I often want to use an Xserver under Windows for connecting to a linux host.
After quite a while of using cygwin to acheive this, I discovered Xming which is based on the same xwindow code but is packaged specifically for providing a windows Xserver. Much simpler to use than installing and configuring cygwin which invariably involves editing the PATH variable on the windows machine and creating a suitable launch icon.
However, if your window manager on the client is KDE, you may well find that if you enable the clipboard support then the Xserver will hang immediately after login using XDMCP.
The solution to this is to edit your gdm.conf file and add the line
KillInitClients=false
in the [daemon] section
Restart gdm and you'll find that you can login and all will work.
Sunday 18 November 2007
Friday 16 November 2007
Internal modem on a Dell Inspiron 5100 under Linux
Following an incident where I was forced to use GPRS on my mobile to connect back to work I've finally got round to sorting out the modem connection on the Inspiron 5100 that I use for remote work so that I can use it under linux.
It comes with a PC Tel soft modem which doesn't just appear as a /dev/ttyS? port.
The solution is quite simple
apt-get install build-essential module-assistant sl-modem-source
m-a update
m-a prepare
m-a a-i sl-modem
apt-get install sl-modem-daemon
This detects the modem and symlinks it to /dev/modem
It comes with a PC Tel soft modem which doesn't just appear as a /dev/ttyS? port.
The solution is quite simple
apt-get install build-essential module-assistant sl-modem-source
m-a update
m-a prepare
m-a a-i sl-modem
apt-get install sl-modem-daemon
This detects the modem and symlinks it to /dev/modem
Monday 5 November 2007
Citrix Metraframe client on Linux
For a software demo we're having, I needed to install a Citrix Metaframe client. My desktop of choice is Linux and so I downloaded the linux version of the ICA client from http://www.citrix.com/English/SS/downloads/details.asp?dID=2755&downloadID=3323&pID=186
The software installed fine, as per the Admin guide, but there were a couple of extra bits needed.
Firstly the motif libraries. As I'm running debian etch, and there's no longer a debian version of the motif libraries, I had to download the .deb file for these from an old distro (sarge) and use dpkg to install it.
libmotif3_2.2.3-1_i386.deb was the file in question.
Then, having used Iceweasle (Firefox under any other name) to connect to the citrix box, I was getting 'You have not chosen to trust "Equifax Secure Global eBusiness CA-1", the issuer of the server's security certificate.' when launching one of the applications.
The solution was to go to
http://www.geotrust.com/resources/root_certificates/index.asp
and download the Equifax Secure Global eBusiness CA-1 certificates (note - use right click save as other wise you'll just be trying to install them in the browser) and then copy the files to
/usr/lib/ICAClient/keystore and restart Iceweasle
The software installed fine, as per the Admin guide, but there were a couple of extra bits needed.
Firstly the motif libraries. As I'm running debian etch, and there's no longer a debian version of the motif libraries, I had to download the .deb file for these from an old distro (sarge) and use dpkg to install it.
libmotif3_2.2.3-1_i386.deb was the file in question.
Then, having used Iceweasle (Firefox under any other name) to connect to the citrix box, I was getting 'You have not chosen to trust "Equifax Secure Global eBusiness CA-1", the issuer of the server's security certificate.' when launching one of the applications.
The solution was to go to
http://www.geotrust.com/resources/root_certificates/index.asp
and download the Equifax Secure Global eBusiness CA-1 certificates (note - use right click save as other wise you'll just be trying to install them in the browser) and then copy the files to
/usr/lib/ICAClient/keystore and restart Iceweasle
Thursday 1 November 2007
SMTP AUTH using exim and PAM
I want to use SMTP AUTH to enable road warriors to send though the office mail server - but I don't want yet another set of user names and passwords - so what I need is to use PAM to plug in to the existing Linux authentication mechanism.
This can actually be done quite easily with exim4 (the MTA that we use)
First of all, you'll want to be running the daemon-heavy debian version of exim with split up configuration files.
Then, in /etc/exim4/conf.d/auth add a local config file with:
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
You could rename these auth drivers if needed if they conflict with existing ones - or probably comment out the existing ones.
In /etc/exim4/conf.d/main set
MAIN_TLS_ENABLE = true
in a local config files (before the 03 TLS one) and
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
to only allow AUTH if TLS is running.
Then in /etc/pam.d create a config file for exim.
I have simply:
#
# The PAM config file for exim SMTP
#
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-password
@include common-session
To make it match everything else on the host but you could tailor.
You'll need a set of certificates for the TLS communication. Self signed ones can be produces by /usr/share/doc/exim4-base/examples/exim-gencert
The final step is to make Debian-exim a member of the shadow group so that it can read the shadow passwords and actually do the authentication.
One further change I do is to prevent authenticated mails from being scanned by spamassassin.
In the rcpt acl I add
Then in /etc/exim4/sa-exim.conf
SAEximRunCond: ${if and {{def:sender_host_address} {!match {$sender_host_address}{\N^(192\.168\.*)|(127\.0\.0\.1)$\N}} {!eq{$acl_m0}{do-not-scan}} } {1}{0}}
Which means that spamassassin won't be called for mail originating on the local network or with the acl_m0 header set to do-not-scan
This can actually be done quite easily with exim4 (the MTA that we use)
First of all, you'll want to be running the daemon-heavy debian version of exim with split up configuration files.
Then, in /etc/exim4/conf.d/auth add a local config file with:
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
You could rename these auth drivers if needed if they conflict with existing ones - or probably comment out the existing ones.
In /etc/exim4/conf.d/main set
MAIN_TLS_ENABLE = true
in a local config files (before the 03 TLS one) and
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
to only allow AUTH if TLS is running.
Then in /etc/pam.d create a config file for exim.
I have simply:
#
# The PAM config file for exim SMTP
#
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-password
@include common-session
To make it match everything else on the host but you could tailor.
You'll need a set of certificates for the TLS communication. Self signed ones can be produces by /usr/share/doc/exim4-base/examples/exim-gencert
The final step is to make Debian-exim a member of the shadow group so that it can read the shadow passwords and actually do the authentication.
One further change I do is to prevent authenticated mails from being scanned by spamassassin.
In the rcpt acl I add
# Prevent auth users from being scanned by Spamassassin
warn authenticated = *
set acl_m0 = do-not-scan
Then in /etc/exim4/sa-exim.conf
SAEximRunCond: ${if and {{def:sender_host_address} {!match {$sender_host_address}{\N^(192\.168\.*)|(127\.0\.0\.1)$\N}} {!eq{$acl_m0}{do-not-scan}} } {1}{0}}
Which means that spamassassin won't be called for mail originating on the local network or with the acl_m0 header set to do-not-scan
Subscribe to:
Posts (Atom)