Thursday, January 9, 2014

Archlinux32 to USB

I've recently taken a liking to archlinux...can't say why.  Anyway, this is more of a how-to for myself so I can replicate the process....let's start.

Format and partition the usb drive (this process assumes that the drive you're working with is /dev/sdb based)

Create a partition (I'm lazy this time and using only 1 partition)
fdisk /dev/sdb
p <enter>(to check for existing partions) hit d and wipe the partion if it exists...just starting the drive over. beyond here.)
n <enter> (new)
p <enter> (primary)
1 <enter><enter><enter> (partition number then the sizes...just let it pick)
t <enter> (type)
83 <enter> (linux)
mkfs.ext4 -O ^has_journal /dev/sdb1 <enter>
tune2fs -o /dev/sdb1
 Mount the usb drive.
mount /dev/sdb1 /mnt
Install the system
pacstrap /mnt base
pacstrap /mnt lxde-common openbox gpicview libfm lxappearance lxappearance-obconf lxde-common lxde-common lxde-icon-theme lxdm lxinput lxlauncher lxmenu-data lxmusic lxpanel lxpolkit lxrandr lxsession lxshortcut lxtask lxterminal menu-cache openbox pcmanfm wireless_tools gvfs gvfs-smb gvfs-mtp gvfs-afc gvfs-gphoto2 gvfs-smb grub os-prober dialog wpa_supplicant
 Create the new fstab
genfstab -p /mnt >> /mnt/etc/fstab
arch-chroot /mnt
echo "usbarch32" >> /etc/hostname
ln -s /usr/share/zoneinfo/US/Central /etc/localtime
sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
sed -i 's/#ko_KR.UTF-8/ko_KR.UTF-8/' /etc/locale.gen
echo 'LANG="en_US.UTF-8"' >> /etc/locale.conf
Not sure how to quick replace this part without doniga n entire line replacement.  But in /etc/mkinitcpio.conf on the HOOKS line move the 'block' module right after udev.
mkinitcpio -p linux
Now I like grub so I'm going with grub (at the time of this writing it's 'grub-1:2.00....something.
pacman -Sy grub
grub-install --target=i386-pc --recheck --debug /dev/sdb
grub-install --target=i386-pc --force --recheck --debug /dev/sdb
umount -R /mnt

Another SSD writeup.

For those of you who don't have any linux tie ins with your ldap schema...a little present.
I will add more to this later...
net -kP search cn=<short hostname>

ldap_referrals = false
ldap_search_base = dc=domain,dc=example,dc=com
lcap_uri = ldap://
ldap_schema = AD
ldap_user_name = sAMAccountName

id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
krb5_renewable_lifetime = 150m
krb5_renew_interval = 10s
krb5_server =

ad_domain =
dns_discovery_domain =
dyndns_updates = false
dyndns_update_ptr = false
override_homedir = /home/%u
override_shell = /bin/bash
autofs_provider = none
hostid_provider = none
selinux_provider = none
sudo_provider = none
ldap_sasl_authid = host/<hostname>

services = nss, pam
config_file_version = 2

Friday, May 3, 2013

Raspberry Pi - Bluetooth Receiver, Analog Out

To start, this isn't one of my most clean writeups...I was in a hurry and I didn't want to forget what I had done.  I will test this and verify that it works unless somebody else beats me to it.

I never realized why pulseaudio would be necessary for this to work, and this is because (could be wrong) there isn't a way to map a virtual input device to an alsa device.  Pulseaudio takes care of this with the loopback module.

On to the Howto!

Beginning with a fresh install of rasbian to an SD card (download, dd, yadda yadda)

Install the packages needed for bluetooth and pulseaudio (it is ok to use it this way)

apt-get install bluez bluez-alsa pulseaudio pulseaudio-module-bluetooth

A new user will be added as well a a couple of groups. (pulse, pulse-access)
Add the pulse user to the input group as well as the audio and I guess the lp group

gpasswd -a pulse input
gpasswd -a pulse audio
gpasswd -a pulse lp and maybe plugdev also...probably not...

Bluetooth will already be started when it gets installed.
See which Bluetooth Adapter You have in your Pi and make sure it will work:

hciconfig hci0

I had to do some work with my bluetooth adapter, here's my lsusb output for the bluetooth device:
Bus 001 Device 007: ID 0a5c:2148 Broadcom Corp. BCM92046DG-CL1ROM Bluetooth 2.1 Adapter

First off, to get the bluetooth device to work I had to add a string to the '/boot/cmdline.txt'


This changes the speed of the usb port, not sure why I had to do that exactly, but my ioGear USB dongle did not want to work any other way.

I did something pretty ugly next and is typically frowned upon...don't care.  This isn't a normal server.
Modify the /etc/default/pulseaudio

gzip /etc/pulse/
cp -p /etc/pulse/ /etc/pulse/

I opened up the and commented out the stuff I knew I wasn't going to use like Jack or esound or the X11 stuff.  Here's what was left.

My /etc/pulse/ :

load-module module-device-restore
load-module module-stream-restore
load-module module-card-restore
load-module module-augment-properties
load-module module-udev-detect
load-module module-detect
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-gconf
load-module module-default-device-restore
load-module module-rescue-streams
load-module module-always-sink
load-module module-intended-roles
load-module module-suspend-on-idle
load-module module-console-kit
load-module module-systemd-login
load-module module-position-event-sounds
load-module module-role-cork
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-dbus-protocol
load-module module-switch-on-connect

My /etc/bluetooth/audio.conf

Before we begin bounce the bluetooth service once:

service bluetooth restart

Unfortunately I haven't found a way to do this without a little manual work yet, the pairing of the devices.
Set your phone or whatever in to discovery mode and do an hcitool scan to find your source MAC address, you'll need that for a few files that will need to be created.

echo "mode discoverable" >> /var/lib/bluetooth/<mac of dongle>/config

The do the following for all of the devices want to be able to stream to your pi:

echo "<the mac of device> <pincode of your choice>" >> /var/lib/bluetooth/<bluetooth dongle mac>/pincodes
echo "<same mac from previous> [all]" >> /var/lib/bluetooth/<bluetooth dongle mac>/trusts

I left the /etc/asound.conf as it is...seems to work just fine.

I think that was just about it for the configuration of the services, reboot to make a good majority of your changes take effect.

Try your pairing from your devices, they shouldn't prompt for a code and should be discoverable as headset device and connect right away.

You won't hear sound until you link the input to the output in pulseaudio, to do that....

pactl load-module module-loopback source=$(pactl list short | grep bluez_source|awk '{print $2}') sink=alsa_output.platform-bcm2835_AUD0.0.analog-stereo rate=44100 adjust_time=0

There is a way to automate this and I'll show how this works next.  I modified how to do this from looking at this url:

Thursday, May 2, 2013

Minecraft Oracle Java 1.7 Launcher

UPDATE!!  It's not as simple as this but it's a good start.  Need to figure out how to get the properties into the appbundler to disable certain opengl features. - 2013-5-8

So I don't like using Apple stuff very much but just have to...cause it's there.  The minecraft app from Mojang is for the Apple Java and well...I use Oracle JDK 1.7.blah.

Here's how to make a package that works with java.

Begin by grabbing the software package from and other software needed for this
Grab the latest appbundler jar file and the latest lwjgl package

Unzip all the zips (usually done by just double clicking from the finder)

Decompress the it so you can see the folder, as you'll need the files contained, 2 of them to be exact.

 Open up a terminal and validate that you are using the oracle java:
$ java -version
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b12)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)

$ mkdir -p ~/minecraftpkg/{dist,lib,pkg}
$ cd ~/minecraftpkg
$ cp ~/Downloads/ dist
$ cp ~/Downloads/ dist
$ cp ~/Downloads/appbundler* lib

Create a file called build.xml and put this inside of the file (I use vi)
<?xml version="1.0" encoding="UTF-8"?>
<project name="Minecraft" default="default" basedir=".">       
    <taskdef name="bundleapp" classname="" classpath="lib/appbundler-1.0.jar" />
     <target name="bundle-Minecraft">
            <bundleapp outputdirectory="pkg"
            identifier="com.Mojang Specifications.Minecraft.Minecraft"
            <classpath file="dist/MinecraftLauncher.jar" />

now run the following:
$ ant bundle-Minecraft
This should succeed without error and you will have a package in the pkg folder.

Shift-Clover-H to bring up your home directory navigate to the minecraftpkg/pkg folder and copy or move the Minecraft "app" to the Applications folder.

Run the application (will likely fail complaining about the lwjgl blah blah blah.)  The " ." at the end is intentional...please remember to use it.

$ cd ~/Library/Application\ Support/minecraft/bin
$ cp ~/Downloads/lwjgl*/jar/*.jar .
$ cp ~/Downloads/lwjgl-2.9.0/native/macosx/* .

With that said, fire up Mincraft and you're golden.

Wednesday, April 24, 2013

Aftershot Pro Plugins

As a die-hard Aftershot Pro user I was disappointed to discover that the plugins page has magically disappeared.  After looking around some of the DP User forums I ran across a link that still works and doesn't point back to the corel website.  For those who it is and to the date of this post, the plugins are still there.

Friday, April 12, 2013

iptables - A Little Discussion Piece.

I for one like to edit the firewalls using the CLI and not the file.  This stems off of some past issues with helper applications like shorewall where you restart the service and you get screwed because a rule was wrong and the remaining rule set doesn't complete.

A couple of reasons I like to use the CLI is you get to keep the stats, also when you do an iptables-save you get an updated time for the change in the /etc/.../iptables file.  You can argue that you can look at the time stamp of the file after your save but anybody could make a change to the file.  At least with the iptables-save I know when it happened.  A wonderful thing about modern versions of Iptables is that  Comments can be put into the rules themselves so I don't see any reason NOT to use the CLI.  I have other reasons I like to use the CLI but it's time for lunch here.

No matter how you edit the firewall rules, you HAVE to be careful what you do and how you use it.

Anyway, share your thoughts, which method do you prefer and why?

Common commands:
  iptables -vnL --line-numbers
  iptables -I <CHAIN> <line number>
  iptables -A <CHAIN> ...  <-Drop a command at the end of a chain
  iptables -D <CHAIN> <line number>

Monday, December 3, 2012

SSSD just keeps getting better! - Active Directory Authentication for Linux

I might just be done tinkering with it now, it now supplies the performance I needed.
If you don't use sssd yet I'll make the reccomendation to do so
I now have a config that works a MILLION times better than it has since I started using it.
The config has been shortened as most of the defaults now match most of the ldap schema that we use.  Still had to use net ads -kP search cn="{group or user here}"  and do some matching but this is super improved on performance.  I did a little something at the bottom, whether or not it's necessary or not I don't know, but from what I read, it wasn't something available when I started working with it.

You'll still want to do an authconfig --enablesssd --enablesssdauth --enablemkhomedir however.
My sssd.conf now looks like the following:

config_file_version = 2
debug_level = 0x0270
sbus_timeout = 30
services = nss, pam

debug_level = 0x0270
filter_users = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
filter_groups = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

debug_level = 0x0270
pam_verbosity = 3

id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_search_base = dc=example,dc=com
ldap_schema = rfc2307bis
ldap_user_object_class = user
ldap_user_member_of = memberOf
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_uuid = objectGUID
ldap_user_modify_timestamp = whenChanged
ldap_user_ad_account_expires = userAccountControl
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = True
ldap_group_object_class = group
ldap_group_uuid = objectGUID
ldap_group_modify_timestamp = whenChanged
ldap_sasl_mech = GSSAPI
krb5_realm = INTRA.INFOUSA.COM
ldap_account_expire_policy = ad
krb5_ccachedir = /var/tmp
# DISABLED BY DEFAULT - krb5_store_password_if_offline = true
ldap_referrals = False
enumerate = True
ldap_user_search_base = dc=example,dc=com?sub?(&(objectclass=user)(uidNumber=*))
ldap_group_search_base = dc=example,dc=com?sub?(&(objectclass=group)(gidNumber=*))

The krb5.conf has been modified some since I began also.

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

default_realm = EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

      #Section reserved for kdc/admin server listings  We're doing DNS Lookups since we have SRV records for that.

[domain_realm] = EXAMPLE.COM = EXAMPLE.COM