Easy NAT

December 15th, 2009

This is the easy way to give virtual machines access to an external network using iptables.

Warning this is very open and probably shouldnt be used in a production environment.

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -j MASQUERADE

Arch Linux

December 4th, 2009

So I’ve moved to Arch,
I think this will be the end of my distro hopping, arch can give me everything I need, and with the rolling release it means I never need to upgrade, although I do like to start from scratch every now and again(i keep a very messy home directory).

Check it out. Dont forget to check out the best feature, AUR, similar to opensuse’s build service, but way better.

Beware that the installer is basic, you need to know your way around linux to be able to do anything remotly advanced (raid or LVM).

I’m going to blog more

December 3rd, 2009

I haven’t been blogging as much as i’d like to. To change this i’m using this cool blogging client called “charm”
I hope this will make it easier for me to blog more. I have lots of useful stuff to say!

Testing QTM

December 2nd, 2009

Just testing QTM, Now using charm

Python winbind/libwbclient module

November 13th, 2009

I’ve created a python ctypes-based module for interfacing with samba libwbclient, using ctypes means that it doesn’t require compilation, but this does rely on the ABI be compatible between versions of libwbclient, if you notice strange behavior or random segfaults, contact me.

Its tested on Linux but should in theory work on solaris, or any OS with python ctypes and samba 3.2.

Overview of the class:

class WBClient(__builtin__.object)

Class that interfaces with libwbclient via ctypes.

Optionally pass in a domain name, if no domain name is supplied the

default domain is used(from libwbclient).

Methods defined here:

__init__(self, default_domain=None)

authenticate_user(self, username, password, domain=None)

Authenticates a user

If the winbind seperator is in the username False is returned

This means username\password doesnt work, one must explicitly give

the domain as the 3rd argument if not authenticating off the default domain

Returns the full username in the form of Domain\Username (or a different winbind separator) if successful, None if not.

change_user_password(self, username, oldpw, newpw)

Change user password, (Working with samba 3.4)

get_display_name(self, username, domain=None)

Gets the display name of a user/group

get_group_membership(self, username, domain=None)

This function looks up the group membership of a user,

Returns a list if successful, None if not

get_sid(self, name, domain=None)

Get the SID string of a user/group/machine

list_groups(self, domain=None)

Lists the groups in a domain

list_users(self, domain=None)

Lists the users in a domain

lookup_domain_controller(self, domain=None)

Lookup domain controller for a domain(Could not get to work)


(re)loads Interface details, winbind separator etc

resolve_wins_by_ip(self, ip)

Resolve an IP to a Netbios name

resolve_wins_by_name(self, name)

Resolve a Netbios name to an IP.

Get your copy from http://dmarkey.com/svn/winbind

Using an OpenLDAP directory for Thunderbird address book lookups

March 13th, 2009

I wanted thunderbird to be able to look up addresses in my OpenLDAP directory. It worked out of the box somewhat using the standard inetorgperson attributes. But i wanted to map some of my POSIX attributes so Thunderbird would recognize them and therefore there would be more information in the address book entry.

Here is a table of ldap attributes thunderbird is interested in.


This is based on a less than perfect schema that mozilla came up with.

Anyway, Thunderbird already gave me the First name(givenName), lastname(sn), displayname(cn), and email(mail) bits from each address book entry, but i wanted it to fill in the Nickname from the POSIX gecos attribute(It usually contains a little more information than just the name), so this is what had to be done on the OpenLDAP side

my DIT for this example is dc=example,dc=com and my users entries will be in ou=user

First i had to download and install the mozilla LDAP schema  from https://wiki.mozilla.org/MailNews:Mozilla_LDAP_Address_Book_Schema

I had to then define a new “relay” database at the botton of my slapd.conf, it looks something like this:

database                relay
suffix                  “dc=addresses”
relay                   “ou=user,dc=example,dc=com”
overlay                 rwm
rwm-suffixmassage       “ou=user,dc=example,dc=com
map attribute mozillaNickname gecos
map attribute mail *
map attribute uid *
map attribute sn *
map attribute givenname *
map attribute cn *
map attribute *

This will create a second virtual DIT called dc=addresses which will use the “real” ldap directory(ou=user,dc=example,dc=com) as a back-end. This will map the gecos to the mozilla nickname and it will now appear in the users address book entry in thunderbird, it also blocks all information except the bits that are needed like displayname, cn, givenname, sn. It would probably be advisable to apply some ACLs to this aswell just incase.

This is only an example. If you have other attributes that might fit into an address book entry then you can map them to the mozilla atrributes.

Nagios SunRay Plugin

March 4th, 2009

I was looking around for a nagios plugin to monitor our sunray servers where I work and I couldn’t find any. So I cooked my own. check_sunray

It’s basically just a wrapper around utwho.

The mandatory arguments for the plugin are -w and -c. -w is the warning threshold for the amount of sunray sessions and -c is the critical threshold for the amount of sunray sessions.

By default it counts all logged-in sunray sessions(but not necessarily active), i.e. the output of utwho with no arguments, with the -o option it only counts active sunray sessions(eq to utwho -c) and -a counts all sessions, even non logged-in ones (eq to utwho -a)

I use nrpe to monitor my remote sunray servers so this is the definition in nrpe.conf:

command[check_sunray]=/opt/csw/libexec/nagios-plugins/check_sunray -w 10 -c 20 -o

This will raise a warning alert if the amount of active sunray sessions goes over 10 and a critical alert if the amount of active sunray sessions goes over 20.

This has only been tested with SRSS 4.1 on solaris but im pretty sure it’ll work with linux SRSS.

If anyone has any other ideas on how to monitor a sunray server leave me a comment.

Poor Xorg performance on OpenSuse 11.1

January 8th, 2009

I upgraded my opensuse 11 installation on my laptop (Dell XPS 1330) to opensuse 11.1 and I notices straight away that my 2d graphics performance was _abysmal_.

The gfx card on my laptop is Intel Corporation Mobile GM965/GL960 using the xorg intel driver.

Things like scrolling in gmail and scrolling man pages in konsole and 2d screen savers all went to a crawl and the driver kept on crashing the machine, I tried to tweak different things in xorg.conf but nothing helped.

I put up with it for a few weeks but today I got fed up and reverted to 11.0, now the performance is back to acceptible levels.

Because of this i’ve been disappointed with the 11.1 release. Luckily from a Kde 3.5 point of view there is little difference between 11.0 ans 11.1.

Hopefully this issue will be solved and a patch released. Actually come to think of it I really should raise a bug.

If anyone else has experienced issues with the intel driver on OpenSuse 11.1 or xorg 7.4 please leave a comment describing your problems.

Ubuntu Hardy Xen DomU installer

December 4th, 2008

So I learned all about ubuntu preseed when i was re-jigging the intrepid installer, so i was able to automate all the extra stuff you had to do at the end on a hardy install described in one of my earlier posts.

Note that this is a amd64 network install kernel/initrd only, so make sure you have fast network access. My last Hardy kernel/initrd was used in conjunction with the CD iso. This one isnt.

This installer runs seamlessly, all you have to do is ignore the “unable to identify hard disk” error.



One thing to note is that the virtual hard disk has to be /dev/hda in order for the installer to work(grub wont install otherwise) so this is an example config:

memory = 500
name = “ubuntu-hardy”
vcpus = 1
disk = ['phy:/dev/xenvg/hardy,hda,w']
kernel = “/xen/hardy/vmlinuz”
ramdisk = “/xen//hardy/initrd”
vif  = [  ]
When the install is finished uncomment the pygrub line, and comment out the kernel/ramdisk lines.

The reason i decided to re-jig the hardy installer was that it is LTS and for virtual servers that might be a selling point.

Any questions let me know.

Many thinks to cjwatson on #ubuntu-installer for teaching me all about preseed.

Ubuntu Intrepid Xen DomU installer

December 4th, 2008

I’ve hacked the ubuntu intrepid(amd64 only) initrd so you can run the installer in a Xen DomU. No more debootstrap!

The only glitch is that the installer thinks that the xen block devices are part of a SATA array, when asked to activate the array select no.



Example config:

memory = 500
name = “intrepid”
vcpus = 1
disk = ['phy:/dev/xenvg/ubuntu-test,xvda,w']
kernel = “/xen/vmlinuz”
ramdisk = “/xen/initrd”
vif  = [ 'bridge=eth0']
#this is for your framebuffer if needed
#vfb         = ['type=vnc,vncunused=1,vncdisplay=0,vnclisten=,vncpasswd=password']

When the install is finished uncomment pygrub and comment out kernel and ramdisk and it should be fully functional. If you have any issues or comments please feel free.

Copyright © 2019 All Rights Reserved.
No computers were harmed in the 0.089 seconds it took to produce this page.