I had a dream last night that I was the president of the US, dressed in the usual garb, and my right-hand man, the vice president, was a jar of talking peanut butter.
I remember saying “Whatever it is, that’s not going to work” and it agreed.
After 2 hours of nonsense, I came across mode lines for xorg.conf that work with my L2046NV 21″ display made by westinginghouse.
modeline "1400x1050@60" 122.61 1400 1488 1640 1880 1050 1051 1054
1087 -hsync +vsync
modeline "1400x1050@75" 155.85 1400 1496 1648 1896 1050 1051 1054
1096 -hsync +vsync
so.. hope that helps someone other than me.
Round and round the web I went, looking for a way to allow a user to
SSH into a linux box using an LDAP login (actually an AD account, but
it’s all the same when it comes to this scenario). I ran down the
libnss_ldap+pam_ldap path, which, for the record, is not what you’re
looking for unless you’re looking to completely integrate the box with
AD, and that proved to be unsuccessful. After asking a co-worker, it
turns out the solution is easy as pie.
Here’s the rig: AD ldap to auth against, ubuntu 6.06 box with ssh
configured. Generally, LDAP/AD will require an account to query with,
so you’ll need that info along with the desired AD account to be used
for logging into SSH.
items needed:
1. Add the user LDAP/AD account as a regular user to the system:
# sudo adduser
Note: the password you enter here isn’t going to be used, but you
still want to use a strong password and take note of it.
2. Install ldap-utils libpam-ldap:
# sudo apt-get install ldap-utils libpam-ldap
3. Backup then modify /etc/pam_ldap.conf
# sudo cp /etc/pam_ldap.conf /etc/pam_ldap.conf.bak; sudo vim
/etc/pam_ldap.conf
There’s going to be some interesting things in this file, but for now,
comment everything out by adding a pound sign (#) to the beginning of
every line that doesn’t have one already. At the bottom (or top -
whichever), you’ll want to enter:
host <ldap server dns name>
base <ldap path to user accounts>
ldap_version 3
binddn <ldap authentication account for queries>
bindpw <ldap authentication account password>
pam_password crypt
pam_login_attribute name
Where….
<ldap server dns name> -> ldapserver.example.com
<ldap path to user accounts> -> ou=Users,dn=ldapserver,dn=example,dn=com
<ldap authentication account for queries> -> cn=ldapdude,ou=Service
accounts,dn=ldapserver,dn=example,dn=com
<ldap authentication account password> -> unencrypted password for the
above LDAP query account
*Note - in other howtos you may see pam_password being used as:
pam_password ad
This isn’t necessary for this scenario; it’s only requred if you’re
fully integrating the box into an LDAP/AD.
4. Backup and modify /etc/pam.d/common-auth:
# sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.bak;
sudo vim /etc/pam.d/common-auth
Add this line:
auth sufficient pam_ldap.so debug
Above the one that reads something similar to this:
auth required pam_unix.so
It’s got to be above it because the pam methods are read top-down.
5. Completo: try ssh’ing in using your LDAP user account via SSH from
another box.
So I just set up a Windows Vista box and let me say the User Access
Control stuff can be quite the pain (if you’re a computer-oriented
person, I’m sure you’ve read the woes). I wanted to start putty’s
command line guy, plink, to ssh over to the computer I’m using as a synergy server and
then the windows synergy client, synergyc….Both require
administrative rights and I ran into problems. It’s not as easy as
adding a shortcut to the Startup items with the correct parameters
anymore, but it’s also not as painful as it seemed. The first problem
was that Windows Defender wouldn’t let the shortcut execute a program
that wasn’t signed/published by microsoft… Boo. Lame. It would let
me know that it didn’t execute them and once I checked Windows
Defender, there’s no way for me to approve the application. In the
end, I had to create a task using the Task Scheduler and set the
“Trigger” to “on login”, then open the properties of this task, and
check the box that says “Run with highest privileges.”
I’m still scratching my head as to where some items are in Vista, and
usually it takes a second to sift through the new menus… I’m not a
fan of what was redesigned at all, but what can I do. Thank ye gods
that this isn’t my primary machine….
return [alist for alist in listlists if alist.find(pattern) !=
-1]
it’s my favorite pythonism.
and remember… sed is your friend. no matter what he acts like.
Today I moved everything on my macbook pro to another macbook pro
because I apparently jumped the gun and assumed that the notebook that
I signed for was the one ordered for me… luckily it wasn’t that big
of a deal.
I used the “transfer profile” and selected to transfer everything
possible… it took about 30 minutes and it came out clean, the
exception being that the launcher somehow lost links to certain apps.
I started fiddling around with my development environment and
VMWareFusion couldn’t run my ubuntu 7.04 virtual machne, giving me an
error of “failed to connect to peer process.” I re-ran the install
(luckily I kept the damage file), and everything was right and tight,
until I went to use SSHFS to mount the VM hard drive. SSHFS wasn’t
connecting so I had to reinstall the MacFUSE-Core package. *check*
That’s working now… until… I sudo -i on my new(er) macbook and try
to ssh to the VM… AH! it didn’t move over the ssh keys I’d generated
for root on this box. Thumbdrive to the rescue.
So far… so good, except for hitting the remote machines out there;
my IP address is different because the nic has a different mac address
and I won’t be able to hit any (all two) of them because of iptables
filters. I’ve got what I need here, so lets get back to coding some
python!
THAT IS ALL!
blogging by email wasn’t working at all… it wasn’t parsing the body
of the email so the post had a title but no content. I found a fix (lets hope - this is the actual test)..
Set the encoding to UTF-8 instead of plain text. Turns out I had to patch wordpress - file: includes/class-pop3.php… see the deets here. boo. plain text
kicks way more arse.
THAT IS ALL!
*edits were made…
I’m sitting on an unsecure wireless network and I’d like to send my
traffic back to the office so I whipped out…. Read the rest of this entry »
Welcome back, gang. I’m starting this again to help document interesting things I deal with in the realm of technology and probably some other nonsense. I’m trying out this “blog-by-email” feature, too, so that’s going to simplify posting. Alright. That is all!
Back to the Lone Star Ruby Conference!