Archive for the 'Geek Stuff' Category

On appelles ça de la nostalgie

Les écouteurs de ma jeunesse. J’ai mis la main sur une paire finalement.

Trop gros pour être drivés sur un ordi sans un ampli. 😛

Followup on the Novell eDirectory situation….

In my previous post on the subject, I was telling you that we are moving our Mac directory services from Apple Open Directory to eDirectory by Novell.

I did not have many surprises. But some things are breaking, all can be fixed.

  • The Wiki service won’t like to authenticate to an external alien LDAP server by default. The fix is here: http://support.apple.com/kb/TS1619. Group membership is still problematic in my case. I plan to ditch the wikis anyway….
  • Samba won’t work properly unless you follow some fun procedures listed here: http://aput.net/~jheiss/samba/ldap.shtml. What is not written in this article is:
    • Since Apple is using a custom version of Samba that seems to rely on the Password Server, you have to write not so intuitive directives in the /etc/smb.conf file to disable the whole OpenDirectory routines before LDAPSAM will actually work.
    • You will have to extend the LDAP schema.
    • Windows passwords have to be entered with a small utility called mkntpwd. You take the output of that program to actually craft to user properties with iManager (sambaNTpassword and sambaLMpassword)
    • The Windows User passwords won’t be synchronized with their actual eDirectory password.

I will make a full post regarding Samba soon. I will toy more with it also…

Oh ! And regarding SMB2, the new Apple SMB server in Mac OS X starting with Lion (10.7) there is no way to have it to authenticate with an external LDAP.

Proper Apple Open Directory Alternative…. Finally

When I first came in at my current work place, in 2007, there was no directory service for all the Macs I had to manage. There was an Active Directory, but no Mac OS X machines was bound to it.

When we replaced the production server by a shiny Intel Xserve, I did set up an Open Directory and it saved me an appreciable amount of time when the company began to grow.

After a few years, While I was happy of the choice I made, I realized that….

  1. Support is not so present. Unless you pay ludicrous amounts of money
  2. Fault tolerance is just not there.
  3. Software upgrades and hardware upgrades basically asks you to bring the whole directory service down. You HAVE to upgrade every machine that is serving the Open Directory. That means that you have to upgrade your Open Directory master and every replica, at about the same time…
  4. Migrations from one OS to the other of your server are not without problems.
  5. Various LDAP attributes are not there. Which cause problems with third party hardware and software…..
  6. You can’t Virtualize the thing easily.
  7. Xserves are not a viable option anymore, and they were poor Virtualization servers…

I began to look elsewhere.

I gave a long look to Active Directory, but I realized that besides costing a fortune, being able to do what I want with it would mean to modify the Schema, which is kinda iffy. Their virtualization requirements are not nice as well.

The deluge of people having problem after a Migration of Windows Server or a version of Mac OS X was worrying also.

So.

I spoke with one nice integrator I knew. He told me about Novell eDirectory. This was two years ago. I successfully build one myself as a pet project and configured it to authenticate our VPN users. I toyed on it even more after. The product is referenced to in the Apple Training book “Mac OS X Directory Services v10.6”.

I run it on SuSE Linux Enterprise 11. But I think you can run it on RedHat, CentOS or Oracle Linux.

It’s an amazing product. Stable, efficient, standards compliant, full featured. Licensing is also very cheap.

I tried to modify my existing eDirectory to use it as a Mac OS LDAP server, but it turns out it was kinda time consuming and there are various gotchas… There are lots of attributes to add as well as Object Types. I would have been able to do it over the course of several months, but I didn’t want to make mistakes.

My integrator has the knowledge to make it work and he did. We built 2 new virtual servers from scratch. He’s apparently managing several big businesses with a Novell setup for this kind of use.

Now.

My Apple specific requirements were as follow.

  1. Being able to deal with nested user groups – It works !
  2. Being able to set and modify MCX attributes with Workgroup Manager – It works !
  3. Being able to have replicas. Working !

My machines are able to get their management and authentication information from the directory.

Some things are less intuitive to make, such as Computer groups and users because they can’t be created directly into Workgroup Manager anymore. They have to be created in Novell iManager, Novell’s web management interface for eDirectory. It’s not as easy as clicking in Workgroup Manager anymore but it’s not as hard as I make it sound.

Replicas are actually bound to the machine by adding another LDAP server to the client machines.

Since you end up with a “standards compliant” LDAP server, you can connect to it various other devices painlessly. For example, I successfully configured a FreeRadius server for our Wifi Authentication.

For the time being and in the future, this is the Yellow Brick road to directory service on Macs. My guess is also that this will be come less and less of an issue to support if Apple decides to drop the Open Directory Altogether and use the “Profile Manager” for MCX properties.

If you want further informations or would like the name of my contact who developed this wonderful piece of software, Feel free to reach me ! He’s able to have it deployed to your requirements remotely.

Migrating Apple Open Directory manually from Snow Leopard Server to Lion Server

Apple Open Directory was always a weird and misunderstood part of Apple Server strategies. The Open Directory system in Lion seems to have several  drastic changes to it’s structure and while moving from Snow Leopard to Lion using Apple provided Tools, I stumbled on these problems after the migration.

  • Unable to add replicas
  • Unable to use the Profile Manager
I tried for a while to fix it but I was unable to: it’s very complicated when you don’t know where to go and what the system expects. Continue reading ‘Migrating Apple Open Directory manually from Snow Leopard Server to Lion Server’

Viau Ford, Ou pourquoi tout le monde déteste les concessionnaires automobiles

Il y a 4 ans, nous avons loué une ford focus 2008. Après 4 ans, 1 accident et deux accrochages elle a survécu et comme elle nous convenait, nous avons décidé de l’acheter. A date,  avec Viau Ford, ce fut toute une galère.

Je sais, je demeures a Montreal et j’ai un dealer a Saint-Rémi. On avait un bon vendeur avant qu’il prenne sa retraite.

Je vous évites ici toute la bullshit de l’inspection.

Pour la signature des papiers, on s’était entendu que:

  • Les papiers allaient être prêts a une telle date et telle heure
  • Que l’on y allait pour lire et signer

En réalité:

  • La papiers étaient pas prêts
  • La vendeuse a été prise avec un client pendant une heure. Elle nous a dit d’aller “se promener en auto autour”
  • Ça a pris plus d’une heure les remplir. (Super le fun d’attendre dans le char avec 3 enfants pas content qui ont faim)
  • Quand on est partis, on a pas pu aller a la SAAQ pour finaliser, il était passé leur heure de fermeture.
Quelques jours après
  • Nous allons a la SAAQ, les papiers ont pas été faits a nos deux noms.
  • Les papiers sont refaits.
  • j’y retourne, il y a un problème (je me souviens plus)
  • Je fais refaire les papiers
  • Il fallait qu’ils signent les enregistrement courants.
Là, j’en ai juste plein le cul. C’est tellement cool de perdre du temps pour des niaiseries administratives.
Je rappelles, on me  dis que la dame en charge de la paperasse est en vacances jusqu’au mardi suivant. Super !
Dealer de char, pas capable de remplir des papiers de la SAAQ comme il faut. Faut le faire ! Je comprends qu’ils ont pas de commission sur les ventes de char qui ont été loués, mais c’est pas mon problème. Je comprends que c’est plus intéressant de vendre des autos neuves, en l’occurrence des gros “F350 King Ranch” aux Rednecks du coin, mais on avait quand même droit a un minimum de bon service et je crois qu’on l’a pas eu.
Je conduis illégalement mon char.
Ça m’a fait plaisir de faire une plainte a Ford du Canada contre ce garage de morons.
Je rêve du jour où on pourra acheter notre auto sur internet et remplir la paperasse de la SAAQ sur Internet.

It can help recover some data

Someone brought me a dead Hard Drive with important data on it. Only the electronic part of it seems to be broken as a short circuit occurs when connecting it to power. I tried powering it up with another controller and the disk spins but since the “test” controller does not have the same capacity I still couldn’t access the data.

The thing is:Where to get a Replacement controller ?

In the old days before the Internet it was near damn impossible to get a replacement controller short of finding a similar drive somewhere which would often not work since there are several revisions of Hard Disk Controllers.

Lucky for me, I stumbled onto this website which offers controller for a large number of Hard Drives.

http://www.onepcbsolution.com/

They have a nice wizard to help you pick up the proper controller.

I’m waiting for the controller.

I just wanted to let fellow techmates that this is now easier to find and can save your butt.

It was a fun run while it lasted

As many of you are aware of, I’m a really devoted customer of Teksavvy, my internet provider.

But now, you can say I “was” one of their customers. I was for almost ten years and it was awesome. They were the first to allow me to have my own servers, no port blocking, decent bandwith and most of all, a 5 IP addresses subnet !

However, in the last years have been having more and more trouble with the Bell infrastructure side of my connection. I’m sure they are somewhat sabotaging reseller accounts so it’s a living hell for customers. Packet Loss, transfer of my connection to far away DSLAM, throttling and most of all lack transparency from the techs and the company itself are just a few reason who pushed me out.

Bell instead of rolling DPI (Deep Packet Inspection, a process to lower p2p speeds), should have upgraded their network for growth.

I switched to Videotron Business service and I can’t wait to see what the service will be.

Je pense que je suis très energivore…

Ça, c’est le prix d’avoir des serveurs dans la cave. Une thermopompe, un air climatisé en plus, un broyeur et le lave vaisselle à tous les jours au moins.

Bon…

Faire payer les innocents…

Dans le cadre de mon travail, j’ai vécu une expérience horrible, frustrante, et totalement ridicule avec iWeb Technologies, qui fournit quelques services pour nous, dont le email pour quelques domaines. L’Adresse de notre serveur partagé s’est retrouvée blacklistée la dernière fois le 22 Février, probablement parce qu’un bozo dans la même machine que celle que j’utilise a fait des conneries: ce qu’on appelles en jargon d’hébergement “Abuser”.

L’effet immédiat était que si on utilisait notre serveur pour envoyer du email chez Videotron, il ne se rendait jamais à destination et nous étaient bouncé.

Étant administrateur de système moi même, je comprends très bien ce phénomène et le fait que ça peut arriver. Ce qui me rends totalement Furax, c’est que le service d’iWeb est loin de la hauteur de ce que je m’attendais et de ce qu’on doit fournir à des clients qui paient. Continue reading ‘Faire payer les innocents…’

Les temps changent….

J’ai fait l’impensable la cette semaine.

Tout le monde connait Moofo – Le gars qui avait un rack de 6 Pieds avec des serveurs dans son sous sol et qui héberge les blogs de ses amis et les siens.

Cette pratique a fait sourciller bien du monde dont plusieurs fellow techs, réparateurs de Bell et employeurs en prospection. Je pouvais me le permettre parce que j’avais une cool connection Internet avec Teksavvy qui avait 5 adresses IP, aucun ports bloqués, et qui allouais les serveurs.

Mais voilà, j’ai même pas eu le temps de transférer tout le monde sur le nouveau serveur (Qui roule Linux) que je me suis rendu compte que:

  1. J’avais plus le temps de m’en occuper comme du monde.
  2. Grace a la stupidité du CRTC, ma connection DSL augmentera de plus de 25 $ a cause du Usage Based Billing imposée au resellers DSL par Bell.
  3. Ca gobait a peu près 500 Watts constamment, ce qui est a peu près 20 $ d’électricité par mois….
  4. J’avais besoin d’un air climatisé au sous sol en été (Ca chauffe) qui lui aussi gobe 500 Watts.
  5. Les batteries de mes UPS sont finies…
  6. Configurer Cyrus dans Linux est complexe…
  7. Les emails et les sites webs étaient dépendant de la qualité de ma connection qui face it, parfois était surchargée….

A la lumière de toutes ces choses, j’ai pris la décision de déménager tous les sites sur un shared hosting. Ca me fait chier un peu, parce que je m’étais tout équippé en Cisco… Pix, Switch Catalyst… Même pas eu le temps de les installer. J’avais installé un modem Cisco a la vavite, mais je voulais plus de contrôle.

Imaginez, j’ai remplacé 4 Machines par un hosting externe qui me coute 60 $ par année ! (4 Machines: 1 Web Server – 1 Mail server – 1 Backup serveur avec Tape – 1 machine a downloads…)

Je referais l’expérience demain matin. Tout ca m’a permis de tester un tas de trucs que j’aurais même pas pu apprendre dans un établissement d’enseignement. C’est pour moi la seule façon valable de faire de l’informatique.