About Me

My photo
Kalyan Kumar Pasupuleti B-Tech(Information Technology). • AWS Certified Solutions Architect - Associate • RedHat Certified Engineer(RHCE) • Directory Services and Authentication Certificate of Expertise(LDAP) • Red Hat SELinux Policy Administration Certificate of Expertise(SELinux) • Network Services Security Certificate of Expertise (Network Services) • RedHat Certified Virtualization Administrator(RHCVA) • Red Hat Certified Security Specialist (RHCSS) Working as Cloud DevOps engineer

Monday, December 27, 2010

How to Install Internet Explorer on Fedora 12

Some web sites are coded to only work with MS I.E. Below is how I successfully installed IEs 4 Linux:

Login as root, and do the following:

cd /usr/bin

ln -s wineboot wineprefixcreate


Logout of root

Run the following from your normal user account, NOT FROM ROOT !

yum -y install wine*
yum -y install cabextract

wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
tar zxvf ies4linux-latest.tar.gz

cd ies4linux-2.99.0.1

./ies4linux --no-gui

After the setup completes, you will need to do the following, because Unix & Linux
does not recognize spaces as part of file names. The "" preserves the white space:

cd $HOME/.ies4linux/ie6/drive_c
ln -s Program Files Program_Files
cd $HOME/.ies4linux/ie6/drive_c/Program_Files
ln -s Internet  Explorer    Internet_Explorer

ln -s Common  Files  Common_Files

Lastly:

cd $HOME/.ies4linux/bin

cp -p ie6 ie6.dist

Now, edit the above ie6  shell script, and replace all occurrences of

Program Files     with    Program_Files
and
Internet Explorer with  Internet_Explorer

Wget for fun

Wget is nice little piece of software that everyone should know. With it you can check site, download from FTP an entire collection of files or a photo gallery. Just open your terminal and these steps
GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.
GNU Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, here are some interesting options.


All these commands must be used from linux terminal.

Basic use download a package knowing its http (or ftp) URL:

wget http://kernel.org/pub/linux/kernel/v2.6/patch-2.6.23.bz2

Using Wget for Recursive Downloads

wget -r http://my.site.todownload.com/

The -r command tells wget to recursively download everything from the listed url.

Using Wget for Recursive Downloads but limit the number of levels to 2

wget -r -l2 http://my.site.todownload.com/

Now the -r does the same as above the -l tells wget to limit to that
number of levels here 2 levels deep (otherwise the defualt is 5)

Using Wget for Recursive Downloads but limit the type of files you want to download

wget -r -A.pdf -R.htm http://my.site.todownload.com/

This one tells wget to do a recursive get and Accept all files with .pdf extension and reject all files with .htm extension

Using Wget for Recursive Downloads from a FTP with authentication

wget -r ftp://username:password@my.site/path/to/download

Here you tell wget to download from FTP with userid and password

Using Wget to check dead link on your site

wget spider -r -o log.txt http://yourdomain.com

In this example we tell Wget to act like a web spider (Wget will
behave as a Web spider, which means that it will not download the
pages, just check that they are there), and put results in the file
log.txt, so you can open it and search for a list of broken links.

Using Wget to download a photo gallery

for i in `seq -w 1 100`; do wget http://www.mysite.com/images/DSCF00$i.jpg; done

In this example we run a cycle that go from 1 to 100 and every time
download a different URL, really useful for quickly download a gallery
with no links.

Finally, I forgot to tell you that wget is also usable by Mac and Windows (requires Cygwin)

And let me know if you use wget in a fanciful way

Installing samba pdc on openSuSe 11.x

We have - OpenSUSE 11.0, should get - PDC FileServer. Detail guide. Samba PDC
We have - OpenSUSE 11.0, should get - PDC + FileServer.

Let assume: created linux groups and users I name Posix-groups and users, internal accounts (service users, groups and so on) I define as system users, created by samba (in the OpenLDAP database) - samba-users (groups).

1. Server deployment.
Let name server as vitanaserver. First method registration of users - local, and there are not any users except root. Need install following packets from openSuSe distribution: openldap2-devel, openssl-certs, pam_cifs, pam_smb, pam-config, pam-modules, pam_ldap, perl-Authen-SASL, Perl-BerkeleyDB, perl-OpenCA-CRL, OpenCA-REQ, perl-OpenCA-X509, perl-Unicode-String, perl-Crypt, perl-IO-String, perl-ldap, perl-ldap-ssl, Perl-IO-Socket-SSL, perl-Net_SSLeay, perl-Unicode-Map8, libgcrypt, libxcrypt, libnscd, libacl, libmsrpc, libsmbsharemodes, libmspack, cyrus-sasl, tls. External packets from SuSe repositories: openldap2-back-perl, ldapsmb, samba-doc.

Notice: In the README of packet smbldap-tools version 0.9.2 I can find following sentence: "In the future, some other function may come (like : compliance to RFC2307...)". It means I need define catalog schema - nis.shema or more new rfc2703bis.schema, but without smbldap-tools. To use smbldap-tools I preffer nis.shema.

Before install samba need check more new version. Right now openSuSe repositories have more new samba version and I download required packages from http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_11.0/i586/: samba-3.4.3-4.1.i586.rpm samba-client-3.4.3-4.1.i586.rpm samba-debugsource-3.4.3-4.1.i586.rpm samba-winbind-3.4.3-4.1.i586.rpm samba-devel-3.4.3-4.1.i586.rpm libsmbclient0-3.4.3-4.1.i586.rpm libtalloc-devel-3.4.3-4.1.i586.rpm libtalloc1-3.4.3-4.1.i586.rpm libwbclient-devel-3.4.3-4.1.i586.rpm libwbclient0-3.4.3-4.1.i586.rpm

smbldap-tools version can have different issues and even installation ordering, read installation instruction before.

Configure network card for internal zone, static ip address. Open LDAP, samba servers ports in the firewall.

2. Installation smbldap-tools.
Installation perl-Jcode: #wget http://download.opensuse.org/repositories/home:/beyerle:/TWiki/openSUSE_11.0/src/perl-Jcode-2.07-6.1.src.rpm #wget http://download.opensuse.org/repositories/home:/beyerle:/TWiki/openSUSE_11.0/src/perl-Unicode-MapUTF8-1.11-6.1.src.rpm #wget http://download.opensuse.org/repositories/home:/beyerle:/TWiki/openSUSE_11.0/src/perl-Unicode-Map-0.112-3.1.src.rpm #rpm --rebuild perl-Jcode-2.07-6.1.src.rpm #cd /usr/src/packages/SOURCES/

Unpack packets to /usr/src/packages/SOURCES/ and follow INSTALL guide, there you can find 4 installation steps: #perl Makefile.PL #make #make test ;be sure there is not any errors, #make install

RPM database does not have any info about Unicode::Map and Unicode::MapUTF8 packets and when I run #rpm -Uvi smbldap-tools-0.9.5-3.1.noarch.rpm

I get answer: error: Failed dependencies: perl(Unicode::Map) is needed by smbldap-tools perl(Unicode::MapUTF8) is needed by smbldap-tools

Need be sure it does not require any new RPM packets or dependecy. If does not then run with option --nodeps: #rpm -Uvi --nodeps smbldap-tools-0.9.4-3.2.noarch.rpm

Install pam_smb #wget http://download.opensuse.org/distribution/11.0/repo/oss/suse/i586/pam_smb-2.0.0rc6-123.1.i586.rpm #rpm -Uvi pam_smb-2.0.0rc6-123.1.i586.rpm

Clear folder :/sources/: after sucessful installation.

3. SSL configuration.
Modifying company information in the /etc/ssl/openssl.conf, it helps to create certificates. But I will need repeat the same for root (CA) certificate. In the YaST "Security and Users" - "CA Management" I create CA root certificate. Define required options - country, city, certificate time live. Need define common name as host name, where is later certification center will up. In the "Advanced options" - "Key Usage" need check "digital Signature":

Set password and follow next to close tab. Root CA certificate has been created. To next opening this tool need select CA in the CA tree, click Enter CA and enter root certificate password. In the opened form go to tab Certificates to create host certificate of PDC as "Add" - "Add server certificate". Common certificate name should be the same as full server name, if you change server name later then you need re-create server certificate as well. Save certificate to file by click on the button "Export", for example to /root/docs/security/vitanaserver.p12 using format "PKCS12 including chain" (and close password). Import vitanaserver.p12 in the PDC using YaST "Security and Users" - "Common server certificate".

Notice:

  1. The same result you can get using command line tools.

4 . Starting LDAP.
Open YaST tab "Network Service" - "Server LDAP" - "Settings" - "Common Settings" - "Schema file". Set option autorun at server start up. Check or add following schemas: core.schema, cosine.schema, nis.schema, inetorgperson.schema, misc.schema, samba3.schema, yast.schema, ppolicy.schema.

Go to tab "Databases" - "Add database", create database, dn database, (for example: dc=vitana), dn root object is cn=Administrator,dc=vitana, set password in the line below it. Save root LDAP configuration by click on the button Apply. Go to YaST "Network services" - "LDAP server" - "Configuration" - "Common Settings" - "TLS settings" - "TLS activation" and check Yes there. TLS encryption requires a key and certificate and I select there option "Select certificate" and select common server certificate to use. YaST creates required files and move them to :

  • root certificate: /etc/ssl/certs/YaST-CA.pem
  • LDAP server certificate: /etc/ssl/servercerts/servercert.pem
  • LDAP server key: /etc/ssl/servercerts/serverkey.pem

Start LDAP daemon: #rcldap start

and if you get "done" then everything is good, it is up.

Open YaST tab "Network services" - "LDAP client" to set connection to our server:

Configuring LDAP client in the GUI

In the tab "Advanced settings" - "Administration settings" type (may be it is there already) LDAP administrator DN. In the same tab set option "Create configuration objects by default", as result I have created "ou=ldapconfig,dc=:" LDAP container. In the tab "Client settings" check named context:

  • user map ou=people,:
  • password map ou=people,:
  • group map ou=group,:

Save client configuration by click button Apply. Configure passwords policy by opening LDAP server (Add policy - Save to - in the container ou=ldapconfig:) and set password time live, timeout and so on. Policy object is not visible in the directory but required is added to slapd.conf.

Open YaST tab "Network services" - "LDAP browser" and check opening directory.

Create file /etc/ldap.secret and insert there password of root account database cn=Administrator,dc=vitana:

#echo "" > /etc/ldap.secret

Check done:

#rcldap restart ;-restart ldap
#ps aux | grep slapd ;-returns information about started daemon
#netstat -nap | grep slapd ;-returns information about slapd opened ports, it is important to have opened port 389 of source 0.0.0.0 and 127.0.0.1 with label LISTEN.

Everything made you can configure in the /etc/openldap/slapd.conf - LDAP server and /etc/ldap.conf - LDAP client. Below is more important strings from these files.

slapd.conf: pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # references to dynamic modules: modulepath /usr/lib/openldap/modules #default access directory settings access to attrs=SambaLMPassword,SambaNTPassword by dn="cn=Administrator,dc=vitana" write #; by dn="cn=root,ou=People,dc=vitana" write #; by dn="cn=proxyuser,ou=People,dc=vitana" read by * none ## Yast2 samba hack ACL done access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read ########################################################### # BDB database definitions ########################################################### loglevel 0 #can be to 10 #TLSCipherSuite :SSLv3 #TLSCACertificateFile /etc/ssl/certs/YaST-CA.pem TLSCACertificatePath /etc/ssl/certs/ TLSCertificateFile /etc/ssl/servercerts/servercert.pem TLSCertificateKeyFile /etc/ssl/servercerts/serverkey.pem database bdb suffix "dc=vitana" rootdn "cn=Administrator,dc=vitana" #;rootdn "cn=root,ou=People,dc=vitana" rootpw "{ssha}hash code is generated automatic with server" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 #object search parameters in the directory index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq # overlay ppolicy ppolicy_default "cn=Default Policy,ou=ldapconfig,dc=vitana"

ldap.conf: #URL ,-no IP-address, because it works with certificate host vitanaserver.vitana base dc=vitana uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #can enable later #uri ldapi://%2fvar%2frun%2fldapi_sock/ ldap_version 3 #;binddn cn=proxyuser,ou=People,dc=vitana #;bindpw proxy user password # Password is stored in /etc/ldap.secret rootbinddn cn=Administrator,dc=vitana #;rootbinddn cn=root,ou=People,dc=vitana port 389 #set timelimit to avoid nss_ldap errors timelimit 30 bind_timelimit 30 # Reconnect policy policy, bind_policy soft nss_connect_policy persist idle_timelimit 3600 nss_paged_results yes pagesize 1000 # Filter to AND with uid=%s pam_filter objectclass=account pam_login_attribute uid # available UID range pam_min_uid 1000 pam_max_uid 60000 pam_password exop nss_initgroups_ignoreusers root,ldap # Enable support for RFC2307bis (distinguished . . . # NDS mappings nss_map_attribute uniqueMember member # OpenLDAP SSL mechanism - for now it is main ssl start_tls pam_filter objectclass=posixAccount #following 3 rows are created by LDAP client configuration #?one defines request level: nss_base_passwd ou=People,dc=vitana?one nss_base_shadow ou=People,dc=vitana?one nss_base_group ou=Group,dc=vitana?one #allows to work with selfsigned certificate: tls_checkpeer no #ssl on # OpenLDAP SSL options # For now we need start_tls, native SSL is disabled, #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/CA.pem #tls_cacertdir /etc/ssl/certs # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # Client certificate and key. For now use created key pair, copy it to /etc/ssl/ldap/: tls_cert /etc/ssl/ldap/servercert.pem tls_key /etc/ssl/ldap/serverkey.pem

Configuration file with search records ordering - nsswitch.conf: passwd: compat shadow: files group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files ldap protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases: files ldap passwd_compat: ldap

5. Start Samba server.
Open YaST tab "Network services" - "Samba server", in the "Loading" set autostart option, in the "Common resources" check netlogon, in the "Identification" set domain name and PDC role, in the "Advanced settings" - "User identification" set LDAP settings ldap://127.0.0.1. All changes will be saved when I close it with samba server administrator password definition.

All made changes are defined in the smb.conf, I use vi text editor to check/edit settings of global part: [global] workgroup = vitana server string = XPS_PDC printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = "" logon home = "" logon drive = P: usershare allow guests = Yes add machine script = /usr/sbin/smbldap-useradd -a -g 'Domain Computers' -d /dev/null -s /bin/false "%u" domain logons = Yes domain master = Yes local master = Yes netbios name = vitanaserver os level = 255 preferred master = Yes hosts allow = 192.168.1. 127.0.0. security = user domain master = yes domain logons = yes wins support = yes log level = 5 log file = /var/log/samba.log.%m max log size = 1000000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add group script = /usr/sbin/smbldap-groupadd -p "%g" add user script = /usr/sbin/smbldap-useradd -a -m -g 'Domain Users' -s /bin/false "%u" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete group script = /usr/sbin/groupdel "%g" delete user from group script = /usr/sbin/smbldap-groupmor -x "%u" "%g" delete user script = /usr/sbin/smbldap-userdel "%u" ldap admin dn = cn=Administrator,dc=vitana ldap delete dn = No ldap passwd sync = Yes ldap suffix = dc=vitana passdb backend = ldapsam:ldap://127.0.0.1 set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap user suffix = ou=People ldap machine suffix = ou=Computers admin users = root ldap timeout = 15 ldap ssl = Start_tls winbind enum users = yes winbind enum groups = yes

Add root account password of ldap administrator of samba: #smbpasswd -w[HisPassword]

Check smb.conf configuration with testparm and restart daemon: #rcsmb restart

check using samba ports: #netstat -nap | grep smbd

check accesibility samba resources: #smbclient -L localhost -U administrator

it returns samba resources information (if there is some errors then need set log level = 2 and investigate logs in the /var/logs/).

6. Configuration smbldap-tools.
LDAP-TLS certificates I can use with smbldap-tools. Copy serverkey.pem and servercert.pem files from /etc/ssl/servercerts to /etc/smbldap-tools. I can not get working server*.pem from common folder and copied them to another folder.

Get domain SID:

#net getlocalsid - returns domain SID

Copy configure.pl file from /usr/share/doc/packages/smbldap-tools to /usr/sbin and run. It asks some questions with default answers. As result I get configuration files in the /etc/smbldap-tools folder. Check smbldap.conf and smbldap_bind.conf:

  • domain SID should be the same as "net getlocalsid" command returns
  • Slave and Master LDAP server is the same server with ip 127.0.0.1

ldapTLS="1" -TLS is enabled already, cafile="/etc/ssl/certs/YaST-CA.pem", clientcert="/etc/ssl/servercerts/servercert.pem" clientkey="/etc/ssl/servercerts/serverkey.pem" suffix="dc=vitana" #dn, computers, users, groups definitions: usersdn="ou=People,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Group,${suffix}" idmapdn="ou=Idmap,${suffix}", #UID/GID counter definition: sambaUnixIdPooldn="sambaDomainName=VITANA,${suffix}" # encryption: hash_encrypt="SSHA" #Option to increase encryption hash - salt crypt_salt_format="%s" #Template settings: userSmbHome=""."" userProfile=""."" userHomeDrive="''" userScript=""

Current administrator password of primary and secondary servers is defined in the smbldap-bind.conf. Need set this passwrod twice in plain-text format because primary and secondary servers is the same server.

Using YaST need create domain Posix-groups, with correct GID - ntadmins gid=512, mashines gid=515, ntguests gid=514, ntusers gid=513.

Notice: posix-groups nt* and mashines will be mapped with LDAP domain objects.

7. Population openldap directory.
Run commands from smbldap-tools packet: #smbldap-populate

returns list of created objects and asks to set new password of domain administrator (its dn: cn=root,ou=People.. and so on).

Notice: Check TLS settings first if something does not work.

Check group mapping to be sure it works automatic: #net groupmap list Domain Admins (S-1-5-21-. . .111-512) -> ntadmins

and so on

Set Domain Admins group required permissions: #net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uroot

Create posix user of PDC, user name ends with $ symbol. #useradd -G machines -d /home/vitanaserver -s /bin/false vitanaserver$

Add PDC to domain: #net join

It will ask administrator password.

Configure pam modules with two pam-config commands: #pam-config -a --unix2 #pam-config -a --ldap

then need enable pamsmbd in the YaST "System" - "Service management". Restart ldap and smbd, check them: #getent passwd

returns users list.

8. Live with samba.
Samba PDC is ready. Create admin samba user and add him to "Domain Admins" (ntadmins) group to avoid using root when need add new network user

To move host test_host from Windows domain to Samba need:



  • remove test_host from Windows domain to workgroup



  • join test_host to Samba domain



  • create test_user user in the Samba domain



  • Export test_user user profile from test_host samba domain



  • close all network connections to samba PDC (for example: logoff and login in the windows)



  • import user test_user to test_host from PDC (the same as in the windows PDC)



  • logoff as admin



  • login as test_user to samba domain

    Create posix-user of user host, join to domain (the same as in the Windows domain) using root. (Joining host to PDC can create posix-user automatic, it is dependent on "add machine script" and "add user script" of samba configuration). Need populate samba users account info when they are created.

    To add host test_host to domain need make following:



  • adding windows host to samba PDC exactly the same as to windows PDC, samba will create required posix users automatic.
    (if host name is not test_host then need rename it in the workgroup, restart host, add to domain).



  • if you could not add it automatic then need add by hand and then repeat #smbldap-useradd -a -g 'Domain Computers' -d /dev/null -s /bin/false test_host$ Back

    To add new test_user domain user need make following #smbldap-useradd -a -m -g 'Domain Users' -s /bin/false test_user #smbldap-passwd -s test_user #useradd -G ntusers test_user #chown test_user:ntusers /home/test_user (Pay attention we created test_user posix user without shell access (shell is /bin/false) and without any password.)
    Back

    Export user profile test_user to domain controller



  • Login to local host as local administrator (it should not be test_user)



  • In the context menu My Computer -> Properties -> Advanced -> User Profiles, button Settings



  • Select test_user profile and click Copy To



  • Field Permitted to use, button Change



  • Field Enter the object name to select, enter DOMAIN USER, click OK



  • Button Locations... -> select samba PDC, OK



  • "Advanced" -> Find



  • Enter PDC root login/password to get access to domain users list and select there test_user, click OK and again click OK



  • In the "Copy To" window, click Borwse -> connect to PDC as test_user



  • Select folder /test_user in the PDC, (because in the samba config we defined profile "path = %H")
    (as result we get path \PDCtest_user),



  • In the filed need add test_user to defined "PDC_netbios_namepublichomeProfiles" ( as result we get path \PDCtest_usertest_user),



  • User profile has beed copyied to PDC



  • Done!
    Back

    Windows 7 joining:
    For some unclear me reason windows 7 host requires corresponding Unix user but windows xp does not. If your windows 7 host name is test_host then you should create test_host$ Unix user before. useradd -s /bin/false test_host$ And I did the follow changes to join and login from my windows 7:



  • 1 - I had to upgrade my samba server to version 3.5.2



  • 2 - I did these changes in the registry [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesLanmanWorkstationParameters] "DomainCompatibilityMode"=dword:00000001 "DNSNameResolutionRequired"=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesNetlogonParameters] "Update"="no" "DisablePasswordChange"=dword:00000000 "MaximumPasswordAge"=dword:0000001e "RequireSignOrSeal"=dword:00000001 "RequireStrongKey"=dword:00000001 "SealSecureChannel"=dword:00000001 "SignSecureChannel"=dword:00000001



  • If it does not work then:
    3 - Check/change network adapter configurations:
    3.a - Wins server should be the samba server address.
    I set samba server as alternative dns server because samba and DNS servers are different in my network.
    3.c - Configure the primary DNS Suffix with the same samba server address.



  • Looks for "something"
    To find host "universal" in the PDC you can use one of following tools:


  • ldap search tool, looks for based on some criteria #ldapsearch -LLL "(|(displayName=universal$)(cn=universal$))" -D 'cn=Administrator,dc=vitana' -x -W User does not have "$" as last character.
    "(|(displayName=universal$)(cn=universal$))" - is a criterion



  • tool for administration of Samba # net rpc user



  • smbldap perl tool #smbldap-usershow universal$
  • How to make a DVD slideshow

    On returning from a vacation with friends, everyone said 'Well, now you can do a nice DVD with all our photos, right? " Certainly, work in IT means I need to know anything about computers, let's say I used this opportunity to learn a bit about this topic in Linux. Software to move from camera to PC the images Software for storing photos and process them A software to create a slideshow from images, perhaps with some effect Software to prepare a DVD with interactive menus and music. A burning software Excellent, lets start


    On returning from a vacation with friends, everyone said 'Well, now you  can do a nice DVD with all our photos, right? "Certainly, work in IT means I need to know anything about computers, let's say I used this opportunity to learn a bit about this topic in Linux.I found myself with about 3000 photos from five different cameras, to put in order and select for a slide show of about an hour, to accomplish all we need:
         
    • Software to move from camera to PC the images
    •    
    • Software for storing photos and process them
    •    
    • A software to create a slideshow from images, perhaps with some effect
    •    
    • Software to prepare a DVD with interactive menus and music.
    •    
    • A burning software
    Excellent, let's start

    Move photos from camera to computerIf you have a card reader for SD/miniSD, and you can move photos directly on your hard drive, skip to step 2, otherwise connect your camera via USB and be ready to learn gtkam.


    gtKam is a graphical application that lets you interact with your digital camera.    gtKam works directly with your digital camera, allowing you to view, save and delete images. You can also download images on your computer and make changes with image manipulation programs, such as GIMP.
    Before you start using gtKam, you need to configure it so that it can work with your digital camera. Choose from the menu Camera =>Add Camera...
    From the popup window, you can choose your camera from the list, or let gtKam automatically choose, selecting Detect. In my case (Coolpix L20) was not automatically detected and I had to put the generic module USB PTP Class Camera, but then I saw the pictures correctly.Once you have added your camera, it will be shown as an icon on the left pane of the main window gtKam. You just need to configure gtKam your camera for the first time.Select the directory where you stored your images and pictures stored will be immediately loaded as thumbnails in the main panel. From this panel, click on the images you want, now save it to disk by choosing File => Save selected photos. If you want to save all pictures, click Select => All, then save the images to disk, at this point my advice is to save everything, in the next step we will select them more easily.

    Here the list of supported cameras Gphoto the library used by gtkamAt the end of this point we have all our photos, not arranged, in one or more directories.

    We have to sort and edit photos.
    Right now we have all photos in one or more directories, and we need a software to view them, put them in order, select them and make minor changes, there are many excellent software that perform this work, my choice fell on Shotwell.
    To start, I tell you that this software is able to do exactly what gtKam do, so if you don't plan to use gtKam for other things you can ignore what I said in the preceding paragraph, you start Shotwell, connect your camera to the USB port and select it as data source to load images. Shotwell also uses Gphoto then supported machines are the same gtKam (use the link above)The first thing to do is to import photos, then go to File => Import file from Folder this will open a new window where you can select one or more directories, note that the default action is to copy the pictures into a directory Picture, if you do not want this, uncheck the option in the lower left.
    After this import you will have the dates on the left panel, auto-detected from your photo and on the central panel the gallery with all photos, you can select a number of photos and match them to a new event (you can choose the name) In this way we will not have the date only division but also a division for you to significant events on the left panel. (eg the stages of a trip).Shotwell can give also labels (tags) for each photo, you can give how many tag you want for each photo, this will give us an additional search criteria and classification methods for our photos.Use one of these two options to create the chapters of our DVD, we'll split our vacation in chapters (thematic sections or data you do), this will be very useful for what we do when we create the DVD.


    While selecting the photos for the various chapters you can also make minor changes, with Shotwell you can rotate, crop, reduce red eye, adjust exposure, saturation, hue and temperature of each picture, and if this is not enough it is possible to use an external editor (eg Gimp).And if you have not yet convinced of the goodness of this software add that it can also publish the photos directly on three of the most popular sites that deal with online photos: Facebook, Flickr and Picasa Web Albums.At the end of this point we have all our photos sorted and divided into multiple directories. these will become our "chapters".




    Create slide show
    It's time to use another very interesting software Imagination.
    This software is a real gem, you can create slideshows from a picture gallery, and add as many professional options, let's see how.Well, we have our photos sorted into directories representing our chapters of the DVD, we begin with a Slideshow => Import Pictures go to the directory and select all the images. At this point we have a screen like the one in: a big panel to left that represents the image you're working on, a smaller panel on the right  with a number of options to be applied to the image you're working on, including:Slide setting
    In this area we can choose the Transition Type, or how the image comes into the scene, the program provides more than 60 effects you can see some examples in this page, you can also select the duration of each transition (slow, normal or fast) and for how many seconds the slides must remain.Slide MotionThrough this section you can achieve special effects (effetto Ken Burns Effect), decide that a certain second place there is a zoom to a certain area of the photo, then zoom out and zoom to follow a different area, but this is just an example. To add this effect do this:
         
    1. Click Add to add a stop point, choose the zoom level, and how many seconds should last, if you go on the picture and hold the left mouse button pressed you can move the photo to select the area to enlarge.
    2.    
    3. Click on Add again and add another effect to zoom in or zoom out
    4.    
    5. Repeat as desired, you can also update or delete individual stop points.
    Slide Text
    Here you can enter a text to the picture and choose where to store it, and if it appear with some effects or not.Finally in the bottom of the screen you will see the sequence of your photos, as will be shown in the slide show in this area you can change the order of slides, delete those you do not need or add blank slides, through the menu Slide => Add Empty Slide, so as to slide with comments or explanations. You can also select more than one slide and apply all the same changes, for example, you can select all the slides and decide that the duration is 5 seconds, or that the transition type is random for all photos.But I forgot a keyboard with interesting options at the top, here it is possible to rotate the image, save and delete pictures and also import the music, we can combine our slide show even a file.ogg or.mp3 (not all distributions allows), we match the first slide an audio file that covers all our slideshows, in case there are no longer problems will be made final on a gradient, if it is too short ... well the music  will end before the slide show, but you can also put more music file one after another.Now we do a preview of our slide show and if we are satisfied go to get ready for export Export => VOB (DVD Video), choose the name for (. vob files are added automatically) and select the most suitable type of TV, this oeprazione can be a bit long time for a break.At the end of this point we have. Vob file representing the chapters of our CD.


    Here's a nice demo of what you can do with this great product.

    Prepare the DVD menu
    I did some tests with graphics programs, but nothing left me really satisfied to this point and so there will be no nice screenshot, because I used a command line tool dvd-menu. Its use is pretty easy I recommend to use with these options:dvd-menu -p -n 'Nome del DVD -b Start.jpg -c -fadein -fadeout -theme default -t "Chapter 1 " -t "Chapter 2" -t "Chapter 3"  -f chapter1.vob -f chapter2.vob -f chapter3.vob -a /home/capecchi/mp3/the_man_who_sold_the_world.mp3Explanation of options:-p = pal (Do not put anything for NTSC)-n = DVD Ttile.-b = Background image for the menu.-c = continuous mode, will start automatically  next chapter when one end.-fadein/-fadeout = graphic effects to embellish when you enter and exit the menu-t = chapter title, there must be a -f option for every -t-f = vob files to match the corresponding text, there must be a -f for each title.-a = Indicates a sound fileWith these options will create a directory dvd_fs, containing all the audio and video files, check its size with the command du -hs dvd_fs -> 1.9G   dvd_fs; in my case I have 2GB of space, I could create a directory EXTRA and put the originals of photos, videos or other extra things, then everything will end up on the DVD. We have a preview of our results through xine with the command:xine -g -u 0 dvd:"`pwd`/dvd_fs/"We should have the exact output with menus, music and everything working, if this preview does not work does not burn, but go back and check the steps, burning now would be just a wasting a DVD. Once we got our results we create .iso file with the commandmkisofs -dvd-video -udf -o dvd.iso dvd_fsThis will create a file dvd.iso with the size you saw with the du command, so check before you have all the space available.We created the DVD menu, we have tested it and generated a .iso file ready to be burnedIf you want a graphic alternative try to look at this Q DVD Author.

    Masterizziamo il file .iso
    now we just have to burn the file .Iso, products in this area are really so many I use Brasero as already present in my laptop with Ubuntu and Gnome.Just launch Brasero, choose Burn Image and select our .iso file, all done.


    However if you would like to make it from the command line, try:wodim dev=/dev/hda driveropts=burnfree fs=14M speed=10 -dao -eject -overburn -v image.iso


    You
    finally have your DVD, put it on TV bigger than you can and good vision, once again you have not disappointed friends.

    7 Practical uses of Openssl

    In a previous article we saw the basics of encryption and asymmetric key used in the e-mail. On Linux the most used and popular programthat deals with security and encryption is OpenSSL .
    OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
    Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the four open source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric A. Young and Tim Hudson, development of which unofficially ended around December 1998, when Young and Hudson both started to work for RSA Security.
    Today we will see some practical uses of programs that rely on OpenSSL.


    A fundamental use of OpenSSL is to create your own Certification Authority (CA) with which you can generate certificates to be used later in other programs. Since this is a long topic it’s not discussed in this article, where we will use the simplest and least common of the OpenSSL programs.

    Connect to a https service

    Sometimes is useful to have the equivalent of a “telnet myservice 80 “, but with sites in https a telnet don’t work so you need an openssl command:
    openssl s_client -connect host:443 -state -debug
    GET / HTTP/1.0
    You’ll get a very long output, but you’ll be able to do some test/debug also on the encrypted http.

    Generate random numbers or strings

    To generate random strings you can use the openssl rand; to generate a random integer you can use:
    root@laptop:~# echo $(openssl rand 4 | od -DAn)
    1173091498
    While if you want to generate a base64 string (perhaps to get a random password)
    root@laptop:~# openssl rand -base64 6
    Cki3awd4

    Verify an online certificate from the command line

    Not always the most advanced clients are also the more comfortable to see a certificate with this command you can verify a certificate from an https site or maybe a ldaps:
    root@laptop:~#openssl s_client -connect google.com:443
    CONNECTED(00000003)
    depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
    verify error:num=20:unable to get local issuer certificate
    verify return:0
    ---
    Certificate chain
     0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
       i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
     1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
       i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIDITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBM
    MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd
    .......
    And if just need to check if the certificate is about to expire, check for the dates with another openssl command in pipe:
    root@laptop:~# openssl s_client -connect google.com:443|openssl x509 -dates -noout
     
    depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
    verify error:num=20:unable to get local issuer certificate
    verify return:0
    notBefore=Dec 18 00:00:00 2009 GMT
    notAfter=Dec 18 23:59:59 2011 GMT

    Extract information from a certificate

    An SSL certificate contains a wide range of information: issuer, valid dates, subject, and some hardcore crypto stuff. The x509 subcommand is the entry point for retrieving this information.The examples below all assume that the certificate you want to examine is stored in a file named cert.pem.
    Using the -text option will give you the full breadth of information.
    openssl x509 -text -in cert.pem
    You can get specific information using the appropriate flag:
    # who issued the cert?
    openssl x509 -noout -in cert.pem -issuer
     
    # to whom was it issued?
    openssl x509 -noout -in cert.pem -subject
     
    # for what dates is it valid?
    openssl x509 -noout -in cert.pem -dates
     
    # the above, all at once
    openssl x509 -noout -in cert.pem -issuer -subject -dates
     
    # what is its hash value?
    openssl x509 -noout -in cert.pem -hash
     
    # what is its MD5 fingerprint?
    openssl x509 -noout -in cert.pem -fingerprint

    Generate a MD5 hash

    Openssl can be used also to generate the md5 of a text or a file:
    cat yourfile | openssl md5
    or
    echo -n "your text to be hashed" |openssl md5

    benchmarking with OpenSSL

    Openssl include a function to benchmark your system, simply write:
    openssl speed
    And you’ll get a long report like this one (centrino 1.5 GHZ)
    OpenSSL 0.9.8o 01 Jun 2010
    built on: Wed Nov 17 17:54:03 UTC 2010
    options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
    compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
    -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall
    available timing options: TIMES TIMEB HZ=100 [sysconf value]
    timing function used: times
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    md2                855.18k     1732.09k     2342.00k     2575.00k     2662.40k
    mdc2                 0.00         0.00         0.00         0.00         0.00
    md4              16213.70k    56706.21k   157499.53k   287899.83k   381457.07k
    md5              13040.86k    43134.65k   112426.54k   185555.70k   228296.58k
    hmac(md5)        12273.58k    41765.66k   109326.48k   184496.49k   230343.74k
    sha1             11414.65k    33576.61k    72414.64k   102876.35k   117894.33k
    rmd160            8291.07k    21482.65k    41282.44k    53895.00k    58734.43k
    rc4              86563.98k    95285.79k    97506.37k    97709.46k    98543.12k
    des cbc          11432.19k    11648.68k    11724.95k    11777.63k    11772.70k
    des ede3          4123.07k     4138.75k     4154.66k     4162.05k     4128.22k
    idea cbc             0.00         0.00         0.00         0.00         0.00
    seed cbc             0.00         0.00         0.00         0.00         0.00
    rc2 cbc          13996.01k    14320.10k    14542.58k    14539.74k    14484.95k
    rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00
    blowfish cbc     43255.37k    47920.37k    48867.76k    49545.33k    50041.82k
    cast cbc         30137.81k    32121.24k    32618.69k    33104.10k    32622.36k
    aes-128 cbc      36708.83k    39138.84k    39454.24k    39498.27k    39419.55k
    aes-192 cbc      31592.87k    33304.60k    33824.65k    33721.11k    33996.80k
    aes-256 cbc      27789.41k    29194.84k    29362.74k    29735.88k    29732.65k
    camellia-128 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-192 cbc        0.00         0.00         0.00         0.00         0.00
    camellia-256 cbc        0.00         0.00         0.00         0.00         0.00
    sha256            7809.17k    18163.74k    32279.64k    39705.60k    42603.65k
    sha512            2230.23k     8900.15k    13026.93k    18077.35k    20271.08k
    aes-128 ige      37110.42k    39163.19k    40161.57k    40480.51k    39874.08k
    aes-192 ige      31960.03k    33877.76k    34103.64k    34365.44k    34357.85k
    aes-256 ige      28192.66k    29575.37k    29714.13k    29876.08k    29675.52k
                      sign    verify    sign/s verify/s
    rsa  512 bits 0.001703s 0.000145s    587.1   6896.0
    rsa 1024 bits 0.009800s 0.000494s    102.0   2026.0
    rsa 2048 bits 0.062584s 0.001759s     16.0    568.5
    rsa 4096 bits 0.433333s 0.006440s      2.3    155.3
                      sign    verify    sign/s verify/s
    dsa  512 bits 0.001529s 0.001768s    654.0    565.7
    dsa 1024 bits 0.004945s 0.005793s    202.2    172.6
    dsa 2048 bits 0.017221s 0.019843s     58.1     50.4

    Benchmark remote connections

    The s_time option lets you test connection performance. The most simple invocation will run for 30 seconds, use any cipher, and use SSL handshaking to determine number of connections per second, using both new and reused sessions:
    openssl s_time -connect remote.host:443
    Beyond that most simple invocation, s_time gives you a wide variety of testing options.
    # retrieve remote test.html page using only new sessions
    openssl s_time -connect remote.host:443 -www /test.html -new
     
    # similar, using only SSL v3 and high encryption (see
    # ciphers(1) man page for cipher strings)
    openssl s_time \
      -connect remote.host:443 -www /test.html -new \
      -ssl3 -cipher HIGH
     
    # compare relative performance of various ciphers in
    # 10-second tests
    IFS=":"
    for c in $(openssl ciphers -ssl3 RSA); do
      echo $c
      openssl s_time -connect remote.host:443 \
        -www / -new -time 10 -cipher $c 2>&1 | \
        grep bytes
      echo
    done
    References:
    http://www.madboa.com/geek/openssl/

    HOWTO: Fileserver with Samba and Printserver with CUPS

    Considering the substantial increase in linux desktops, it seems likely that more and more of these users will need to integrate into Windows based networks. I have provided a breif howto on Printer and File Sharing with Samba.


    NOTE: This has been used and tested under SUSE Linux 9.3 and Gentoo 2005.1. I make an effort to be as distro-independant as possible, but cannot promise anything.

    Assumptions:
    1. I assume you the reader will have some linux knowledge and are capable of using the CLI and editing various system files with root permission.

    2. I assume you know how to install various packages either from source i.e. ./configure && make && make install or by using various package managers for available with your distro e.g. YaST for SUSE, apt for Debian, YUM for Fedora, URPMI for Mandriva, Portage for Gentoo etc..

    3. I assume your client computers are running either some version of Linux or Windows 2000 or above. Samba will work with Macs and versions of Windows prior to 2K. However since I don't have a Mac or a "Copy" of 98 lying around, I can't test out to see if this howto works.

    4. I assume your network works, i.e. you can ping each and every single computer at any given time. For more information on how to ping, read the ping man page i.e. man ping

    5. I assume your server will have a static ip, trust me, you will always want your server to have the same IP so that you don't always have to change settings when its dhcp lease expires etc..

    6. I assume you are setting this up for a home network, and hence won't require Samba to act as a PDC. (Primary Domain COntroller)

    7. I assume the printer will be directly connected to the server by a usb cable or parallel port cable.

    I suggest you read through this guide and understand the steps before attempting to perform it on your systems.

    Note: anything placed inside // is a comment and not a command

    Ch 1. Setting up Samba

    Using your distro's package manager install the latest version of samba available for it. As of 30/01/2006 the latest version of samba is 3.0.21. You can get binary i.e. precompiled packages of Samba from here for varios linux distros.

    Install samba on your system before continuing.

    Once samba has installed successfully, it is now time to edit the main samba configuration file. So in the terminal, become root and using your favourite editor, edit the /etc/samba/smb.conf file.

    Code:
    # nano -w /etc/samba/smb.conf

    You may already see some things in this file, but for the purpose of this tutorial I am going to start from a clean smb.conf file. If you feel the need, backup your present smb.conf file with:

    Code:
    # cp /etc/samba/smb.conf /etc/samba/smb.conf.old

    Now the smb.conf file is divided into 2 sections, the global section and the shares section. Firstly we will create the global section. As you may have guessed, the global section contains settings which will define the server.

    Ch 1.1 Creating the global section

    Quote:
    [global]
    netbios name = The_Server
    server string= Samba Server
    workgroup= My_Windows_Work_group
    security = user
    encrypt passwords = yes
    smb passwd file = /var/lib/samba/private/smbpasswd
    log file= /var/log/samba/%m.log
    socket options= TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    wins support= yes
    hostname lookups = yes
    hosts equiv= /etc/hosts
    hosts allow = 192.168.0.0/255.255.255.0 localhost
    hosts deny = All
    interfaces = lo eth0
    bind interfaces only = yes
    guest ok = yes
    browse list = yes
    printcap name = cups
    printing = cups
    load printers = yes
    These fields will be explained below:
    netbios name: This field should be filled in with the name of your server, this is what your windows computer will refer to the server as.

    server string: This field is not really required, but it is handy incase you don't remember what you called your computer e.g. like me :P

    workgroup: This field tells the server which Workgroup it belongs to. This field is absolutely essential.

    security: This field refers to the level of security which should be present. There are two levels of security which I feel is within the scope of this howto to explain:
    1. Share level security: Anyone can access any share without entering a username and password, i.e. no security.
    2. User level security. If someone wants to access a share on the server, they need to enter a valid username and password. A valid username is any user who has an account on your server. To add a user, use the useradd command. A valid user needs a valid password, but to be able to use the share, they need a valid samba password. To add a samba password for a user, just execute this command:

    Code:
    # smbpasswd -a user_name

    Personally I recommend you use user level security. However, if you feel the need to use share level security, by all means do so, but for making sure everything works, set it to user level security. This is because the command which tests whether the Smaba server works requires user level security to work. Once the server is up and running, you can set it back to share level security.

    encrypt passwords: Sounds pretty obvious doesn't it, I don't want other people knowing my passwords easily, so they should be encrypted.

    smb passwd file: The file where the samba passwords should be stored. You can use a whereis or a find to find the proper location of your smbpasswd file.

    log file: The file where the server should create the logs for each machine the %m you see there will actually be replaced with the name of the machine.

    socket options: These are supposed to improve the sending and recieving of data.

    wins support: One of my W2K box refuses to see the Samba server without this option enabled. This option just causes the Samba server to act as a WINS server. Because this option is enabled, you should set the WINS server option in your Windows clients to the IP address of the Samba server.

    hostname lookups: This field just asks whether the server should perform lookups based on the hostname of the client computers. If you set this field, you beed a hosts equiv field to tell the server the equivalent ip's of the other computers.

    hosts equiv: This field just tells the server the loacation of the file which translates a IP address to a hostname.

    hosts allow / hosts deny: These fields set which hosts can access the server based on their IP address or hostnames. In the example hosts allow field, I have told it to allow any computer with an IP address in the range 192.168.0.1 to 192.168.0.255 on the subnet 255.255.255.0 to have access to the server, localhost should also be included so that we can test to see wether the server works.
    The hosts deny entry is set to All as I don't want anyone else accessing the shares.

    interfaces: This field is only required if you have multiple network cards/connections. (Yes the Internet is a type of connection). This field should be set with the names of the interface/s that the Samba server should listen to for requests. Valid interface names on your system can be found by using the /sbin/ifconfig command.

    bind interfaces only: This field tells the server only to listen to the interfaces listed in the "interfaces" field.

    guest ok: allow guests to see the server, and some limited browsing. Usually should be set to no.

    printcap name / printing: The type of printing system we are going to use.

    load printers: Well we do want the system to load the printers automatically so that clients can use it, don't we?

    Ch 1.2 Setting up shares

    Shares on the server are what other people can see and access.

    1.2.1 Setting up file shares:
    A basic file share should have the name of the share and any other relevant details, below is an example of a public file share which everybody can access.
    [public] <------- This is the name of the share
    path = /home/samba/public
    comment= Shared folders
    guest ok = yes
    create mode = 0766
    browseable = yes
    public = yes
    read only = no

    this share allows everybody to access the shared folder on the server under /home/samba/server.
    To create such a share with relevant permissions, execute these commands:

    Code:
    # mkdir /home/samba/public
    # chmod -R 777 /home/samba/public

    Now some people may want to access their own files from any computer connected to the network and prevent others from accessing it. In such a case, create a share like the following:

    [home_directories]
    comment= User's home directory
    path= /home/%U
    read only= no
    valid users= %U root <--- We only want the legimitate user and root to be able to access the share
    Note for sharing home directories with password protections, you obviously have to set the security level to user in the global section.

    File shares can be set to things like removeable media such as cd/dvd drives and usb drives, all you have to do is tell the server the correct path to the resource e.g. /mnt/usb

    1.2.2 Setting up Print shares
    We are now going to setup the Print share


    Quote:
    [printers]
    comment = All Printers
    browseable = no
    printable = yes
    writable = no
    public = yes
    guest ok = yes
    path = /var/spool/samba
    printer admin= root

    This section is like a "global" setting for printer, we are allowing guests to be able to print from it and only allow root to administer it.

    The next section just defines which printer to share, if you have multiple printers connected to your computer, just create more of the printer shares outlined below:


    Quote:
    [HP5160] <--- The name I will be referring to my printer from now on
    comment = HP Deskjet 5160
    printable = yes
    path = /var/spool/samba
    public= yes
    guest ok= yes
    printer admin= root

    Once all that is done, save the file and perhaps create a backup of it. Now we will test the server.


    Ch 1.3 Testing the Samba Server
    There is a command called testparm which will parse the smb.conf file and see if you have made any errors. To run it, just do:

    Code:
    # testparm
    // if /usr isn't in your path, you may have to run the following command:
    # /usr/bin/testparm
    Now we have to see if the samba service is running, to do that, use the following commands:

    Code:
    # ps -e |Samba by Example guide| grep nmbd
    If samba has not started, run the following command:

    Code:
    # /etc/init.d/samba start
    Now we see if the services are running and the shares can be accessed by using the smbclient command.

    Code:
    # smbclient -L localhost

    It will prompt you for the present user's samba password.

    If the present user doesn't have a valid samba password, simply execute this command:

    Code:
    # smbpasswd -a user_name


    Note, the execution of the smbclient command results in the most errors, most noteably a NT_STATUS_LOGON FAILURE error. A few things you can do to fix this:
    1. Check that the smb.conf file has you in the correct workgroup
    2. Check your samba passwords and which password file it uses.

    Also, if you make any changes to the smb.conf file, you need to restart the samba service by executing this command:

    Code:
    # /etc/init.d/samba restart
    // alternatively, you can do this
    # /etc/init.d/samba stop
    # /etc/init.d/samba start


    Ch 1.4 Client Configuration
    For all Windows clients you need to do the following:
    1. Set the workgroup to the correct workgroup set in the smb.conf file
    2. Under the Advanced TCP/IP settings for the adapter, there will be an entry for WINS server, set this to the IP address of the Samba server.
    3. If you have a firewall e.g. Norton or Zone Alarm running, tell it to allow communication from the Samba server, normally, you just tell it the IP address of the server and set it to "Allow".
    4. Sometimes you may need a restart for things to work :P

    Linux clients:
    To access Windows shares or SMB shares on the Samba server, you need to execute following command as root:

    Code:
    # mount -t smbfs -o username=YOUR_USERNAME,password=YOUR_SHARE_PASSWORD //Server_name/share /mount_point

    Alternatively you can write up the entry in your /etc/fstab file like so:

    Quote:
    //Server_name/Share /mount_point smbfs username=YOUR_USERNAME,password=YOUR_SHARE_PASSWOR D,rw,users,umask=000 0 0
    YOUR_SHARE_PASSWORD is the password you have assigned to that share, if it is a windows share, use your windows password.

    Since you have mounted windows shares in linux through Samba, you can now write to those partitions even NTFS based ones.

    Note: for the above commands to work, you need the correct entries in the /etc/hosts file as shown below:

    Quote:
    // Server's IP address Hostname
    192.168.0.1 My_Samba_Server
    Ch 2. Setting up CUPS
    CUPS is the Common Unix Printing System, we shall use this on our server to share the printer with clients. Note, here I am assuming that the printer will be connected to the Samba Server by means of either a USB or Parallel cable and not through the network.

    Ch 2.1 Editing cupsd.conf
    Now, like samba, cups has a configuration file, namely cupsd.conf. We shall edit the defalt cupsd.conf file as it would be difficult to start with a clean file, also there is plenty of documentation in the cupsd.conf file and if you feel brave enough, by all means enable some settings and whatnot. Below, I will show you how to edit the cupsd.conf file to get the basics running.

    Firstly open the cupsd.conf file with your favourite editor:

    Code:
    # nano -w /etc/cups/cupsd.conf

    the cupsd.conf file is fairly large, I'd suggest you edit the sections below first to get the server working, then play around with it.

    Quote:
    ServerName Name_of_Print_Server
    ServerAdminroot@Name_of_Print_Server
    .
    .
    MaxCopies 10 // I don't want someone accidentally wasting paper and ink on a job
    .
    .
    MaxClients5 // Set this to whatever you like I don't want more than 5 connections to my server
    .
    .
    BrowseAddress @IF(eth0) // change eth0 to your lan connection, just tells where to send printing updates to
    .
    BrowseAllow@IF(eth0) // only allow printing from LAN.
    BrowseDenyAll // I don't want people on internet to try print using my printer
    BrowseOrder deny,allow // We first stop everyone from printing, then allow only local printing.
    .
    .
    <Location />
    Order Deny,Allow
    Deny From All
    Allow From 127.0.0.1 192.168.0.* // Change 192.168.0.* to address of internal network
    </Location>
    .
    .
    <Location /admin>
    AuthType Basic
    AuthClass System
    Order Deny,Allow
    Deny From All
    Allow From 127.0.0.1 // Only the users sitting at the print server can perform admin
    </Location>

    Now, I know that at some point people are going to print MS Office Documents, if the following lines aren't uncommented, then you are going to get some screwed up prints. Trust me, I learned the hard way...

    In /etc/cups/mime.convs file, uncomment the following line, it is towards the end.

    Quote:
    # application/octet-stream application/vnd.cups-raw 0
    i.e. remove the # sign at begining of line.

    Similarly, uncomment the following line in /etc/cups/mime.types:

    Quote:
    # application/octet-stream

    Now, before proceeding further, we need to start cups with:

    Code:
    # /etc/init.d/cupsd start


    Ch 2.1 Installing the Drivers
    Installing the Linux drivers:
    Firstly, goto the linuxprinting.org site and get the correct CUPS driver for your printer. (link). Download the ppd file and place it in /usr/share/cups/model.

    There are 2 ways of installing the Linux driver, firstly using the command line, as root do the following:

    Code:
    # lpadmin -p Printer_name_used_in_Samba -E -v usb:/dev/usb/ltp0 -m Some_printer_name.ppd
    The field Printer_name_used_in_Samba should be replaced with whatever you have shared your printer as. In the example smb.conf file given in Ch 1, I shared my printer as HP5160.

    The field usb:/dev/usb/ltp0 is what the system refers to as the location of your printer, note this filed will vary across different systems. On some systems, when using usb printers, it could be at /dev/ultp0. If you have a parallel printer, replace usb with parallel:/dev/lpt0 or similar.

    The field Some_printer_name.ppd is the name of the printer driver you have downloaded. For example, the HP Deskjet 5160 printer has a ppd file with the name HP-DeskJet_5160-hpijs.ppd.

    If that method doesn't work, you can use the CUPS web interface to setup the printer. Simply launch your favourite web browser and point it to http://Name_of_Print_Server:631 or http://localhost:631 . Simply point it to the location of the printer, setup its share name and tell it the correct driver to use. Note, you would need to login to this admin webpage with username as root and with your root password. Note this is your root system password and not the samba password.


    Installing Windows Drivers:
    You can install the drivers in one of two ways. You can either have the driver files installed on to the CUPS server, then when you add a printer on the client, it will go to that directory and fetch the drivers. Or you can install the driver as normal on each client and point it to the shared printer on the CUPS server (Note, with this method, I couldn't get it to work using HP's own drivers and had to use Adobe's drivers).

    Firstly, I will explain how to set it up so that the drivers reside on the server.

    At the time of writing of this howto, the CUPS Windows drivers are still under developement and hence won't be used here. Instead you have two options, either to use the Windows or Adobe Postscript drivers. Note If you have Windows clients which are pre Win 2K, you will need to use the Adobe Drivers.

    Using Windows Postscript drivers
    1. Make a directory in /usr/local/share/cups called "drivers"
    2. Now on your windows machine, Navigate to the C:WindowsSystem32SpoolDriversW32X863 folder. Copy whatever files in this folder to a flash drive, or if your samba server is working, copy it to a share on the server.
    3. Now copy whatever files which are in this directory to /usr/local/share/cups/drivers

    Using Adobe Postscript drivers
    1. Make a directory in /usr/share/cups called "drivers"
    2. Grab yourself a copy of the Adobe postscript drivers for your language from here. Also, get a ppd file for your printer.
    3. Launch the adobe Installer and tell it to use the ppd for your printer, now the drivers will be extracted to C:WindowsSystem32SpoolDrivers folder. Copy these files to usb or a samba share on your server.
    4. Copy the extracted driver files from a usb drive or samba server to /usr/local/share/cups/drivers.

    Now, because we are setting it up so that the server will contain the drivers, we need add some things to the smb.conf file regarding the location of the drivers. Note the configuration below must be used for all printers

    Quote:
    [print$]
    comment = Printer Drivers
    path = /etc/samba/printer # this path holds the driver structure after cupsaddsmb command
    guest ok = yes
    browseable = yes
    read only = yes
    write list = root
    Once that has been added, restart your samba serveice i.e:

    Code:
    /etc/init.d/samba restart

    Now, to add the drivers to samba to be shared to all clients, we execute this command:

    Code:
    cupsaddsmb -H Name_of_Samba_Server -U root -h Name_of_Print_Server -a
    In most cases, Name_of_Samba_Server and Name_of_Print_Server are the same.

    The 2nd method of installing the drivers would i.e so that drivers are on client systems is like so:
    Using the printer driver which came with your printer, tell it to install as a network printer and point it to the printer which resides on the Samba server. Note, for some reason this method didn't work for me and I had to use the Adobe method outlined below:

    Grab yourself a copy of the Adobe postscript drivers for your language from here. Also, get a ppd file for your printer. Run the Adobe installer, point it to the location of the printer on the samba server. Now Under printing in the Control Panel, tell it to use this as default printer.

    Ch 2.2 Client Configuration for CUPS
    Windows Client configuration:
    If you set it up so that driver files reside on the server, in explorer, simply navigate to the shared printer, right click on it and say "Connect", the drivers will be downloaded and you can start using it.

    Otherwise simply go to the Add printer wizard in Control Panel and point it to the location of the Printer on the server. You may also want to set it as your default printer.

    Linux Client Configuration (Other than the server):
    Install a CUPS client on your system, usually by installing the CUPS server package, a CUPS client will also be installed. Now edit the /etc/cups/client.conf file and add the following:

    Quote:
    ServerName Name_of_Print_Server

    And that is all there is to it. Now you should have a working file and print server.

    If you want a more detailed version of the printing howto in Samba, see Kurt Pfeifle's "Printing Support in Samba 3.0 manual"

    If you want more examples for setting up different configurations of a samba server, be sure to check out the official Samba by Example guide