Shaun's bookshelf: currently-reading

Welcome to Ghanima. Here you may or may not find something of use to you. This site is my personal Wiki that covers the various nerdy tinkerings I do when I'm not working in my nerdy job.

Current mini projects include:

  • A network health VM on Ubuntu 12.04 that includes:
    • A SAMBA 4 Domain Controller
    • Apt-Cacher-NG
    • Something to cache Windows Updates
    • Zabbix 2
  • The Unity-like theme on this DokuWiki instance
  • Virtual Desktops (Spice, VNC, QVD, x2go, etc.)

SSSD and Samba 4 sudoers Gotcha

I hope this saves someone from wasting nearly a full day like I did.

I'm playing about with a Samba 4 Active Directory and Ubuntu (mainly) clients. On my NAS I'm using winbind but for things such as laptops I need to be able to cache certain things to allow the devices to be used when the Samba AD is inaccessible (e.g. site with no internet connection). For this I'm using SSSD.

So far I have been stumped by two time holes. The first was that in some situations, changing sssd.conf has no effect because it uses the settings it has in it's .ldb cache database. Any time you change sssd.conf, delete the cache database:

sudo rm -f /var/lib/sss/db/*

Don't worry, everything in there is just cached data pulled from your AD. You're not deleting anything important.

The big thing that I lost time on however was sudoers.

→


Using Wireshark to analyse encrypted Active Directory (Samba 4) traffic

I found myself in a situation in which an Active Directory client (SSSD on Ubuntu) was not getting the expected search results from a Samba 4 Active Directory.

Ultimately it was a permissions issue. sigh

I used the following process to read the encrypted LDAP (Kerberos/GSS-API) stream between the client and the server. It didn't help but I thought I'd note it down anyway.

→


Forcing Apt to use IPv4 only

My ISP is getting ready to roll out IPv6. The problem this is causing me is their DNS infrastructure is starting to respond the requests for AAAA records. When Apt gets an IPv6 IP (it makes both A and AAAA requests) from DNS first, it tries to use it. I don't actually have IPv6 connectivity to the internet yet so this fails.

→


I bought myself a pair of new TP-Link TL-WDR4300s to replace the TL-WR1043NDs I had been using as a point -to-point wireless bridge between the place my internet connection is and the place my server is.

The WR1043NDs were great devices except for one small issue, packet loss or slow packets across the wireless link. When the devices are restarted about 2% of packets were either lost or took >1000ms (they only need to cover about 3 meters and have clear line of site). The longer the units were running the more frequent the lost/slow packets were.

Anyway, WDR4300s were on special on ebay so time to ease some of the frustration the WR1043NDs were causing.

I opened up the boxes, powered on the units, browsed around their built in Web UIs and then went looking for the most appropriate OpenWRT image to install. At time of writing the stable branch didn't support these devices so I installed the latest Trunk build.

I got everything installed and configured and ready to go. Unfortunately, when I made the swap from old devices to new, I had a problem. A little digging found that that port I was using for both LAN traffic (internally VLAN 1) and VLAN tagged WAN traffic (VLAN 2) would do one or the other, not both.

The internet yielded a patch but to apply it I needed to build OpenWRT from source.

shaun · 43 Comments

IO Benchmarking Part 1 - Physical and RAID

Please note: This article is still a work in progress. The experiment is still ongoing.
The goal of this mini-project is to answer a question that has been bugging me for a while:

Which, of the multitude of options available, makes the best configuration for a Linux KVM host's storage?

In part one I hope to work out which performs better on the block level, below the filesystem.

→


Apt-Cacher-NG with transparent operation

If your network has several machines all running similar versions of Debian or Ubuntu you might want to save some bandwidth and improve update speeds by keeping a local cache of updates.

Apt-Cacher-NG is a reasonably simple application that, when a request is made for an update package, it serves it from it's local cache or fetches it if it's not currently cached. It's normal design intention is to operate as a http proxy in that you configure apt on your your network computers to use your Apt-Cache-NG server.

I found this to be slightly less than ideal in that it needs your computers to be manually configured. The ideal situation would be to have the computers use the proxy without needing to be configured thus leaving no oppitunity for incorrectly configured machines or machines that travel needing to be reconfigured depending on the network they are connected to.

In this article we will combine Apt-Cacher-NG, Apache and DNS trickery to make the proxy and cache completely transparent to the target computer.

→

shaun · 10 Comments

Xspice server in a Container

In the past I have used VNC, FreeNX and X2Go to provide a remote desktop into Ubuntu. With the introduction of Ubuntu 12.10 (Quantal Quetzal) things became complicated. The 2d version of Unity was discontinued. Because none of the technologies I had been using provided 3d rendering capabilities, I would have been forced to abandon Unity and fall back to a simpler renderer (e.g. Gnome 2).

I started experimenting with the Spice protocol as a way of accessing the virtual “monitor” of a KVM virtual machine. While this showed great promise and provided to the VM all that was required to render a full Unity 3d desktop it had some drawbacks:

  • It was laggy. I was (and still am) having issues with IO performance of the VM's host server which, if resolved, may solve this.
  • Mouse integration was a bit off.
    • It seemed that the position of the cursor would randomly move all the way to the left side of the screen. When this happens a few times within a few minutes while doing something mouse intensive like browsing the internet, it gets very frustrating very fast.
    • I couldn't get the scroll wheel to work. Again, browsing the internet and being very used to having the scroll wheel, not having it is frustrating.
  • My underlying goal of having a full featured Ubuntu “Terminal Server” analogue was dying.
    • Needing a full KVM VM for each connected user was going to use far too many resources to be practical.

The next step was installing an Xspice enabled X server into the KVM VM and seeing how it operated. This would allow the VM to spawn an X server instance for each user, allowing one VM to serve multiple users. This worked very well, solving several of the drwabacks mentioned above.

Can we do better though?

Now we come to the purpose of this article, running an Xspice X server in an LXC container. An LXC container is even less resource hungry then a KVM VM.

→

shaun · 19 Comments

Pipe the Audio from your bluetooth phone to your PC speakers

In Windows 7, if you pair your phone to your PC and connect the Bluetooth audio device, your phone's Music/Podcasts/Audiobooks/whatever are piped out your PC's speakers which is nice if you have decent speakers.

There's no obvious way to do this in Ubuntu 12.04. You can get really close. You can pair the device, enable the audio redirection to the PC, see the input device in Sound settings and see with the little vu graph that sound is happening. Your speakers, however, remain silent.

This is a re-hash of what I found here: I take no credit for zansatsu0's work or the work he built upon.

→

shaun · 600 Comments