If you're running XP with the "chooser" login method, you can hide certain accounts from the list so that you have to do Ctrl-Alt-Del to login as them
Use regedit to access the registry and browse to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Add a DWORD in there who's name is the user name in question with a value of 0
Tuesday 30 October 2007
Tuesday 23 October 2007
Producing encoded URLs with CGI.pm
I was in need of some URLs with the special characters (like space, & etc) escaped. They contain parameters that are being read from a database which are text search strings.
It turns out that the escape() function in CGI.pm will do what is needed - but it's not a standard function that is available when you just use CGI. You have to
use CGI qw/escape /;
to make the function available.
It turns out that the escape() function in CGI.pm will do what is needed - but it's not a standard function that is available when you just use CGI. You have to
use CGI qw/escape /;
to make the function available.
Monday 22 October 2007
Web browser built in search engine links
We've started investigating linking the GoodnessDirect search page into the search box found on browsers like Firefox 2 and Internet Explorer 7.
The technique for this is actually really simple. You create an XML file to the OpenSearch standard, host it on your web server and add a reference to that in the head of your web pages.
The XML file looks something like this:
One little snag we hit was that our site makes a lot of use of extended path info as processed by Apache. This is fine with searches that are just single words or words with single spaces between them, but each space is translated into a + and the resulting ++ of two spaces causes the CGI processor to get upset. So we changed to using GET parameters for this and all is well.
The suggestionsURL above is used to produce some suggestions for the drop down box you get in the search bar. It's up to you as to how you handle this and you simply return a JSON array with the results such as:
["tofu",["tofu", "tofutti", "tofutti rock n roll cones 4x110ml", "tofutti rock 'n roll non-dairy ice cream cake 700ml", "tofutti organic vanilla non-dairy frozen dessert 750ml", "tofutti mango & passion fruit non-dairy frozen dessert 750ml", "tofutti organic strawberry non-dairy frozen dessert 750ml", "blue dragon tofu, firm silken style 349g", "taifun graffiti tofu terrine 200g", "danival organic tofu ravioli 670g", "danival organic lentils and tofu with vegetables 525g", "tofutti sour supreme 227g"],[],[]]
the first item is the term that the user entered, then you have an array of suggestions, then an optional array of descriptions of the suggestions, then an optional array of urls for the array.
The technique for this is actually really simple. You create an XML file to the OpenSearch standard, host it on your web server and add a reference to that in the head of your web pages.
The XML file looks something like this:
<?xml version="1.0" encoding="UTF-8" ?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"
xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<shortname>EngineName</shortname>
<description>EngineDescription</description>
<inputencoding>UTF-8</inputencoding>
<image width="16" height="16">ImageData</image>
<url type="text/html" method="GET" template="searchURL?query={searchTerms}">
<Url type="application/x-suggestions+json" method="GET"
template="suggestionsURL?search={searchTerms}" />
<moz:searchform>searchPageURL</moz:SearchForm>
</opensearchdescription>
One little snag we hit was that our site makes a lot of use of extended path info as processed by Apache. This is fine with searches that are just single words or words with single spaces between them, but each space is translated into a + and the resulting ++ of two spaces causes the CGI processor to get upset. So we changed to using GET parameters for this and all is well.
The suggestionsURL above is used to produce some suggestions for the drop down box you get in the search bar. It's up to you as to how you handle this and you simply return a JSON array with the results such as:
["tofu",["tofu", "tofutti", "tofutti rock n roll cones 4x110ml", "tofutti rock 'n roll non-dairy ice cream cake 700ml", "tofutti organic vanilla non-dairy frozen dessert 750ml", "tofutti mango & passion fruit non-dairy frozen dessert 750ml", "tofutti organic strawberry non-dairy frozen dessert 750ml", "blue dragon tofu, firm silken style 349g", "taifun graffiti tofu terrine 200g", "danival organic tofu ravioli 670g", "danival organic lentils and tofu with vegetables 525g", "tofutti sour supreme 227g"],[],[]]
the first item is the term that the user entered, then you have an array of suggestions, then an optional array of descriptions of the suggestions, then an optional array of urls for the array.
Wednesday 17 October 2007
CUPS and lpd jobs
On a couple of occasions I've updated CUPS print servers that are receiving jobs by lpd (one from OpenVMS and one from SCO OpenServer)
In both instances the jobs are simple plain text just to be thrown out again, usually to a dot matrix printer.
Some gotchas occurred in both cases!
Firstly, as of CUPS 1.2, the default is for banner pages to be printed on lpd received jobs. This is compounded by the fact that the banners are postscript and I'm sending jobs on raw to dot matrix printers - which don't make a great job of interpreting postscript!
The solution for that one is to amend the line in inetd.conf which runs the cups lpd server to look like:
printer stream tcp nowait lp /usr/lib/cups/daemon/cups-lpd cups-lpd -o job-sheets=none,none -o document-format=text/plain
thereby forcing the lack of banners and the document format.
The other problem I had was in the set up that receives jobs from the SCO box. This was a CUPS authentication issue. The lpd daemon calls CUPS to inject print jobs, but doesn't do any authentication as it does so. So the areas that it needs access to (/printers and /jobs) need to be able to be accessed without authentication.
The cupsd.conf for the server in question had:
<Location /jobs>
AuthType Basic
AuthClass User
</Location>
Thereby requiring authentication for /jobs which the lpd daemon wasn't passing on.
In both instances the jobs are simple plain text just to be thrown out again, usually to a dot matrix printer.
Some gotchas occurred in both cases!
Firstly, as of CUPS 1.2, the default is for banner pages to be printed on lpd received jobs. This is compounded by the fact that the banners are postscript and I'm sending jobs on raw to dot matrix printers - which don't make a great job of interpreting postscript!
The solution for that one is to amend the line in inetd.conf which runs the cups lpd server to look like:
printer stream tcp nowait lp /usr/lib/cups/daemon/cups-lpd cups-lpd -o job-sheets=none,none -o document-format=text/plain
thereby forcing the lack of banners and the document format.
The other problem I had was in the set up that receives jobs from the SCO box. This was a CUPS authentication issue. The lpd daemon calls CUPS to inject print jobs, but doesn't do any authentication as it does so. So the areas that it needs access to (/printers and /jobs) need to be able to be accessed without authentication.
The cupsd.conf for the server in question had:
AuthType Basic
AuthClass User
Thereby requiring authentication for /jobs which the lpd daemon wasn't passing on.
Friday 12 October 2007
IPCop with Cop+ filtering
IPCop is a simple to install linux based firewall solution. You can add a content filtering proxy to it in the form of Dansguardian by adding a package called Cop+. However, the default IPCop set up doesn't include much swap space - it tends not to need much memory. Dansguardian is a bit memory hungry due to all the data it has to use to do the filtering so you can end up running out.
I use the following to make sure that there's sufficient swap space available
swapoff -a # turn off existing swap space
dd if=/dev/zero of=/swapfile bs=1024 count=524288 # rewrite the swap file to 512Mb
mkswap /swapfile # format the new swap file
swapon /swapfile # turn on the new swap space
With this set up I haven't run into any memory issues.
I use the following to make sure that there's sufficient swap space available
swapoff -a # turn off existing swap space
dd if=/dev/zero of=/swapfile bs=1024 count=524288 # rewrite the swap file to 512Mb
mkswap /swapfile # format the new swap file
swapon /swapfile # turn on the new swap space
With this set up I haven't run into any memory issues.
Wednesday 10 October 2007
Samba 3 SID issue
When I first migrated a machine to Samba 3 I had all sorts of fun with picking up the old user profiles. The SID of the machine was stubbornly refusing to be what it should be and looking at the output of smbclient -L, the machine was in it's own "domain" rather than the correct one.
Eventually, I found that by setting "workgroup" to the domain name and "netbios name" to the host name, it behaved itself and properly created users with the right SID.
The other gotcha is that if you ever change the workgroup or netbios name then the SID is regenerated. So for porting profiles from one machine to another, the trick is to get these settings in smb.conf correct first, restart samba, then stop samba, copy secrets.tdb between the machines and then start it up again. That way you can migrate the domain SID around safely and the old user profiles continue to work.
Eventually, I found that by setting "workgroup" to the domain name and "netbios name" to the host name, it behaved itself and properly created users with the right SID.
The other gotcha is that if you ever change the workgroup or netbios name then the SID is regenerated. So for porting profiles from one machine to another, the trick is to get these settings in smb.conf correct first, restart samba, then stop samba, copy secrets.tdb between the machines and then start it up again. That way you can migrate the domain SID around safely and the old user profiles continue to work.
Amanda essentials on Debian etch
The version of amanda that ships with Debian etch has got a bit more sophisticated in it's authentication.
Out of the box, it doesn't let you restore with amrecover. Here's the changes I've had to do to make it work.
Firstly, in /etc/inetd.conf the amanda service lines change to:
amandaidx stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amindexd -auth=bsd amdump amindexd amidxtaped
amidxtape stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amidxtaped -auth=bsd amdump amindexd amidxtaped
amanda dgram udp wait backup /usr/sbin/tcpd /usr/lib/amanda/amandad -auth=bsd amdump amindexd amidxtaped
inetd then needs restarting to pick up this change
Then in /etc/amandahosts, "amindexd amidxtaped" needs adding to any lines giving root access to do the restore
Out of the box, it doesn't let you restore with amrecover. Here's the changes I've had to do to make it work.
Firstly, in /etc/inetd.conf the amanda service lines change to:
amandaidx stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amindexd -auth=bsd amdump amindexd amidxtaped
amidxtape stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amidxtaped -auth=bsd amdump amindexd amidxtaped
amanda dgram udp wait backup /usr/sbin/tcpd /usr/lib/amanda/amandad -auth=bsd amdump amindexd amidxtaped
inetd then needs restarting to pick up this change
Then in /etc/amandahosts, "amindexd amidxtaped" needs adding to any lines giving root access to do the restore
Tuesday 9 October 2007
Virtual Machines
One of my recent investigations has been into using Virtual machines (tried both Xen and VMware) to consolidate some services and get rid of some ancient stand alone windows machines.
I've now got rid of three windows machines and replaced them by two VMware machines. The host is a Debian etch box and the guest is a windows XP machine.
One of the key issues for what I've wanted to do is providing the right hardware to the guest machines. In particular, one of them needs a parallel port for a dongle and three serial ports for modems and a data logger. The parallel port wasn't a problem as VMware can pass through the native port on the host machine. For the serial ports one of the added complications was that two of them need to be at quite a distance from the host. So, I've got hold of some Perle IOLan DS single port terminal servers. These have a mode of operation called Trueport where they can provide a virtual serial port to a remote computer. If you combine these with PoE splitter units (I've got the ones by Level One - very nice little boxes that will give you 5, 7.5, 9 or 12 V out to power your device) then you get a remote serial port anywhere on your network.
So far I've got this method working for the data logger and one of the modems. The other modem is being a little more stubborn. It would appear that there's some kind of issue with windows dialup networking and this way of connecting a modem that isn't entirely happy. So for now, the dialup networking modem is connected to the serial port on the host which is being passed through to the guest.
I've now got rid of three windows machines and replaced them by two VMware machines. The host is a Debian etch box and the guest is a windows XP machine.
One of the key issues for what I've wanted to do is providing the right hardware to the guest machines. In particular, one of them needs a parallel port for a dongle and three serial ports for modems and a data logger. The parallel port wasn't a problem as VMware can pass through the native port on the host machine. For the serial ports one of the added complications was that two of them need to be at quite a distance from the host. So, I've got hold of some Perle IOLan DS single port terminal servers. These have a mode of operation called Trueport where they can provide a virtual serial port to a remote computer. If you combine these with PoE splitter units (I've got the ones by Level One - very nice little boxes that will give you 5, 7.5, 9 or 12 V out to power your device) then you get a remote serial port anywhere on your network.
So far I've got this method working for the data logger and one of the modems. The other modem is being a little more stubborn. It would appear that there's some kind of issue with windows dialup networking and this way of connecting a modem that isn't entirely happy. So for now, the dialup networking modem is connected to the serial port on the host which is being passed through to the guest.
Subscribe to:
Posts (Atom)