Pragmatic IT

IT Infrastructure and Software Development from the Customer's Perspective

Connecting to DFS Shares with Ubuntu

See an important update [here][1]. The information that follows is still relevant to mount.cifs.

With my current client, when I’m working at home, I have to connect to a CIFS share that uses Microsoft’s DFS through their Cisco AnyConnect VPN. It seemed like the mount would work, but I couldn’t see any of the files or folders below the share. (This is with Ubuntu 10.04 Lucid Lynx.)

Fortunately, some other consultants working on the same project had the same problem, and they found a work-around. The work-around was to connect to the underlying server and folder, rather than through the DFS root.

As my position with this client has evolved, I’ve needed to get to other folders on their file server, and I’ve occasionally had problems because I didn’t know the underlying server and folder I needed to get to. So I continued to work on the problem. I think I’ve found the solution.

I already had the keyutils package installed. You’ll need it:

sudo apt-get install keyutils

Then I added the following two lines to /etc/request-key.conf:

create cifs.spnego /usr/sbin/cifs.upcall %k %d
create      dns_resolver /usr/sbin/cifs.upcall %k

Now I can connect to the DFS root if I use a mount command in a Terminal window. sudo mount -t cifs --verbose -o user=my\_domain/my\_user\_id //my\_server/my\_share /mnt
It still doesn't work if I try to connect to the share with Nautilus. 
(A quick check of a VM of 11.04 alpha 2 that I had lying around shows the above two lines are already in /etc/request-key.conf.)
I haven't been using the fix for a long time, yet, so I don't know if it's the complete solution. I've noticed so far that sometimes Nautilus times out and doesn't get the file and folder list from the share. When I refresh the view in Nautilus it works fine. One of the key hints to find the solution was this text in my dmesg log: [1]: http://technopragmatica.blogspot.com/2011/03/debugging-windows-shares-and-samba.html

Managing Music on an SD Card for Nintendo DS

I wanted to manage music on an SD card, as that’s the way a Nintendo DS gets its music. I wanted my son to have his music on his DS so he didn’t have to keep track of and charge an MP3 player and a DS.

First, Rhythmbox on Ubuntu 10.04 wouldn’t recognize the SD card. Fortunately, I’d stumbled across the solution to that a few weeks ago: put a file called “.is_audio_player” in the root of the SD card.

However, it still wouldn’t copy m4a files over. The DS only plays m4a files, not mp3. I discovered that you can actually put content in the .is_audio_player file to control the behaviour of Rhythmbox. It was still hard to figure out what to put in, but finally I looked up what Rhythmbox uses to manage an iPod, and put this in the .is_audio_player file:

folder\_depth=99  
output\_formats=audio/mpeg,audio/aac,audio/x-wav,audio/x-aiff
Configuring Bacula Tray Monitor on Ubuntu

I use Bacula to back up my servers and desktop/laptop computers. It’s always bugged me that I didn’t have a little icon on my Ubuntu desktop showing the status of the backup: whether it was running or not and some indication of progress. Most backup systems have this. In Bacula it’s called the tray monitor. The configuration file documentation seemed straightforward, but it took a lot of fiddling to get it right.

I think I have a fairly typical situation:

  • A backup server with a direct attached backup storage device (in my case, two: a USB-connected 1 TB hard drive, and a DAT-72 tape drive)
  • Several clients being backed up on a regular schedule
  • One client is the laptop I use as my normal workstation. This is the one I want to put the tray monitor on
  • I'm already successfully backing up this configuration, so all my passwords in my Bacula configuration files are correct, and all my firewalls are configured to allow the backup to work
  • The laptop and the backup server are both running Ubuntu 10.04

Here’s what I did to get the tray monitor to work (read my notes below before you start cutting and pasting the following into your configuration):

  1. I installed the tray monitor software on my laptop:
    2. `sudo apt-get install bacula-traymonitor`
  2. On my laptop I changed the tray monitor configuration file (`/etc/bacula/tray-monitor.conf`) to look like this:
    3. `Monitor {
Name = backup02-mon  Password = "Monitor-Password"  RefreshInterval = 5
seconds}Client {  Name = pacal-mon  Address =
pacal.pender.jadesystems.ca  FDPort = 9102  Password =
"Monitor-Password"}`
  3. Still on the laptop, I added the following to the file daemon, aka backup client, configuration file (`/etc/bacula/bacula-fd.conf`):
    4. `# Restricted Director, used by
tray-monitor to get the#   status of the file daemonDirector {  Name =
backup02-mon  Password = "Monitor-Password"  Monitor = yes}`
  4. I restarted the file daemon on the laptop (don't forget this or you'll confuse yourself horribly):
    5. `sudo service bacula-fd
restart`
  5. On the backup server, I added the following to the director configuration file (`/etc/bacula/bacula-dir.conf`):
    6. `# Restricted console
used by tray-monitor to get the status of the
director`
    `Console {`
    `  Name =
backup02-mon`
    `  Password =
"Monitor-Password"`
    `  CommandACL = status,
.status`
    `}`
  6. Finally, I reloaded the configuration file on the backup server:
    7. `sudo bconsole reload
exit `
  7. Now all I had to do is start the tray monitor. The command line is:
    8. `bacula-tray-monitor -c
/etc/bacula/tray-monitor.conf`

Then I made a menu item for it. I put it in Applications-> System Tools.

  1. Select System-> Preferences-> Main Menu
  2. Select "System Tools" on the left side of the window
  3. Click on the "New Item" button on the right side of the window
  4. Fill in the "Name:" box with "Bacula Tray Monitor" and the "Command:" box with the command line above
  5. Click "OK"
  6. Click "Close" in the "Main Menu" window

Notes:

  • I used a separate password specifically for the monitor. The tray monitor's configuration file has to be readable by an ordinary user without special privileges. So anyone can see the password. Don't use the same password for the monitor as you use for the director or the file daemons, or you'll be making it easy for anyone who gets access to your computer to read all the files on your network.
  • You have to change to above bits of configuration file to match your particular configuration. Change: "laptop.example.com" to the fully qualified domain name of the computer on which you're installing the tray monitor. Change "Monitor-Password" to something else more secure that everyone who reads this blog doesn't know about. 
  • "backup02-mon" and "laptop-mon" are both names you can change to be anything you want them to be. In my case, "backup02-mon" means the monitor on the backup server (hostname: backup02), and "laptop-mon" means the monitor on the laptop (hostname: laptop)

Google Chrome, Ubuntu, and Cisco AnyConnect

I need to use Cisco’s AnyConnect VPN client. It’s worked quite well with FireFox on Ubuntu, although I had to forgo the upgrade to 9.10 because the VPN client wouldn’t work with the kernels that came with 9.10. (That wasn’t the only reason I didn’t go to 9.10, so I wasn’t really bothered by it.)

I’ve been using Google Chrome for the last few weeks instead of FireFox. It is noticeably faster on my Lenovo x300. Going back to FireFox seems excruciatingly slow. I decided to try Chrome with the Cisco VPN client. It’s not officially supported, but both FireFox and Chrome are supposed to support standards, so what could be the problem?

It worked on my Lenovo with Ubuntu 10.04, but when I tried it on my netbook with Ubuntu Netbook Remix 10.04, it didn’t work. It would get to the point where the client is supposed to actually start, and then nothing would happen.

I finally noticed that on the Lenovo, I had the IcedTea plugin installed, whereas on the netbook I was trying to do exactly what was supported by Cisco (Sun Java and some fiddling to get the plugin working). So I installed IcedTea on the netbook, and it worked just fine.

To install IcedTea, start System-> Adminstration-> Synaptic Package Manager, enter your password, then put “icedtea” in the “Search” field. Right click on “icedtea6-plugin”, select “Mark for installation” and then click on the “Apply” button. Or, if you like the Terminal, type “sudo apt-get install icedtea6-plugin” in a terminal.

(Update for Ubuntu 11.04: the package to install is called “icedtea-plugin” now. No version number.)

It’s always fun when you try to do something exactly by the book and it doesn’t work, and then you do it the way you think should work, and it does.

Unfortunately, Exchange 2010 Outlook Web Access doesn’t support Chrome, so I’m forced to use the crippled “Lite” interface. So I’ll probably end up using FireFox anyway.
Web Trap Pages

I’m looking for an open source friendly accounting company to do my taxes and give me advice. The only reason I need a Windows box anymore is to do my accounting, since most accountants want their clients to use Windows-based software.

I typed something into Google to see if I could find an accounting firm that was open source friendly. I got one of those bogus pages that’s just scraped together from bits of the internet by a computer program. Sleaze-balls put up sites like this to try to get you to land there from a search and then click on a link, generating ad revenue for the sleaze-ball.

The thing was, it took me a few moments to realize the page for what it was. It almost looked like a real site dedicated to open source accounting software. I thought, “wow, this sleaze-ball software is getting pretty good.”

The I realized that it could also be that so many sites on the Internet are still so bad, that a computer can do as good a job as a person.

(Is this a variant of the Turing Test?)

CFOs: Use the Cloud Now

It occurred to me that there’s an easy way for CFOs and CEOs to use the cloud right now, without waiting for the IT department to touch a single piece of equipment. Here’s how:

Ask your IT department how many servers and how much data you have. (Ask how much data is actually being used, not how much capacity you have.) Then, go to Amazon’s site for cloud services and calculate how much it would cost to host that on Amazon. Finally, call in the CIO and ask her why your IT infrastructure budget is a lot higher than what it would cost to host on Amazon. It will be. You’re asking for the whole infrastructure budget, not just the cost of the equipment.

For example, suppose you have 460 Windows servers and 200 TBs of data. Amazon has different prices for different size servers, but start by assuming all your servers are what Amazon calls “large”. Your annual cost for that (October, 2010) is $2.5M. That includes 400 Mbps of network traffic into and out of the data centre 24 hours per day.

Ask your CIO out what services you’re getting that justify the premium you pay for having an in-house IT infrastructure department.

In reality, you’re CIO’s no dummy. She’ll be able to give you a pretty good story about why the IT infrastructure budget is so much. That’s when you can use an independent IT consultant who’s not owned by a company selling the infrastructure that drives up your costs. The real value comes when you start to use the benchmark cost of Amazon to identify and drive improvements in the value provided by your infrastructure department.

For example, when your CIO is talking about the services she provides, ask her when she’s going to offer servers that can be spun up by a user, through a web site, with no intervention at all from the IT infrastructure group, like on Amazon? Or when the business will be able to downsize how much it’s paying if it discovers that it doesn’t need a large server, like on Amazon? Or when you’ll start paying only for the data storage you’re using, and not for a bunch of empty disk that you had to buy for “future growth”, like on Amazon?

And that’s how to use the cloud without changing one piece of technology.

Terry Fox Run

I like the web site the Terry Fox Foundation has put together for their annual school run to raise funds for cancer research. It lets people donate on-line, of course. Much more interesting is that it lets kids collect and create their own content – photos and videos – and post them on their own page, along with a graph showing how close to reaching their fund-raising goal they are.

My son Marc got right into making videos for it. For the Foundation, it gets kids thinking and talking about Terry Fox and the importance of cancer research. For the kids, it gets them producing content for the web. The future belongs to those who produce content. (Those of us who produce the technology will be like the guys today who keep the mainframes running.)

Shameless commercial: You can contribute to cancer research by supporting Marc’s run here.

The Cost of Storage: Reality Check

A friend pointed me at this awesome blog post from Backblaze, who sell cloud storage: Petabytes on a budget: How to build cheap cloud storage | Backblaze Blog. They build their own storage boxes based on a commodity motherboard running Linux, and standard open source software.

Can't Run VMWare Server 2 Management Interface

I filled the disk on my VMWare Server 2 host, which caused all sorts of grief. Part of the grief was that I couldn’t get to the management interface at https://vmhost:8333/ui. I solved that problem by killing the VMWare hostd process (after freeing up some space on the disk):  
<ol><li>Look up the process ID: ps -ea grep hostd</li><li>Kill the process: sudo kill pid </li><li>Remove the old lock file: sudo rm /var/run/vmware/vmware-hostd.PID</li><li>Restart VMWare management: sudo /etc/init.d/vmware-mgmt restart </li></ol>

Why Can't We All Be Nice to Each Other

Wouldn’t technical forums, technical blogs, etc. be nicer to read if people restricted their value judgements and opinions to their own behaviour, rather than other people’s behaviour? Doing so might eliminate a lot of unnecessary flaming.

To be really clear, I’m not saying there’s no place for opinions on the Internet. I’m just saying technical forums aren’t the place for me to express my opinions about what someone else is doing. If someone wants help with an old version of the Linux kernel, I should either help or shut up. There’s no need for me to give my own opinions on the wisdom of using old kernels.

Archive