Being one who always like a new Ubuntu version to play with, I decided to upgrade slightly before the official release next Thursday.
So far, on the whole pretty good. Not startling changes, just incremental improvements.
However, there were two "gotchas".
Firstly skype. There seems to be some clash between skype and proprietary nVidia drivers. The solution is easily applied as suggested here
The second one is CUPS. As of CUPS 1.6 the old CUPS browsing protocol that makes printers visible to other CUPS machines has been deprecated - which is a real shame for those of use used to just turning up and seeing all the relevant local printers from the CUPS server in the building.
After much searching, I finally found that the nice people at Ubuntu had determined not to let this change upset their users, and that the simple solution was to edit /etc/cupsd/cups-browsed.conf and add "CUPS" to the BrowseRemoteProtocols line and then restart the cups-browsed service. My list of printers is now back :)
Friday 19 April 2013
Wednesday 30 November 2011
Ford IDS software fault
So today's fun was fighting the Ford IDS software. Our fleet garage has happily been installing many versions of this as new ones come out - until version 75 comes out. Then during the installation, where it is "updating the database" it comes up with an error UT0000 - very profound!
The solution turned out to be:
Install the new calibration data
Disable antivirus (not totally sure if this was needed, but some suggested it may be)
Do a repair install of IDS
and then it decided to go all the way through the install.
The solution turned out to be:
Install the new calibration data
Disable antivirus (not totally sure if this was needed, but some suggested it may be)
Do a repair install of IDS
and then it decided to go all the way through the install.
Wednesday 7 September 2011
Fighting domain logins in a Samba domain
A while ago, one of the servers I look after developed a strange fault with Samba domain logins.
Machines that were already part of the domain were fine, but new machines were not happy. You could join them to the domain as normal, but when you then tried to log in as a domain user, you got the error message "the system cannot log you on now because the domain is not available".
Much internet searching and scratching of the head didn't resolve it - so we went into "limp along" mode with some machines not being put in the domain. Even an upgrade to Samba didn't solve it.
A few weeks ago the same thing happened to another system I look after - so back to Google again. Whilst no-one seemed to be talking about exactly the same issue, I did get some ideas and bingo - found the answer.
Our Samba configs are quite old and back when we started using Samba, WINS was a good thing to help windows machines along so we had "wins support = yes" and our dhcp server was giving out the wins server details. It would appear that somehow WINS was the cuplrit. So I've turned "wins support" to "no" and removed the details from the dhcp server and now it all works as before.
Machines that were already part of the domain were fine, but new machines were not happy. You could join them to the domain as normal, but when you then tried to log in as a domain user, you got the error message "the system cannot log you on now because the domain
Much internet searching and scratching of the head didn't resolve it - so we went into "limp along" mode with some machines not being put in the domain. Even an upgrade to Samba didn't solve it.
A few weeks ago the same thing happened to another system I look after - so back to Google again. Whilst no-one seemed to be talking about exactly the same issue, I did get some ideas and bingo - found the answer.
Our Samba configs are quite old and back when we started using Samba, WINS was a good thing to help windows machines along so we had "wins support = yes" and our dhcp server was giving out the wins server details. It would appear that somehow WINS was the cuplrit. So I've turned "wins support" to "no" and removed the details from the dhcp server and now it all works as before.
Friday 22 October 2010
Remote software installation on Windows workstations
There are various articles out there about how such things may be done, but here are my collective thoughts on the matter.
Given a collection of machines that are members of an NT domain, and access to a domain user account that has administrative privileges on the workstations (such as a member of Domain Administrators).
Then you need to get hold of the PsTools suite from sysinternals. Just install this on the machine you will be running the installations from.
On the file server, I have a folder called swupdates which contains all the installers. In particular I have Firefox, Thunderbird, Adobe Reader, Flash Player, OpenOffice, Java JRE and RealVNC.
Firefox and Thunderbird need extracting from their original installers using 7-Zip. OpenOffice also needs extracting and this can be done by starting the installer and letting it run through the the extraction of files and then cancel the installation. I make sure that the folder names involved don't include spaces for the sake of simplicity in the scripts.
The installer for Flash Player can be downloaded from http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe to avoid the Adobe Download Manager.
For Thunderbird, I take advantage of this to put the custom Thunderbird customisation that I previously discussed on to the clients.
With OpenOffice I take the opportunity to install an extension that disables the first run wizard.
Configuring RealVNC is done by setting up one machine and then exporting the HLML\Software\RealVNC key to a .reg file which is then imported after the software is installed on the target machine.
Then we require a script to actually do the installations - for the current software collection at the time of writing this is as follows:
swupdate.cmd:
Then from a second script you call this first one with the name of each machine:
updatemachine.cmd:
Providing each machine has firewall settings set so that File and Print access is allowed in, then this will suitably run the installations on each of the machines.
There are obviously many other variations that could be achieved with this - the key thing is to find the method to silent install each piece of software that you're interested in. A lot of useful info can be found on the AppDeploy site.
Given a collection of machines that are members of an NT domain, and access to a domain user account that has administrative privileges on the workstations (such as a member of Domain Administrators).
Then you need to get hold of the PsTools suite from sysinternals. Just install this on the machine you will be running the installations from.
On the file server, I have a folder called swupdates which contains all the installers. In particular I have Firefox, Thunderbird, Adobe Reader, Flash Player, OpenOffice, Java JRE and RealVNC.
Firefox and Thunderbird need extracting from their original installers using 7-Zip. OpenOffice also needs extracting and this can be done by starting the installer and letting it run through the the extraction of files and then cancel the installation. I make sure that the folder names involved don't include spaces for the sake of simplicity in the scripts.
The installer for Flash Player can be downloaded from http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe to avoid the Adobe Download Manager.
For Thunderbird, I take advantage of this to put the custom Thunderbird customisation that I previously discussed on to the clients.
With OpenOffice I take the opportunity to install an extension that disables the first run wizard.
Configuring RealVNC is done by setting up one machine and then exporting the HLML\Software\RealVNC key to a .reg file which is then imported after the software is installed on the target machine.
Then we require a script to actually do the installations - for the current software collection at the time of writing this is as follows:
swupdate.cmd:
@echo off
echo "checking for installers directory on the target..."
if not exist \\%1\C$\installers mkdir \\%1\C$\installers
if not exist \\%1\C$\installers\Firefox3.6.11 mkdir \\%1\C$\installers\Firefox3.6.11
if not exist \\%1\C$\installers\Thunderbird3.1.5 mkdir \\%1\C$\installers\Thunderbird3.1.5
if not exist \\%1\C$\installers\OOo mkdir \\%1\c$\installers\OOo
echo "copying installers..."
copy \\server\software\swupdates\AdbeRdr940_en_US.exe \\%1\C$\installers\
copy \\server\software\swupdates\install_flash_player.exe \\%1\C$\installers\
xcopy "\\server\software\swupdates\Firefox3.6.11\*" "\\%1\C$\installers\Firefox3.6.11\" /e /y
xcopy "\\server\software\swupdates\Thunderbird3.1.5\*" "\\%1\C$\installers\Thunderbird3.1.5\" /e /y
xcopy "\\server\software\swupdates\OOo\*" "\\%1\C$\installers\OOo\" /e/y
copy \\server\software\swupdates\jre-6u22-windows-i586-s.exe \\%1\C$\installers\
copy \\server\software\swupdates\vnc-4_1_3-x86_win32.exe \\%1\C$\installers\
copy \\server\software\swupdates\realvnc.reg \\%1\C$\installers\
echo "Installing Firefox..."
psexec.exe \\%1 "C:\installers\Firefox3.6.11\setup.exe" -ms
psexec.exe \\%1 "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultappGlobal
echo "Installing Thunderbird..."
psexec.exe \\%1 "C:\installers\Thunderbird3.1.5\setup.exe" -ms
copy \\exodus\software\swupdates\custom.cfg "\\%1\C$\Program Files\Mozilla Thunderbird\"
copy \\exodus\software\swupdates\custom.js "\\%1\C$\Program Files\Mozilla Thunderbird\defaults\pref\"
echo "Installing Adobe Reader...."
psexec.exe \\%1 "C:\installers\AdbeRdr940_en_US.exe" /sAll /rs
del "\\%1\C$\Documents and Settings\All Users\desktop\Adobe*.lnk"
echo "Installing Flash Player..."
psexec.exe \\%1 "C:\installers\install_flash_player.exe" -install
echo "Installing OpenOffice..."
psexec.exe \\%1 msiexec /qn /norestart /i C:\installers\OOo\openofficeorg32.msi ADDLOCAL=ALL REMOVE=gm_o_Onlineupdate
copy \\exodus\software\swupdates\DisableFirstStartWzd_ooo321.oxt "\\%1\C$\Program Files\OpenOffice.org 3\program"
psexec.exe \\%1 "C:\Program Files\OpenOffice.org 3\program\unopkg" add --shared "C:\Program Files\OpenOffice.org 3\program\DisableFirstStartWzd_ooo321.oxt"
echo "Installing Java VM"
psexec.exe \\%1 "C:\installers\jre-6u22-windows-i586-s.exe" /s /v/qn
echo "Installing RealVNC"
psexec.exe \\%1 "C:\installers\vnc-4_1_3-x86_win32.exe" /SP- /VERYSILENT /NORESTART
psexec.exe \\%1 regedit /s c:\installers\realvnc.reg
echo "All done"
Then from a second script you call this first one with the name of each machine:
updatemachine.cmd:
@echo off
call swupdate.cmd machine1
call swupdate.cmd machine2
call swupdate.cmd machine3
Providing each machine has firewall settings set so that File and Print access is allowed in, then this will suitably run the installations on each of the machines.
There are obviously many other variations that could be achieved with this - the key thing is to find the method to silent install each piece of software that you're interested in. A lot of useful info can be found on the AppDeploy site.
Monday 9 August 2010
Using Ubuntu 10.04 ltsp workstations as character terminals
I've finally got round to updating our LTSP setup to use Lucid. We have a number of LTSP terminals that work just at the character terminal level, with the screens doing a telnet into another system and with no X Window running on them at all.
Lucid's switch to the Plymouth startup system has an interesting side effect with this - namely that with the default setup, you are left just looking at the Plymouth screen and are not able to access any of the VTs to do anything else.
The solution is a custom entry in the pxelinux.cfg directory relevant to the Lucid boot set (in my case /srv/tftp/ltsp/lucidi386/pxelinux.cfg - note the change from previous versions where /var/lib/tftpboot has been replaced by /srv/tftp)
I've rearranged the IP addresses of my text only workstations so that they are all in a block of 16 IP addresses which will look for the same config file using the hex address notation that PXE uses. Then in that file I put
This has the added advantage that the console stays at 80x30 characters which is very usable for the application that we are using.
Lucid's switch to the Plymouth startup system has an interesting side effect with this - namely that with the default setup, you are left just looking at the Plymouth screen and are not able to access any of the VTs to do anything else.
The solution is a custom entry in the pxelinux.cfg directory relevant to the Lucid boot set (in my case /srv/tftp/ltsp/lucidi386/pxelinux.cfg - note the change from previous versions where /var/lib/tftpboot has been replaced by /srv/tftp)
I've rearranged the IP addresses of my text only workstations so that they are all in a block of 16 IP addresses which will look for the same config file using the hex address notation that PXE uses. Then in that file I put
default ltsp-text
label ltsp-text
kernel vmlinuz
append ro initrd=initrd.img quiet splash nbdport=2004 vga=normal nomodeset
This has the added advantage that the console stays at 80x30 characters which is very usable for the application that we are using.
Monday 26 July 2010
Using https with wget
The version of wget installed on a debian box seems to not like doing https by default due to not knowing about the CA certificates.
Here's a solution I found:
Download cacert.pem from http://curl.haxx.se/docs/caextract.html and put it in /etc/ssl/certs
Then amend /etc/wgetrc to add the line
ca_certificate=/etc/ssl/certs/cacert.pem
Then wget knows about the CA certificates and all is well for https
Here's a solution I found:
Download cacert.pem from http://curl.haxx.se/docs/caextract.html and put it in /etc/ssl/certs
Then amend /etc/wgetrc to add the line
ca_certificate=/etc/ssl/certs/cacert.pem
Then wget knows about the CA certificates and all is well for https
Monday 24 May 2010
Thunderbird 3 in a business setup
For a number of years we've used Thunderbird as the mail client of choice. It has a good feature set and does IMAP well. However, the advent of Thunderbird 3 adds a little issue.
To reduce the size of roaming profiles (and therefore speed up login and log out) we have thunderbird profiles mapped to a directory within the users' login directory - and hence stored on the server. Thunderbird 3, automatically downloads copies of all the users' IMAP email to make both an offline cache and to index the mail for the new search facility.
This would mean that the server space used by the Thunderbird profile would grow considerably.
So there's two choices. Either disable the global indexing and off line store or put the off line store somewhere else.
As the new search is a good tool, I've opted for the second - though I'll leave it up to the users as to whether they use the search tool or not.
The solution here is to add a couple of files to each machine running Thunderbird:
Firstly in the defaults/pref/ folder (/usr/lib/thunderbird-3.0.4/defaults/pref on linux , C:\Program Files\Thunderbird\defaults\pref on windows) I add a little file custom.js
The first of those settings means that you can write your config file in plain ASCII rather than a strange encoding and the second is the name of the custom config.
Next, the custom config goes in /usr/lib/thunderbird-3.0.4 for linux or C:\Program Files\Thunderbird for windows
I also take advantage of this to set the server directory for the IMAP folders to INBOX. as that gives the better layout of mailboxes in Thunderbird when talking to a Courier IMAP server.
On a Windows machine, I set the users' offline cache to being in the Local Settings part of their profile - this keeps it safe to the user but avoids it being synced to the server.
For a Linux machine, I set up an area called /opt/mailcache with the same kind of permissions as /tmp i.e. globally writable but with the sticky bit set. This has the result that individual users can't get at each others mail cache.
In our LTSP setup, /opt/mailcache will be excluded from the backup as there is no need to back this stuff up as it is simply a copy of what is already in the mailbox.
To reduce the size of roaming profiles (and therefore speed up login and log out) we have thunderbird profiles mapped to a directory within the users' login directory - and hence stored on the server. Thunderbird 3, automatically downloads copies of all the users' IMAP email to make both an offline cache and to index the mail for the new search facility.
This would mean that the server space used by the Thunderbird profile would grow considerably.
So there's two choices. Either disable the global indexing and off line store or put the off line store somewhere else.
As the new search is a good tool, I've opted for the second - though I'll leave it up to the users as to whether they use the search tool or not.
The solution here is to add a couple of files to each machine running Thunderbird:
Firstly in the defaults/pref/ folder (/usr/lib/thunderbird-3.0.4/defaults/pref on linux , C:\Program Files\Thunderbird\defaults\pref on windows) I add a little file custom.js
/* Custom local config */
pref("general.config.obscure_value", 0);
pref("general.config.filename", "custom.cfg");
The first of those settings means that you can write your config file in plain ASCII rather than a strange encoding and the second is the name of the custom config.
Next, the custom config goes in /usr/lib/thunderbird-3.0.4 for linux or C:\Program Files\Thunderbird for windows
//
/* This will disable indexation by default - can be enabled per user */
defaultPref("mailnews.database.global.indexer.enabled", false);
/* This will disable offline download by default */
defaultPref("mail.server.default.offline_download", false);
/* This will parse the prefs.js and set the directory for "offline_download" for each IMAP account */
if(getenv("USER") != "") {
// *NIX settings
var env_user = getenv("USER");
var env_home = getenv("HOME");
var env_os = "linux";
} else {
// Windows settings
var env_user = getenv("USERNAME");
var env_home = getenv("HOMEPATH");
var env_os = "windows"
}
if (getPref("mail.accountmanager.accounts")) {
var listExistingAccounts = getPref("mail.accountmanager.accounts");
var arrayExistingAccounts = listExistingAccounts.split(',');
for (var i=0; i < arrayExistingAccounts.length; i++){
var serverFromAccount = getPref("mail.account." + arrayExistingAccounts[i] + ".server");
var configType = getPref("mail.server." + serverFromAccount + ".type");
if (configType == "imap") {
defaultPref("mail.server." + serverFromAccount + ".offline_download", false);
lockPref("mail.server." + serverFromAccount + ".server_sub_directory", "INBOX.");
var serverName = getPref("mail.server." + serverFromAccount + ".hostname");
var userName = getPref("mail.server." + serverFromAccount + ".userName");
if (env_os == "windows") {
lockPref("mail.server." + serverFromAccount + ".directory", "[LocalAppData]Thunderbird/" + serverName + "/" + userName);
lockPref("mail.server." + serverFromAccount + ".directory-rel", "[LocalAppData]Thunderbird/" + serverName + "/" + userName);
}
if (env_os == "linux") {
lockPref("mail.server." + serverFromAccount + ".directory", "/opt/mailcache/" + env_user + "/" + serverName + "/" + userName);
lockPref("mail.server." + serverFromAccount + ".directory-rel", "/opt/mailcache/" + env_user + "/" + serverName + "/" + userName);
}
}
}
}
I also take advantage of this to set the server directory for the IMAP folders to INBOX. as that gives the better layout of mailboxes in Thunderbird when talking to a Courier IMAP server.
On a Windows machine, I set the users' offline cache to being in the Local Settings part of their profile - this keeps it safe to the user but avoids it being synced to the server.
For a Linux machine, I set up an area called /opt/mailcache with the same kind of permissions as /tmp i.e. globally writable but with the sticky bit set. This has the result that individual users can't get at each others mail cache.
In our LTSP setup, /opt/mailcache will be excluded from the backup as there is no need to back this stuff up as it is simply a copy of what is already in the mailbox.
Subscribe to:
Posts (Atom)