like user accounts, and assign them access to the unix filesystem with whatever backend has been configured. When a Samba server is joined with Likewise, however, the machine accounts are not visible, and the “username is invalid” message comes up.

Fortunately, Samba gives us a method to handle this, in form of the “username map” directive in /etc/samba/smb.conf. There are two ways to use this, the first is with the username map file.
In smb.conf, to simply add:
[global ] username map = /etc/samba/smbusers
then create a file named /etc/samba/smbusers and populate it with localuser=aduser pairs, like:
COMPUTER1$ = compacct COMPUTER2$ = compacct CITRIXFARM1$ = citrxact
and so on. Lastly, you’ll have to add the local accounts from the pairs above:
useradd -c "Account for AD Computers to use Samba" compacct -G users -u 998 useradd -c "Account for AD Citrix Servers to use Samba" citrxact -G users -u 999
Then, whenever one of the AD computers in the list attempts to access the Samba share, it’ll be mapped to the local account.

The problem with this is when you have a lot of servers, like a Citrix MetaFrame farm, or a Windows Server 2008 R2 Remote Desktop Services farm, that may be changing frequently, because managing that file could get hard. In this case there is the username map script directive, which is added to smb.conf as:
[global ] username map script = /usr/lib/samba/auth/machine-acct-map.pl
Then download this script and save it in /usr/lib/samba/auth/ and make it executable (chmod +x /usr/lib/samba/auth/machine-acct-map.pl). Then run:
useradd -c "Account for AD Computers to use Samba" compacct -G users -u 998
Now, all computers which access the share will be remapped to the “compacct” user, and you won’t have to manage a file for every time the server farm changes.

Get the file here.

VMWare Workstation and Ubuntu 8.10

Robert — Fri, 02 Jan 2009 19:04:03 +0000

I just finished my upgrade from Kubuntu 8.04 to 8.10 this past week (since I had downtime from work, I could afford to break things for a few days). The upgrade went great, and I’ll write about it shortly, once I get used to the newness.

Anyways; Workstation 6.5 has been giving me problems. Because of the newness of KDE4, I initially thought it was a KDE problem, but it turns out it’s something between Workstation 6.5 and Ubuntu 8.10. I just ran the “adapt –dist-upgrade-devel” command from the Ubuntu wiki to upgrade, and upon reboot, I couldn’t “ctrl-alt-ins” or “ctrl-alt-del” to log into my Windows VM, my “Windows/Start” key on the keyboard wouldn’t respond, and my arrow keys wouldn’t work. Incredibly, when I’d hit the “down” arrow, I’d get the Windows Start menu pop up!!

Fix is easy, edit /etc/vmware/config and add the line below like:
sudo vim /etc/vmware/config :$ A (that's vi-command for "go to the end of the file, and start writing a new line") xkeymap.nokeycodeMap = true

Have to restart your VMs for this change to take effect. Thanks to Duncan Epping for this fix (he posted it in the forums, where I found it).

Status update for Rob – past 7 months

Robert — Fri, 14 Nov 2008 19:24:39 +0000

So, any regular readers might have noticed that the posts have been slow coming the past few months. Hopefully you don’t think that the depth in those few posts has been lacking. I’ve been struggling with how to report that I took a new full-time job in April. Obviously, it’s not stopping me from writing, but has slowed me down a bit.

As you may remember, back in January I was invited to speak at Directory Experts’ Conference, 2008. If you weren’t there, I spoke about integrating 30+ Linux servers with a 2000-user Active Directory forest at one of the U.S.’s biggest home improvement providers. At the time, we had used Centrify DirectControl 4.0 to accomplish this integration, and they were the ones who invited me to speak at DEC.

As part of my preparations, I reached out to Quest Software to ask about Vintella, now renamed “Authentication Services”, and to Likewise Software, who sent me software and support contacts (at my request), so that I could learn Likewise Enterprise as well as I knew Centrify DirectControl. That was a very tall order for Likewise Software to fill, as I had spent the past 6 months learning DirectControl inside out.

After 4 weeks of building demonstration machines (with both products), capturing video in case the demos crashed (which they didn’t), and building a presentation and practicing it, DEC was upon us. I gave two presentations, one specifically for Centrify on Monday, and the primary one on Wednesday. At the end of both presentations, we recieved a lot of great questions which Centrify’s Director of Product Development helped answer.

At the end of the conference, Likewise offered me a job. After many discussions with them, my friends and family, and my customers, I decided to take the opportunity. This is not a decision I made to slight Centrify, who’s support of me through my time as a customer was amazing, and who’s assistance through the presentation was fabulous. It’s just one of those opportunities that comes along that I couldn’t pass up.

So for the past 6 months I’ve been the Project Manager for Deployments for Likewise Software. I’ve been on the road about 80% of the time, working with customers to install our software in their environments. Many of the posts I’ve made in that time have been in response to an issue we’ve seen or avoided at a customer of Likewise. I will continue to write these, and I’ll work on doing so at my old (2007) pace of about 3-4 posts a month, since they have been (according to my stats) useful to many people, which is the point of writing this blog.

That means, no changes here compared to last year, but I will have a wider variety of topics, and I’ll likely start mentioning our software specifically. I want it to be clear it’s not advertising, but just the state of what I’m working with. Again, Centrify makes a great product, and I was very happy to have chosen it for my needs at my previous employer. However, I’ve chosen to move forward with this open source company (Likewise Software) for the next stage of my career, and will continue to write about software and integration with a view towards open source software.

Thanks for continuing to read!

Robert Auch