Thursday, July 30, 2009

London to Paris Day 3 - The final leg

After having a very pleasant and pleasing day 2, day 3 started in a very similar manner, a bit cold but otherwise nice. 
After cycling through a very sleepy village we came back out into the countryside and another few hill climbs. 
What made this a bit special was cresting the hill and seeing a hot air balloon, no wait 2, 4, 7. 7 hot air balloons all at different heights, just rising above the peaks of some hills in the distance, the sun still quite low in the sky and some mist on the ground. It was stunningly beautiful, like a postcard.

The first rest stop came up on me very unexpectedly, it felt like I had only started and it was already time for a break. A quick stop for more bananas, water, and some raisins and I was off again. Spent a lot of the morning alone, which was incredibly pleasing and relaxing, I was truly able to relax and not think about anything, just the mileage that I was covering as the road zipped past at what several months earlier would have been impossible speeds.

As I stopped for a breather, I neglected to look ahead at the hill that was approaching, otherwise I would have just powered on up it and kept up my momentum. As I was a silly daniel, I didn't do this and had to walk for a bit after struggling with the first hundred feet or so. By stopping like this I was caught up by another rider, a girl from Italy who became a riding buddy for the next stage and a half. 
Whilst I was chatting to her I found out that I was the marker for several of the other riders and that they were trying to see who could keep up with me, I was easily spotted as for the 2nd day I had another brilliant white jersey on. The next rest stop also crept up on me and a pack formed as we waited for a few other riders that wanted to ride with us, for a bit of sport etc. I found this quite amusing and rode fairly close to the middle of the pack.
Eventually I got tired of how slowly they were actually travelling as I found it quite fatiguing compared to travelling at what I called my "natural" pace so I zipped off ahead and left them to it. I must not be a very social person as I much preferred my own company and enjoyed the cycle much more. 

The route took an unexpected turn and we ended up on very hilly terrain, I started to struggle a lot having wasted a lot of energy getting back up to speed after exerting myself by pootling along at a very inefficient (for me) pace.
The hills became daunting and at every part of the road it felt like the bike was being pulled down into the road and it took incredible exertion in order to make it move, on one hill I had to get off and push it to the top.
I thought I wasn't going to make it and that the next rest stop couldn't come soon enough. This was, as usual at the top of a hill. When I stopped here, I grabbed whatever food was available, it was getting more and more scarce as the tour was coming to an end and they had calculated it reasonably accurately.

I was egged on and left, knowing that there was an "epic" (their words, not mine) climb before lunch. This had me demoralised a bit, but a quick downhill blast on good tarmac cheered me up no end and we were soon back on the flat. I kept a lookout for anything that looked even similar to Paris but nothing appeared. 
The climb that was described as epic actually fitted the description, it was a series of alpine style hairpins that ascended about a thousand feet over the course of about 6 miles. For some reason I had no problem with this climb and the scenery was, as I am sure you are sick of hearing, beautiful. There was an almost middle eastern feel about it, lots of red rock (that I am assuming was sandstone) and an incredible heat, apparently one of the other riders clocked it at 38oC.
We arrived into a small city/large town and circled around what I am assuming was the outside of the city centre, lunch was at a golf course on the outskirts and was delicious (do you sense a recurring theme here?) and much appreciated even though the service was a bit disorganised.

During lunch there was a mini-briefing about what we were going to do that afternoon, especially with the entrance into Paris. After this, we all set off, largely as one unit and set about making it to the first stop, where we would regroup and set off again as one unit so that our entry to Paris was more condensed and organised, rather than very spread out as it had been over the previous days and rest stops.

The first hill was quite long and steep but nothing too stressful, what followed was a very steep and hairy descent through a village that must have been superglued to the side of a hill and had quite a few cobbled sections. Now as you can imagine, cobbles on a bike are bad, cobbles on a road bike, with high pressure skinny tires, no suspension and a saddle that felt like it was carved out of rock was pretty bad. Especially if your arse is already busted after a fall and 2 days of cycling on same saddle.

The regouping point was in a forest with a cycle lane through it, again very very pretty. Fruit was getting very low and had to make do with 2 scabby bananas and a half handful of the ever present raisins. Setting off together we were finally on the outskirts of Paris, this leg was a bit stressful and tougher than it could have been as there was a lot of jockeying for position nearer the front, lots and lots of traffic lights and a general uphill grind. As is usual with uphill sections, there is a downhill section that followed, made all the more interesting by the traffic, which being Paris at about 3.30 was backed up, overtaking cars on a downhill section with less than useful brakes and even less useful common sense is not to be recommended. It is however incredibly exhilarating and something you should probably do once at least (you may only get to do it once as it could be your last)

We grouped up once again at the Bois Du Boulogne, in paris traffic proper. This was to be our final stop before the Eiffel tower. This was an interesting leg navigation wise as there was a bunch of 80 tired cyclists, Parisian traffic, Parisian streets and a lack of signage. We all managed to make it through without much incident, I think one woman managed to hit a parked car and fall off but that was about it. We came down a hill and in front of us was it. The Eiffel tower, we had made it. It was an absolute site to behold and there was much ringing of the bicycle bells. It didn't quite stop there however, as we had to cycle around it, staying on the road until the entrance to the grassy area at the back. Upon arrival bicycles were promptly dumped on the grass and Champagne was distributed (well sparking wine that was quite warm)

After being chased off the grass by the park warden and interrupting someones wedding photos (very very very sorry about that) we had to get back on the bikes once more and head to the hotel. The bikes were popped into the back of a van and that was the last that we heard of them. 
And as luck may have it, that is the last that you will hear about the London to Paris cycle on this blog, unless of course I change my mind and decide to do it again.

Posted via email from Daniel's posterous

Thursday, July 16, 2009

Trip To The Cinema

So last night, my wife, her nephew and myself decided to go to the cinema and catch the latest Harry Potter, it should have been a relatively painless experience but turned out to be very far from the truth.

Whilst the cinematic experience was in itself perfectly satisfactory, a good film, no interruptions in viewing by the projectionist, sound direction and levels all nicely set etc. The actual cinema experience left an awful lot to be desired.

Firstly and most importantly was the other patrons of the cinema, I was abused verbally and physically in the queue. I had to actually push someone back and basically tell them that if they didn't move their fucking heffalump arse I would move it for them. we had decent seats (i.e. not craning up or to either side to see the screen) but this had the effect of being right at the aisle, if one fucker went up and down those stairs 20 of them did. 

And what the fuck is it with the mobile phones? Do they have to have 12 million candela screens? Jesus H Christ, the guy in front of me actually answered his phone with "No I can't talk, I'm in the cinema" then proceeded to have a 5 minute conversation. Take that shit outside, you aren't that fucking important (believe me, he was no brain surgeon)
Every 30 seconds some cuntbag in my field of vision had their phone out and I was half blinded. Yes, you iPhone users as well, turn the fucking brightness down if you feel the need to use it in a very dark room. The only time I had my phone out was to make sure that it was on silent and that I had turned the vibrate off, does no one have any consideration for the other poor bastards that paid £6 for their tickets?

Secondly is the price. Last night cost about £35 all told for 3 people, a bag of sweets and a medium coke each. £35... I'm sorry but for £35 I would rather get a bluray disc, load it up into my excellent cinema system and have a few beers/ciders out of a Glass. It's no bloody wonder I don't go to the cinema anymore and paid out reasonable money for good kit at home. I'm just going to wait for stuff to hit bluray (or a HD Download :) ) and watch it there.

So all you inconsiderate cinema users, you can all go and fuck off.

Posted via email from Daniel's posterous

Saturday, July 11, 2009

London to Paris - Day 2

So after a very long and stressful first day cycling through the English countryside (which whilst quite pretty was a very gruelling cycle) we hopped on the ferry and made it to France in one piece.

Had a fantastic breakfast in the hotel, and made sure to stock up on starchy foods and generally fill our faces with french pastries and other goodies. After breakfast I decided to go and get my bike ready after it had been taken off the van it had stayed in that night, bringing my helmet, water bottles and gloves down with me to the grassy area outside the hotel (which was full of dog shit but anyway) I pop my stuff down and go looking for my bike. I then come back to the footpath and spend 40 minutes looking for my water bottles, did I leave htem in the hotel? did I leave them on the coach (no chance of ever seeing them again but I had them in my hand that morning) did I leave htem in my day bag with the other stuff that I might need during the day?) no, they were not in any of these places. 

They were in my helmet along with my gloves, exactly where I had left them, did I mention that we had a very long day previous to this?

We start cycling and I immediately find a problem, my foot is starting to hurt again and we hadn't even covered a mile, fortunately we had a stop after 2 miles at a cycle shop so people could pick up anything that they may have forgotten to bring. I managed to pick up a pair of adidas cycling shoes, in my size, for €32 which considering that they usually retail for about 3 times that I was quite pleased with.

The difference they made was unreal. I was able to put much more power down, more efficiently and my foot didn't hurt at all, €32 well spent in my book.

The morning's cycling was very pleasant indeed, with undulating terrain but travelling through a very picturesque part of France. The weather was ace as well, no wind at all but a very pleasant 33oC. Now you might think that this is unbearably warm, but it was very pleasant as even during the very fast downhill sections (where my motto was Tuck in, Fuck off) you didn't cool down much at all, but the lack of humidity made for very pleasant cycling weather. 

Coming in right (10-15 min out of 3 hrs) behind what I would class as the Elite Cyclists (guys that do it every day of the year and spent more on their bikes than I did on my car) I was very pleased with my progress and was able to spend a bit more time recuperating at each stop. 

Lunch, as the previous day was at the top of an incredibly long hill, not as steep this time however, but due to a headwind I had to get off and walk part of it.

After lunch we had a long downhill section to begin with followed by a series of hills. I think I ate the wrong things during lunch so was very tired and lacking in energy for the first 45 min or so, I don't think I had enough fruit for the fructose and other sugars that would have given me the necessary boost and kickstarted the oul legs again.

The next leg of the journey was absolutely magnificient, travelling through the rolling hills of the french countryside. I think that the elite class were missing out on some of this as they were driven to be first to arrive and would just keep the head down and cycle straight through, without taking a few minutes to appreciate the stunning beauty of the area. Unfortunately the jersey I was wearing that day didn't have pockets otherwise my iPhone would have been accompanying me and there would be a multitude of photos of just how beautiful the area is.

The next rest area was in a sleepy little village, probably a population of maybe 600. There was a wedding on and everyone in the village was out enjoying the good weather and the atmosphere. A stop at a local bar let me meet a few of my fellow travellers and I made good company straight away with one group in particular. They had the very very good drugs... A Doctor, a Pharmacist and a Psychiatrist, I mean they were packing everything, antibiotics, max strength codeine, the strongest painkillers without needing a controlled prescription etc. Good people to know. One of their party was really suffering though and was having a hard time making it through, she hadn't eaten since the ferry trip the previous evening and was having bouts of vomiting and diarrhea. She was absolutely driven to complete it though as she had lost her husband the previous year and was doing it for an arthritis charity that really looked after him.

Setting off from here there was a very much appreciated downhill section and some more rolling hills, nothing too strenuous and arriving at the hotel at 3pm or so was a welcome relief from the 7pm the previous day.

All in All a very good day and felt like I had done quite well!

Posted via email from Daniel's posterous

Monday, July 06, 2009

London to Paris cycle challenge - Day 0/1

Now that I'm back and settled after a few days in Edinburgh after completing the London to Paris cycle I've had time to reflect on a few things about it and life in general.
 
I'm going to write about each day of the cycle and what the terrain is actually like.
Day 0 Getting our bikes and getting to the starting line.
Interesting. Arrived in Stanstead after a seriously early flight, ran into an old friend at baggage collection but didn't have time to catch up properly. Discovered we did not have our visa card (which has since been reported missing) and had to make a cunning plan about our hotel in Edinburgh as they normally pre-authorise your card in case you rack up a big bill. Worked out fine in the end. Hopped on the stanstead express and was very glad we had sprung for the first class tickets as it was rush hour and the "poor boy" carriages were heaving. Got into Liverpool St. and immediately on to the tube to head to Wimbledon, arrived and was amazed at how busy the area was. Battled through the throngs of people trying to get the buses up to the tennis. Got our bikes from the very nice (and ridiculously cheap) people at TriAndRun (www.TriAndRun.com ) fitted perfectly even though he only had our heights and weights. Now was fun, attempting to navigate the tube, train and road networks with bikes and large rucksacks to get to our hotel in Bexley several stops, waits and a reasonable walk later we arrive in what is essentially a village. Very pretty and nice and quiet, until we get to our hotel, which may as well have been sitting ON the motorway. Had some severely overpriced lunch and went for a sleep. Woke up and went to a local pub for a very cheap (but microwaved Iceland or similar) dinner, which was reasonably filling and didn't taste "bad" Early night, very hot room.
 
Day 1 London (Bexley) to Dover
This was initially meant to be London to Newhaven which was a bit shorter, the ferry company messed about the timings and we had to reroute our ferry via Dover instead.
Started off from the holiday inn after a lightish breakfast and arrived for the briefing. Got told, "today is going to be a bit stressful as we have a fixed deadline that we don't control, if you don't make it quick enough to the lunch stop you WILL be picked up by the back van. If you are not quick enough to the rest stops you WILL be picked up by the back van" etc. Got some more information and it decided to start raining, on go the ponchos.
The first leg was great, 20k in we had a stop with fruit water etc, set off again after about 15 min or so and immediately met some really rough terrain, bear in mind that these are proper road bikes we have with 0 suspension and pretty much no padding on the saddle, think sitting on the crossbar with a small piece of leather under you and you wouldn't be far wrong.
 
Lots and lots of uphill sections, really shit Tarmac and potholes, they neglected to tell us we would be cycling through the south Downs. Which in itself is a lie, it's all bloody ups.
On one of the ascents I drop down on the front chainring and the chain pops off (my fault, don't downshift under heavy power) binds up the cranks and turfs me off the bike, I managed to stay upright but my foot dragged under the pedal for a good 20 feet, I also managed to fall quite hard onto the crossbar with the associated injury, pain and indignity that it causes, needless to say I had a very interesting bruise that's still a bit painful and lumpy. At the top of one of the hills the medic passed me and gave it a look over, said it was likely sprained and my heart sank I thought i was going to end up having to pull out after not even lunch on the first day. Made it to the rest stop after sending laura on ahead, got my fruit and a small rest then set off again. Covered about 7 miles and couldn't make my foot work properly so waited for recovery by the Big White Van, got chucked in the back with the bikes as another couple were too slow/tired or something.
Got out at the next rest stop and got seen by a doctor who gave me some painkillers, note you CAN take ibuprofen and paracetamol together, and yes they do work VERY well together, got back on the bike and after a mile or two felt like a new man minus the very painful buttocks and groin, it didn't take the pain out of their but it did take the edge off. Another slightly misleading description of the terrain followed, "There's a bit of a hill before lunch" a bit of a hill. That would imply, to me at least, that it would be on the order of 4/5 in 100 not a 1 in 10 that went on for 4km. Managed to catch up with laura and passed several people, felt quite pleased with myself at not getting scooped by the van even though I left at the last possible minute from the rest stop.
Got to lunch and was severely disappointed, vegetarian with only a tuna salad for anything resembling meat. As I had taken so long to get there I only had about 20 minutes before we had to set off, whereas most of the others had about 50-90 min. The afternoon continues in the same vein, except the road surface worsens, really stressful trying to make a bike go up a really bad road as it literally drains the energy and willpower out of you. This time I see a worrying pattern forming, we are crossing valleys, so a downhill section that you can't really fly down as the road is rubbish, a bit damp, covered in gravel and quite windy, then it's counterpart on the other side of the valley, a long ascent on the same road surface, not good at all. Made worse by inconsiderate moron drivers who have acres of space on the other side of the road and yet still managed to hit Laura with their wing mirror.
Made it to the last rest stop near the back of the middle group of riders, a nice farmhouse with a grassy area to lie down on. Was informed that there was only another 20K to Dover. Did some mental calculations and despite my geography being rubbish figured out that we were still a reasonable height above sea level and that Dover, being a port, HAD to be at sea level and that meant one thing to me, more downhill than uphill and we were near food (okay, 2 things) hopped on the bike again and went like the clappers. Arrived in Dover after passing several people and forming a small platoon of riders on the outskirts of the town managed to make it to the port itself in a reasonable time and rolled in accompanied by the sound of bicycle bells from or group and cheers and applause from the 30 or so that had already arrived. Staggered on to the ferry after a small wait at the terminal for the later riders and the vans etc. Had a nice meal with everyone, spirits were a bit down as the day was so strenous and miserable.
Off the ferry at calais and back on the bikes to literally travel 2 or so kilometres to actually move 100m, stupid road closures and fences meant we had to drive around the whole terminal area. BTW Calais is very industrial and is full of very industrial buildings and not very pretty.
Got on the coach to take us to Dieppe, sat at the top of the stairs with our day bag and helmets, drifted off to sleep a few times but was startled awake by the fear of falling off my seat and down the very steep coach stairs. Got to the hotel after 2 1/2 hours and fell straight asleep smelling like a corpse and feeling like one as well.
 
Thanks today go to:
 
Dave the medic for looking at my foot and giving me temporary relief with some ibuprofen gel and lending me his Allen keys to lower my saddle.
 
Ian the doctor for giving me lots of painkillers and basically telling me not to be such a pussy and get back on the bloody bike.
 
Bob for making ne laugh by arriving at Folkestone and having to get on the train to Dover after he misread the directions.
 
Everyone else in the group for being really nice, supportive and friendy when I was lying on the grass at the rest stop with my busted foot.
 
And as always, my fantastic wife Laura, always pushing me on, being encouraging and always supportive and watching out for me.
 
Day 2 will follow soon as this has taken me about an hour to write on my iPhone.

Posted via email from Daniel's posterous

Saturday, July 04, 2009

Tuesday, June 09, 2009

O2 iPhone 3GS - WTF

**** DISCLAIMER ****
This post contains profanity (lots of), reminiscing, dream sequences and full frontal male nudity.
One of the previous items was a lie. You decide if you want to take that chance.



Well O2,
it looks like you've done it again. You've gone back to being an incompetent lumbering giant in a marketplace that rewards agility.

I can't actually believe that you don't want to take my money for a longer period of time, I'd gladly sign up to a rolling 24 month contract if every time the new release of the iPhone is made available. You really don't get apple fans do you? You saw how good the hardware/software was, how EVERYONE and their dog has or wants one and you decided to royally screw them.

Never mind the fact that it wasn't just going to be my iPhone contract that you would be getting extended, it was my wife's, several of my colleagues and I was -> <- close to recommending that we use the iPhone and the O2 network in the company I work for, for all the sales, pre-sales and marketing staff.
Needless to say that this won't be happening with your current policies of screwing the customer.
If that wasn't bad enough you want to charge an extortionate amount for tethering ability. Yes I do class a doubling of my monthly bill extortion, if I have my laptop with me I'm not likely to be using the data connection on my phone. Now you can pretty much bet that I'll be streaming youTube videos all the live long day, hell, I might not even WATCH them.

Somewhere in my mind I think the conversation between O2 and we went something along these lines
~~~~~~~~~~Wavy Lines for Reminiscing~~~~~~~~~~
2 YEARS AGO:

O2: Hello Customers Me: Hello O2, two shiny iPhones please.
O2: That will be £600 and £80 per month for 18 months
Me: Okay, that's great, thanks.
Me: Yay, iPhone baby, shame it's only 2G but fuck it, I've got an iPhone

LAST YEAR:

O2: Hello Loyal Customer
Me: Hello O2, another two shiny iPhones please.
O2: Thanks for trusting us with an important purchase, here, have this iPhone "free" and have this one substantially discounted. I'll just extend your contract out starting today
Me: That's great, I don't mind that at all as the cost to me directly is largely invisible and I don't mind giving you money each month
~~~~~~~~~~End Reminiscing~~~~~~~~~~

~~~~~~~~~~Future Dream Sequence~~~~~~~~~~

SOMETIME IN THE NOT TOO DISTANT FUTURE
O2: Hello You Gullible Shithead Fucktard
Me: Wait, Something's not right here, this doesn't normally start like this?
O2: That's right, I've decided to stop taking your crap
Me: But I give you CASH MONEY EVERY MONTH for you to take my crap and let me use your service, I think that's how capitalism works, right?
O2: Yeah, that's largely how it goes, but we've decided to really fuck you over this time, we know you paid for your first iPhone, then we got you hooked on 3G and going faster
Me: Yes, and I want to continue this trend, and the trend of giving you money for this service
O2: We know that, but we also know that you *really* want this new one with the compass and the camera and the "ooooh shiny"
Me: Okay, let's just gloss over this, say I want to use my laptop with me as well.
O2: That's another £30 a month for, realistically, a limited service.
Me: Wait, what? I PAY you for data already, and it's not a small amount either!
O2: Yeah, well, too bad. Fuck You.
Me: You know something, I actually wouldn't have minded but saying as you don't want to play ball with me, you obviously don't want my money and you don't want my recommendations to all my friends that O2 are actually pretty good to deal with.
You see, I'm not a silent complainer, I'm not a silent complimenter either. If I like your product, and your company I WILL tell people. People that make decisions about where to spend money. But on the otherhand, if you or your products piss me off I've got a fairly loud voice and I like to shout.
Me: @O2 Your silence is deafening. You were very noisy on WWDC day but strange, I can't hear anything now...

~~~~~~~~~~End Future Dream Sequence~~~~~~~~~~

O2 really haven't thought this through at all, they must realise by now that the iPhone has a 12 month lifecycle but they decided they want an 18month contract. This doesn't work unless you play ball with your customers and let them roll it over, which the majority of them will gladly do.

I Hope someone from O2 reads this and passes it to the appropriate people, you've really gone and fucked yourselves. I hope you are ready for the backlash. http://search.twitter.com/search?q=o2fail kinda puts it in perspective at a quick glance to see how badly you've screwed up. I don't think it's going to get much better either as today goes on.

so O2, to sum up:

Fuck You.
Fuck You Very Much.

Monday, June 08, 2009

Directory Services could not start Error 0xc000006a

This error can also present if your system state backup of your domain controller exceeds the tombstone lifetime of your domain, this defaults to 180 Days.
The exact error message you will see is


Directory Services could not start because of the following error:
The specified network password is not correct. Error Status:
0xc000006a. Please click OK to shutdown this system and reboot
into Directory Services Restore Mode, check the event log for more
detailed information.


Moral of this story is to ALWAYS CHECK YOUR FREAKING BACKUPS and make sure they are done regularly and inspected regularly.

This mistake cost me 2 days of working on this. I should have checked the date modified on my system state restore.

Friday, May 29, 2009

LDAP Authentication in Debian

Steps for getting LDAP authentication working on Debian

This post brought to you courtesy of SzlWzl

Sources:
http://www.adminspotting.net/articles/windows/linux-and-active-directory.html
http://moduli.net/sysadmin/sarge-ldap-auth-howto.html

Aim:
To get all linux users authenticating from our Active Directory implementation which is running on Windows 2003R2.

On the Active Directory Server:
From Add/remove programs->Add/Remove Windows Componenets->Active Directory Services. Install Identity Management for UNIX and reboot

Create an user which we're going to use to bind. I have called mine adlookup which sits in our Service Accounts OU.
CN=AD Lookup,OU=Service Accounts,DC=DOMAIN,DC=com


It is very important that the password doesn't have any special characters in, I had to change the domain policy to set it as apparently there can only be one password policy per domain.
In Active Directory Users/Computers either create a new group or choose an existing group for your users, right click and choose properties.
Add your users
Choose Unix Attributes and select the correct NIS domain.

Now select a user, right click on them and select properties
Choose Unix Attributes
Select the NIS domain, Home Directory, shell and primary group name

Linux Client:
apt-get install ldap-utils openssl libpam-ldap libnss-ldap nscd

edit the /etc/ldap/ldap.conf to look like this
run
ldapsearch -x -W -D "cn=AD Lookup,OU=Service Accounts,dc=DOMAIN,dc=com" -LLL "(sAMAccountName=adlookup)"

then enter your password and it should return the correct details, if it does then you're brilliant :)
mv /etc/libnss-ldap.conf /etc/libnss-ldap.old
nano -w /etc/libnss-ldap.conf
and make it look like this:

host IPOFADSERVER #Important - it must be the IP and not the dns entry
ldap_version 3
binddn CN=AD Lookup,OU=Service Accounts,DC=DOMAIN,DC=com
bindpw PASSWD #nospecialcharacters
scope sub
timelimit 30
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid msSFU30Name
nss_map_attribute uniqueMember msSFU30PosixMember
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_objectclass posixGroup Group
pam_login_attribute msSFU30Name
pam_filter objectclass=User
pam_password ad
base OU=YOUROU,dc=DOMAIN,dc=com # make sure you limit this to only what is required as I had strange errors
rootbinddn CN=ADMINUSER,CN=Users,DC=DOMAIN,DC=com #What user should root join as to enable passwd change etc
pam_groupdn CN=WHATGROUPAREUSERSIN,CN=Users,DC=DOMAIN,DC=com #what group must users be in to enable login

The contents of libnss-ldap.conf and pam_ldap.conf are identical in my setup so just link them together to save any additional work:
mv /etc/pam_ldap.conf /etc/pam_ldap.old && ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf
nano -w /etc/libnss-ldap.secret # enter in your admin password
ln -s /etc/libnss-ldap.secret /etc/pam_ldap.secret #same passwords
chmod 600 /etc/libnss-ldap.secret # make sure this is readable by only that user

Edit your /etc/nscd.conf file and change the following parameters:
I have chosen an arbitrary size of 500MB but I found that there were some crazy assertion errors coming in if I left the defaults such as this openldap-2.4.11/libraries/liblber/sockbuf.c. I think it must be to do with the size of the cache in nscd but am not sure. I also got an error about "invalid persistent database" when this was set too large.

max-db-size passwd 524288000
max-db-size group 524288000
max-db-size services 524288000

Now you have to tell pam how to get it's users so make your /etc/nssswitch.conf look like the below, it is very important to get the order right, compat must come first and then ldap. I found that my machine wouldn't boot if it was trying to do the ldap first.

#passwd: compat
#group: compat
#shadow: compat
passwd: compat ldap
group: compat ldap
shadow: compat

You must now make nsswitch readable by all so:
chmod 644 /etc/nsswitch.conf


Now you can test this is working by doing:
getent passwd USER.NAME # this must be a username you have enabled up there ^

/etc/pam.d Common Files

Debian has a series of files in /etc/pam.d appended by common- at the beginning of their names, which are included by the other files in that directory for specific services. We can tell PAM to use LDAP for all of these services by modifying these common files.

In /etc/pam.d/common-password, comment out and replace:

password required pam_unix.so nullok obscure min=4 max=8 md5

or:

password required pam_cracklib.so retry=3 minlen=6 difok=3
password required pam_unix.so use_authtok nullok md5

with:

# try password files first, then ldap. enforce use of very strong passwords.
password required pam_passwdqc.so min=disabled,16,12,8,6 max=256
password sufficient pam_unix.so use_authtok md5
password sufficient pam_ldap.so use_first_pass use_authtok md5
password required pam_deny.so

Read the pam_passwdqc man page for more about parameters you can give to it. In /etc/pam.d/common-auth comment:
auth required pam_unix.so nullok_secure

replace with:

# try password file first, then ldap
auth sufficient pam_unix.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

In /etc/pam.d/common-account comment:
account required pam_unix.so

replace with:
# try password file first, then ldap
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so

And this line to /etc/pam.d/common-session:

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

This should now be it, I haven't quite got automatic sudo working yet or auto mount of the home dir from an nfs source but that is the next step :)

Troubleshooting:
Password you bind with must not have special characters
In nscd.conf you must have a decent sized cache file
Your unix attributes must be correct
check that your getent passwd is working and that your ldapsearch is working

Monday, May 11, 2009

Database Mirroring for Non Domain MS SQL Servers

Configuration of Database Mirroring for Non-Domain based SQL Servers

Assumptions
2 SQL Servers running SQL 2005 SP1 (or greater)
Network connectivity between them
System privileges to create user accounts and change service log on credentials
Databases to be mirrored set to FULL recovery model

Initial decision is which server is going to be your primary

Once this is decided, create a new account with a strong password, that you will run SQL Server and the SQL Server Agent with
Add this account to the group SQLServer2005MSSQLUser$SERVER-NAME$SQLINSTANCE

Set the services "SQL Server ($SERVERINSTANCE)" and "SQL Server Agent ($SERVERINSTANCE)" to run under this account

This should be done on BOTH SQL Server Machines

On BOTH machines, run the following T-SQL queries to build the Mirroring Endpoints
CREATE ENDPOINT mirror
STATE = STARTED
AS TCP
(LISTENER_PORT = 5022)
FOR DATABASE_MIRRORING
(AUTHENTICATION = WINDOWS, ENCRYPTION = SUPPORTED,ROLE = ALL)

Now, on the PRIMARY, select the database to be mirrored and back it up (Full Backup), copy this backup to the SECONDARY server and restore using the "WITH NORECOVERY" option This will leave the SECONDARY database in the Restoring state.

Back on the PRIMARY server, right click on the database and select Tasks > Mirror

Run through the "Configure Security..." wizard
Do not use a witness server
You may need to log on to the SECONDARY SQL Server using appropriate credentials. It will automatically detect the endpoint created earlier.
When prompted for a user for the principal and Mirror, DO NOT ENTER ANY DETAILS
The Mirroring Configuration Wizard will complete with 0 errors or Warnings.
Select Do Not Start Mirroring

Still on the primary server, select the Principal server address and change it so it is a FQDN (including a domain)
for example server1.sqltesting.com:5022
For the most likely to succeed option inspect the Mirror server address.

Once this is set, hit Start Mirroring. You will get an error message that the mirror database has insufficient transaction log data to preserve the log backup chain of the principal database...
Hit OK on this BUT do not ok or cancel off the datbase properties page for the PRIMARY database. This indicates that they can successfully communicate.

On Management Studio on the PRIMARY, right click on the database and select tasks> Backup
In the backup type, select Transaction Log and back it up to an appropriate location.

On the SECONDARY server,right click on the database to be mirrored and select Tasks > Restore Transaction Log
Select the path to the transaction log backup from the PRIMARY server.
Restore this ensuring to select the WITH NORECOVERY option on the options screen.

On the PRIMARY server, on the still open properties page, do not change the Operating mode unless you know what you are doing, then click Start Mirroring

There will be a slight delay and the Status will change to Synchronizing, hit refresh and as long as not too many transactions have gone through, it should change to Synchronized.

You can now close this window and have mirrored databases.

Anonymous Internet Browsing

(Or How BT Mobile Broadband can make you feel like a criminal)

This post was inspired by the despicable means that BT use to try and prevent you from doing what you want on the internet whilst using one of their mobile dongles. Some people (myself included) don't like other's seeing what they do on the internet, this is how you get around it.

**DISCLAIMER**

This can be used to get around proxy services and servers that your friendly neighbourhood SysAdmin might have put in place for the safety of their network. If you get caught using this and violating your employer's acceptable use policy, on your own head be it.

A SysAdmin will probably beat on you with a spanner for just discussing this, Yes I am a SysAdmin and Yes I would.

So enough of that nonsense and thinly veiled threats, let's get down to getting you on the internet.

Go and download FirefoxPortable from portableapps.com
Install this to your USB Thumbdrive or to a location on your hard drive

Download TOR from www.torproject.org

when installing TOR/Vidalia, Select a "Base" install and expand out the Torbutton option, deselect "Add to Firefox"
Change the destination folder to be a folder on your USB Drive, I called mine Vidalia.
Don't run the Installed components just yet.

Go to the installed folder and browse to the Torbutton folder, right click on the torbutton-1.2.0-fx.xpi and select "open with..." point this to your portable firefox installation and run it, then restart firefox portable. Open up the add-ons options for Torbutton and ensure that "Use Privoxy" is enabled

When you want to browse anonymously, run Vidalia from your USB drive, open up firefox portable, and down in the bottom right, click on Tor Disabled to start Tor and browse to your hearts content, relatively safe in the knowledge that no one can see your browsing activity.

To add Flash to this, copy flashplayer.xpt and NPSFW32.dll from c:\windows\system32 into FirefoxPortable\App\DefaultData\plugins and restart firefox. This doesn't work with all flash video players but youTube works.

Thursday, April 30, 2009

Kubuntu 9.04 on Vostro 220s with dual monitors

Installation of Kubuntu 9.04 "Jaunty Jackelope" on a vanilla Vostro 220s is very straightforward. My Vostro however is not vanilla in that I have added an addin graphics card, an nVidia GeForce 8400GS with dual outputs.

This is what caused my problems from earlier when I tried to move to 9.04 beta release.

How you get it running on this system is as follows.

Open up your case and pull the VGA output off the graphics card, this tells the card that it only has one output.

Start up your machine and open the BIOS settings and tell your machine to use the pci-express graphics card before the on-board one. Dell machines normally complain otherwise.

Install [K]ubuntu 9.04 as normal in whatever layout you want.

After installation, get your system updates and enable the restricted nVidia Drivers (V. 180)

Reboot and check your machine still works and that you now have the nVidia Server Settings option in your K menu (or wherever it goes for Gnome)

Power off after testing and plug your VGA output back in on the card, attach your second monitor

Open up your nVidia Server Settings application and enable the second monitor. DO NOT CLOSE THIS APPLICATION YET

Open up a terminal window (ALT+F2 "konsole") and enter
sudo chmod a+w /etc/X11

Back in your nVidia Server Settings app, hit "save to X configuration" and you are now done. Dual screens persistent across reboots.

TA bloody DA.

Tuesday, April 28, 2009

Burning ISOs from Command Line Linux

isowrite.sh
#!/bin/sh
sudo cdrecord -v dev=1,0,0 -data $1
sudo eject

install cdrecord (apt-get install cdrecord) then create a bash file somewhere in your $PATH (/usr/bin) then run:
isowrite.sh /Path/To/ISO.iso

Removing Sticky Stuff

Peeled a few labels off a Dell Latitude 131L (yes the one that doesn't want to install Vista, can't really blame it) and got left with a load of very sticky stuff and bits of label guff.

Don't have any spirits or thinners to hand to remove it and wouldn't really want to use them in case it eats through the laptop casing (would be very bad as it's not my laptop)

Whip out the old gaffer tape/duct tape and tear off a strip. Stick it down on the surface with the sticky stuff and rip it off, takes a bit of the sticky crap with it. Repeat as necessary. Yes you may worship me.

Monday, April 27, 2009

vLite - Unattended Installations for Windows VIsta

How to create your very own bootable ISO with all the drivers you could need on it.

Go to www.driverpacks.net and download all the driver packs for your architecture (x86/x64) Extract the .7z files to a local directory using 7-zip (www.7-zip.org) or winRAR (www.rarlabs.com)

Download vLite and the Windows Automated Installation Kit (W.A.I.K.), these are both free and should be the first hits in google

Install the WAIK and then install vLite - don't run it just yet.

Copy the wimgapi.dll from the Windows AIK/Tools/YourArchitecture folder (x86/ia64/amd64) into the vLite root folder. Windows AIK defaults to installing in "c:\Program Files\Windows AIK"

Run vLite and on the first screen pop in your Vista DVD and direct it to that drive (it will prompt you to create a local copy) or point it to a location where you have copied all the files from the CD.

NOTE 1: I recommend copying the files across yourself and then making an additional copy of the folder. Using vLite can be a destructive process and you may not get it right first time. If you have a spare copy on your hard drive, your golden master, so to speak. It's a lot easier and quicker to just clone this folder than having to: find your DVD or mount the ISO, copy the files across etc. etc. etc.

NOTE 2: If you are struggling for space you can uninstall the WAIK and save a few gigabytes as you will need them shortly to create your ISO, at least 6G is what I would recommend leaving available so you can copy the files locally and build your ISO image.

vLite will now detect your architecture type and the version of Vista that you have given it. On the next screen, all the options with the exception of Integration is optional (technically it is but then you wouldn't have any drivers installed on your DVD which is kinda the point of this post)

The checkboxes let you do several things, most of them are self-explanatory from the name of the checkbox but let me give you a quick overview.

Integration
- HotFixes, Drivers and Additional Language Packs
Using this will let you integrate HotFixes from Microsoft, Drivers from 3rd Parties (or MS) Language packs (Haven't used this option yet)

Components - Component Removal
This lets you remove components that you are not intending to use - EVER.
There is an optional popup screen to protect certain applications that use shared files etc. but unless you know what you are doing and the consequences, which could potentially be far reaching if you don't know what the system will be used for. It's best to leave this alone except as mentionned for very specific uses.

Tweaks - Optional Tweaks
In here you can specify tweaks that mean you don't have to do as much on first boot into your new O/S. Things like specifying that the control panel should default to classic mode (very useful), or that the IE Phishing filter should be disabled (why are you using IE anyway?) etc. There are quite a few things in here and it's worth a look

Unattended - Install without your intervention
All the options in this section are used to make your life easier. You can specify your product key, skip activation, set your language settings, set up the Administrator User, name your PC (Not that useful in a corporate environment) and a few other bits.

You should take a look at most of the options with the possible exception of the Component removal and Tweaks. If you know enough that you are going to integrate additional installers onto your disc you should know to ignore creating the bootable ISO as you will have to do that later yourself.

Once you've completed all your modifications, you can hit apply and it will update the copy of the Vista installation files (see NOTE 1 above)

THIS STEP DOES NOT CREATE THE ISO. Do not press exit if you want to create a bootable ISO image.

Click on the next button and you will be presented with an additional screen. This will let you create your ISO image OR burn directly to DVD. I recommend creating the ISO.
On this screen there is also the option to split the image if its very large or possibly to make it fit on CDs if you don't have a DVD ROM in your target device. I haven't used this option yet so can't guid you on its use.

Once you are happy with the name of your new disc/disc image (defaults to VistaLite even though it might be a bit bigger) hit Make ISO or Burn. In the case of Make ISO it will ask you for the output path.

NOTE 3: Do Not Integrate all drivers if you want to install it on a Dell Latitude 131L, I'm still working on what is actually required to install Vista on this without it BSODing regarding the graphics card.


Friday, April 24, 2009

American Idiot (Politician)

Seriously though, where the hell do they get these people AND WHY ARE THEY RUNNING THE COUNTRY?

Youtube Linkage

Thursday, April 23, 2009

Piracy - Garrrr

Okay, this is going to be a bit of a rant, I need to get this off my chest before I go on the rampage. I'm not in any way condoning the practise of copying media that you do not own but

COPYING SOFTWARE/MEDIA FILES IS NOT PIRACY. It's not even theft!

I think the image below expresses my feelings appropriately:


Peer-to-peer networking is a useful tool, it is not the exclusive realm of the "Pirate", [oh fuck, I can't even say pirate. - ed] Lets try it again
It's not the realm of the person that wants to copy files across the network (internet/LAN) that they do not hold copyright licenses for.

In my opinion, the judgment in the PirateBay.org case was incorrect, they are merely providing an information repository that does not in any way contain copyrighted files.
The decision to find them guilty in this case was incredibly poor judgment, take this for example.
You burn a DVD containing several MP3 files for your "Friend", you post it to him/her but forget to put enough postage on it. The post office holds it and tell your "Friend" to come and collect it.
Are they in breach of copyright? Of course not. The same should have applied to PirateBay.

Next on my list, "Downloading films is stealing" trailers on every bloody DVD that you BUY.

How mentally retarded are these people? They are effectively encouraging people not to buy films if they put these ridiculous trailers at the start of every film that in some cases you can't skip through. I bought your bloody DVD now fuck off and let me watch it. You don't get these stupid messages on pirate DVDs!

And Another Thing, when your message goes
You Wouldn't steal a Purse
You Wouldn't steal a Car
etc.
You bloody well would if you could download it off the internet as IT'S NOT STEALING

Downloading ALL your media from the internet should be ENCOURAGED, the Record Companies/Movie Studios/Rights Holders could make even MORE money if they distributed it via the internet, think about it. No packaging costs, no delivery costs (You, yes you in the back, shut up about bandwidth, it's something I'll come to in another post), quicker delivery times.
My "proposal" goes like this.

No DRM on the media (as its stupid and retarded and an inconvenience and useless, did I mention it was stupid?) - Saves people the inconvenience of having to rip/extract/convert to all their different media players. By extension don't pick a dumb (not open) file type - I'm looking at you WMV/M4P etc.

People pay a monthly subscription to download a limited/unlimited amount, categorised by the bandwidth consumed, NOT the quantity of items DL'ed. You want to download the unlimited amount? pay more, you only want a few movies/songs a month, a lower tariff for you.

New Releases - Available online at the same time as DVD release

I think that this will work (i.e. be profitable) for a few reasons
1. The Content Delivery Mechanism already exists and is a mature technology
2. The absence of DRM encourages people to use it as they KNOW it will work on "their" device be it a set top box, and iPod, a Zune, a PSP etc etc
3. Yes, you will get people on the "unlimited" plan ripping the arse out of it (you could establish a "fair usage" case but don't dare call it an "unlimited" plan) BUT by the same criteria the majority of users will play fair. Some of them will probably download an incredible amount in the first 2-3 months but after that will only download a limited selectio, if for example they only download files every 2 months THIS IS FREE MONEY.

So to sum up
Peer To Peer networking == Good and can be profitable for the "studios"
Peer To Peer networking != Piracy
Copyright Infringement != Theft
Copyright Infringement != Piracy
Piracy == Stealing Shit on The High Seas

Wednesday, April 08, 2009

Installing Debian and KDE 4.2 - EPIC FAIL

Installed Debian 5.0.0 Testing from NetInstall CD
Assigned Static IP in our subnet
Used the entire 1st disk with guided partitioning and all files in one partition (Don't Judge me I just wanted it to work!)
Added a temp user as if it worked I wanted to have "MY" home directory under subversion
Told Aptitude to use
http://username:password@proxy.server.com:8080
so that it can get to the internet via ISA Proxy server
Decided not to participate in Package Usage Contest
Deselected the Desktop Environment Option
Installed GRUB to MBR when prompted
Logged in after reboot
su
aptitude install sudo nano jed vim
aptitude install ntlmaps
Added the unstable Repos to /etc/apt/sources.list
aptitude update
aptitude -t squeeze upgrade
(This command appeared to access the unstable repo so didn't do what I told it to.)

aptitude -t squeeze dist-upgrade
aptitude -t unstable upgrade
aptitude -t unstable dist-upgrade
aptitude -t unstable install xserver-xorg
aptitude -t unstable install kdebase-runtime-bin-kde4
aptitude -t unstable install kde4
(accepted Solution relating to gnome and libnautilus)
Set the root password for mySQL
Set the default Domain for SAMBA

Rebooted, KDM started and was able to login, initial login was slightly longer but assumed this was down to the kde config doing it's magic and setting up the initial config files that would be missing for each user.
Shut down
Added in graphics card (dual head so on-board graphics DISABLED)
Start up, KDE starts fine, login - Hangs on KDE Splash screen

THE SAME BLOODY WAY IT DID WHEN I DID 3 INSTALLS YESTERDAY

What I want to know is why it didn't do what my current install of Kubuntu and KDE4 does... and just bloody worked when I added the extra card in.

UPDATE

See my latest post on Kubuntu 9.04 with dual monitors. Silly Daniel.

Wednesday, April 01, 2009

Twittering

I've started twittering again (tweeting is it?) and have found it to be a. quite useful and b. good fun.

It's (in my mind anyway) similar to a broadcast email, except that it's targetted at people who actually "want" to pay attention to you (followers).

All the tweets with the exception of a direct message end up in your timeline, so you can see a conversation flowing along, if only there was a way to tie replies back to actual tweets rather than just a reply to someone (@user) that would make it a bit easier to follow a conversation between people that you may not follow rather than hopping back through their timeline.

I find it's a pretty good way to expand your circle of friends and meet new and interesting people. If they aren't interesting DON'T FOLLOW THEM!

There are some exceptions, Stephen Fry is Quite Interesting but a twit-flooder, i.e. your timeline could potentially be just Stephen.

EDIT: Silly Me, I forgot to put my twitter name here, it's danmcl0703

Blog Changes

I'll be playing about with this blog over the next few weeks/months...

I'm specifically going to be playing with AdSense and the blog layout itself.I'm also going to be posting more, things that make me laugh, things that I need to remember (the basic initial premise of this blog) and anything else that I want really.


So if you don't like it you don't have to read it, but I would really like it if you did!

Monday, February 23, 2009

Linux Admin in a Windows corporation

Over the next few months, I'm going to be writing about the tools, software, and problems/solutions I'm having being a linux admin in a windows corporation, everything so far runs on various versions of Windows, from windows 2000 right through to 2008 enterprise edition in a fair number of its guises.

It's not been too bad so far, I have Windows 7 running inside Virtualbox on my Kubuntu desktop for things that absolutely require windows and some office stuff (like our corporate intranet site) but other than that I've been using kubuntu as my main machine.

I've already implemented a squid proxy for some sites in our DMZ so that we can plug that hole in our firewall and allow them access out to the internet without hopping back to our internal network to the corporate ISA server.

I've also got Nagios running alongside Splunk for Monitoring and SysLog collection for Windows Servers, they are running quite nicely but definitely need some time fettling with them, I have to say the 15min guide for Nagios on their new site is actually lying, it doesn't take anywhere near 15 minutes, its on the good side of 10!

Anyway, enough for now.

Friday, February 13, 2009

Central Syslog for Servers

EDIT: This post was written in a hurry but I promise I will come back to it soon to elaborate.

There's something incredibly useful about not having your server logs only on the server itself, the first is when someone compromises your server, plays about with it a bit and then deletes the log files.
The second is having all your log files in one place so you can run tools like Splunk on them.

This is how you go about doing it. I will assume that the syslog server (where the logs go to) is running some variation of Linux, these instructions will be largely focussed on Debian.

/etc/init.d/sysklogd stop
edit /etc/sysklogd.conf
change syslogd "" to syslogd "-r -m0"

This will allow remote machines to log to this (-r) and will remove the --MARK-- (-m0) that plagues your logs, I'm still in 2 minds about removing the "mark" as it lets you know that your logs are being written to, but on a large network there will (most likely) always be something somewhere writing to a log file.

okay, next open up /etc/syslog.conf and add

local7.debug /var/log/enterprise.log

this will allow Cisco and Windows devices to log to this machine.

/etc/init.d/sysklogd start

DONE on the server

On Windows Clients

Download SNARE from intersect Alliance install it and don't use the web interface.

run regedit and edit HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\AuditService\

in config, change the delimiter to be " " (i.e. a space)
in network change the destination to be your syslog server
and also in network check that the port is set to 514, this is the default.