Pragmatic IT

IT Infrastructure and Software Development from the Customer's Perspective

DHCP Not Updating DNS

So I had a weird problem – suddenly my DHCP server stopped updating my DNS server when my main laptop that I use all the time renewed its DHCP lease. It seemed to be working fine for all other machines on my network.

After much fooling around and some reading, I discovered in the middle of some document a statement that the DHCP server keeps track of whether it thinks it has updated the DNS server, to avoid one round trip when renewing a lease. This means that if the DHCP server thinks it has updated DNS, it won’t try again and if the DNS server doesn’t have that address, it’ll never get it.

Well, the DNS server will never get it until you do the following on the DHCP client machine to force a release of the lease:<pre>sudo dhclient -r</pre>Once you do that and then renew the lease again (e.g. disconnect and connect the network) everything is fine.
Firefox Disappears when Changing Display Settings

After a year without problems, suddenly I started having a problem where Firefox disappeared when I switched between the laptop screen and my external monitor. Firefox was still running, but I couldn’t make it appear.

It turns out that somehow it was ending up on outside the screen and therefore it wasn’t being shown on the bottom panel. Here’s how to fix:
iPhone Tethering Notes for Ubuntu Vancouver LoCo

I gave a lightning talk at the Ubuntu Vancouver Local Committee July 9, 2009 on accessing the Internet from an Ubuntu computer through the iPhone.

  • Use the instructions from the Ubuntu forums [here][1]. [This other page][2] gives the underlying commands used by the script from the Ubuntu forum. You may find it helpful if the script doesn't work for you.
  • During installation, when you're asked to make the iPhone discoverable, go to Settings-> General-> Bluetooth and turn on Bluetooth.
  • Part way through the instructions in the Ubuntu forum you're asked to "pair" your iPhone with the computer. To "pair" your iPhone with your computer:
  1. Click on the blue icon with white triangles that you'll find amount the other notification icons, typically in the upper-right corner of your screen.
  2. Select "Set up new device..."
  3. Click "Forward".
  4. Wait for your iPhone to appear in the list. If it doesn't, go back to Settings-> General-> Bluetooth on the iPhone and make sure Bluetooth is on. Also, make sure your iPhone is less than a 1/2 metre from your computer.
  5. Select your iPhone in the list and click "Forward".
  6. Ubuntu will show you a four-digit code and ask you to enter it on the device. The iPhone will have a keypad showing. Enter the code.
  7. Ubuntu will ask if you want to allow the connection. Select "Always allow" and click "OK".
  8. You're now paired.
  • Before trying to tether your computer to the iPhone, go back to Settings-> General-> Bluetooth. Your computer's name with "-0" appended should appear below the on/off button. If it says "Not connected" beside your computer's name, click on the computer name and wait for it to change to "Connected".
  • Using Network Manager, turn off other network connections you may have running before tethering.
  • Finally, before running the script, don't forget to turn on Internet Tethering on the iPhone. Go to Settings-> General-> Network-> Internet Tethering and turn Internet Tethering on.
  • Keep the iPhone with 1/2 metre of your computer. (You can try more, but I suspect that the flaky connection I sometimes experience may be associated with the distance between the phone and the computer.)
  • After running the script, you still won't be able to browse the Internet. (You don't have any usable DNS servers defined on your computer.) Do the following in a terminal:

sudo cat >>/etc/resolv.conf <<-END nameserver 208.67.220.220 nameserver 208.67.222.222 END

  • I put the above in my uit.sh script at the appropriate place.
  • Remember to turn off Internet Tethering and Bluetooth on the iPhone when you're done.
  • Disconnect tethering on your computer by running: sudo ./uit.sh -d
  • Don't forget to reconnect your computer to your usual networks after you turn off tethering.

Troubleshooting

  • My experience is that you have to do everything in exactly the right order. If something goes wrong, do the following and then start over:
  1. On the iPhone, go to Settings-> General-> Network-> Internet Tethering and turn Internet Tethering off.
  2. On the iPhone, go to Settings-> General-> Network-> Bluetooth and turn Bluetooth off
  3. On your computer, run the disconnect script: sudo ./uit.sh -d
  4. On your computer, restart Bluetooth: sudo /etc/init.d/bluetooth restart
  • The Bluetooth connection seems to be unreliable. Sometimes I can browse a page or two and then it stops working. Sometimes it just doesn't connect at all. After two or three tries I usually get a reliable connection. Every time it fails, be sure to do all the steps in the above list.
Tethered iPhone

I’m posting this from my laptop sitting outside Marc’s Karate dojo with my iPhone in my pocket providing my Internet connection over Bluetooth. I can’t help but be geekily happy about this. I never bothered to set up the tethering before OS 3.0, so it’s new to me. This is old news to the hardcore users.

I guess a new thing is that Fido is cool with the fact that I’ve tethered. Not that I care what they think, but phone companies are vindictive enough to actually cut you off if they detected you were tethering, so I feel a little better that it’s legit. (Make sure you read the details to be sure you’re legit.)

The best instructions I found are here. The instructions here show the actual commands, which is useful to know when you’re debugging. It wasn’t smooth for me because I didn’t do the sequence in perfect order, and it looks like once I messed it up I just couldn’t get it to connect. By going System-> Preferences-> Bluetooth and undoing the Bluetooth pairing, I was able to go through the steps from the start and get it working.

The part I had out of order is that I didn’t check to see that the iPhone was actually connected to my laptop before attempting to tether from the laptop. The Bluetooth screen on the iPhone has to say “Connected”, not just show the name of your laptop.

While writing this I lost my connection and couldn’t get it back until I restarted Bluetooth on my laptop (sudo /etc/init.d/bluetooth restart). I have no idea what that’s about, but I’ve seen others on the Internet complain that the connection isn’t always reliable.

Keyboard Layouts Disappear when Plugging In Keyboard

I have USA and Spanish (Spain) keyboard layouts defined on my laptop, with USA being the default. When I plug in my external keyboard I can no longer choose the Spanish layout either from the keyboard layout indicator in the panel or via the keyboard shortcut I've defined. If I bring up the keyboard preferences, the Spanish keyboard is still in the list. To work around the problem, I either delete it and re-add the Spanish layout, or restart Gnome (log out and log in).
Google Wave

I just watched the Google Wave preview video. What I find intriguing about Wave is that they may have made version control accessible to the masses. Of course, they don’t call it version control. That name is part of the reason why it’s never been accessible to the masses.

Click here to see my del.icio.us links to the URLs they give at the end of the video.

</embed>

Open Web Vancouver 2009

I went to Open Web Vancouver 2009 last week. It’s a two day, low-key conference about open technologies for developers, testers and others at that level of the business. It’s a very well-run, well-attended and interesting conference, and very inexpensive.

The most interesting thing I heard about was PhoneGap. It’s JavaScript that runs on all the major smart phones, so you have fewer cross-platform issues. And it gives web applications access to some of the functionality in the phone not normally accessible to a web application. On the iPhone, this means the current location and vibration.

There was a good workshop with City of Vancouver staff about their recent direction to open up the city’s data, as well as moving to open standards and open source software. The first priority is the data. They’re hoping that people will take the City’s data and mash it up in useful ways. There’s a Google Group about this at http://groups.google.com/group/vancouver-data.

18 months ago there was a lot of stuff about Ruby on Rails at this conference. This time the Drupal community was big. There was a presentation from Momentum magazine about how a volunteer built their website in Drupal. I thought they’d found money to have a professional develop the site, it’s so good.

And Mozilla Messenging (i.e. Mozilla Thunderbird) is based in Vancouver. Who knew?

Ubuntu VMs and Time

Ubuntu 8.04 in VMs under VMWare Server 2.0.1 need the kernel parameter “clocksource=acpi_pm” when they boot. Edit /boot/grub/menu.lst and add “clocksource=acpi_pm” to the end of the line that starts “# kopt=”. Don’t remove the “#”. In this context it’s not a comment. After you save the file, run “sudo update-grub” and then reboot.

If the guest doesn’t have this kernel parameter specified, time runs backwards on the guest O/S, or time hangs or gets stuck. This was showing up especially on my backup server running bacula, and the backup clients that had large amounts of data. I suspect that high loads exacerbate the problem.
xsane Problems

This morning I scanned a small French reader that Marc particularly liked. At noon I had to scan two pages for Angela, because she’d left them at home. When I went to scan I got this: “Failed to start scanner: Invalid argument”.

After much flailing, including re-installing hplip and xsane, and doing sudo

ln -s /usr/lib/libhpmud.so.0 libhpmud.so

I finally got brave and simply moved ~/.sane/xsane to ~/.sane/xsane.old, then started xsane and it worked.

After the fact, I figured out that the problem started when I clicked on the preview pane in xsane and set the size of the area I was scanning to

  1. The message wasn’t very helpful. (I figured it out by diff’ing the xsane.conf that worked with the one in xsane.old.)

In addition, hp-check reports there’s no plug-in installed for my printer, even though everything seems to be working. Go figure.

All this under Ubuntu 9.04 using an HP CM1312nfi MFP.
Getting Identity From Active Directory

I needed a test environment where I could test mounting and accessing Windows shares on a Linux machine, using identities and permissions obtained from Active Directory (AD). After the initial setup, I wanted to run a processes periodically in the background, without user intervention. Therefore, having the user enter the password each time wasn’t an option. Also, the background process would be run periodically forever in the future. I didn’t want to store passwords because the processes would fail after the user changed their password (and it’s not a good idea to store passwords anyway).

The Kerberos authentication scheme in Windows and Linux uses tickets, which can be used to prove that a process is acting on behalf of a user. A user gets a ticket by requesting one and providing their password. Until that ticket expires, processes that support Kerberos can be run with the permissions of that user.

So let’s say we want to access a Windows share as user “testa”, which is a Windows user known to the AD server. The Linux machine asks for a ticket for testa, using testa’s password. The AD server validates the password and gives the Linux machine a ticket. The Linux machine can then mount the Windows share using Kerberos authentication. Accesses to the files and directories on the share will then be allowed or denied based on testa’s permissions.

I built an AD server on Windows 2003 Server SP2. The client machine was Ubuntu Desktop Edition 9.04.

Here’s how I went about it:

  1. Build an Active Directory server accepting the defaults. This included allowing it to set up its own DNS server. I already have DNS servers in my network, but I'm not a DNS expert. I've had bad luck changing my DNS setup in the past, so for this test I just let AD do its thing.
  2. Install required packages on the Linux machine:
    3. sudo apt-get install krb5-user keyutils
  3. Replace the installed /etc/krb5.conf with the following. You have to replace "my.domain.tld" with your own domain, of course. Be careful to copy uppercase and lowercase:
    4. \[libdefaults\] default\_realm = MY.DOMAIN.TLD default\_checksum = rsa-md5 \[realms\] MY.DOMAIN.TLD = \{ kdc = ADServer.my.domain.tld } \[domain\_realm\] .my.domain.tld = MY.DOMAIN.TLD my.domain.tld = MY.DOMAIN.TLD
  4. Add the following line to /etc/request-key.conf. The order of the lines is important. I put it last and nothing changed. I put it first and everything worked:
    5. create cifs.spnego \* \* /usr/sbin/cifs.upcall %k %d
  5. Get a key with kinit. Run kinit with sudo. The ticket you get is for the AD user testa whether you run as sudo or not, but the place that kinit stores the ticket depends on the Linux user who runs kinit. Since the mount command runs as root, you have to get a ticket for root or mount won't find the ticket
    6. sudo kinit -f testa
  6. Mount the share, replacing "FileServer", "Share", and "/tmp/mnt" with appropriate values for your systems:
    7. sudo mount -t cifs -o sec=krb5i //FileServer/Share /tmp/mnt

For a while I was getting “mount error(2): No such file or directory” when I tried to mount. It was because I hadn’t installed the keyutils package.

I’ve tested this up to and including the mount. I haven’t finished testing the background process I originally wanted to build. I may modify this post based on my testing experience, so check back later.

Archive