Netatalk 2.2.2 updates UAM naming convention

Posted: July 3rd, 2012 | Author: | Filed under: Debian, Linux Mint, netatalk, Time Machine, Ubuntu | Tags: , , , | No Comments »

After one had upgraded to Netatalk 2.2.3 from a previous version, people who were using DHX method of authentication will experience uam: uam not found (status=-1) on the Netatalk server. On the MacOSX side, when one try to log in, it will display “The version of the server you are trying to connect to is not supported…” error messages. Before you mess with the settings etc, check your uams directory! The Netatalk team have renamed the uams dhx modules.The DHX2 and DHX modules now have _pam.so (which logs authentication information to auth.log) or _passwd.so suffixes. Check the files first in your uams directory, before you pull out your hair or try to reinstall etc. (The default directory is /usr/local/etc/netatalk/uams) Most of the instructions on the web have not been updated to reflect the name change. I have -uamlist uams_dhx2_pam.so,uams_dhx_pam.so in my afpd.conf (as a reminder no spaces between the commas!).

DHX2 is probably the best password authentication scheme to use for modern MacOSX right now. So if you are concerned about security, it is a good idea to use it.

uam: uam not found


Recipe: How to compile your own Deb package.. a Pidgin example

Posted: June 5th, 2012 | Author: | Filed under: Debian, Linux Mint, Ubuntu | Tags: , , , , , , | No Comments »

Recently I switched my communication machine from XP to Linux Mint. However I find Pidgin 2.10.2 which comes with Linux Mint Debian a tad unreliable. I thought I would make my own deb package, based on the latest distribution source.

Objective: Create Debian packages or .deb for private consumption from any source code.

Assumptions: You have superuser (su/sudo) privileges on the machine you want to make the Debian package.

Preparations (Getting the tools you need):"Make sure source is selected"

  1. Make sure you have “Source code” option checked in your Update Manager (Linux Mint specific)
  2. Check in /etc/apt/sources.list there is a deb-src http://debian.linuxmint.com/incoming testing main contrib non-free entry.
  3. Run apt-get update and apt-get upgrade to make sure you have the latest OS
  4. Get the build tools
    • sudo apt-get install autotools-dev
    • sudo apt-get install build-essential
  5. Get the Debian specific build tools
    • sudo apt-get install dh-make
    • sudo apt-get install devscripts

Get the source code and dependencies

  1. Grab the source code from: Pidgin.im
  2. Uncompress the source code tar -xvf pidgin-2.10.4.tar.bz2
  3. Get the required dependencies sudo apt-get build-dep pidgin, this grabs the dependencies for the version that is in the repository, most of the time it should be enough for . releases. If you need anything extra, remember if you will need extra libraries via apt-get, remember to get the ones that have the -dev suffix

Configure the source code

  1. Run ./configure –help in the source directory to familiarize yourself with what options there are. In my case I found I want to add –enable-cyrus-sasl to enable the SASL feature.
  2. Run the Debian specific tools (this will create a few files that are needed to create the .deb package and they will be stored in the debian subdirectory in the source directory)
    1. dh_make -e youremail@here.com -f ../pidgin-2.10.4.tar.bz2
    2. dpkg-depcheck -d ./configure –enable-cyrus-sasl Pay attention to the output of the required packages (Select them and Copy them)
    3. Modify control file in debian subdirectory. Append the required packages listed to the end of line 5 which starts with: Build-Depends:. Separate each package name with a comma. You can also fill in the URL of the package, licensing etc etc. These attributes will show up when you install the package via the software installation program eg GDebi, Synatpic etc

Compiling and Packaging

  • Run dpkg-buildpackage -rfakeroot to start the package compile

There is a good chance you will run into errors like below

If some of these files are left out on purpose then please add them to
POTFILES.skip instead of POTFILES.in. A file 'missing' containing this list of left out files has been written in the current directory.
Please report to devel@pidgin.im
if [ -r missing -o -r notexist ]; then \
exit 1; \
fi
make[2]: *** [check] Error 1
make[2]: Leaving directory `/home/username/pidgin-2.10.4/po'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/home/username/pidgin-2.10.4'

dh_auto_test: make -j1 check returned exit code 2
make: *** [build] Error 29
dpkg-buildpackage: error: debian/rules build gave error exit status 2

In cases like this you will need to add the missing files to the file POTFILES.skip in the /po subdirectory. Since POTFILES.skip has been edited, you will need to run dpkg-source –commit to make the commit the change in file. It will create a patch and ask for a filename, just put in any filename that strikes your fancy. Rerun dpkg-buildpackage -rfakeroot afterwards.

References: How to create a .deb package


More Netatalk Debugging and Solutions

Posted: August 24th, 2011 | Author: | Filed under: Mac, netatalk, Time Machine, Ubuntu | Tags: , , , , , , , | No Comments »

I had to reinstall my Ubuntu system because my Seagate drive died of a horrible and quick death. I replaced the drives with WD Greens. Since the Seagate had a SMART error, bad sectors were growing every second, basically the data on the OS drive was spinning to pieces.

When I reinstalled netatalk; I installed the self compiled netatalk package (that was mentioned previous). However I encounter the following error:

afpd {cnid_dbd.c:314} (E:CNID): dbd_rpc: Error reading header from fd (db_dir /var/dbd/AppleDB/tm): Connection reset by peer
afpd {cnid_dbd.c:400} (E:CNID): transmit: Request to dbd daemon (db_dir /var/dbd/AppleDB/tm) timed out.

That is relatively simple. I just had to make sure the dbpath in AppleVolumes.default exists.

Another error message I got:

afpd {volume.c:1907} (W:AFPDaemon): volume "usr" does not support Extended Attributes, using ea:ad instead

Solution:
I made sure cnidscheme is set to dbd and ea is set to sys in AppleVolume.default.

:DEFAULT: cnidscheme:dbd ea:sys

Reference:
Netatalk manual’s coverage on AppleTalk.default.


Ubuntu 10.10 Guest in VirtualBox Shared Folders Issues.

Posted: November 29th, 2010 | Author: | Filed under: Ubuntu, Virtual Box | Tags: , , , , , , , , , , , , | No Comments »

I have recently installed Ubuntu 10.10 as a VM to check out the Android SDK. After the basic install, I find the Shared Folder feature doesn’t work, even though I have installed the Guest Additions. I keep get the following error: /sbin/mount.vboxsf: mounting failed with the error: No such Device

I checked and under /sys/modules/ there is no vboxsf module, so obviously something in the VBoxLinuxAdditions-amd64.run script is not working.

After digging around I was told the simple way is to install the Guest Additions OSE version from apt-get. However since I am using the Closed Source edition (differences between versions can be found here). I thought there must be a better solution.

What happened is VBoxLinuxAdditions-amd64.run doesn’t do a sanity check for the existence of 3 components that Ubuntu needs to compile the modules, namely dkms, build-essential and linux-headers-generic. It requires a different set of packages for other Linux distributions. To solve the problem, run sudo apt-get install dkms build-essential linux-headers-generic. Then run VBoxLinuxAdditions-amd64.run, the modules will be compiled. Do a reboot to make sure the modules are loaded.

Once reboot, when you do lsmod | grep vbox. You should have something like this:

1
2
3
4
vboxvideo               1956  2
drm                   206161  3 vboxvideo
vboxsf                 34612  0
vboxguest             176030  9 vboxsf

To mount the folder (example):

  1. Create the Shared Folder on the Guest Window toolbar. For me I created a Folder Name with the name vb.
  2. In Ubuntu create the directory /mnt/vb
  3. Then run sudo mount -t vboxsf vb /mnt/tmp

Remember the files will not have the user’s ownership, so it is a good idea to cp the files into another folder, then do a chown user * to correct the ownership. The files will belong to root and root ownership group.
For more information : This post on VirtualBox forum


Netatalk debugging and logging tips and tricks

Posted: November 26th, 2010 | Author: | Filed under: netatalk, Ubuntu | Tags: , , , , , , | No Comments »

Lately I have been having problems logging into my TimeMachine disc. My iMac works, but my macbook doesn’t, even though they run the exact same OS (10.6.5). I looked it up and here are the instructions to seperate the netatalk messages from the general message logs.

In /etc/netatalk/afpd.conf
add -setuplog “default log_info /var/log/afpd.log” to the long line of setup parameters.

If you run CNID server:
In /etc/default/netatalk
add CNID_CONFIG=”-l log_info -f /var/log/cnid.log”

You then run /etc/init.d/netatalk restart in your terminal.

Add the log files in Log File Viewer (under System -> Administration). Use File -> Open and select the log files in the appropriate place. Now whenever the logs are updated the log files will be in bold.

Now I get error messages when my macbook tries to log onto the Time Machine disc:
afpd[2081] {uams_dhx2_pam.c:350} (I:UAMSDaemon): DHX2 login: useruser
afpd[2081] {uams_dhx2_pam.c:228} (I:UAMSDaemon): PAM DHX2: PAM Success
afpd[2081] {uams_dhx2_pam.c:647} (I:UAMSDaemon): DHX2: PAM_Error: Authentication failure

However my iMac works fine:
afpd[2280] {uams_dhx2_pam.c:350} (I:UAMSDaemon): DHX2 login: useruser
afpd[2280] {uams_dhx2_pam.c:228} (I:UAMSDaemon): PAM DHX2: PAM Success
afpd[2280] {uams_dhx2_pam.c:684} (I:UAMSDaemon): DHX2: PAM Auth OK!


Netatalk fixes after Ubuntu 10.10 upgrade from Ubuntu 10.04

Posted: October 11th, 2010 | Author: | Filed under: netatalk, Ubuntu | Tags: , , , , | No Comments »

If you had followed the previous instructions and have just upgraded from 10.04 to 10.10 aka Maverick Meerkat; you might have noticed that Netatalk has ceased to function. Basically it won’t let you login and in the System Log Viewer you see error messages like below.

I got the following error messages in daemon.log.

1
2
3
4
afpd[3523]: Setting uid/gid to 1000/1000
afpd[3523]: CNID DB initialized using Berkeley DB 4.8.30: (April  9, 2010)
afpd[3523]: cnid_open: dbenv->open (rw) of /storage/dirname/.AppleDB failed: DB_VERSION_MISMATCH: Database environment version mismatch
afpd[3523]: Fatal error: cannot open CNID or invalid CNID backend for /storage/dirname: cdb

What I come to realize that Netatalk 2.1.2 (that is now default in the Meerkat software repository), doesn’t support the cdb option in the cnidscheme. It only supports last, dbd and tdb.

Steps to uninstall Netatalk (if you had followed the previous instructions)
Remember to backup your copies of your conf files in your /etc/netatalk directory first.

1
2
3
echo "netatalk purge" | sudo dpkg --set-selections
sudo apt-get remove netatalk
sudo apt-get autoremove

You can then follow the same instructions in the previous post and compile the latest version (2.1.2) with the proper authentication modules built in from the Maverick Meerkat repository.

Once you have started the dpkg installation of the new netatalk. You will be asked if you want the new conf files to be installed. I selected No and changed the cnidscheme manually.

Remember to change the cnidscheme setting from cdb to either dbd or tdb in your AppleVolumes.default files. For more information on selecting / changing please refer to here.


Netatalk authentication gotchas and diagnostic steps for Ubuntu 10.04

Posted: September 11th, 2010 | Author: | Filed under: netatalk, Ubuntu | Tags: , , , , , , , , , , | No Comments »

For some reason the netatalk package that is in the Ubuntu repository doesn’t come with any password authentication packages. So unless you want a fully non password appletalk setup on your Ubuntu server. DO NOT apt-get install netatalk!

I followed Mr. Kretschmann’s handy HowTo for installing Netatalk on Ubuntu. It seems to work for Ubuntu 10.04 (actually it should work with all linux distributions). However when I try login, I kept getting unknown username / password problem.

Here are my installation steps:

1
2
3
4
5
6
7
8
sudo apt-get source netatalk
sudo apt-get build-dep netatalk
sudo apt-get install cracklib2-dev
sudo apt-get install libssl-dev
cd netatalk-2*
sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
sudo dpkg -i ../netatalk-2*.deb
echo "netatalk hold" | sudo dpkg --set-selections

Here are my diagnostic steps:

  1. Check your afpd.conf and AppleVolumes.default files for any typos, especially when you are cutting and pasting!
  2. If you want to let each user to access his/her own directory, you should put
    1
    ~/ "$u" allow:$u cnidscheme:cdb

    in AppleVolumes.default; $u is the variable for username; instead of username1/username2 combination as listed in the HowTo. The list of variable names is in the comment section of the file or here.

  3. Open Log File Viewer under System -> Administration. What this does is whenever there is any updates in any of the log files, the updated log file on the left will appear bold.
  4. What I encountered was my installation steps above only created the uams_dhx2*.so authentication libraries. My syslog file has these entries
    1
    2
    3
    4
    5
    6
    afpd[17919]: ASIP started on 192.168.168.121:548(5) (2.0.5)
    afpd[17919]: uam: loading (/usr/lib/netatalk/uams_randnum.so)
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: uam: loading (/usr/lib/netatalk/uams_dhx.so)
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: Finished parsing Config File
  5. Go to /usr/lib/netatalk directory and verify which authentication modules you have. Update your afpd.conf appropriately. Mine is:
    1
    - -transall -uamlist uams_dhx2.so -savepassword -advertise_ssh

    dhx2 authentication is only supported by MacOSX machines, if you have OS9 or earlier you will have to have the others fall back to. I think it is much easier to use a normal MacOSX machine to do Appletalk though.

  6. I also noticed in with Netatalk 2.0.5 (vs 2.0.3 in the HowTo), there is a Time Machine support option in the AppleVolumes.default file. So an entry like this:
    1
    ~/TimeMachine "$u" allow:$u cnidscheme:cdb options:usedots,upriv,tm

    would allow a per user login to have their own TimeMachine backup. or you can do it by ip via the $c variable. With that option enabled, I can run TimeMachine without having to create my own sparsebundle etc. You still have to issue the Defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1 command in a terminal of the Mac you want to start TimeMachine though.

  7. Oh after each change, remember to run:
    1
    2
    /etc/init.d/netatalk stop
    /etc/init.d/netatalk start

    I find 2 commands work better than one command using the restart flag.


Upgrading VirtualBox 3.1 -> 3.2 on Ubuntu 10.04

Posted: July 19th, 2010 | Author: | Filed under: Ubuntu, Virtual Box | Tags: , , , , , | No Comments »

Assume: you have VirtualBox (OSE / non OSE) 3.1 installed. You also have sudo rights.
Note: OSE version doesn’t have RDP support, non OSE has RDP support.
VirtualBox files are usually stored in: /home/username/.VirtualBox/ directory with HardDisks and Machines sub directories. (A backup is always a good idea before an upgrade!)

    Upgrade Steps:

  1. Shut down your existing VMs. I find if you are using VBoxHeadless, the process might not end after the VM has been shutdown.
  2. Quit VirtualBox GUI (if running); kill all VBoxHeadless processes.
  3. Use dpkg -remove packagename or Synaptic Package Manager to remove your exisiting installation. (Synaptic is probably easiest since you don’t need to look up the package name). Even if you remove the package your existing VMs will still be around, but it never hurt to do a backup before hand!
  4. Locate your VirtualBox 3.2 .deb package.
  5. Install via dpkg -i debfilelocation
  6. VirtualBox Guest Additions are located in /usr/share/virtualbox. You have to manually mount the Additions in the virtual machines. I find it the quickest to edit the setting via the VirtualBox GUI
  7. Restart VirtualBox, and run the Guest Addition updates.
  8. Stop the VMs and launch them via VBoxHeadless if so desired.

Ubuntu 10.04 LTS Nvidia restricted driver VNC issues

Posted: May 20th, 2010 | Author: | Filed under: Ubuntu | Tags: , , , , , , | No Comments »

I run a few machines in my house. I like machines to perform one and only one task. eg I have a machine that does all my communications (email, IM etc), one runs simplicity (a Tivo indexing program) and another that runs utorrent. They are all Windows boxes because I do believe of all things Microsoft might have screwed up, they make a superior remote access protocol (RDP). Recently my email machine decide to throw a few bad sectors (it barfed while backing up a 6GB SENT file), so I decided to task a spare Core2 machine to run Ubuntu 10.4 and consolidate my machines into virtual machines managed by Virtual Box.

Everything installed smoothly until I decide to activate the Nvidia restricted drivers AND VNC into the machine. The keyboard and mouse stopped responding via VNC (it worked via local console). It works fine with the Ubuntu’s OSE drivers (jockey). (However the OSE drivers are restricted to 1024×768 on the monitor, not to mention the lack of acceleration etc). I decide to live with that solution because most of the time I remote terminal in anyways.