The question comes up on the ProLinux email list every now and then:
"how do I set up a Samba Server to act as a Primary Domain Controller (PDC)
for my Windows domain." While I don't have step-by-step instructions written
up, I do have a working smb.conf file (I have successfully set up PDC's in 
Samba at 3 client sites using this same basic smb.conf file). I'm happy to
share the file to get you started.
	
	In addition to smb.conf, I've written some helper scripts for adding
and removing users and machines.
	
	To get this working the way I have, you'll have to add the following 
groups (man groupadd): "machines", "user", and "admins". On my machine, the 
commands to issue are (but I've seen different versions of groupadd):
	
	$ sudo -s
	# groupadd users
	# groupadd machines
	# groupadd admins
	
	You'll also have to create the samba share directory structure. To
mirror what I've done (and you won't want to create all these directories,
but I include them here because they exist in the smb.conf file - you'll want
to edit the smb.conf to reflect the shares *you* want, and then only create the
directories below that make sense for you), issue the following commands:

	# mkdir --parents /var/local/samba
	# cd /var/local/samba
	# mkdir home install netlogon old-users profiles old_qa peachtree sbs userdata
	# chown administrator:users *

	The important directories to have created are home, install, netlogon,
old_users, and profiles. The others are specific to this one client of mine.

	Now, copy my smb.conf into /etc/samba/smb.conf, and my helper scripts
into /root/scripts. Start up the smb server (/etc/init.d/smbd start) and if no
errors occur, run the following commands:

	# cd /root/scripts
	# chmod 755 *
	# ./createAdministrator

	For each machine in your network, run the addMachine script, passing it the
machine name. IOW, if you have 3 Windows machines named 'C1', 'C2', and 'C3', issue:

	# ./addMachine C1 C2 C3

	For each user that needs a login, run the addUser script, passing it the
user name(s). For example, if you have users 'Ed', 'Paul', 'John', and 'Stefano',
issue:

	# ./addUser Ed Paul John Stefano

	Note that the addUser script sets the initial password to match the user name.
The user is then free to use the Windows security screen to change the password to
whatever suits their fancy. Note that changing the password in Windows will only change
the Samba password, not the Unix password.

	Now, you are ready to go to a Windows machine (NT, 2k, or XP Pro) and change it
to a domain login. Just make sure the computer name matches the machine name you fed to
addMachine (if you have to change it in Windows, reboot before trying to join the 
domain). Then, change the domain to match the domain setting in the smb.conf file, and
enter the Administrator user name and password (administrator/administrator by default) 
when prompted. After 30 seconds or so, you should get a "Welcome to the Domain" message.
Reboot, and try logging in as one of the users.

	The scripts in /var/local/samba/netlogon will execute for the given user, so you 
can map drives and such. If you want to sync time to the server you can add a NET TIME 
command (but you'll have to grant the time changing right to all users).

	Oh, another thing you'll have to do: login as the Administrator of the local 
machine, go to the user manager, and add the Domain/Administrator user to the 
Administrators group. I couldn't figure out how to have this done automatically.

	Well, here are links to all the files. If you have questions please ask on the
ProLinux email list. I didn't mean to write a sermon, but there you go! :)

	smb.conf
	addUser
	addMachine
	createAdministrator
	delUser

	Good luck! It is kind of a hassle getting set up originally, but once set up
it is a breeze to maintain.

© 2005 Paul McNett       [/Computing/Linux] permanent link

I'm now using Kerio Mail Server at a client site as well as for my
own mail server needs. It is a fine product with good features, but
unfortunately it likes to commit suicide on a fairly regular basis,
depending on whether you use the Outlook Connector, apparently.

Anyway, that just won't do, so here is a quick-and-dirty Python 
script, run from cron every minute, that will check if Kerio is
running and, if not, bring it back to life:



#!/usr/bin/env python

""" Restart KMS if it has died (Kerio can be fragile).

This is run every minute from a cron job.
"""

import sys
import os

f = os.popen("ps -A | grep mailserver")

for line in f.readlines():
        if "grep mailserver" not in line:
                if "mailserver" in line:
                        sys.exit()

os.system("/etc/init.d/keriomailserver start")

#-- end

© 2005 Paul McNett       [/Computing/Linux] permanent link

This is a warning, because kerio.com doesn't do it. I'm writing
this here on my blog because 1) I've noticed my blog entries are 
appearing pretty highly on Google, 2) Perhaps I can nudge the 
Kerio development team to implement this needed feature, and 
3) to warn future Kerio administrators of this deficiency.
	IMAP search allows filtering to be done on the server 
side, as opposed to requiring the entire message to come to the
client first for the purpose of filing messages in appropriate
folders. I'll be writing a server-side client program to do my
filtering, but it would be way more efficient for Kerio to provide
the search capabilities. Many people have asked for it, RFC 3501
specifies it, but Kerio doesn't say anything about this deficiency.
Too bad, because otherwise Kerio seems to be a great mail server.

© 2005 Paul McNett       [/Computing/Linux] permanent link

I usually like to use open source software for my stuff, but recently
had good results using Kerio Mail Server for a client, and I'm in need
of getting my internal mail system humming again. I don't have time
to figure out how to set up postfix, imap, pop, webmail, etc. etc. on
my Ubuntu box, so I'm going with Kerio. The problem is, Kerio isn't 
open source and is distributed in RPM format.
	Step one is to use alien to convert the RPM to a DEB, and then use
dpkg --install to get it on your system. Step two is to convert the 
System V init script from RedHat style to Debian style. First, download
my script:

	http://www.paulmcnett.com/blogEntries/Computing/Linux/keriomailserver

	Rename '/etc/init.d/keriomailserver' to '/etc/init.d/keriomailserver.orig',
download my script to /etc/init.d/keriomailserver, and make sure it is executable 
using 'chmod 755 keriomailserver'.

	Remember to run kerio's initial configuration script in 
'/opt/kerio/mailserver/cfgwizard', and then try to use your new startup script
to start the server by issuing '/etc/init.d/keriomailserver start'. If it worked,
you should see a process id by issuing 'cat /var/run/kms.pid'. If you got a message
that the file didn't exist, there is a problem. Try also issuing the other init
commands like '/etc/init.d/keriomailserver stop' and 'keriomailserver restart'.

	The next step is to get it set to load automatically on system boot. To
do this, just make a symlink from the appropriate runlevel directory. On my Ubuntu
box, that is '/etc/rc2.d', and here is what I did:

	cd /etc/rc2.d
	ln -s /etc/init.d/keriomailserver S20keriomailserver

	Kerio appears to be working just fine on my Ubuntu system, but getting the
System V init stuff right only makes the administration easier. 

© 2005 Paul McNett       [/Computing/Linux] permanent link

I just noticed that when I start a process to copy a huge file from file1 to 
file2 on Windows, during the copy file2 will report that its file size is 
identical to file1, even though only a portion of the data has been copied yet.

On Linux, it always reports the actual up-to-the-second size during the copy. 
This seems to me to be the useful behavior.

I wonder, does Microsoft employ tricks to report file sizes that don't 
necessarily reflect reality? Or, perhaps this is a filesystem difference: does 
NTFS let you set the filesize in the headers without actually allocating the 
disk space yet?

Interesting though. What I'm doing is an xcopy of a 7.7 GB file, 
nightly-backup.tar.gz, that arrived at some point during the night from the 
Linux server. I'm scheduling a weekly task on this Windows box to make a copy 
of that file once per week called weekly-backup.tar.gz. So now I'm running the 
task for the first time, and I appear to be unable to tell how far along the 
process is - much less whether the process is even working - since I can't 
monitor the file size during the operation.

On a semi-related note, another thing Windows does that really bugs me is to 
save downloading files to the temp directory before moving it to the final 
destination. That can be very inefficient if the final destination is on a 
different partition than the temp directory. I much prefer the behavior I've 
observed on Linux where downloading files go to the same destination directory 
but have the .part extension appended, and then finally get renamed when the 
download is complete.

And don't get me started about the temp directory location. Someone from 
Microsoft please explain to me: what was wrong with c:\temp? Why bury the temp 
directory per-user into C:\Documents and Settings\%user%\Local Settings\temp? 
Was it a solution in search of a problem? Does moving things around make you 
feel like you are improving the system?

To summarize, Microsoft has built their operating system with a house of cards,
and hired the best airbrush artists in the world to make it beautiful. Linux 
has been built from the ground up with sanity, security, robustness, 
performance, and flexibility. The fit and finish is, for the most part, still 
to come, but users will rejoice when they realize the paint doesn't flake off 
for lack of a strong foundation.

Just my humble opinion. :)

© 2005 Paul McNett       [/Computing/Linux] permanent link

So I'm on a budget, but I needed a new server. I really wanted a dual-SATA 
Raid, 2-CPU Opteron 64 with 4 GB Rack system, but settled on a closeout 
white-box system with an single Intel P4 3.4 GHz, 1 GB of RAM and a single 
SATA 250 GB drive and gigabit ethernet, which came with a bunch of unneeded 
stuff including:

+ ATI Radeon card
+ TV input card
+ speakers with subwoofer
+ keyboard and mouse
+ Windows XP Media Center Edition

Total cost of about $1100. Then I brought it home, booted and installed 
Ubuntu Warty (I didn't take the time to download the latest Hoary release) 
using the custom-expert option. A hiccup happened early in the install as 
my cd-rom (actually dvd) wasn't recognized, even though it had already 
booted from it to get that far. A quick Google told me the answer: in the 
BIOS, switch from ATA Compatible to ATA Enhanced mode. Bingo.

Twenty minutes later and I'm logged in to my new install - no GUI as this 
is a pure server box. I cd to /etc/apt and modify my sources.list to change 
all 'warty' references to 'hoary', and then I issue 'apt-get update;apt-get 
dist-upgrade' and 10 minutes later my system is completely up to date. Then 
I use apt-get to install a bunch of stuff, including:

subversion
apache2
mod_python
ssh-server
mysql (server and client)
reportlab
bind9

and about an hour later I have myself the beginnings of a killer server. And 
I still haven't had to compile a single thing. This is really sweet, the best 
experience I've had yet getting a server up and running.

© 2005 Paul McNett       [/Computing/Linux] permanent link

So a few weeks ago I ordered, for free and free shipping, 20 copies 
of Ubuntu Linux for i386, 5 for PowerPC, and 5 for AMD/64. They arrived 
while I was on vacation last week. I intend to hand them out at the 
next user group meeting I attend, probably the San Jose VFP SIG 
(crimestar) during my demonstration of Dabo later this month.

The i386 version comes with two CD's: a "live cd" which allows you to 
boot into Ubuntu without messing up any of your disk partitions: it'll 
leave your Windows installation alone, allowing you to see if Ubuntu 
will run on your system and dabble with it a bit. This is a bit slow as 
it swaps to/from a RamDisk from the CD-ROM.

The install CD provides a very nice plain-text installer that basically 
lets you accept the reasonable defaults to install the system. After 
the contents of the CD-ROM were copied to my hard drive, I was prompted 
to remove the CD and reboot, at which point the installer continued. 
Very early in the install process, I got a dialog:

"Multiple network adapters were found on your system. Please select the 
one you wish to be the primary adapter, for the purpose of installing 
Ubuntu." To my great astonishment and delight, my Intel Centrino 
wireless adapter was one of the interfaces listed. I selected it, and 
then got a message asking me if I wanted to download the latest updates 
from the internet. I said "yes", and got a "waiting for DHCP to set up 
your internet connection", after which about 30 minutes of apt-get 
messages passed by while just about every package was updated to the 
latest versions. 

After that, the installer continued, with very little interaction 
necessary. My grandma could have installed this system, even though it 
was all plain-text.

The system disables the root account from logging in but gives the user 
you specify during the install process full sudo access. This is a very 
sane approach IMO.

After the installation was complete, the X Server started and I got a 
nice looking login screen, and to my surprise and delight no stupid 
"welcome" messages cluttering up my experience. Just a nice looking 
desktop with a taskbar down below and an application menu system up top, 
complete with battery monitor, wireless network strength meter, and the 
system time. Red Hat/Fedora is left in the dust here: Ubuntu realized I 
was on a laptop - I even noticed a message during boot "we are a laptop" 
while I always had to install the battery meter stuff separately on 
RedHat. Also, this is the first time I've seen the wlan signal strength 
meter actually working.

An interesting sidenote is that my inittab shows that we are booting 
into runlevel 2, even though the end of the boot process starts up the x 
server and presents the graphical login. This must be a Debian thing.

Mozilla FireFox is setup as the default browser, but I had to install 
ThunderBird (apt-get install mozilla-thunderbird), about a 30 second 
process. One of the first things I wanted to do is to get my settings 
from my subversion server, and I quickly realized subversion wasn't 
installed. A quick apt-get install subversion had it installed in 
literally 20 seconds. A few seconds after that (svn checkout svn://paulmcnett.com/...) 
I had all my settings available.

Python 2.3.4 is installed by default with a plethora of batteries 
included, such as MySQLdb. 

The system runs much faster than Fedora, and I'm not sure why. Starting 
applications is much faster, and working with applications appears to 
be faster as well. 

One thing that surprised me was the HAL (Hardware Abstraction Layer) as 
I thought Linux didn't have this. I was able to browse all my hardware 
devices, including the video card, network adapters, pci bridge, cpu, 
sound card, etc. They all had vendor and product information in 
human-readable format.

I'm back on Fedora now, but I think I'm going to be migrating over to 
Ubuntu soon, assuming that I can get the nvidia driver, Python 2.4 and 
wxPython 2.5.3.x installed and working. I'll have to install from source 
which hopefully will be a nonissue on this Debian-based Linux distro.

This is my first foray into a non-RedHat distro, and I'm very impressed. 
I've always been aware of Debian and all the distros based on it, and 
I've always had that niggling feeling that perhaps Debian has a better 
core, but I've been afraid to try it out for lack of time and hardware 
to test on.

Anyway: keep an eye on Ubuntu!
http://www.ubuntu.com

Next stop (once I've migrated to Ubuntu) is to take a look at Gentoo, 
which has as its main feature a pure-source distribution model. The 
emerge tool downloads the source to your hard disk, then compiles and 
installs it locally. This is in contrast to building a program and then 
distributing the binaries like RedHat and Debian do. Theoretically, 
this provides a more flexible system and better runtime performance 
because the kernel and programs are compiled specifically for your 
system, at the cost of installation time (I've heard that it can take 
days or weeks to compile everything for a base Gentoo install).

© 2005 Paul McNett       [/Computing/Linux] permanent link

Can you pick out the article that just doesn't seem to fit?


Here's the link to the eWeek page: 
http://www.eweek.com/category2/0,1738,1252525,00.asp?kc=ewnws120204dtx1k0000599

© 2004 Paul McNett       [/Computing/Linux] permanent link

I frequently burn CD-R discs, usually for the purpose of distributing my
custom applications to my clients. Up until last week, I was doing the 
burning on my Windows NT system using Sony Spressa, simply because it
worked and that's how I always did it. 

However, that method got very inconvenient since I've reorganized my 
computers. As I've been transitioning to Linux, my NT box is now sitting
in my garage, and it is tucked inside a cabinet which cuts off access to
the cd burner. My Toshiba laptop running Red Hat 9 Linux has a cd burner
that I had never used: it was time to get familiar with it.

It took a little research and a bunch of coasters to arrive at a system
for reliably producing cd's, and once I arrived at that system I didn't 
want to have to remember the command line switches every time. Enter a
great opportunity for shell scripting. 

The following Python scripts wrap the mkisofs and cdrecord utilities that
certainly exist on your Linux setup. You may need to tweak the files for 
your system, but probably not. 

I keep all the source for my scripts in my Subversion repository, with a
local working copy in ~/projects/scripts. I keep symbolic links to these
scripts inside ~/scripts, and I've added ~/scripts to my $PATH (in .bashrc).
For example:

	cd ~/scripts
	ln -s ../projects/scripts/cdrecord-pkm.py cdrecord-pkm
	ln -s ../projects/scripts/mkisofs-pkm.py mkisofs-pkm
	ln -s ../projects/scripts/burn-pkm.py burn-pkm
	
This lets me type 'burn-pkm sbs.exe' to burn my sbs.exe client distribution
from whatever directory I happen to be in, and all I need to do is have
a blank CD-R in my burner.

Anyway, here are my scripts. I hope they are helpful.

	mkisofs-pkm.py
	cdrecord-pkm.py
	burn-pkm.py
	

© 2004 Paul McNett       [/Computing/Linux] permanent link

(reprinted from a recent ProLinux post of mine)

I had the pleasure of installing my first FC2 system the other 
day. I didn't install any GUI, as this is just a perimeter 
firewall system. It is running on a P2/333 with 128 MB Ram and 
a 1.6GB HDD. It has a modem and 2 ethernet cards. The modem 
provides a temporary ppp internet connection until the client 
gets their DSL line installed.

I was able to put this system together from the client's 
boneyard (grab a net card here, a modem there, some memory 
there...), get FC2 downloaded and burned to CD, and installed 
on the system with a secure stealth firewall that lets me 
tunnel in from the outside and only lets certain users browse 
the web, within 10 hours. That is from proposal to delivery. I 
doubt I would have been able to purchase a commercial firewall 
device and get it configured to our needs for the same price, 
and instead of a good chunk of the price going to the hardware, 
I got to keep it all as consulting income. And the client is 
happy because he got to re-use existing hardware.

It has been running solid for 2 days. Amazing how well modern 
versions of the Linux kernel will run on older/modest hardware. 
Clients tend to appreciate reliability, stability, and 
performance.

The client is concerned about leaving the internet connection 
plugged in all the time (the dedicated ppp will rack up phone 
charges needlessly), so I told him that it is completely safe 
to just switch the system off when they go home at night and 
switch it back on in the morning ("You'll hear it dial up, 
after which the Internet will be accessible"). Nothing I've 
ever experienced with Linux leads me to believe this is a false 
statement, although it probably is hard on the disk drives to 
power them down before giving them a chance to seek home.

They have another Linux system (RH 7.2) that has been serving 
their VFP files with Samba with an uptime going on 2 years. I'm 
thinking it is finally time to disband their WinNT Server 
domain controller and put it all on that internal Linux box. I 
wonder if RH7.2 will cleanly upgrade to FC2 - no gui on that 
system either at this point, although it wouldn't hurt to put 
that in for ease of admin when necessary - IOW, the GUI won't 
always be running, just when I log in and issue 'startx'.

This small job, and others like it recently and anticipated in 
the foreseeable future make me think that my huge investment in 
learning Linux and open source over the past 3 years could be 
starting to pay off, both in sanity and pocket change. 
Linux/OSS is just really fun and satisfying to work with.

Recommended new reading: "The Success of Open Source" by Steven 
Weber.

© 2004 Paul McNett       [/Computing/Linux] permanent link