Sunday, December 28, 2008

Change Windows Live ID to Gmail Address

Update: I managed to change my windows live ID to my gmail address as of 3/4/2009, therefore the post below is no longer relevant. However, the verification e-mail from windows live to my gmail was filtered into the spam folder. I'm not sure who to blame for that.

Can you? I can't. I failed in several attempts to change my windows live ID through the following link: although I had been using my own email address as a Live ID.

The fact is I couldn't change it to a gmail address as I'd like to. Below is the screen shot of the results after I click on the Save button. It always complains that "There's a temporary problem with the service. Please try again. If you continue to get this message, try again later." (highlighted in pink). The actually email addresses were masked for privacy reason.

Note it's quite interesting that the green text says The Windows Live ID for my gmail address is available when I click on the Check availability button.

Saturday, December 20, 2008

Dnsmasq config

Add into file /etc/dnsmasq.conf
If the dnsmasq is running at the router/gateway, add the following into file /etc/dhclient-enter-hooks
make_resolv_conf() {
echo "doing nothing to resolv.conf"

if [ -n "$new_domain_name_servers" ]; then
[ -n "$new_domain_name" ] && echo search $new_domain_name >$CUSTOM_RESOLV_CONF
for nameserver in $new_domain_name_servers; do
echo nameserver $nameserver >> $CUSTOM_RESOLV_CONF

Othewise add the following into file /etc/dhclient-enter-hooks
make_resolv_conf() {
echo "doing nothing to resolv.conf"

Thursday, December 18, 2008

dumppo rocks

My dell PE 400SC had a problem of being unable to enter S3 sleep state although I selected S3 in the BIOS. I didn't know that's a problem of MS windows until I read this article.

I downloaded the recommended tool called dumppo from this site (right click on dumppo.exe then click Save Link As...).

When I checked my system by running the command dumppo ac
Min sleep state......: S1
Max sleep state......: S1
Reduced latency.sleep: S1

No wonder it doesn't enter S3 sleep state. Then I ran the command dumppo admin minsleep=s3 and checked again with dumppo ac
Min sleep state......: S3
Max sleep state......: S3
Reduced latency.sleep: S1

After that, it enters S3 like a charm and its power consumption at standby is reduced to 4W from 52W (what a difference). Now it will only wake up by pushing the power button.

Sunday, November 23, 2008

Iptables and iproute2

  1. Declaration of variables in shell script:

    RHOST=remote hostname
    RIP=`getent hosts $RHOST |cut -d' ' -f1`
    WANIP=`ip addr list $WAN |grep "inet " |cut -d' ' -f6|cut -d/ -f1`
    #cat /etc/iproute2/rt_tables
    # reserved values
    255     local
    254     main
    253     default
    0       unspec
    # local
    8       vpn
  2. Routing based on destination port and IP address (required route to the remote IP is via a VPN tunnel interface). I first modified the script /etc/vpnc/vpnc-script to limit its *_route functions only updating the routing table $TBL.

    Since the NAT clients need to connect to the remote desktop service of RIP via the tunnel, their packets should be mangled before routing/forwarding when they arrive at the PREROUTING chain:
    iptables -t mangle -A ${CHAIN} -p $PROT -d $RIP --dport $WANPORT -j MARK --set-mark 1
    #iptables -t mangle -A ${CHAIN} -m mark --mark 1 -j LOG --log-level DEBUG --log-prefix "fwmark 1: "

    The packets originated from the router will most likely arrive at the WAN interface and the OUTPUT chain of mangle table after the routing decision is made by kernel according to the table 3-2 of this article. Therefore their routing are not affected. In order to make it work, the packets need to arrive at the LAN interface and the OUTPUT chain of the mangle table.
    iptables -t mangle -A ${CHAIN} -p $PROT -d $RIP --dport $WANPORT -j MARK --set-mark 1
    #iptables -t mangle -A ${CHAIN} -m mark --mark 1 -j LOG --log-level DEBUG --log-prefix "fwmark 1: "

    This can be achieved by binding the socket to the LAN interface first then send the packets.
    #IP address of the LAN interface
    my $raddr = inet_aton("");
    # create and bind the socket
    my $proto = getprotobyname('tcp');
    socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
    bind(SOCKET, pack_sockaddr_in(0, $raddr)) or die "bind: $!";

    All the marked packets will then be routed by the following rule:
    ip rule del prio $PRIO
    ip rule add prio $PRIO from fwmark 1 table $TBL

    #ip rule
    0: from all lookup local
    500: from all fwmark 0x1 lookup vpn
    32766: from all lookup main
    32767: from all lookup default

    #ip route show table vpn
  3. Block Ping requests from WAN:
    iptables -A INPUT -p icmp --icmp-type 8 -i $WAN -m state --state NEW,ESTABLISHED,RELATED -j DROP
  4. Check log target of iptables:
    iptables -n -L -v|grep -i log
    cat /etc/shorewall/policy
    #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST      
    loc     net     ACCEPT
    loc     fw      ACCEPT
    fw      loc     ACCEPT
    fw      net     ACCEPT
    #net    all     DROP    info
    #Disable logging of dropped packets
    net     all     DROP
    all     all     REJECT  info

Saturday, November 15, 2008

Enable NAT through tun0 (VPN) by iptables or shorewall

Assuming the interface WAN is used to connect to internet and interface VPN is created by VPN client
#Enable packet forwarding to function as a router
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --append FORWARD --in-interface $LAN -j ACCEPT
#Enable MASQUERADE to function as a NAT router
iptables --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface $VPN -j MASQUERADE

With shorewall, I had the following instead:
net tun0 detect

#INTERFACE              SOURCE          ADDRESS         PROTO   PORT(S) IPSEC   MARK

Thursday, October 30, 2008

PyUNO broken in OOo 3.0 with system-python

The issue was reported at here. And the solution is also there. I had to add the following lines to the beginning of the scripts and that come with KnowledgeTree to make them work with 3.0 of Mandriva 2009.0:

import os

Otherwise both scripts will throw out the following error:
AttributeError: loadComponentFromURL

Saturday, October 25, 2008

LILO with /boot on a Raid 1 mirror

  • I ran mcc in Mandriva 2009.0 and selected /dev/md0 as the Boot Device. The lilo.conf generated is shown below:

#disk=/dev/sdb bios=0x80

  • To migrate a OS partition from a non-raid drive to a raid volume, one must reinstall lilo after the partition was cloned. And that has to be done after chroot: (assuming the new raid volume is mounted in /mnt/newsys)
    chroot /mnt/newsys
    mount /proc
    lilo -H

    Otherwise lilo will fail to boot.
Lilo.conf man page

Thursday, October 23, 2008

Mod_authnz_ldap cause Apache2 to dump core

I installed mod_authnz_ldap on Mandriva 2009.0 with urpmi apache-mod_ldap and only got httpd to dump core every time I tried to authenticate with openldap server. Later I found urpmi didn't install a required library apr-util-dbd-ldap when it installed apache-mod_ldap. So the fix is to run urpmi apr-util-dbd-ldap.

I had the following settings in /etc/httpd/modules.d/47_mod_authnz_ldap.conf:

AuthType basic
AuthName "Restricted area"
AuthBasicProvider ldap
AuthLDAPBindDN "uid=ldap,dc=example,dc=com"
AuthLDAPBindPassword secret
AuthLDAPURL "ldap://server/ou=people,dc=example,dc=com?uid?one"
Require valid-user

Tuesday, October 14, 2008

dotproject default user role for LDAP

Default user role can be changed in file classes/authenticator.class.php
LDAP users are created in function createsqluser the first time they log in. So the line to modify is
$acl->insertUserRole($acl->get_group_id('anon'), $this->user_id);
update it to
$acl->insertUserRole($acl->get_group_id('normal'), $this->user_id);

Thursday, October 9, 2008

Apache serve Subversion with LDAP authentication

Apache2 modules apache-mod_dav and apache-mod_dav_svn are required to serve Subversion by httpd. I also installed apache-mod_ldap as well as apr-util-dbd-ldap to authenticate against a openldap server.

DAV svn
SVNParentPath /home/apps/svnrepo
SVNListParentPath on
Order deny,allow
Deny from all
allow from 192.168.
AuthType basic
AuthName "Restricted area"
AuthBasicProvider ldap
AuthLDAPBindDN "uid=ldap,dc=example,dc=com"
AuthLDAPBindPassword secret
AuthLDAPURL "ldap://server/ou=people,dc=example,dc=com?uid?one"
Require valid-user

Using ldapi://

OpenLDAP needs to be configured to accept conections via ldapi://, a local unix socket. This is done in the /etc/sysconfig/ldap file. Change the SLAPD URL list to the following:

# SLAPD URL list
SLAPDURLLIST="ldap:/// ldaps:/// ldapi:///"

OpenLDAP will need to be restarted, of course.

A great reference on cyrus SASL and LDAP

Thursday, October 2, 2008

Enable UNC file link access in Firefox

Close firefox, add the following lines to Program files/Mozilla Firefox/defaults/pref/firefox.js and restart Firefox
pref("capability.policy.policynames", "localfilelinks");
pref("capability.policy.localfilelinks.sites", "");
pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");

Click here for more information.

Wednesday, October 1, 2008

Samba 3 user authentication against OpenLDAP server

Samba 3 daemon is running on the same host as the LDAP server (openldap 2.4) and only the following settings related to LDAP are added into /etc/samba/smb.conf:

passdb backend = ldapsam:ldap://
#Specifies the base for all ldap suffixes and for storing the sambaDomain object
ldap suffix = dc=examples,dc=com

ldap ssl = off
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap delete dn = no
ldap admin dn = cn=manager,dc=examples,dc=com
# You will need to give samba the password for this dn, by
# running 'smbpasswd -w mypassword'

Then run testparm to make sure the smb.conf file is OK. New Samba users can be added to the LDAP directory by running the command "pdbedit -a -u username" if username exists in the system (e.g. /etc/passwd). Otherwise run "useradd username" first.

At the LDAP server, there's an entry sambaDomainName=XXX,dc=examples,dc=com created by pdbedit. Note XXX must be the netbios name of the Samba server. It has an attribute sambaSID=S-YYY which is required. The Samba user entry created by pdbedit has the following attributes:

objectClass: sambaSamAccount
sambaAcctFlags: [U ]
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
sambaPwdLastSet: 1222817828

Note the sambaPwdLastSet attritube is required for the windows client to authenticate properly. Otherwise net use would report the following error:

System error 1907 has occurred.
The user's password must be changed before logging on the first time.

If the pwdInHistory attribute of the Password policy under cn=default,ou=password policies is set and a user is trying to change his password to one stored in history in windows, he'll receive an error message like the following:
Your password must be at least x characters; cannot repeat any of your previous x passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.

The required attributes can be easily added to all the user account entries with the perl module Net::LDAP

Close unwanted SAMBA or NTLM sessions in Windows

As an administrator, type in CMD
  1. net stop WORKSTATION then Y then N.

  2. net use /persistent:no
    net use * /delete /yes

Any of the methods above will close all remote connections this computer made as client. Then type the in CMD
net use \\Server\share * /user:username

Sunday, September 21, 2008

Firefox 3 won't start after upgrade

The system is windows XP with SP3 and after upgrade from an earlier version, Firefox 3 won't start. It crashes immediately after I type the "firefox" command in a CMD window before showing the browser window or an error message.

After a search in the internet, I found the problem is similar to what's described here: Firefox 3 will not start if you have not set the Profile Manager to automatically start Firefox with a selected profile. As a workaround, open the Profile Manager, select a profile, place a check mark in the "Don't ask at Startup" option and then start Firefox with that profile, to set it as the default.

This worked for me. I just type in "firefox -p" in the Start->Run window to start the Firefox profile manager,and the following window appears:

I then clicked on the button "Start Firefox" and the familiar firefox browser window shows up again!

Wednesday, August 20, 2008

Fedex home delivery/ground location at Durham NC

2530 S Tricenter Blvd
Durham, NC 27713

A couple of miles north of NC HWY54 on Alston Ave. Right after passing the "Wagnert" junk yard.
Call to hold at location first.

Friday, July 18, 2008

Unable to change Power State of 802.11 wireless radio

The Fn+F5 key combination of my thinkpad X31 suddenly stopped working and kept giving an error dialog saying that: Unable to change Power State of 802.11 wireless radio.

I recalled I did change the configuration of my intel wireless 2100 3B adaptor recently and disabled a couple of protocols from its driver listing. After I enabled the "WLAN Transport" protocol as shown in the screenshot below, the Fn+F5 key worked again! It seems the hardware driver relys on WNMP to switch the power of the wireless radio.

Friday, July 4, 2008

Make ATS 6011S work with Stanaphone-IN

After my old PAP2 ATA died, I tried to make my ATS 6011s work with Stanaphone since I can use Voipbuster from my cell phone with its local access number. The WAN port of 6011s is connected to one of the LAN ports of my router as is PAP2.

The HTTP server listening port of the built-in router is 8080 instead of the standard port 80.

The following was obtained from Ref 1 after a search in the internet:
Login: user/welcome - Regular user login that changes router settings
Login: tech/kaboom - Administrative that also adds voice changes

I set the NAT WAN Address to the WAN IP address of my router and NAT WAN Port to 5060 in the voice setup as shown below (click to enlarge):

I also forwarded the SIP and RTP ports to the ATA and set an IP filter to block its provisioning on my D-link router as shown below:

Then I did a reset of the unit from the handset "VOIP Settings->Reset" menu and waited for a few minutes. After it restarted with the above setting, the SIP status became "Needs Restart" as shown below, but I can receive incoming calls on my Stanaphone-IN number and call out too.


Wednesday, July 2, 2008

My PAP2 stopped working

The VOIP ATA LinkSYS PAP2 at my home stopped working today. It has been working without any problems for more than 2 years since Oct. 2005. Now neither FXS port has dial tone any more although both lines appear online on its web interface. The two LEDS for the line status are both solid blue on the unit. I think the analog telephony chip which connects to the two FXS ports must be dead.

I ordered a PAP2T-NA as a replacement for ~$50 (including shipping) from Telephony depot. The model number on the box says PAP2T-NA but the sticker on the back of the unit says PAP2T. Anyway, after plugging into my home network, I can access its web server immediately:
  • DHCP is enabled
  • Blank passwords for user and admin
  • Provision is enabled with blank GPP-K value
  • On the info page under Product Information:
    • Product Name: PAP2T
    • Software Version: 3.1.15(LS)
    • Hardware Version: 0.3.5
The web interface is essentially identical to that of PAP2. So I changed the passwords and upgraded its firmware to the latest official version 5.1.6(LS) obtained from Linksys website after selecting "Version 1.0".

Saturday, June 28, 2008

SATA card on Dell Poweredge 600SC for Linux

Koutech PSA150

Would you recommend the product? yes | Price paid?: $13.99 | Rating: 9

Kernel (uname -r):
Distribution: Mandriva

PCI v2.2 compliant so I think it works with 3.3V PCI slot.

After plugging it into the sole PCI slot of Dell Poweredge 600SC, the system booted without the need to install any driver and it just worked as shown from lspci -v -nn:

00:03.0 RAID bus controller [0104]: Silicon Image, Inc. SiI 3512 [SATALink/SATARaid] Serial ATA Controller [1095:3512] (rev 01)
Subsystem: Silicon Image, Inc. SiI 3512 SATARaid Controller [1095:6512]
Flags: bus master, 66MHz, medium devsel, latency 32, IRQ 17
I/O ports at ecb8 [size=8]
I/O ports at ecb0 [size=4]
I/O ports at eca0 [size=8]
I/O ports at ec98 [size=4]
I/O ports at ec80 [size=16]
Memory at fe122000 (32-bit, non-prefetchable) [size=512]
Expansion ROM at fe000000 [disabled] [size=512K]
Capabilities: [60] Power Management version 2

The system was installed on a PATA drive and I didn't go into the bios of the card. Linux recognized the two distinct drives as /dev/sda and /dev/sdb. Since it's only fakeraid I configured it using Linux software RAID. And it seems to be working great.

Updates: Kernel upgraded to 2.6.26-server-0.rc8.1mnb
lsmod | grep ata
pata_serverworks 10624 0
sata_sil 11528 2
libata 152096 2 pata_serverworks,sata_sil
scsi_mod 136908 3 sd_mod,sg,libata
dock 11664 1 libata

Tuesday, June 24, 2008

Linux can't complete boot after migrating the root to a raid 1 volume

  • Reinstall Lilo to the MBR of the raid drives
  • I saw the following error after I migrated the / to a raid 1 /dev/md1
    setuproot: moving /dev failed No such file or directory
    setuproot: error mounting /proc: No such file or directory
    setuproot: error mounting /sys: No such file or directory
    switchroot: mount failed: No such file or directory

    It's because the old initrd.img might not invoke the mdadm command or the kernel module for the SATA controller to start the md array before accessing the root file system. This can be verified by
    lsinitrd /boot/initrd.img | grep mdadm
    lsmod | grep sata
    lsinitrd /boot/initrd.img | grep libata

    What I did is to reboot with a repair system, and type the following commands:
    mount /dev/md0 /mnt
    chroot /mnt
    mount /proc
    mount -n -t sysfs /sys /sys
    mv /boot/initrd.img /boot/initrd.backup
    mkinitrd -f --preload=libata --preload=scsi_mod /boot/initrd.img
    Then reinstall Lilo if necessary.
  • The content of the initrd.img file may be extracted by the following command
    gunzip < /boot/initrd.img | cpio -i --make-directories
  • Check the content of /dev folder before it's mounted as /dev. If there are any md* entries, delete them. Otherwise it may not boot successfully.
  • The libary package was in compatible with the upgraded e2fsprogs package. But the partition only needed check because the maximum mount count was exceeded. So in the "Repair Filesystem" mode, root can do the following:
    1. disable the fsck on a partition by running the command
      dumpe2fs -h /dev/hda1 | grep 'ount count'
      tune2fs -c 0 -i 0 /dev/hda1

      Reboot and no fsck error whatsoever.

    2. Remount the / to read and write
      mount -o remount,rw /
  • Create the software raid 1 with two sata drives

    1. mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
    2. Run diskdrake to set the mount point for /dev/md0 and mount it
    3. mdadm --examine --scan /dev/sda1 >> /etc/mdadm.conf
    4. Change the partition label with e2label /dev/md0 /home
    5. Manually start the array with mdadm -As /dev/md0
    6. Add auto=yes to the end of every ARRAY clause in /etc/mdadm.conf
    7. Add HOTPLUG_RC_scsi=yes into /etc/sysconfig/hotplug

    1. Mandriva Initscripts
    2. Choosing a Mandriva Kernel

Thursday, May 29, 2008

Clone PATA to SATA hard drive in windows XP

Acronis True Image is a very good software for clone hard drives. I forgot to detach the old PATA drive before booting from the new SATA drive and that caused me a lot of trouble. WinXP seems to keep all the assigned drive letters on the old PATA drive and the SATA drive didn't get the correct drive letter assigned to its boot partition as stored in the registry.

Then the following happened after the old PATA drive was removed: After you try to log on to your Windows by using a valid user name and password, the Loading your personal settings dialog box is displayed, followed by the Saving your settings dialog box. However, the desktop does not appear, and the Welcome to Windows logon screen is displayed again.

I searched the internet and found the following MS KB article #1. The articel provides 5 solutions to this problem. And I tried solution 3 with remote registry and removed the full path to the Userinit.exe entry. It worked and I was able to log onto windows again! I then performed the steps described in the following MS KB article #2 to re-assign the proper drive letter to my boot partition and reboot.

Sunday, May 18, 2008

Using Cygwin

  • rgrep -R '*.h' VM86 .
  • bash: $'\r': command not found
cd /etc/profile.d
dos2unix *.sh

PassivePorts 65200 65249

<Limit LOGIN>
Order allow,deny
Allow from 192.168.0.
Deny from all

#Configuring ProFTPD behind a NAT

Thursday, April 24, 2008

Slow while connecting to XINETD servers

  1. Check the file /etc/sysconfig/network-scripts/ifcfg-eth0 first, then the file /etc/resolvconf/run/interface/eth0. If the service resolvconf is running, check /etc/resolvconf/resolv.conf.d/tail to make sure only is listed as nameserver (named running on the localhost). Otherwise run the following commands to stop resolvconf then edit /etc/resolv.conf
    service resolvconf stop
    chkconfig --del resolvconf

  2. Add a reverse lookup zone for to /etc/named.conf of the nameserver
    zone "" {
    type master;
    file "reverse/named.intranet";

    Then run the following command:
    service named restart

Tuesday, April 8, 2008

Completely disable internet explorer in windows

What I did is to start windows in safe mode and go to folder C:\Program Files\Internet Explorer then do the following steps:
  2. Create a subfolder with name IEXPLORE.EXE.
  3. Restart windows in normal mode
This process is undoable.

Make Money plus SP1 update go through

Go to folder c:\Program Files\Microsoft Money Plus\MNYCoreFiles and double click on daupdate.exe without money opened. Let the update go threw and then reopen money.
If that doesn't work, try the daupdate.exe in the MNYCoreFiles.New folder.

Sunday, March 23, 2008

Make Adobe reader 8 work with Firefox

What I did was to uncheck the option "Dispaly PDF in browser" in Adobe reader as shown in the following screen shot (ctrl-K for the window):

Thursday, March 6, 2008

Make slow outlook 2007 run faster

Outlook 2007 has been running slow since I got it. I installed SP1 and keep it updated but it's still slow, especially when I Click Calendar or Contacts button in the navigation pane from Mail. That switch usually needs half to one minute to complete, which is too long for me.

I found that can be changed after I run outlook in safe mode: start -> Run dialog and type outlook /safe, in which I don't need to wait at all if I switch from Mail to Calendar or Contacts. And that was the case even after I ran outlook in normal mode later. The key is to run outlook in safe mode once then close it.

If the above trick stops working reliably, I would open the Outlook Add-ins manager by clicking the menu item Tools->Trust Center... Then click the second item on the left pane which is Add-ins. Then click the Go... button near the bottom on the right pane. The next step is to Disable all COM Add-ins, especially the Business Contact Manager for Outlook. The last step is to restart outlook and it works again.

Updates: Install the Office 2007 Service Pack 2 and I believe MS finally found the cure for the slow outlook. With the Office 2007 SP2, it now takes me less than a second to switch among Mail, Contacts and Calendar.

Another command that may be useful is outlook /cleanrules
This command can remove corrupt mail rules and alerts.