Installing Ubuntu Using Knoppix CD

I'm trying to avoid the cycle of cleaning viruses and spyware from my nephew Dell Windows Desktop despite having the latest AntiVirus program installed on it. I'm attempting to install Ubuntu using debootstrap on a (Knoppix CD). (additional reference)

- Desktop is a Dell Dimension E510
- Booted using the Knoppix CD. Wireless keyboard works with Knoppix. How convenient.
- Tried to start kwlan to connect to Wireless network. Doesn't work. Oh well, wired lan connection works at least.
- Using fdisk, formatted /dev/sda into /dev/sda1 with ~158GB and /dev/sda2 with remaining ~2GB
- Rebooted to ensure newly created partitions.
- Formatted /dev/sda1 using ext3

# mke2fs -j /dev/sda1

- Set /dev/sda2 as swap

# mkswap /dev/sda2
# sync; sync; sync
# swapon /dev/sda2

- Next, mount the newly formatted hdd.

# mkdir /mnt/ubuntu
# mount /dev/sda1 /mnt/ubuntu

- Setup debootstrap

# mkdir /mnt/ubuntu/work
# cd /mnt/ubuntu/work
# wget http://archive.ubuntu.com/ubuntu/pool/main/d/ \
debootstrap/debootstrap-udeb_0.3.3.0ubuntu2_i386.udeb
# ar -x debootstrap-udeb_0.3.3.0ubuntu2_i386.udeb
# cd /
# zcat /mnt/ubuntu/work/data.tar.gz | tar xv

- This is still missing the latest intrepid scripts. Install those.

# mkdir /mnt/ubuntu/work/tmp
# cd /mnt/ubuntu/work/tmp
# wget http://archive.ubuntu.com/ubuntu/pool/main/d/ \
debootstrap/debootstrap-udeb_1.0.10ubuntu1~intrepid1_all.udeb
# ar -x debootstrap-udeb_1.0.10ubuntu1~intrepid1_all.udeb
# cd /
# zcat /mnt/ubuntu/work/data.tar.gz | tar xv

- I chose the closest Ubuntu archive mirror.
- Run debootstrap

# /usr/sbin/debootstrap --arch i386 intrepid \
/mnt/ubuntu http://www.gtlib.gatech.edu/pub/ubuntu

- After the base system in installed, need to configure it.

# chroot /mnt/ubuntu /bin/bash

- Setup static file system information

# editor /etc/fstab

# /etc/fstab: static file system information.
#
# file system    mount point   type    options dump pass
/dev/sda1        /             ext3    defaults 0    1
/dev/sda2        none          swap    sw       0    0
proc             /proc         proc    defaults 0    0
sys              /sys          sysfs   defaults 0    0
/dev/cdrom       /mnt/cdrom    iso9660 noauto,ro,user,exec 0    0

- Mount all the above filesystems

# mount -a

- /proc didn't mount for some reason. Mounted it manually.

# mount -t proc proc /proc

- ls /proc shows a non-empty directory. Ok.
- Configure keyboard. I didn't change any default choices.

# dpkg-reconfigure console-setup

- Configure networking. I setup only loopback and eth0 from examples in /usr/share/doc/ifupdown/examples

# editor /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

- Setup hostname

# echo ubuntupc > /etc/hostname

- Install kernel and bootloader

# apt-get install linux-image-386
# apt-get install grub

- 'grub-install' doesn't work for whatever reason. This is probably has something to do with the chroot ubuntu system being unable to see /dev/sda. Why? Not sure. I exited chroot and ran grub-install from Knoppix

# exit
# grub-install --root-directory=/mnt/ubuntu /dev/sda1

- chroot again and setup menu.lst. 'update-grub' is supposed to do this automatically. But it didn't work for me. So setting it up manually.

# chroot /mnt/ubuntu /bin/bash
# editor /boot/grub/menu.lst

default 0
timeout 4

title=Ubuntu
root (hd0,0)
kernel /vmlinuz root=/dev/sda1
initrd /initrd.img

- That's it. exit and reboot.

# exit
# reboot

UPDATE: Looks like either I missed a step above or something didn't work, but grub didn't write to MBR. Rebooted to Knoppix CD and installed grub in MBR.

# grub
grub> root (hd0,0)
grub> setup (hd0)
grub> quit

That's it. This time on reboot, Ubuntu booted normally.

UPDATE 2: I setup the GUI desktop for Ubuntu too.

# apt-get install ubuntu-standard
# apt-get install ubuntu-desktop

Ubuntu on Active Directory

Tried setting up an Ubuntu workstation (ubclient*) on a Windows Active Directory DOMAIN.COM* using Winbind

*values not real (obviously). must use with correct values.

Installed necessary packages

> sudo apt-get install krb5-user
> sudo apt-get install libpam-krb5
> sudo apt-get install krb5-config
> sudo apt-get install libkadm55
> sudo apt-get install winbind
> sudo apt-get install samba
> sudo apt-get install smbfs
> sudo apt-get install smbclient

Made a backup copy of /etc/samba/smb.conf and added the following

[global]
security = ads
realm = DOMAIN.COM
password server = DC.DOMAIN.COM
# note that workgroup is the 'short' domain name
workgroup = LAB
#    winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2

DC.DOMAIN.COM* above is a domain controller in DOMAIN.COM*. Since I copy-pasted these values from the manual, I searched for duplicate lines with the same fields and commented them out.

Restart winbind and samba.

sudo /etc/init.d/winbind stop
sudo /etc/init.d/samba restart
sudo /etc/init.d/winbind start

Request a valid Kerberos TGT.

> sudo kinit administrator@DOMAIN.COM

This resulted in an error in my environment.

kinit(v5): KDC reply did not match expectations while getting initial credentials

I continued anyway. Join the workstation to DOMAIN.COM*.
> sudo net ads join -U username
Since the previous command failed, this prompted me for the DOMAIN.COM* administrator* (not local root) password. I got the following reply.

Using short domain name – DOMAIN
Joined 'UBCLIENT' to realm 'DOMAIN.COM'

I checked the Active Directory snap-in on DC.DOMAIN.COM* for the new UBCLIENT* workstation that just joined the domain. It was present. This confirmed the success of the above operation.

I edited

/etc/nsswitch.conf

as follows.

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

I tested the above operations with

wbinfo -u
wbinfo -g

These commands listed the Domain users and groups as expected. Next I edited the file

/etc/pam.d/common-account

as follows

account sufficient       pam_winbind.so
account required         pam_unix.so

I edited

/etc/pam.d/common-auth

as follows

auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required   pam_deny.so

I edited

/etc/pam.d/common-session

as follows

session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

and finally

/etc/pam.d/sudo

as follows

auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required   pam_deny.so

@include common-account

For the final configuration, I created the domain home directory.

/home/DOMAIN

and added a domain administrator to the sudoers group. I also added a Domain Administrator (domainadmin*) user to the 'admin' group in /etc/group.

To test the final setup I logged in via ssh to ubclient.domain.com as user domainadmin. Command pwd showed that a home directory was created as /home/DOMAIN/domainadmin. I checked to ensure the domainadmin has admin privileges on the local computer.

sudo id

After prompting for the domainadmin's password, it successfully responded as

uid=0(root) gid=0(root) groups=0(root)

That was completely painless to setup. No surprises or failures. I am now able to login into my Ubuntu machine as part of my Active Directory. I wasn't sure about the 'Automatic Kerberos Ticket Refresh' part, but figure it couldn't hurt.

I edited

/etc/samba/smb.conf

as follows

#       winbind separator = +
        winbind refresh tickets = yes
        idmap uid = 10000-20000

and modified

/etc/pam.d/common-auth

as follows

auth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required   pam_deny.so

*values not real (obviously). must use with correct values.

Yum broke Perl on CentOS 5

During a recent Yum update that was long overdue, my perl scripts stopped working talking about missing XS versions of certain perl modules.

Specifically it broke my script that uses Mail::Box::Manager and complained about a dependency fail in Mail::Box::Reporter that needed an XS version that is missing.

I thought I would re-install Mail::Box::Manager. While trying to manually compile Mail::Box::Manager (since CPAN won't install without force, which is a bad idea if something is really broken), one of the first warnings given is

--
!!!! WARNING !!!! On your system, the module Scalar::Util is installed
!!!! WARNING !!!! without use of XS. This means that critical functionality
!!!! WARNING !!!! is missing. Reinstall the module and be sure to get the
!!!! WARNING !!!! correct installation.
!!!! WARNING !!!! perl -MCPAN -e 'shell'
!!!! WARNING !!!! > force install Scalar::Util
--

This led to the bug below that recommends force installing Scalar::Util via CPAN, since CentOS RPMs don't have this and is missing the XS version.
http://bugs.centos.org/view.php?id=2434

Force installing Scalar::Util as indicated worked. Phew! Took me 2 days to research this, but finding a simple solution to fix everything is great. :)

Moving SQL Server Database Content

This old server was running low on disk space on the System volume. Needed to find a way to move the data files onto another disk volume without dealing with a database reinstallation and reconfiguring all the applications depending on it. I found out how to do it for MS SQL Server Desktop Engine (comes free with the free Windows Sharepoint Services) and MS SQL Enterprise

MS SSDE
From a command prompt, type

> Osql -S servername\instancename -E

where servername is your server's name and instancename is the database instance such as "sharepoint" (without the quotes).
Next, In order to 'detach' a database physical file, you have to disconnect the database from the database engine. Make sure the database is not in use. At the client prompt, type

1> EXEC sp_detach_db "databasename"
2> Go

Now, move the physical files to the new location. Move both the databasename.MDF and databasename_log.LDF files. Now to reattach the physical file to the database engine, and make the database available again, at the same client prompt, type

1> EXEC sp_attach_db 'databasename','C:\path\to\databasename.MDF','C:\path\to\databasename_log.LDF'
2> Go

That's it. Restart your database engine if necessary.

The sp_attach_db syntax is slightly different for the Enterprise Server version.

Images and Mysterious Gaps

While rewriting a page on Sepia Mutiny, I found yet another reason why being a site designer is a highly-paid full-time job. It's impossible for anyone else to keep up with browser standards and implementations.

Consider the simple HTML below

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sepia Mutiny</title>
</head>
<body>
<div style="border: 1px solid black; background-color: red;">
<img style="" src="/sepia/images/SMB3.jpg"/></div>
</body>
</html>

This is a well-formed strict HTML document that validates. You'd be surprised to see what it produces. See below.



If you haven't realized what's wrong, there is a gap below the banner image, before the div tag ends. Why? Probably stupid IE doing it's own thing, is anybody's first guess. Actually this is Firefox 2. Huh? I tried setting margin, padding and any other property that I could think of to 0. No effect. What gives? The same document renders differently in Internet Explorer 7. No gap below the image. Weird. Upon further tests, I made another HTML document.

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sepia Mutiny</title>
</head>
<body>
<div style="border: 1px solid black; background-color: red;">
<img style="" src="/sepia/images/SMB3.jpg"/></div>
</body>
</html>

What's the difference? Only the Doctype is missing. So of course this is not a valid strict HTML document. Here's how it renders in Firefox?



I spent scratching my head for the better part of this sunday over this. Is Firefox buggy and IE7 getting things right now? Traditionally, sites are designed for non-IE browsers first because they are standards-compliant, and code exceptions/hacks for IE because of all its quirks. Has the situation reversed? After much Googling, I finally found the story behind this mysterious gap. Apparently, Firefox is too good at being standards compliant.

Lesson: Because the html element <img> is an inline element by default, it is rendered with a baseline whose height from the bottom border of its container depends on the font applied to the container. The element's property must be set to block to render the element differently without this baseline (assuming there is no other element such as inline text that may need a baseline within the same container). Thus, re-writing legacy HTML to conform to today's standards will break a template design. This is because a well-formed standards compliant HTML document is rendered by today's A-grade browsers in 'standards mode', whereas badly written html documents of yesterday are rendered by browsers in 'quirks mode'. As some of us who don't have enough background in designing sites usually just wing it, this is going to be a problem because of the all the bad habits we've learned over the years working in browsers' quirks mode. Now doing it the standards way is rather hard because we have to re-learn or rather learn correctly html and css standards.

References:

1. Eric A. Meyer, Images, Tables, and Mysterious Gaps. Mar 21, 2003.
2. Eric A. Meyer, Images, Tables, and Mysterious Gaps. Mar 3, 2002.
   

perl xml parser and dependency hell

Was trying to install a perl module from CPAN (Frontier::Daemon) which needed XML::Parser which just wouldn't install. Perl's package manager kept complaining about a missing expat.h file, followed by many lines of errors. yum said expat is up to date. Removing expat (in an effort to reinstall it) removed yum as well. Installing yum wasn't easy. Finally got the rpm for yum to work and installed CentOS's precompiled perl xml parser. perl was satisfied with this and installed Frontier::Daemon without further complaints.

sendmail Doesn't Listen

sendmail service on CentOS default installation listens only on the loopback interface, for obvious security reasons. To modify this to listen on all binding ip address change the line

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

to

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

As usual with any configuration change, recompile and restart service

> m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
> /sbin/service sendmail restart

Ensure sendmail.cf has rw-r--r-- permissions only, or it will complain about "dangerous write permissions".