LXC on Linux Mint Debian Wheezy

Looking into installing OpenVZ on Linux Mint Debian (Wheezy), I found there was no OpenVZ kernel available in the Linux 3.0 kernel series. Instead, lxc is available and is built into the mainline kernel.

lxc is based on cgroups (Control Groups) but is not as well documented as OpenVZ.

After installing lxc control package from Linux Mint repositories, it was at version 7.3.0. Attempting to start a virtual system produced an error: "configuration path not found".

The solution was to use Synaptic and add the Official Debian Testing repository, and reload. This enabled the update of lxc to 7.5-9, which fixes the issue.

Create & mount the cgroup (see elsewhere).
Create a new debian container:

lxc-create -n test1 -f lxc.test1 -t debian

In the new container set up the IP address, route, DNS and install tools:

test1# ifconfig eth0 192.168.30.100
test1# ip route add default via 192.168.30.1
test1# echo nameserver 8.8.8.8 > /etc/resolv.conf
test1# apt-get install nano mc pdmenu
test1# apt-get install ping

Virtual Machine Manager unable to open a connection

Error message on Mint Debian Wheezy (Testing) trying to start Virtual Machine Manager for kvm:
"Unable to open connection..."

To resolve the issue add the logged in user to the libvirt group. No reboot required.

Debian Wheezy on Apple MacBook Pro - nvidia driver

Running Debian Wheezy (Testing) on a 2011 MacBook Pro, using the Nouveau driver, the aluminium chassis always seemed hotter compared when it was booted into OSX. Installing and converting to the Nvidia driver fixed this issue.

To change from Nouveau to Nvidia driver:
1. Enable non-free repository
2. Install nvidia-xconfig - this commandline tool configures your xorg.conf for you.
3. Install nvidia-settings - this GUI tool displays information about the driver to confirm the nvidia driver is loaded.
4. Install nvidia-glx - this installs the Nvidia proprietry driver, xserver-xorg-video-nvidia, once installed nouveau will be black-listed.

Note:
* The following error is displayed if you have not configured the xorg.conf to use nvidia driver:
"Unable to load module nv"

Vista Home Disk Image Backup

Vista Home Premium doesn't support Full Image backups with the supplied backup tool.  However, you can use Disk2VHD tool from Sysinternals to manually create a Virtual PC VHD image.  This is slightly different from the MS PC Backup image, but should be able to read it using Gizmo Central, or Virtual PC & Hyper-V mount tools.

Note:
* Disk2VHD is slowwww..... (20GB took approx. 1hr)

Auto-proxy configuration for Safari on OSX Snow Leopard

To get proxy configuration working for Safari on OSX Snow Leopard, utilising WPAD Auto-proxy and Squid proxy on a Debian server:

1. Install Squid - by default Squid listens on port 3128, test your Squid config by manually configuring the proxy settings in a client.

2. Install Apache (or your preferred web server) - add the mime type for ".dat" files:
/etc/apache2/httpd.conf:
 AddType application/x-ns-proxy-autoconfig .dat 

3. Create the WPAD file - see here for a basic example:
http://wiki.debian.org/ProxyAutodetectConf

4. Create the DNS record for wpad.mydomain.local
(Hint: if using Bind9 you must also create the reverse-DNS (ptr) record)

At this stage auto-proxy should be working for other browsers, like IE on Windows.  But OSX Snow Leopard uses mDNS to resolve wpad.local (maybe this is just on .local domains?) - this requires avahi-daemon to be installed and functioning.

5. aptitude install avahi-daemon avahi-discover libnss-mdns avahi-utils
 - this provides the avahi implementation of mDNS.  Use tools to browse the existing mDNS network services:
 avahi-browse --all

6. Now the Debian Apache server needs to advertise it's hostname as wpad:
/etc/avahi/avahi-daemon.conf:
 host-name=wpad


/etc/init.d/avahi-daemon restart
avahi-browse --all

You can use Wireshark to trace and confirm the DNS, mDNS & HTTP transactions.  Install squidview on the Debian server to observe proxy traffic.

grub rescue - missing symbol divmod64

Scenario: Macbook Pro with 4 partitions, multibooting OSX Snow Leopard, Lion & Debian Wheezy (LMDE).  After re-partitoning, installing Lion, updating reFit, and possibly updating LMDE, grub-pc 1.99 would error with "missing symbol: divmod64_full"; and drop to grub rescue prompt.  Executing "insmod normal" reproduces the error message.

Solution: Fortunately reFit would allow Grub to boot off the #3 partition, where Lion was installed (where grub was initially installed??).  Eventually found a recommendation for the following which fixed the issue:

# grub-install --no-floppy --recheck --force /dev/sda4

I believe it is the recheck switch which fixes the issue by forcing the disk map to be re-probed.

Access runtime - "There was an error executing the command"

Trying to use an Access database with the Access Runtime redistributable (2007 + 2010), all switchboard items would give the error message "There was an error executing the command".  The database was provided by an ODBC link to MS SQL Express.  The problem occurs when the ODBC link is defined as a System DSN, adding the same ODBC link as a User DSN solved the issue.

pfSense IPSEC issues

If you have problems getting an IPSEC tunnel to connect using pfSense at one end check the firewall rules.

On the WAN interface there should be rules to pass:
 ISAKMP (UDP port 500)
 NAT-T (UDP port 4500)

This will allow the VPN to connect, additional firewall rules on the IPSEC interface may be required to allow traffic, e.g.:
 Pass TCP * *
 Pass UDP * *
 Pass ICMP * *

Also observed was a problem where the tunnel (Draytek 2700 endpoint) would not communicate until any request was initiated from the pfSense end.  To work around this the following command is added after installing the CRON module:
 ping -c 50 192.168.0.1
(where 192.168.0.1 is the far-end gateway)

eBox LDAP access problem

Using eBox 1.2.3, LDAP is not accessible except using 127.0.0.1.
To make LDAP on port 389 accessible from the LAN it is necessary to edit /etc/default/slapd
as follows, replacing 127.0.0.1 with 0.0.0.0:


# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_SERVICES="ldap://0.0.0.0:389/ ldapi://%2fvar%2frun%2fslapd%2fldapi/????x-mod=0777"

Note that you can add the individual IP address(es) instead of 0.0.0.0 (listen all), but it is probably better to control access through a firewall.

Debian Linux PXE installation with low memory no HDD

Attempting to install Debian Linux on a VMware guest with low memory (64MB) using PXE boot the installation fails to detect any hard drives.

Tried LSI, Buslogic & IDE drives - all same problem.  Tried increasing to 256MB - same problem.

Needed to attach the Netinst.iso file to the VMware guest and boot from "CD", hard drives are detected as expected.

ZeroAccess trojan rootkit virus removal

ZeroAccess rootkit shows as a process in task manager that is a series of numbers with a colon in the middle, e.g. 1784223:3221239.exe, which cannot be killed.

ESET have a tool that detects and kills the process - requires a reboot.
Kaspersky have the TDSSKiller tool that detects the infection as Sirefef trojan.
MBAM and MSSE are halted when attempting to run a scan.
The trojan/rootkit is active whenever networking is active.
It continues to re-infect via driver files.

To clean the infection use a boot disk such as Parted Magic that contains Clamav - update the clamav pattern files then run a command such as:
 clamscan -r -i /medica/sda1/
(-r = recursive, -i = show infected only)
Delete or overwrite the files as required.

IE8 Remote Desktop ActiveX issue

Fix: need to re-register the mstscax.dll:

%windir%\system32\regsvr32 mstscax.dll


Ref: http://support.microsoft.com/kb/951607

Asus Eee PC Wake from Sleep problem

Asus EeePC 1101HA won't wake correctly from sleep or hibernated mode - the screen stays black and netbook is unresponsive.  Another sympton is an event log entry for Save Dump: bugcheck 0x1000008e (0xc0000005, ...)

Solution: this was caused by using the Intel US15 Poulsbo video driver - reinstalling the Asus supplied video driver fixed the issue.

OS X Snow Leopard sync calendar & contacts Exchange 2003

Davmail app acts as a proxy between client software and Exchange web access including 2003.

To sync iCal:

To sync Address Book:
Type = CardDav
Name = username
Server = localhost:1080
(allow a few minutes for contacts to sync)

GAL can also be searched:
Type = LDAP
Name = username
Server = localhost:1389

Autofs mount Samba shares on Linux Mint Debian Squeeze

There is a problem with autofs on Linux Mint Debian (Squeeze?) - the auto.smb file does not cater for the credentials file.  To fix you can download an updated auto.cifs file, see:
http://forums.fedoraforum.org/showthread.php?t=240811

Also edit the /etc/auto.master file to include the line:
/media/smb     /etc/auto.cifs  --ghost

----------
Error observed in /var/log/syslog before this file was corrected:
*Enter root's password

Linux get resolution in VNC/XRDP

Trying to get the resolution in a virtual display on Debian Squeeze, xrandr returns error:
 "extension missing on display"

Instead, use the xwininfo program:

width=`xwininfo -root | grep Width | awk '{ print $2}'`
height=`xwininfo -root | grep Height | awk '{ print $2}'`

Ref: http://www.debian-administration.org/articles/121

Asterisk GUI on Debian Squeeze

Installation of FreePBX has many dependencies and is a very involved install.  An alternative is to use Digium's Asterisk-GUI, which doesn't seem to install by default in Debian.

cd /usr/src
svn co http://svn.digium.com/svn/asterisk-gui/branches/2.0 asterisk-gui
cd asterisk-gui
./configure
make
make install
make checkconfig

*Need to fix http location:
mv /usr/share/asterisk/static-http /usr/share/asterisk/static-http_orig
ln -s /var/lib/asterisk-gui/static-http /usr/share/asterisk/static-http


*Need to enable Asterisk HTTP:
nano /etc/asterisk/http.conf
    -> enable, bind, enable static, etc.
nano /etc/asterisk/manager.conf
  [admin]
  secret=password
  read=system,call,log,verbose,command,agent,user,config,originate,read,write
  write=system,call,log,verbose,command,agent,user,config,originate,read,write

*Need to fix permissions on folders
  cd /var/lib
    chown asterisk asterisk -R
    chgrp asterisk asterisk -R

/etc/init.d/asterisk restart

http://localhost:8088/static/config/index.html
*password reset forced (hack /etc/asterisk/manager.conf & set to *not* "password" if necessary)

Internet Explorer (IE) can't access HTTPS websites

Occurred on a Terminal Server after copying user profiles after a migration.  Internet Explorer (IE7 & IE8) were unable to browse any SSL HTTPS website, "Unable to load the page", if logged in as an ordinary user.  Okay if logged in as a local administrator.

Displaying the local SBS CA certificate as the user also showed an error that the certificate could not be validated.

The cause of the problem was a registry permission on HKCU\Software\Policies\Microsoft
- because this is where Group Policy gets applied the user only has explicit Read access; because the profile had been copied the explicit permission on the registry was incorrect.  To fix use regedit to load the hive and add the correct user with Read access.

Access Runtime error: There was an error executing the command

Check that the ODBC link to database has been configured.

SBS 2003 shrink SBSMonitoring database

Execute the following commands to shrink the databases (suggest backing up beforehand):

osql -S "SERVER\SBSMONITORING" -E -Q"USE SBSMONITORING; DBCC SHRINKFILE (SBSMonitoring, 1)"


osql -S "SERVER\SBSMONITORING" -E -Q"USE SBSMONITORING; DBCC SHRINKFILE (SBSMonitoring_log, 1)"


osql -S "SERVER\SBSMONITORING" -E -Q"USE SBSMONITORING; DBCC SHRINKDATABASE (SBSMonitoring, 10)"