Personal tools
You are here: Home log installation notes on linux
Navigation
Log in


Forgot your password?
 
Document Actions

installation notes on linux

mostly it's log for the desktop/debian server

Contents

1   2006-03-14 install SquirrelMail on debian linux

squirrel mail allows email access through a web browser.

Suppose courier imap server is already installed. SquirrelMail gives a web access to the courier imap server.

Four packages to install:

  • squirrelmail
  • squirrelmail-locales
  • imapproxy, to save IMAP transactions
  • php4-pear, to store user preferences or address books in an SQL database

link squirrelmail's apache.conf to apache's directory: 'ln -s /etc/squirrelmail/apache.conf /etc/apache/conf.d/squirrelmail.conf'

add a rewrite rule in rewrite.conf: 'RewriteRule ^/squirrelmail/(.*) /usr/share/squirrelmail/$1 [l]'

Note:

  • SquirrelMail can't handle >1700 mails properly. It starts to display only a handful of newest emails then totally loses the position. 1700 is a guess. 1706 doesn't work. 1686 works.

2   2006-04-10 dynamically update terminal title

it's controlled by .bashrc

uncomment the part in ~/.bashrc surrounding:

PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'

So basically the terminal reads environmental variable to set title.

3   (2006-06-09) write CD under linux:

  • get the device id by 'cdrecord -scanbus', for example, 0,0,0
  • 'cdrecord -v dev=0,0,0 -data /usr/local/src/zip/cd_image'

4   (2007-01-22) create a CD image:

  • 'mkisofs -r -o RedHat-7.0-i386-powertools.iso /cdrom'

5   (2006-12-05) Copy audio CD DAO with one CD drive:

6   (2006-07-20) change reply-to in pine:

  • go to SETUP, go to Rules, select Roles, select "Alternative Role", select "Set Reply-To"

7   (2006-08-14) make a debian package (check Brockmeier2003_debian_package.pdf):

  • take bibutils as an example
  • mkdir a directory, 'bibutils', cd this directory
  • mkdir DEBIAN, put control and other scripts(postinst, postrm ...) into it
  • recreate the filesystem tree for this package
  • go to upstream directory of 'bibutils' and 'dpkg -b bibutils bibutils-3.27yh_i386.deb'

7.1   2008-05-05 Build and install Debian packages completely from source

Package srcinst is used to build and install Debian packages completely from source. All dependencies and build-dependencies are also built recursively from source. No binary .debs are required to install packages with this tool; however, it does generate binary .debs for your use.

8   2006-10-2 the aftermath of updating sarge to etch(testing):

8.1   ups/nut is broke:

Command 'upsdrvctl -v start' can be used to detect the error message. In this case, it's "hiddev path open /dev/usb/hiddev0: Permission denied". After 'chown nut.nut /dev/usb/hiddev0', it starts to work. (2006-10-10) but still lots of unhandled evenets came up.

8.2   sound is broke (new kernel 2.6.16-2-686-smp):

2006-10-17 run 'alsaconf' and /dev/dsp and /dev/audio will appear. Then chmod 666 to all sound devices, /dev/dsp, /dev/mixer, /dev/audio, /dev/snd/..., then logout and relogin, with the sound volume applet showing ok.

Catch: The sound box has to be plugged into the right adaptor.

2006-12-03 sound device was always occupied by someone else while i tried to open movie player or other program. I installed yiff (a sound server), removed esound and then movie player started to work.

8.3   alt+ctrl+f1 is broke in xorg:

2006-10-17 it's due to the wrong keyboard map. setxkbmap -keymap pc104 goes back to the USA keyboard. The wrong keyboard map even disables the shift key. The "keyboard indicator" applet is a good indicator whether your keyboard map is right or not.

8.4   printer (cups) is broke, "/usr/lib/cups/backend/parallel failed":

remove old printer and add a new one through cups web interface, localhost:631

8.5   2006-10-10 make of 'annot':

g++-4.1 becomes the default c++ compiler, which causes the make to break down. So resort to the old 3.3 compiler. "make CxxCompiler=g++-3.3"

9   2006-10-03 fix root's login error:

Everytime, i su'ed into root. I got such things:

configuration error - unknown item 'QMAIL_DIR' (notify administrator)
configuration error - unknown item 'FAIL_DELAY' (notify administrator)
configuration error - unknown item 'QUOTAS_ENAB' (notify administrator)
configuration error - unknown item 'NOLOGIN_STR' (notify administrator)
configuration error - unknown item 'ENV_HZ' (notify administrator)
configuration error - unknown item 'PASS_MAX_LEN' (notify administrator)
configuration error - unknown item 'CHFN_AUTH' (notify administrator)
configuration error - unknown item 'CLOSE_SESSIONS' (notify administrator)

The error comes from an old version of /etc/login.defs. Just replace /etc/login.defs with /etc/login.defs.dpkg-dist.

10   2006-10-17 adding digest password to apache password file::

commandline:

htdigest digest_filename "Group Papers" username

11   2006-11-29 apt warnings about missing public keys:

When i was trying to update the list of packages, i got this error:

W: There are no public key available for the following key IDs:
A70DAF536070D3A1
So far three similar ways to fix it, (http://www.debian-administration.org/users/dkg/weblog/11):
  • gpg --export A70DAF536070D3A1 | apt-key add -
  • apt-get install debian-archive-keyring/unstable
  • apt-get install debian-archive-keyring
  • apt-key update

11.1   2007-07-29 PUBKEY for gscan2pdf

error by apt-get update:

W: GPG error: http://gscan2pdf.sourceforge.net binary/ Release: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY 5430209C4DD7CC93
W: You may want to run apt-get update to correct these problems
2007-07-29 ways to fix it
  • gpg --keyserver www.keyserver.net --recv-keys 4DD7CC93
  • gpg --export --armor 4DD7CC93 | sudo apt-key add -

The file storing gpg keys is /etc/apt/trusted.gpg.

11.2   2008-04-13 etch-backports

doc: http://www.backports.org/dokuwiki/doku.php?id=instructions

  1. Add this line

deb http://www.backports.org/debian etch-backports main contrib non-free

to your /etc/apt/sources.list.

  1. Run apt-get update. NO_PUBKEY error will appear.
  2. apt-get install debian-backports-keyring. Then run apt-get update again.

12   2006-12-05 to play CD:

chmod 664 /dev/hdc

13   2007-02-11 resize a ext3 file system

  • turn it into ext2 by removing journal, tune2fs -O^has_journal /dev/hdb2
  • check filesystem, e2fsck -f /dev/hdb2
  • resize it, resize2fs /dev/hdb2 14G (record down the number of blocks)
  • fdisk (delete the hdb2 and add a new one with size of 1.03x(#blocks)x4 K, write)
  • reboot to make the new table effective
  • check the system again, fsck -n /dev/hdb2
  • add the journal, back to ext3, tune2fs -j /dev/hdb2

14   2007-02-14 nfs server

add following to /etc/exports:

/usr/local      192.168.0.147(rw,no_root_squash)
/cdrom  192.168.0.147(ro)

add following to /etc/hosts.deny:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

add following to /etc/hosts.allow:

portmap: 192.168.0.147
lockd: 192.168.0.147
rquotad: 192.168.0.147
mountd: 192.168.0.147
statd: 192.168.0.147

reboot nfs-common and nfs-user-server/nfs-kernel-server

14.1   2008-04-22 export a nfs-mounted directory to another client

In this case, server A exports a dir a to machine B. Then machine B exports dir a (with a possible different dir name on B) to machine C.

Then in /etc/exports:

/usr/local      192.168.0.147(rw,no_root_squash,nohide,crossmnt)

15   2007-02-14 follow the change of hostname

once the hostname is changed, several servers actually depend on it

15.1   2007-02-14

change the hostname of the whole machine: network-admin or base-config-network-console or base-config
  • edit /etc/hostname
  • run /etc/init.d/hostname.sh start

/etc/apache/http.conf and /etc/apache/conf.d/: replace every old hostname with the new hostname , regenerate its ssl certificate to match hostname

exim4: dpkg-reconfigure exim4-config

gforge: dpkg-reconfigure for gforge-common, gforge-db-postgresql, gforge-web-apache

courier imap server: regenerate its ssl certificate to match hostname (2007-02-14)
  • vi /etc/courier/imapd.cnf
  • mkimapdcert

refdb web interface, it embedded the old hostname into its webpages

One stupid error today is that 'NameVirtualHost' of rewrite.conf is not specifying localhost(127.0.0.1) but new hostname(dl403k-1.cmb.usc.edu) points to localhost in /etc/hosts, which leads to weird error(i.e. '/ could not be found')

2007-10-29
error "failed connect imap server secure mode ssl negotiations"
an option in /etc/courier/imapd-ssl called TLS_STARTTLS_PROTOCOL. It appears to set the minimum require protocol version; by default it is set to TLS1. If I set it to SSL3 then Evolution can connect with TLS! So it seems Evolution is trying to negotiate an SSL3 connection after all.
error "error while scanning folders imap server connection reset peer"
restart the evolution client and it'll be fixed

16   2007-05-04 ldap authentication

16.1   URLs

http://www.debuntu.org/ldap-server-and-linux-ldap-clients-p2, given by keyan. No theory, just tell you which files need to be changed.

http://www.cendio.com/support/tag/LDAP-auth.html concise theory and how to practice.

Using LDAP & PAM for SSO Authentication, full theory and diagram, also explaining relationship between PAM, NSS, LDAP (howto of PAM authentication using ldap)

LDAP Linux HOWTO, ldap client and server setup

Python-ldap module doc. First link covers sasl part.

2008-05-31 Centralize user accounts with OpenLDAP (OpenLDAP on Red Hat provides secure, reliable account management): http://www.ibm.com/developerworks/library/l-openldap/index.html

16.2   packages to install

libldap2 and libldap-2.3-0
run-time libraries for OpenLDAP, configuration file: /etc/ldap/ldap.conf
ldap-utils
ldap client package, provides several commands, search, modify, add etc.
libpam-ldap
connect PAM to LDAP, configuration files: /etc/pam_ldap.conf, /etc/pam_ldap.secret, /etc/pam.d/common*(need to be modified)
libnss-ldap
connect NSS to LDAP, configuration files: /etc/libnss-ldap.conf, /etc/libnss-ldap.secret, /etc/nsswitch.conf (need to be modified)
nscd
name service caching daemon (cache all queries to ldap server for commands, passwd, group, hosts) configuration file: /etc/nscd.conf
libsasl2-modules
a communication/authentication mechanism (SASL) between ldap client and server. papaya uses it for binding/authentication. my localhost uses simple binding. Papaya doesn't require binding to authentication, mine requires that.
libpam-foreground
2009-2-4 this module missing on mahogany might be the reason that pub/private key authentication doesn't work all the time. This PAM module creates a lockfile whenever a user logs in, specifying the username and the console. This allows software to check whether the user making a request is on the current foreground console or not.

16.3   overview

console login, gdm login, ssh login, su, etc goes to PAM, which could go to either LDAP server (through pam_ldap.so) or NSS (through library calls passwd, group etc). And then NSS would go to LDAP server (/etc/nsswitch.conf). So you could skip or ignore libpam-ldap and still achieve ldap authentication. But if libpam-ldap is skipped, you can only authenticate (not change your password) against ldap server.

16.4   test command from ldap-utils

(-x is used to specify simple authentication):

ldapsearch -h loquat.usc.edu -b 'dc=loquat,dc=usc,dc=edu' -x

16.5   problem with papaya's setup

The rootbinddn is not uid=root,cn=users,dc=papaya,dc=usc,dc=edu, but uid=diradmin,cn=users,dc=papaya,dc=usc,dc=edu with the usual papaya root password.

16.6   web managing software

phpldapadmin is a debian package to allow management through web interface.

16.7   2009-6-26 too much log in /var/log/syslog and /var/log/auth.log

In /var/log/syslog, following shows up very often:

CRON[13154]: Authentication token is no longer valid; new one required

In /var/log/auth.log, this shows up often:

... nscd: nss_ldap: reconnecting to LDAP server...
... nscd: nss_ldap: reconnected to LDAP server ldap://papaya.usc.edu after 1 attempt

Way to solve this is edit /etc/nscd.conf and change positive-time-to-live to a larger number like 28800 (8-hr measured in seconds).

2009-8-20 change hard to soft on this line in /etc/ldap.conf:

bind_policy soft

17   2007-11-26 ldap update on ubuntu gutsy/7.10

https://wiki.ubuntu.com/LDAPAuthentication libnss-ldap and libpam-ldap now use the unified configuration file /etc/ldap.conf. /etc/ldap.conf can be managed with the ldap-auth-config package and can be setup automatically by running:

dpkg-reconfigure -plow ldap-auth-config

/etc/libnss-ldap.conf and /etc/libnss-ldap.secret are replaced by /etc/ldap.conf(/etc/pam_ldap.conf also?) and /etc/ldap.secret.

rootbinddn has to be commented. otherwise, the sudo user would become diradmin (user from ldap server) after its login (sudo user's password wouldn't work anymore. has to use diradmin's, very annoying).

18   2007-06-15 sudo

on ubuntu, the initial user is made equivalent to root by /etc/aliases. And root is added in /etc/sudoers so the initial user could be treated as sudoer.

19   2007-10-30 install different-architecture packages

dpkg -i package.deb won't work if package.deb's architecture is different from your OS. then dpkg -i --force-architecture package.deb will force it to be installed. however, mostly, the package will break down due to library incompatibility. say install a 32bit package on a 64bit machine. the 64bit machine has 32bit library in /lib32 or /usr/lib32. however the 32bit package's program will look into /lib or /usr/lib for libraries, which is default linked to /lib64 or /usr/lib64. (maybe finding a way to tell the 32bit program to look into /lib32 or /usr/lib32 might sidestep this problem)

20   2007-12-10 bacula to backup

on the client

install package bacula-client. other dependent packages would be installed as well.

configure /etc/bacula/bacula-fd.conf and /etc/bacula/bconsole.conf according to plone's file. adjust the FileDaemon part.

on the server, ash.usc.edu
configure /etc/bacula/bacula-dir.conf to add Job, FileSet, Client. 2008-03-04 It seems bacular-dir doesn't need to be restarted. It might read the conf file periodically.

21   2007-12-30 dhcp server

after the installation of the server package, a few modifications to /etc/dhcp3/dhcpd.conf:

#option domain-name "example.org";


#option domain-name-servers ns1.example.org, ns2.example.org;
subnet 10.100.112.0 netmask 255.255.255.224 {
  range 10.100.112.15 10.100.112.20;
  option routers 10.100.112.1;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
host fantasia {
  hardware ethernet 00:19:E3:F8:BE:8E;
  fixed-address 10.100.112.1;
}

NOTE: before this, configure one interface on the server to have an address within the subnet range, i.e. 10.100.112.1

22   2007-12-30 sharing printer through samba

22.1   Through samba (for windows)

The printer is administered under cups. Leave the cups printing section open in smb.conf. The authentication is tight (user based and the backend is tdbsam). However, circumvent it (forgot how to set the users up) and open the printers to public.:

[printers]
  comment = All Printers
  browseable = yes
  path = /var/spool/samba
  printable = yes
  public = yes
  writable = no
  create mode = 0700

22.2   Through cups(IPP protocol)

add following to /etc/cups/cupsd.conf:

ServerName 128.125.86.114
BrowseAddress 128.125.255.255   #2008-01-01 by yh
BrowseAddress 207.151.255.255
<Location />
  # Allow shared printing...
  Order allow,deny
  Allow @LOCAL
  Allow 128.125.*.*     #2008-01-01 by yh
  Allow 207.151.*.*
</Location>

23   DbVisualizer

23.1   2008-01-10 install DbVisualizer-4.1

In order for /Network/linux/DbVisualizer-4.1/dbvis to work, settings in /Network/linux/DbVisualizer-4.1/dbvis.lax has to be modified, such as dbvis.home=/Network/linux/DbVisualizer-4.1.

But machines in the lab have different directories mounted. So choose to install it locally on my linux box.

  1. install the DbVisualizer
/Network/linux/DbVisualizer-4.1/dbvis41.bin

Choose your own java environment if you have one installed already.

2. Run it and choose the correct mysql driver.

/Network/linux/mysql-connector-java-3.1.1-alpha/mysql-connector-java-3.1.1-alpha-bin.jar

wrong connector will get you an error like this:

java.sql.SQLException: Communication link failure: java.io.IOException, underlying cause: Unexpected end of input screen

23.2   2008-05-20 dbvisualizer on fujitsu lifebook

  • download the rpm from http://www.minq.se/products/dbvis/download/install.jsp
  • use alien to convert rpm to deb
  • install the deb. it's mostly in /opt/. weird.
  • export INSTALL4J_JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun can't fine jvm home by default.
  • /opt/DbVisualizer-6.0.10/dbvis

24   2008-02-26 automatically enable color support of ls on linux and MacOS

The option to enable color support is different on linux and MacOS. Use the kernel name from command uname to tell which type of machine is on. Example from ~/.bashrc:

if  test `uname` = "Linux" || test `hostname` = "banyan" ; then
    alias ls='ls --color=auto'
else
    alias ls='ls -G'
fi

25   2008-05-13 turn off cvs server

  • modify /etc/inetd.conf and uncomment the line starting cvspserver
  • restart the inetd server. /etc/init.d/openbsd-inetd restart

26   slapd

OpenLDAP Administrator's Guide

26.1   2008-05-13 slapd disallow anonymous binding

  • modify /etc/ldap/slapd.conf, add disallow bind_anon
  • restart the server. /etc/init.d/slapd restart

26.2   2008-05-13 requires authentication prior to directory operations.

require authc added to slapd.conf. SASL is another option for require to tightening security.

27   2008-05-28 easy_install matplotlib

The version on ubuntu/debian stable is too old. need the picker event of LineCollection.

install libraries needed for compiling:

  • apt-get install libfreetype6-dev
  • apt-get install python-gtk2-dev

install:

28   2008-12-14 openvpn

continue on section /log/log_05/node34.html, which is a bit outdated.

28.1   setup certificates

  • openvpn has easy-rsa scripts:

    export KEY_CONFIG=/usr/share/doc/openvpn/examples/easy-rsa/openssl.cnf 
mkdir /tmp/openvpn
export KEY_DIR=/tmp/openvpn
export KEY_SIZE=2048
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=LA
export KEY_ORG=USC
export KEY_CITY="Los Angeles"
export KEY_EMAIL="yuhuang@usc.edu"
/usr/share/doc/openvpn/examples/easy-rsa/clean-all #setup init. files
/usr/share/doc/openvpn/examples/easy-rsa/build-ca
/usr/share/doc/openvpn/examples/easy-rsa/build-key-server server
/usr/share/doc/openvpn/examples/easy-rsa/build-key client

  • copy ca.crt, server.crt, server.key, client.crt (probably not needed) into server's /etc/openvpn.

  • copy ca.crt, client.crt, client.key into client's /etc/openvpn.

29   2009-1-19 latex in inkscape

install textext from http://www.elisanet.fi/ptvirtan/software/textext/

  • install skencil for skconvert
  • need to compile and install pdf2svg, ps2edit that comes with the ubuntu distribution doesn't work (also the reason why the internal inkscape latex extension doesn't work)

30   2009-6-15 pdf annotating/note-taking software

Xournal is similar to Jarnal (written in java), an application for notetaking, sketching, keeping a journal using a stylus. Additionally, Xournal supports annotating PDF files. Being a native program it runs considerably faster and also has support for the high subpixel resolution provided by the XInput system of X11.

  1. download tarball from http://xournal.sourceforge.net/
  2. unzip
  3. ./autogen.sh
  4. make
  5. (as root) make install
  6. (as root) make desktop-install
Related content
« November 2009 »
Su Mo Tu We Th Fr Sa
1234567
891011121314
15161718192021
22232425262728
2930
 
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: