Sunday, 30 December 2007

Activate IPV6 on e-smith (sme server)

Free ISP has just launch ipv6 on their network.
Free is the best ISP in france for geeks ;) and it's also my ISP...

So... as ipv6 is available, I'd like to play with it...

Here is the steps I've followed to activate the ipv6 supports on my e-smith server (sme server) 7.2.

I've read the following howto to get this working :

http://tldp.org/HOWTO/Linux+IPv6-HOWTO/index.html


Kernel



To check if ipv6 is activated on your system, run the following command :

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"


If it display "Running kernel is IPv6 ready", then your system is ready for ipv6.

By default, it's not the case on the e-smith.

You can load the ipv6 module by executing the following command :

modprobe ipv6

The command is silent (if no error, no message is displayed)

Run the previous test again, it should now succeed.

In order, this module to be loaded automatically, you need to have this line in /etc/modprobe.conf :

alias net-pf-10 ipv6  # automatically load IPv6 module on demand


e-smith template system



With the e-smith template system, here is what to do :

the content of the /etc/modprobe.conf is generated from the file itself (and not the berkley database)

The e-smith template system forces the desactivation of ipv6.


mkdir -p /etc/e-smith/templates-custom/etc/modprobe.conf
cp /etc/e-smith/templates/etc/modprobe.conf/10net-fp-aliases /etc/e-smith/templates-custom/etc/modprobe.conf

vi /etc/e-smith/templates-custom/etc/modprobe.conf/10net-fp-aliases


Here, I create a copy of the template script that forbids the ipv6 in the templates-custom tree to override this forbidding.

in /etc/e-smith/templates-custom/etc/modprobe.conf/10net-fp-aliases
you need to delete

# alias IPV6 off
"alias net-pf-10 off",


Now, edit /etc/modprobe.conf
and replace the line

"alias net-pf-10 off",


by

"alias net-pf-10 ipv6 #alias IPV6 ON",


and now, regenerate the template :

expand-template /etc/modprobe.conf


the file should look like this :


#------------------------------------------------------------
# BE CAREFUL WHEN MODIFYING THIS FILE! It is updated automatically
# by the SME server software. Various aliases are added and/or
# deleted by the template processing of the file and white space
# is removed, but otherwise changes to the file are preserved.
# For more information, see http://www.e-smith.org/custom/ and
# the template fragments in /etc/e-smith/templates/etc/modprobe.conf/.
#
# copyright (C) 2002-2005 Mitel Networks Corporation
#------------------------------------------------------------
alias scsi_hostadapter ata_piix
alias snd-card-0 snd-intel8x0
options snd-card-0 index=0
install snd-intel8x0 /sbin/modprobe --ignore-install snd-intel8x0 && /usr/sbin/alsactl restore >/dev/null 2>&1 || :
remove snd-intel8x0 { /usr/sbin/alsactl store >/dev/null 2>&1 || : ; }; /sbin/modprobe -r --ignore-remove snd-intel8x0
alias usb-controller ehci-hcd
alias usb-controller1 uhci-hcd
alias block-major-3 off
alias bond0 bonding
alias char-major-43 hisax
alias net-pf-4 off
alias net-pf-47 ip_gre
alias net-pf-10 ipv6 #alias IPV6 ON
alias net-pf-24 pppoe
alias parport_lowlevel parport_pc
alias ppp ppp_generic
alias char-major-108 ppp
alias /dev/ppp ppp
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias tap0 off
alias tap1 off
alias tap2 off
alias tap3 off
alias tap4 off
alias tap5 off
alias tap6 off
alias tap7 off
alias tap8 off
alias tap9 off
alias tap10 off
alias tap11 off
alias tap12 off
alias tap13 off
alias tap14 off
alias tap15 off
alias char-major-180 usbcore
alias eth0 e1000
alias eth1 8139too
options bond0 miimon=200 mode=active-backup
options hisax protocol=2



With that, ipv6 will be activated on demand.

You don't need to reboot now, as the command
modprobe ipv6


has activated ipv6.

Test ipv6



Now you can test it :

traceroute6 www.6bone.net


Usually, all ip programs are suffixed with a 6 to use the ipv6 protocol.

for the ping command, you need to specify the network interface :

ping6 -I eth0 www.6bone.net


Read the howto which is very understandable.

Windows XP



If you have some windows XP on your network here is how you can activate ipv6 :
(translated from french so the labels can be inacurrates)
go to Start->Configuration Panel->Network connexion,
right click on your ethernet card, click on properties
click on install,
select protocol then add,
select "Microsoft TCP/IP version 6", then ok, then close.

Now, click on Start->Run, type cmd,
in the command prompt, type ipconfig /all
you should see something like this :

Carte Ethernet Connexion au réseau local:

Suffixe DNS propre à la connexion :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Adresse physique . . . . . . . . .: XX-XX-XX-XX-XX-XX
DHCP activé. . . . . . . . . . . : Non
Adresse IP. . . . . . . . . . . . : 10.0.0.1
Masque de sous-réseau . . . . . . : 255.255.255.0
Adresse IP. . . . . . . . . . . . : ab00::abc4:92ab:abcd:18ab%5
Passerelle par défaut . . . . . . : 10.0.0.99
Serveurs DNS . . . . . . . . . . : 10.0.0.99
212.27.53.252
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

I didn't had to restart to get the protocal to be installed (amazing ;)

but unfortunately, i didn't succeed in making *6 utilities to work.
It needs a source address, and specify the ipv6 addess of my windows ethernet card didn't work.

I'll dig into that later ;)

Wednesday, 26 December 2007

samba mount with accent support

I'm still coding my extjs explorer and another issue I had is that I wanted to browse directory that are mounted windows shares (windows 2003 server).

As I'm french, and i've some files with accent, and with the default e-smith configuration, the accent are not displayed properly.

Here is what I did to have accent displayed properly :
  • First you need to configure the linux box to properly display accents.
This is done through /etc/sysconfig/i18n configuration file.

The e-smith is configured with the en_US charset (which means no accents ;) ) :

Here is what I put in the configuration file :

LANG="fr_FR@euro"
SUPPORTED="fr_Fr@euro:fr_FR:fr"
SYSFONT="lat0-sun16"
SYSFONTACM="iso15"


If you use a different charset that fr_FR, you should set the correct value for your language.

Notice that for this file, the e-smith template system does not use the berkley database (db set-prop) but the file itself as for fstab file.

Once you've updated the file, you need to reboot the system (maybe you can update the system with another way, but I didn't find how...)

  • Then we need to mount the share properly to get accent with the right charset. It's a client configuration issue (ie smbmount) and not a samba server configuration issue (/etc/samba/smb.conf)
mount.cifs //10.0.0.97/data           /mnt/nfs/data        -o codepage=cp850,iocharset=iso8859-1,credentials=/root/.smbcredentials
2 things are important here :
  1. cifs is Common Internet File System, a file system that support accents.

    Notice that with smbmount the time to mount a windows share is significantly longer (on my box) and displays some warning :

    5157: session request to 10.0.0.97 failed (Called name not present)
    5157: session request to 10 failed (Called name not present)

    Whereas with mount.cifs, the share are mounted instantaneously with no warning

  2. codepage=cp850,iocharset=iso8859-1

    This specify the charset used to get data from the windows share.

Notice the handy option :
credentials=/root/.smbcredentials
This allow to specify a file with windows username & password to mount the share without manually enter the credentials inforamtions.

The file should be formatted this way :

username=windowsLogin
password=windowsPassword

Now you should see the accent properly.


You can have the windows share mounted at boot time with the following line added in your /etc/fstab :

//file-server/data       /mnt/nfs/data          cifs    defaults,file_mode=0777,dir_mode=0777,codepage=cp850,iocharset=iso8859-1,credentials=/root/.smbcredentials 0 0


But for now, i've some issues :

  1. despite mount -a, mount all windows shares declared in /etc/fstab, shares are not mounted at boot time
  2. I got a kernel panic when i shutdown the linux box when the shares are unmounted... great ;)

Tuesday, 25 December 2007

e-smith server and the php open_basedir restriction

I use the sme server (previously called e-smith) as a server (file, http etc...) and gateway to my private network (btw : it's working great for years now (since version 5) and really easy to install and reinstall).

I'm working on a file browser with extjs & php and I had to face the open_basedir restriction.

In order to get rid off this restriction here is what I did :

First I use the template(-custom) system to alter the way the httpd.conf is generated :
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/95AddType00PHP2ibays /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
#edit the file
vi /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/95AddType00PHP2ibays


and replace

 $OUT .= "    php_admin_value open_basedir $basedir\n";

by

if($basedir eq 'NONE')
{
$OUT .= " #desactivated with 'NONE' value : php_admin_value open_basedir $basedir\n";
}
else
{
$OUT .= " php_admin_value open_basedir $basedir\n";
}

If i want to disable the open_basedir restriction on an ibay, I just have to set 'NONE' value to the PHPBaseDir variable of the ibay as follow (for example on the 'Primary' ibay):

#change the value
db accounts setprop Primary PHPBaseDir NONE
#signal a modification to the e-smith templating system
signal-event ibay-modify Primary

The signal-event will actually update the /etc/httpd/conf/httpd.conf file
#restart httd server
service httpd-e-smith restart



Another tips :

To allow .htaccess file to be parsed by the apache, you need to allow the web server configuration to be overrided. It's disabled by default :
db accounts setprop Primary AllowOverride All
signal-event ibay-modify Primary
service httpd-e-smith restart


you can now us .htaccess file in your web directory with instruction like
#display php error
php_value display_errors 1
#allow the httpd server to follow file links
Options +FollowSymLinks