Category: Uncategorized

Home / Category: Uncategorized

LDAP Attributes

December 9, 2015 | Uncategorized | No Comments

Attribute is the atomic structure of schema and a member of object class. Attribute typically contain data.

Every attribute is included in one or more object classes. Therefore, some object class might have same attribute. Once defined in a schema, it can also be used by any object class.

Attribute has a name as identifier. The name is used for identifying the attribute, distinguish one attribute from other attribute. Attribute should be unique. Attribute is also a container for value(s). It is an entry of which value is stored. The value could be a single-value or multi-value.

To define an attribute, we have following syntax:

attributetype whsp "(" whsp
numericoid whsp
[ "NAME" qdescrs ]
[ "DESC" qdescrs ]
[ "OBSOLETE" whsp ]
[ "SUP" woid ]
[ "EQUALITY" woid ]
[ "ORDERING" woid ]
[ "SUBSTR" woid ]
[ "SYNTAX" whsp noidlen whsp ]
[ "SINGLE-VALUE" whsp ]
[ "COLLECTIVE" whsp ]
[ "NO-USER-NOTIFICATION" whsp ]
[ "USAGE" whsp AttributeUsage ]
whsp ")"

In each attribute, a numericoid should be given. This is the OID Used by LDAP system and should be uniform.

Let’s dive deeper into the meaning of each syntax:

NAME
Defined the attribute’s name. This name should be unique globally (in system). The name is a pair of two string, and written inside of parenthesis. The first string is alias which usually abbreaviation of the second string. The second string is the ful string. If the string is composed of two or more word, it should be trimmed so there is no whitespace.
DESC
Description for this attribute.
OBSOLETE
Optional. When this attribute is defined as obsolete, LDAP is informed that the attribute is obsoleted and should not be used.
SUP
Optional. Define parent of this attribute.
EQUALITY caseIgnorematch
Define the properties of this attribute where a searching operation is used over this attribute.A searching can be done in two mode: case sensitive and case insensitive. If a case insensitive mode is desired, we have to declared the attribute using matchingRule caseIgnoreMatch. matchingRule is a special purpose attribute for searching.
More information about LDAP searching could be read from corresponding article.
ORDERING ‘matchingRule’
Used for matching rules of attributes combination.
SUBSTR ‘caseIgnoreSubstringMatch’
Define properties of this attribute when used in searching operation based on substring. The searching operation can be done in case insensitive or using matchingRule caseIgnoreSubstringMatch.
SYNTAX
Define oid of this attribute.
SINGLE-VALUE
Define whether this attribute can be used once in object class. For example: an attribute PersonName should only used once within a class. When not defined as SINGLE-VALUE, LDAP will automatically infer that the attribute can be used multiple times.

Now let’s define a simple attribute as an example:

attributetype ( 2.3.4.5 NAME ( 'cn' 'commonName' ) SUP name )

Here is the relation of attributes with schema and object class

ldap-object-hierarchy

Installing WebUI: LuCI

December 9, 2015 | Uncategorized | No Comments

LuCI is a Web User Interface for accessing OpenWRT. For some version of OpenWRT, it is included.

For one who want simplicity, WebUI might be suitable as it support router’s administration using graphics. But on some release, LuCI is not included by default. Therefore we need to install it manually.

Before proceeding, at least you know how to use opkg. If not, please refer to this, or this page for detail instruction.

Listing the Packages

To see all available packages to administer OpenWRT through LuCI, use following command on terminal:

opkg update
opkg list luci-*

Installation

via package repository

Retrieve current list of available packages in repository. If you think your list is up to date, then it is optional step.

opkg update

Installing LuCI without HTTPS support:

opkg install luci
If you desire for HTTPS support, install this:
opkg install luci-ssl

Offline Installation

If you plan for offline installation, you can download the packages and transfer them to OpenWRT box into the RAM disk in /tmp/luci-offline-packages (the folder might be not exists, create it first or use other folder in /tmp). This is the list of packages we need:

  • liblua
  • lua
  • libuci-lua
  • libubus-lua
  • uhttpd
  • luci-lib-ipkg
  • luci-i18n-english
  • luci-sgi-cgi
  • luci-lib-core
  • luci-lib-nixio
  • luci-lib-sys
  • luci-lib-web
  • luci-proto-core
  • luci-theme-base
  • luci-theme-openwrt
  • luci-mod-admin-core
  • luci-mod-admin-full

Installation can be done using:

for pkg in liblua lua libuci-lua libubus-lua uhttpd luci-lib-ipkg luci-i18n-english luci-sgi-cgi luci-lib-core luci-lib-nixio luci-lib-sys luci-lib-web luci-proto-core luci-theme-base luci-theme-openwrt luci-mod-admin-core luci-mod-admin-full; do
opkg install /tmp/luci-offline-packages/$pkg*.ipk;
done

Additionally, the following packages are needed for basic wireless configuration: libiw, libiwinfo, libiwinfo-lua.

Starting LuCI (uHTTPd) server)

To enable and start LuCI, invoke following commands:

/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start

Notes

When install LuCI using this article guide’s we are install it on top of Apache Web Server.

OpenWRT Development with Eclipse

December 9, 2015 | Uncategorized | No Comments

It is interesting deploying a small router using OpenWRT, turn a $20 into a multipurpose box. But, can we extend it’s awesomeness to something more? Yes, we can. We can write and develop an application for running inside of OpenWRT. Creating our own OpenWRT application in fact is not so difficult to do.

OpenWRT utilize machine with different architecture and system compared to our machine. Therefore, we can’t use our gcc on our machine to build an OpenWRT application. To do so, we will build the suitable compilers and other utils. In other words, we will create a cross-toolchain.

In this article, we will discuss about preparing environment for developing OpenWRT’s application. The language used for development is C\C++ and the IDE used will be Eclipse.

For this article I use:

  1. Slackware64 14.0
  2. OpenWRT Buildroot
  3. Eclipse Juno

For simplicity, we will break down the set up into smaller categories.

OpenWRT Buildroot Installation

OpenWRT Buildroot is a set of Makefiles and patches that allows us to easily generate both a cross-compilation toolchain and a root filesystem for embedded systems, especially OpenWRT. The OpenWRT buildroot is a heavy modification of Buildroot. The cross-compilation toolchain uses uClibc, a tiny C standard library.

Prerequisites

  1. 350MB of hard disk space for source files to download.
  2. 3-4GB of available hard disk space for building process (OpenWRT).

Another things to prepared are packages for building the Buildroot. Make sure we have these all:

  1. asciidoc
  2. bash
  3. binutils
  4. bzip2
  5. fastjar
  6. flex
  7. git
  8. g++
  9. gcc
  10. getopt
  11. GNU awk (gawk)
  12. gtk2.0-dev
  13. intltool-update
  14. jikes
  15. libz
  16. make
  17. ncurses
  18. openssl/ssl.h
  19. patch
  20. perl-ExtUtils-MakeMaker
  21. python2.6
  22. rsync
  23. ruby
  24. sdcc
  25. unzip
  26. wget
  27. working sdcc
  28. xgettext
  29. xsltproc
  30. zlib

Assume our build directory will be on ~/openwrt and when it is done, the cross-toolchain will be installed on /opt/OpenWRT.

Installation

Before proceeding, make sure you have svn installed!

First we need to create the working directory ~/openwrt and download the required source code form svn repository. It should be around 14.382 files with overall size of 150MB.

Now, do these commands as non-root user.

mkdir ~/openwrt
cd ~/openwrt
svn co svn://svn.openwrt.org/openwrt/trunk/
cd trunk

Check the missing packages on system used for building OpenWRT on. Use one of the following ommands:

make defconfig
make prereq
make menuconfig

Eclipse

Eclipse will act as our development environment. If you don’t install it yet, you should install it. You can follow this article for Eclipse installation on Linux.

Once Eclipse installed, all we have to do is install additional eclipse packages.

Start eclipse. Now navigate to:

Help -> Install New Software -> Add

enter the following information:

Name: Juno Download

Location: http://download.eclipse.org/releases/juno/

Click on OK. Now expand the Mobile and Device DevelopmentΒ  section and check the C/C++ GCC Cross Compiler Support and Remo System Explorer End-User Runtime. Click Next to begin installation. After installation you will be prompted to restart the eclipse, do so.

Token Ring-Like Program in MPI

December 9, 2015 | Uncategorized | No Comments

In this article, we will discuss sample send and receive mechanism in MPI inclusively we will imitate the concept of token ring topology. In this article we use ten processes with rank from 0 to 9. Starting from 0, the nth process will pass token to (n+1) th process, except 9 which will send to 0. When the token comes back to rank 0, the program will be terminated.

This sample code is using logical topology implemented on program.

In this article I assume you have installed MPICH, OpenMPI, or other MPI implementation.

Source Code

Create a file mpi_token_rin.c and write this:

#include <mpi.h>
#include <stdio.h>

int main(int argc, char* argv[]) {
   // Initialize the MPI Environment
   MPI_Init(&argc, &argv);

   // Get the number of process
   int size;
   MPI_Comm_size( MPI_COMM_WORLD, &size );

   // Get the rank of process
   int rank;
   MPI_Comm_rank( MPI_COMM_WORLD, &rank );

   // The token
   int token;

   if( rank != 0 ) {
      MPI_Recv( &token, 1, MPI_INT, rank - 1, 0, MPI_COMM_WORLD, MPI_STATUS_IGNORE );

      printf("Process %d received token %d from process %d\n", rank, token, rank-1);
   } else {
      // Initialize the token value
      token = 100;
   }
   MPI_Send( &token, 1, MPI_INT, (rank + 1) % size, 0, MPI_COMM_WORLD );

   if( rank == 0 ) {
      MPI_Recv( &token, 1, MPI_INT, size - 1, 0, MPI_COMM_WORLD, MPI_STATUS_IGNORE );

      printf("Process 0 received token %d from process %d. End of communication\n", token, size-1 );
   }

   // Finalize the MPI environment
   MPI_Finalize();

   return 0;
}

Compile & Run

To compile:

mpicc mpi_token_ring.c -o mpi_token_ring

To Run:

mpirun -n 10 mpi_token_ring

Result

Process 1 received token 100 from process 0
Process 2 received token 100 from process 1
Process 3 received token 100 from process 2
Process 4 received token 100 from process 3
Process 5 received token 100 from process 4
Process 6 received token 100 from process 5
Process 7 received token 100 from process 6
Process 8 received token 100 from process 7
Process 9 received token 100 from process 8
Process 0 received token 100 from process 9. End of communication

Explanation

Now let’s discuss all the component we have written.

Process zero will assig token with value 100. The value is passed around every single process. Each process except zero is stand by and waiting for token passing. The system will terminate when process zero has received the token back.

Now, let see what if we modify the code like this:

#include <mpi.h>
#include <stdio.h>

#define LIMIT 50

int main(int argc, char** argv) {
   int size, rank;

   MPI_Init( &argc, &argv );
   MPI_Comm_size( MPI_COMM_WORLD, &size );
   MPI_Comm_rank( MPI_COMM_WORLD, &rank );

   int token = 0;

   do {
      if( rank != 0  && token < LIMIT ) {
         MPI_Recv( &token, 1, MPI_INT, rank-1, 0, MPI_COMM_WORLD, MPI_STATUS_IGNORE );
         printf("Process %d received token %d from process %d\n", rank, token, rank-1);
         token++;
      } else {
         token++;
      }

      MPI_Send( &token, 1, MPI_INT, (rank+1) % size, 0, MPI_COMM_WORLD);
      token += size;

      if( rank == 0 && token < LIMIT ) {
         MPI_Recv( &token, 1, MPI_INT, size-1, 0, MPI_COMM_WORLD, MPI_STATUS_IGNORE );
      }
   } while( token < LIMIT );

   MPI_Finalize();

   return 0;
}

What is the behavior? πŸ˜‰

Bonding Network Interface on CentOS 6

December 9, 2015 | Uncategorized | No Comments

Is your machine has two or more network interface?

Bonding is same as port trunking. Both word refers to same technique.

Technically speaking, bonding will aggregate two or more ports (network interfaces / NIC) into a single group. It will effectively combine them into a single connection, using only one IP address. It allows us to create multi-gigabit pipes to transport traffic through the highest traffic areas of our network.

Imagine we have three megabits ports into one three-megabits trunk port. This is equivalent with having three megabits speed. While in upper layer, we only need to manage one interface which is the bonding channel.

In this article we will discuss about how to implement bonding on CentOS, in specific to CentOS 6.

The Modes

Bonding have several modes of operations which will determines the bond’s behavior.

mode 1: active-backup
Only one slace in the bond is active. A different slave become active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter).
mode 2: balance-xor
Transmit based on [ (source MAC address XOR’d with destination MAC address) modulo slave count ]. It looks confusing but it is pretty straightforward. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.
mode 3: broadcast
Transmit everything on all slave interfaces. This mode provides fault tolerance
mode 4: 802.3ad
Refers to IEEE 802.3ad Dynamic Link Aggregation. Create aggregation gorups that share the same speed and duplex settings. It will utilizes all slaves in the active aggregator according to 802.3ad specification. To use this method we need a switch that supports IEEE 802.3ad Dynamic LInk Aggregation. Most switches will require some type of configuration.
mode 5: balance-tlb
Adaptive transmit load balancing. No special switch support. The outgoing traffic is distributed according to the current load which is computed relative to the speed on each slave. Incoming traffic is received by current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
mode 6: balance-alb
Adaptive load balancing. Similar to tlb (transmit load balancing) but also use receive load balancing (rlb) for IPv5 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP replies sented by the local system on their way out and overwrites the source hardwares address with the unique hardware address of on of the slaves in the bond such that different peers use different hardware address for the server.

For more information, please refers to Linux Channel Bonding Project: http://sourceforge.net/projects/bonding/

Creating a Bonding Channel

Edit /etc/modprobe.conf, make new file if it doesn’t exists. Then write these lines into it:

alias bond0 bonding
options bond0 miimon=80 mode=<mode>

<mode> is the bonding mode, refer to previous section for description of each mode. In this article we will use mode 5.

Creating Interface

Next we create a logical interface. Edit /etc/sysconfig/network-scripts/ifcfg-bond0Β  (bond-zero) or create it if it doesn’t exists.

# /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.1.103
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.254
GATEWAY=192.168.1.1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

Adjust the content with your condition. In this scenario, the bond channel have IP address 192.168.1.103/24. The bond channel is avalable on boot.

Configuring Interface

At this point, we have create a bonding channel.

Suppose we have two interface, eth0 and eth1 and want to aggregate them into bond0. The eth0 and eth1 will be the slave.

Edit /etc/sysconfig/network-scripts/ifcfg-eth0 or your file corresponded to eth0

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0

Edit /etc/sysconfig/network-scripts/ifcfg-eth1 or your file corresponded to eth1

# /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0

Then restart the network service.

service network restart

Setting DHCP Server on FreeBSD

December 9, 2015 | Uncategorized | No Comments

In open network such as internet cafe, campus, etc, DHCP protocol is widely used. DHCP providing client an IP address without them set IP manually. DHCP server also manage what IP should and should not be used by client in a network. This will ensure a dynamic environment in a network.

In this article we will discuss about install and configuring DHCP on FreeBSD machine. Technically I use:

  1. FreeBSD amd64 8.3
  2. ISC DHCP Server

How DHCP Works

When a client system first joins a network using DHCP, it broadcasts a request to the local network for configuration information. The DHCP server then answers this request with the parameters set in the DHCP server configuration file. The client system applies this assigned configuration to its network interface in order to communicate with the network.

DHCP servers generally assign IP addresses in one of two ways: statically or dynamically. The static method allocates an IP address to a client based on the client’s hardware MAC (Media Access Control) address. This IP address will not change. A dynamic IP address assignment is a leased address. The DHCP server assigns these addresses from a pool or range set by the administrator. Dynamic IP addresses are returned to the pool when a client disconnects from the network. If the same client rejoins the network, it may be assigned a different IP address if the previously assigned address is unavailable.

Preparation

A DNS server is not necessary to run DHCP server. However if you plan on running your own DNS server, you should install and configure it before proceeding to next stage.

Make sure you have acquired and become super user to do installation.

Installation

Installing ISC DHCP Server is as easy as other ports installation. The version we use will be ISC DHCP Server version 4.2. Now do command:

cd /usr/ports/net/isc-dhcp42-server
make config
make install clean
rehash

A menu of options might appear. In this article we will use default options, so leave those options at defaults.

Configuration

Fortunately, we can use a sample configuration provided by ISC DHCP server.

cd /usr/local/etc
cp dhcpd.conf.sample dhcpd.conf

ISC DHCP server use a plain text /usr/local/etc/dhcpd.conf as its main configuration file. Edit that file and adjust as we need.

In this article we will use a scenario like this:

  1. Using domain name ns1.celestial-being.net and ns2.celestial-being.net with IP address 192.168.1.11 (this existing domain name is not necessary)
  2. The available address will be 192.168.1.100 to 192.168.1.254.
  3. We disable dynamic DNS update.
  4. The router is at 192.168.1.1

Now alter the /usr/local/etc/dhcpd.conf and adjust it with your need. This one should fulfill our need:

option domain-name "celestial-being.net";
option domain-name-servers 192.168.1.11;

authoritative;

ddns-update-style none

subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.100 192.168.1.254
   option routers 192.168.1.1;
}

Make sure you terminating the line with “;” (semi-colon).

Another thing to note: there should be no other DHCP server on network. Most routers have a built-in DHCP server therefore if you want to use own DHCP server, disable the router DHCP’s before.

Whether we use ourself as a router or not, we can specify the router used by client.

At this point, we have configured a simple DHCP network.

Most, if not all, people who use computer have ever or maybe always listen to music using their computer. It might become part of our routines, listening music while surfing net, chatting, gaming, writing documents / reports, or coding. There are many alternatives to music player. For Linux, one might recommend Amarok, other might suggest Banshee, and others might mention other application out there. It’s our decision to choose what player.

For a hardcore people, they like to play music using their old black colored terminal. Well, some people might prefer GUI but this alternatives is not bad too.

In this article we will discuss about alternatives to convenient music player (GUI) with Command Line Interface. Maybe not all of you like Command Line Interface, but this can be an alternative or maybe some knowledge.

Here I present music player running on terminal. All of these player have been tested on Slackware64 14.0. There won’t be any installation step (yet) on this article, but might be covered on other article.

Play

Well, let’s start the list with Linux’s basic command for playing an audio file. It’s a simple command play we are talking about. To play a music, you can supply an argument which is path and filename to audio file we want to played. It then give you sound of what content on the audio. Well, there’s no interactive design and no playlist. Just a simple command to simply play a file.

But wait, surely we want more than this, aren’t we? Well, if you want more, let’s talk about more Audio player to feed our curiosity.

CMus (C* music player)

Powered with NCurses, CMus is very powerful and highly configurable.

Small, fast and support for UNIX-like operating system. It also features Vi-like commands and also configurable keyboard shortcuts which can be bound to other keys if needed. CMus is currently supports various audio format, including: Ogg Vorbis, FLAC, MP3 (with libmad), WAV, AAC, or WMA. Not to mention, it is lightweight and got good layout.

It is a worth to try. You can go to their official site here.

Mp3blaster

An old and mature player. First released on 1997 it was known as Mp3player. A simple and humble name, well.

Despite of the name, Mp3blaster supports several formats. Currently, they are: MP3, OGG, WAV, and SID.

Like MCus, Mp3blaster also use NCurses. There is a panel on top of display, showing important keyboard shortcuts for playlist management. This pane is scrollable using + and -. On right side, there are ASCII art playback symbols such as |> as for play button. You can also press ? for detailed help.

Keybindings is also configurable using a simple configuration file. Usually located at ~/.mp3blasterrc.

You can visit their official site here.

MPlayer

Well, this player is well-known media player for their video capabilities. But who knows that this player also able to play lots of audio formats in Command Line Interface. It supports some formats, such as: OGG, Vorbis, MP3, WAV, AAC, FLAC, and WMA.

Other interesting information can be found on their official site, here.

MOC

Well, it has simple name behind it. MOC, or Music On Console. It is a good choice for music libraries that consist of OGG, WAV and MP3 files. It’s easy to use out of the box, boasting a two-paned interface similar to that of Midnight Commander, with a file browser on the left and your playlist on the right. The default keybindings are mostly use single letter for what function they represents. For example, you can press N for “next track” and R to toggle random play.

In term of configuration, it is also configurable. Just edit ~/.moc/config file to do some adjust like colors, width of each window pane, etc.

MOC can be further viewed on their official site, here.

MPD + Ncmpcpp

Music Player Daemon (MPD) could be considered a giant software in Linux audio. It comes preinstalled in many distributions.

Technically speaking, MPD is a server-side application. Can we call it as back end program? It’s great for setting up networked audio in a home media center. We also can use it simply for local playback. The advantage here is that we can use any client you want to control MPD, and there are many client to choose.

Next to Ncmpcpp. This is an Ncurses MPD client, based on Ncmpc but more advanced. Well, that’s why it is called as Ncmcpp, if you know what I mean πŸ˜€

Ncmpcpp includes support for Last.fm scrobbling and music visualization via external libraries. Lyrics fetching and display are built in and can be activated for a selected track by pressing l. Ncmpcpp can fetch artist information as well.

Although Ncmpcpp is terrific once we get it set up, using an MPD client to listen to music isn’t always a pragmatic choice. You’ll most likely be up and running much faster with a player like Mp3blaster, MOC or Herrie.

MPD can be found here.

Ncmpcpp can be found here.

nvlc

Have you ever heard VLC?

The famous VLC media player is known for its ability to play almost media file you give. The terminal version comes with a lesser-known Ncurses control interface. To start it up, type nvlc. The interactive features are noticeably limited in comparison with the vast array of options you may be used to seeing in the GUI version. Press B to browse your files and Return to add a file to the playlist. Toggle help view with h for a complete list of hot keys.

It might be unattractive at first time you see it. Well, that feeling comes to me too. If you search forΒ  a preconfigured player with lot of hot keys, then it might not be what you search for. But you can do a lot of experiment with it, including adding custom hot keys. Well.

Now, CLI-lovers, this is what you may like about nvlc. The power of nvlc lies on Command-Line arguments. You can pass arguments ranging from a directory or a playlist to complex chains of filters. Anything you can do in the GUI version of VLC is possible with nvlc if you know the right argument to pass.

Now, let’s warm up our fingers and experiment with these snippet:

[sourcecode language="bash"]
# getting help
nvlc -h
nvlc -H

# Play music on a directory
nvlc /path/to/my/music

# List what modules avilable
nvlc --list
nvlc --list-verbose

# Now, try this
nvlc --audio-filter chorus_flanger --delay-time 150 --dry-mix 0.8 --wet-mix 0.6 --feedback-gain -0.3 /path/to/my/mysic.fileextension
[/sourcecode]

Here you can find VLC.

Herrie

It means “clamour” in Dutch. Herrie was first released in 2006.

If you look at it, it has simplest design after all. Well, nohing I can say about this program. Well, Last.fm users likely to find it easy to use and easy to set up track scrobbling. Since I’m not on Last.fm so I can say much. Here, you can explore it deeper.

Herrie can be found at their official site, here.

Installing IPFire on Raspberry Pi

December 5, 2015 | Uncategorized | No Comments

Raspberry Pi, a small computer powered by ARM architecture is a very interesting board for learning embedded system. In this article we will discuss about how to install how to install IPFire distribution.

For this article I use following:

  1. Slackware64 14.0
  2. Windows 8.1
  3. Raspberry Pi model B
  4. IPFire 2.15 Core Update 86

You can use either Linux (in this article, Slackware) or Windows (in this article Windows 8). Just pick one and follow the rest of article for your choice.

What is IPFire?

IPFire is a hardened Linux appliance distribution designed for use as a firewall. It offers corporate-level network protection for anyone who needs it, from home users all the way up to large corporations, school networks and authorities.

IPFire focusses on security, stability and ease of use. A variety of add-ons can be installed with a single click, to add more features to the base system.

Obtain the Materials

The version I use is 2.15 which we can download from its official site here.

Prepare the Disk (SD Card)

To boot the Raspberry Pi, an installation media and storage media is needed. All we need is a single SD card. On this article I use my 8GB SD card. You can use any SD card you want, but I recommend to use at least 4GB SD card. The image we download on previous section will be stored on this card and later installed. Make sure you have a way to write on SD card.

Windows-based Instruction

For Windows user, you can follow this section to “burn” the image. For this purpose you need additional software for writing to SD card, such as Win32DiskImager utility.

  1. Extract the image (in this caseipfire-2.15.1gb-ext4.armv5tel-full-core86.img.gz) so you will get an .img file. To extract the file in Windows, you can use 3rd party tools such as 7zip.
  2. Insert SD card into SD card reader and check what drive letter it assigned to. For example G:\
  3. If it is not new, format it. Or at least make sure there is only one partition (FAT32 is recommended).
  4. Run the Win32DiskImager with administrator privileges.
  5. Select the image we have extracted.
  6. Select the drive letter of the SD card on our machine. Make sure you have the correct drive, or you will destroy data on that drive.
  7. Click Write and wait. The process should be not long.
  8. Exit the imager and eject the SD card

Beside Win32DiskImager, you can also use other tool such as Flashnul.

  1. Follow step 1 to step 3 for Win32DiskImager’s solution
  2. Extract Flashnul from the archive
  3. Open command prompt with elevated privilege (administrator privilege).
  4. Go to your extracted directory and run flashnul with argument “-p”. For example: flashnul -p
  5. You will get list of physical drive attached on your machine, and list of drive. Make sure the drive is correct. At time of writing this article, the SD card is detected as device number 1 with and mounted to drive G:
  6. Load the image to flashnul: flashnul 1 -L ipfire-2.15.1gb-ext4.armv5tel-full-core86.img
  7. If you get an access denied error, try re-plugging the SD card and make sure to close all explorer windows or folders open for the device. If still get denial, try substitute the device number with its drive letter: flashnul G: -L ipfire-2.15.1gb-ext4.armv5tel-full-core86.img

At this point, you have successfully written image to your SD card. And I assume you are. You can proceed to next stage.

Linux-based Instruction

Writing image on Linux is easier, in my opinion. The utility we use is “dd” which is already bundled on most distro. Make sure you know the correct device file for your SD card. In my machine I use a built in card reader and detect my SD card as /dev/sdb. It might be different on your system so better check it. For this article I use /dev/sdb to refer to SD card.

  1. Extract the image (in this case ipfire-2.15.1gb-ext4.armv5tel-full-core86.img) so you will get an .img file.
  2. Insert SD card into SD card reader .
  3. If it is not new, format it. Or at least make sure there is only one partition (FAT32 is recommended).
  4. Unmount the SD card if it is mounted. We need the whole SD card so if you see partition such as /dev/sdb1, etc its better you unmount them all.
  5. Write the image to SD card. Make sure you replace the input file after if= argument with correct path to .img file and “/dev/sdb” in the output file of= argument with your device. Also make sure to use whole SD drive and not their partition (i.e. not use /dev/sdb1, /dev/sdb1, etc). The command: dd bs=4M if=ipfire-2.15.1gb-ext4.armv5tel-full-core86.img of=/dev/sdb
  6. Run sync as root. This will ensure the write cache is flushed and safe to unmount SD card.
  7. Remove SD card from card reader.

If you hesitate to use terminal and prefer to use GUI method, here is the tutorial. Note that we

  1. Do step 1 to step 3 for previous tutorial. Make sure your directory or image file doesn’t contain any spaces.
  2. Install the ImageWriter tool from https://launchpad.net/usb-imagewriter
  3. Launch the ImageWriter tool (needs administrative privileges)
  4. Select the image file (in this case ipfire-2.15.1gb-ext4.armv5tel-full-core86.img) to be written to the SD card (note: because you started ImageWriter as administrator the starting point when selecting the image file is the administrator’s home folder so you need to change to your own home folder to select the image file)
  5. Select the target device to write the image to. In my case, it’s /dev/sdb
  6. Click the “Write to device” button
  7. Wait for the process to finish and then insert the SD card in the Raspberry Pi

At this point, you have successfully written image to your SD card. And I assume you are. You can proceed to next stage.

Running the Pi

You have write image and at this point your raspberry pi is ready. Now set up raspberry pi to boot: insert your SD card back to raspberry pi, put on power, plug video output (either HDMI or RCA).

To resize the SD card after installation, you can follow this article.

Have fun πŸ˜€

Configuring Network on FreeBSD

December 5, 2015 | Uncategorized | No Comments

Network is an important matter for system, especially for FreeBSD.

In this article we will discuss about how to configuring network on FreeBSD and learn some important notes of it.

For this I use FreeBSD 8.3 for amd64, although you can also use another version or architecture.

There are two method for configuring network, by using sysinstall and editing rc.conf.

Sysinstall Method

The easiest method for configuring network is using sysinstall, by invoking

sysinstall

A Graphical User Interface (text based though) will prompt you. You can do network configuration by choosing Configure menu for doing Post Installation.

Accessing rc.conf

Another method will be accessing rc.conf directly. This method require you to edit rc.conf manually. Later on this article, we will mostly cover things for rc.conf.

Setting IP

IP or Internet Protocol address is an address which tell where are us in the world of internet. There are two type of IP address we can assigned to our network card: static address or dynamic address.

If you want to set IP address statically, edit rc.conf and add this line:

ifconfig_em0="inet 192.168.1.5 netmask 255.255.255.0"
defaultrouter="192.168.1.1"

In that example, we set our network card, which is recognized as em0, to have IP address 192.168.1.5 with netmask / subnet 255.255.255.0. The ethernet card recognized by your machine might be different, so you should find out what is the name of your ethernet card. A simple command to do so:

systat -ifstat

The default router, like the name, is used to tell our machine where is the router we must communicate.

If you want to set IP address dynamically using DHCP, edit rc.conf and add this line:

ifconfig_em0="DHCP"

Setting Nameserver (DNS)

To set default DNS server used by our machine, edit /etc/resolv.conf and write this:

nameserver 192.168.1.1

Our machine then use the 192.168.1.1 provided to doing some query for name. In other word, using nameserver as stated above as default nameserver. Change 192.168.1.1 to your need. A common DNS server used is Google DNS which located on 8.8.8.8.

Setting Hostname

Hostname is the identifier for machine in the network. Normally it is formed by machine name and domain name. This example add line to rc.conf and set hostname to freebsd.celestial-being.net:

hostname="freebsd.celestial-being.net"

IP Address Aliasing

IP Address Aliasing means a single network card can have more than 1 IP address. For example this will gives your ethernet card 3 IP address:

ifconfig_em0="inet 192.168.0.53 netmask 255.255.255.0"
ifconfig_em0_alias0="inet 192.168.0.54 netmask 255.255.255.0"
ifconfig_em0_alias1="inet 192.168.0.55 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

Multiple Network Cards in One Machine

Having multiple network cards in one machine is not a problem. Just configuring them both in rc.conf as you would normally, but with only one default router line. The hostname line for each needs to follow directly after the card is declared. For example:

ifconfig_em0="inet 192.168.1.5 netmask 255.255.255.0"
hostname="freebsd.celestial-being.net"
ifconfig_em1="inet 10.10.10.5 netmask 255.0.0.0"
hostname="arsenal.celestial-being.net"
defaultrouter="10.10.10.1"

Multiple netword cards on different networks

Having multiple cards in one machine on the same network is a simple matter, but setting the cards to seperate networks is another matter. They are both setup normally as above with the IPs declared statically, and the defaultrouter set to the network you want the machine to use for everything that isn’t specifically set to go out on the other card.

To see what router is set to default use the command

netstat -r

The first router on the list is the default router. Since FreeBSD sometimes changes the route if there is a problem it works best to create a start up script to set the route you want traffic to default to

#!/bin/sh
route change default 192.168.0.1 >> /dev/null
echo "DefRouteChange"

Getting this all to work can be tricky, and sometimes depends on the order the network cards are listed rc.conf, but it can be done.

Sending the hostname to the DHCP server

On many DSL modems and routers the hostname will not show up for FreeBSD machines when they are set to DHCP. To fix this you can add the following lines to /etc/dhclient.conf and replace the network card and hostname with your own

interface "em0" {
   send host-name "freebsd"
}

Installation of OpenLDAP on FreeBSD 8.3

December 5, 2015 | Uncategorized | No Comments

If you don’t know about LDAP yet, you can visit this introduction article.

In this article we will do installation of OpenLDAP on FreeBSD. Technically say we will install OpenLDAP 2.4 which is provided by standard ports of FreeBSD 8.3. The benefits of LDAP, and OpenLDAP specifically, is we can achieve Single Sign On to other services such as FTP, SSH, etc. The LDAP work as back-end which authenticates user in the Directories.

For this article I have:

  1. FreeBSD 8.3 amd64 (although amd64 or x86 is not problem)
  2. Internet connection (for downloading the sources).

Installation

Navigate to /usr/ports/net/openldap24-server and do clean installation:

make install clean

You will be prompted by a screen asking you what component you want to install. Choose the default options (checked by default) is best choice if you only want a normal one. But enabling some options are not bad too. For me, I checked SASL to enabled OpenLDAP with SASL using Cyrus-SASL.

OpenLDAP use configuration for DB access, so we must provide it. A quick way is copying template file provided by:

cd /usr/ports/net/openldap24-server
cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/DB_CONFIG

Post Installation

There are several things to do after installing OpenLDAP. Basically, a fresh installed OpenLDAP comes with no encryption thus every connection and message transfer to/from OpenLDAP will be plain texts. This is insecure that would cause data easy to be tapped. Here we will set OpenLDAP to use encryption. There are two approach we can use: TLS or SSL.

TLS stands for “Transportation Layer Security“. Services that employ TLS tend to connect on the same ports as the same services without TLS; thus an SMTP server which supports TLS will listen for connections on port 25, and an LDAP server will listen on 389. While SSL stands for β€œSecure Sockets Layer”, and services that implement SSL do not listen on the same ports as their non-SSL counterparts. Thus SMTPS listens on port 465 (not 45), HTTPS listens on 443, and LDAPS on 636.

The reason SSL uses a different port than TLS is because a TLS connection begins as plain text, and switches to encrypted traffic after the STARTTLS directive. SSL connections are encrypted from the beginning. Other than that there are no substantial differences between the two.

In this article we will choose LDAP over TLS, as SSL is deprecated.

Once OpenLDAP is installed, open /usr/local/etc/openldap/slapd.conf and configure with:

security ssf=128

TLSCertificateFile /path/to/your/cert.crt
TLSCertificateKeyFile /path/to/your/cert.key
TLSCACertificateFile /path/to/your/cacert.crt

The TLS need certificate files and key. The certificates are proof of authentication and key is the key for encryption. The security ssf=128 tells the OpenLDAP to use 128-bit encryption for all connection, both for search and updating. This parameter may be configured based on the security needs of the system.

The certificates can be signed by third party or by self (self signing). In this article we choose to do self-signing method, thus we need to create certificates manually. To create it, make sure we have OpenSSL installed. Then do following to create key with RSA:

openssl genrsa -out cert.key 1024
openssl req -new -key cert.key -out cert.csr

At this point we will be prompted for some values. Enter whatever values; however, it is important the β€œCommon Name” value be the fully qualified domain name of the OpenLDAP server. In this case, we will choose freebsd.celestial-being.net. Incorrectly set this value will cause clients to fail when making connections. This can cause great frustration, so ensure that you follow these steps closely.

Finally, the certificate signing request needs to be signed:

openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out cert.crt

This will create a self-signed certificate that can be used for the directives in slapd.conf, where cert.crt and cacert.crt are the same file. Once this is done, put the following in /etc/rc.conf to make OpenLDAP run automatically on boot.

slapd_enable="YES"

Then run /usr/local/etc/rc.d/slapd start. This should run slapd. Then confirm slapd is running by confirm whether it is listening on 389. To check do:

sockstat -4 -p 389

Configuring The Client

Install the openldap24-client if it is not installed (normally it will be automatically installed when you install openldap24-server). openldap24-client can be found on /usr/ports/net/openldap24-client. The client machines will always have OpenLDAP libraries since that is all security/pam_ldap and net/nss_ldap support, at least for the moment.

The configuration file for the OpenLDAP libraries is /usr/local/etc/openldap/ldap.conf. Edit this file to contain the following values:

base dc=celestial-being,dc=net
uri ldap://freebsd.celestial-being.net/
ssl start_tls
tls_cacert /path/to/your/cacert.crt

At this point, we will be able to run ldapsearch -z on the client machine; -z means “use TLS”. If you encounter an error, then something is configured wrong. Most likely from certificates. Use openssl(1)’s s_client and s_server to ensureyou have them configured and signed properly.

Make sure clients have access to cacert.crt, otherwise they won’t be able to connect.

Social media & sharing icons powered by UltimatelySocial