Originally published at ScummBlog. You can comment here or there.

I am here, people, to save you from LDAP. Unless you have to use it, in which case you are already lost. Like me. But here are some pro tips to make connecting clients a bit easier!

1) TLS in Ubuntu is seriously broken. Like, terribly broken. GnuTLS looks like it’s to blame, and from the bugs that I’ve looked at nobody wants to actually acknowledge that the problem belongs to them. So you’d think that would nix using LDAP over a secure connection, right? Wrong! You can use stunnel to create a SSL-encrypted listener on port 636 (LDAP’s secure port) and have it dump the incoming connection to 389 (the un-encrypted local listening port). This lets your clients use LDAPS:// properly. Don’t ask me why this works, but I’m damned glad it does.

2) Just apt-get installing libnss-ldap on a client doesn’t bring in everything you’ll need for proper LDAP logins. You’ll also want to make sure that libpam-modules is already installed (for pam_mkhomedir.so) and nscd (Name Service Cache Daemon) otherwise you’ll run into lovely “I have no name!” issues on login.

3) Some handy things you’ll want to check in /etc/ldap.conf: make sure the port is 636, ssl is on and tls_checkpeer is no.

4) Make a local recovery account with a *really* secure password, and *DON’T* disable local login in PAM, otherwise you are SOL if LDAP ever breaks.

So there you go, somewhat painless LDAP authentication! The TLS thing alone resulted in a tonne of swearing yesterday, before I found the myriad of bugs filed against it.

Originally published at ScummBlog. You can comment here or there.

As hinted in the last post, Scummbox.org is running some new services.

To facilitate remote access to my network, OpenVPN has been installed. It was a cinch to install, and through some trial and error I have gotten additional routes passed through to access my home network range from any remote location.

Also installed was TinyProxy. This allows users connected to the VPN to (transparently!) access sites that may be blocked at their location.

A final new service running is GnuMP3d… A remote playlist/streaming client that is tucked behind the VPN to prevent rampant and unauthorized usage.

On the workstation front, I’ve gone from running Kubuntu to Windows Vista to Windows 7 Beta/RC. Windows 7 is running extremely well and has offered me no problems as of yet. A side effect of going back to Windows is that I’m playing World of Warcraft again, as well as EVE Online. And what’s the side effects of playing games on a PC?

Hardware upgrades. The workstation has gotten a new PCIe 2.0 ATI video card. A 4870 HD with 1GB of GDDR5, to be exact. And with that also came two 22″ widescreen monitors running at 1680×1050 for an amazing amount of desktop real estate.

It has been a frenzy of upgrades and updates and taking chances on new software, but it’s paying off big time!

Originally published at ScummBlog. You can comment here or there.

As hinted in the last post, Scummbox.org is running some new services.

To facilitate remote access to my network, OpenVPN has been installed. It was a cinch to install, and through some trial and error I have gotten additional routes passed through to access my home network range from any remote location.

Also installed was TinyProxy. This allows users connected to the VPN to (transparently!) access sites that may be blocked at their location.

A final new service running is GnuMP3d… A remote playlist/streaming client that is tucked behind the VPN to prevent rampant and unauthorized usage.

On the workstation front, I’ve gone from running Kubuntu to Windows Vista to Windows 7 Beta/RC. Windows 7 is running extremely well and has offered me no problems as of yet. A side effect of going back to Windows is that I’m playing World of Warcraft again, as well as EVE Online. And what’s the side effects of playing games on a PC?

Hardware upgrades. The workstation has gotten a new PCIe 2.0 ATI video card. A 4870 HD with 1GB of GDDR5, to be exact. And with that also came two 22″ widescreen monitors running at 1680×1050 for an amazing amount of desktop real estate.

It has been a frenzy of upgrades and updates and taking chances on new software, but it’s paying off big time!

Originally published at ScummBlog. You can comment here or there.

My network at home has been dependent on a Linksys Router with a 4 port switch built in for connectivity. It is the BEFSX41 Router with VPN Endpoint, and it has served us well for over two years.

Recently at my (now ex-) job, we’ve started testing IPv6 deployment to end users. I am in this test pool, and sadly the router we have doesn’t support IPv6 in any way, shape or form.

Enter the Linksys WRT54G Wireless G Router (Version 3, for those that care) and OpenWRT. OpenWRT was made possible by Linksys violating the GPL by using a linux distro as the OS on the WRT54G and not releasing the source code. Once the dust had cleared on that debacle, people could write and install their own OSes for the device.

OpenWRT is very easy to install (just flash the proper image to your router) and is package based, for easy expandability. Among those packages are IPv6 stack and announcement packages. It is theoretically perfect for my needs!

Now, you might be wondering why I put “theoretically” in there. The one problem with IPv6 being so bleeding-edge is that nobody has a tutorial on how to configure OpenWRT to handle a Native IPv6 connection. Plenty of information on tunneling IPv6 over IPv4 connections, but bupkis on what I need. If I figure out the proper way to configure it, I’ll be sure to post it here.

A couple quick hints about getting Wireless connections to work properly with the stock OpenWRT install. First: change the default wireless channel from 6 to Auto… Channel 6 is a popular one for many 2.4ghz cordless phones. Second: If you are going to use some sort of WEP security, be sure to install the nas package. You will have no end of problems without it.

I’m quite impressed with OpenWRT thus far… and the sheer number of packages available for it is just staggering. There is Asterisk (VOIP PBX software) packages, HTTP server packages, RADIUS (authentication) packages… too many to list.

If you’re feeling adventurous, and not afraid of potentially “bricking” a router, I’d highly recommend checking out OpenWRT

Originally published at ScummBlog. You can comment here or there.

My network at home has been dependent on a Linksys Router with a 4 port switch built in for connectivity. It is the BEFSX41 Router with VPN Endpoint, and it has served us well for over two years.

Recently at my (now ex-) job, we’ve started testing IPv6 deployment to end users. I am in this test pool, and sadly the router we have doesn’t support IPv6 in any way, shape or form.

Enter the Linksys WRT54G Wireless G Router (Version 3, for those that care) and OpenWRT. OpenWRT was made possible by Linksys violating the GPL by using a linux distro as the OS on the WRT54G and not releasing the source code. Once the dust had cleared on that debacle, people could write and install their own OSes for the device.

OpenWRT is very easy to install (just flash the proper image to your router) and is package based, for easy expandability. Among those packages are IPv6 stack and announcement packages. It is theoretically perfect for my needs!

Now, you might be wondering why I put “theoretically” in there. The one problem with IPv6 being so bleeding-edge is that nobody has a tutorial on how to configure OpenWRT to handle a Native IPv6 connection. Plenty of information on tunneling IPv6 over IPv4 connections, but bupkis on what I need. If I figure out the proper way to configure it, I’ll be sure to post it here.

A couple quick hints about getting Wireless connections to work properly with the stock OpenWRT install. First: change the default wireless channel from 6 to Auto… Channel 6 is a popular one for many 2.4ghz cordless phones. Second: If you are going to use some sort of WEP security, be sure to install the nas package. You will have no end of problems without it.

I’m quite impressed with OpenWRT thus far… and the sheer number of packages available for it is just staggering. There is Asterisk (VOIP PBX software) packages, HTTP server packages, RADIUS (authentication) packages… too many to list.

If you’re feeling adventurous, and not afraid of potentially “bricking” a router, I’d highly recommend checking out OpenWRT

scumm_boy: (Default)
( Jul. 4th, 2006 09:35 pm)

Originally published at ScummBlog. You can comment here or there.

The TV Out computer in the living room has been slightly re-purposed! There is now a 15″ LCD display in the dining room with a keyboard and mouse hooked up to it for using the internet at readable resolutions! Quite handy!

Our house is getting nerdier and nerdier!

scumm_boy: (Default)
( Jul. 4th, 2006 09:35 pm)

Originally published at ScummBlog. You can comment here or there.

The TV Out computer in the living room has been slightly re-purposed! There is now a 15″ LCD display in the dining room with a keyboard and mouse hooked up to it for using the internet at readable resolutions! Quite handy!

Our house is getting nerdier and nerdier!

.

Syndicate

RSS Atom

Most Popular Tags

Powered by Dreamwidth Studios

Style Credit

Expand Cut Tags

No cut tags