Tagarchief: CentOS

My Dymo label writing process

This page contains raw notes and/or untested notes. They may be incorrect, parts may be missing or the article may contain parts that are not needed and more. An update will probably follow some day.

To print labels on my Dymo, I'm running a custom built webapp that allows users in the entire network to print. It has a memory, prints KIX-codes (that make it easier for the postal service to process letters) and prints a logo.

In my setup, the server generating the logo and the server printing it are two different machines. But even if they weren't, this method keeps the webserver in its SELinux confinement.

Requirements

We need some tools, install the packages with the following command:
yum install ripmime

Add the printer to CUPS

Add the printer to CUPS, so you can spool jobs to it. I'm not explaining this part.

Generate a label

Using PHP's GD extensions I generate a new image with width=1010 and height=540. Using this high resolution results in good quality prints.

The image is exported as a .png file, named [something-random].dymo.png and transported to the printserver through a special email-address.

Prepare the mailserver

I'm running a Postfix mailserver. This mailserver has a special address that accepts print jobs, extracts the files and prints them.

In /etc/postfix/master.cf, add the following lines:

printer unix  -       n       n       -       -       pipe
  flags=F  user=nobody argv=/etc/postfix/bin/printserver $sender $recipient

Then in /etc/postfix/transport, we put:

printer.geeklab.info    printer:

The domain printer.geeklab.info doesn't necessarily need to exist, as long as you smtp right to this mailserver.

Finally in /etc/postfix/main.cf we enable the transport maps, if that hasn't been done before:

transport_maps = hash:/etc/postfix/transport

Write a script

In master.cf we start the script /etc/postfix/bin/printserver. Add this content to said script:

#!/bin/bash
TMPDIR=/var/spool/mailprinter/$$_${RANDOM}_${RANDOM}
MESSAGE_FILE=${TMPDIR}_the_message
mkdir -p $TMPDIR
cat > $MESSAGE_FILE
ripmime -i $MESSAGE_FILE -d $TMPDIR
for i in ${METAMAIL_TMPDIR}/*.dymo.png; do
lpr -PDymo -o PageSize=w167h288 -o landscape -o page-left=0 -o page-top=0 -o page-right=0 -o page-bottom=26 -o orientation-requested=5 -o scaling=100
done
rm -rf $MESSAGE_FILE $TMPDIR

Manage SELinux settings

The script we just write uses ripmime and lpr and runs as the Postfix pipe user. To allow the Postfix pipe program to use these tools, run postfix_pipe_t in a permissive state:
semanage permissive -a postfix_pipe_t
Always remember to manage SELinux, not disable it.

Ubuntu/Debian

I'm running RedHat-based software on all of my machines. Above information may be useful for Ubuntu/Debian users, but it's not tested and I'm not supporting it.

Servers: RedHat Enterprise Linux/CentOS is more suitable for servers, as there's a lot of professional level support available. I think that's important, because if I say, get a car accident, I want the servers to be managable by another professional.

Desktops/Laptops: RPM packages are pretty exchangable between RedHat-based platforms. That's a good reason to run Fedora on the desktop.
© GeekLabInfo My Dymo label writing process is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Install mod_auth_ntlm_winbind on CentOS 6.0

Step 1. Install ntp and synchronize clocks

We'll be using winbind, kerberos and ntlm to authenticate the user. This requires the clocks of the AD server and the proxy server to be synchronized.

yum -y install ntp
sed -i "s/^server /#server /g" /etc/ntp.conf
echo "server YOURSERVERNAME" >> /etc/ntp.conf
ntpdate YOURSERVERNAME #synchronize right now
service ntpd start #and keep in sync
chkconfig ntpd on #after reboot as well

Step 2. Update system and install required software

yum update
yum install mc vim httpd php svn httpd-devel make autoconf gcc ntp krb5-workstation \
samba-common authconfig samba-winbind

Step 3. Connect to active directory

Please note that MYCOMPANY.local and mycompany.local may be different domains due to the upper/lowercase.

ADSERVER=sbs.MYCOMPANY.local
DOMAIN=MYCOMPANY.local
WORKGROUP=MYCOMPANY
authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=$ADSERVER \
--krb5realm=$DOMAIN --smbservers=$ADSERVER --smbworkgroup=$WORKGROUP \
--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=$DOMAIN \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall
service winbind start ; chkconfig winbind on
setsebool -P allow_httpd_mod_auth_ntlm_winbind on

Now check your winbind connection using the following commands:

wbinfo -u
wbinfo -g

The socket /var/lib/samba/winbindd_privileged/pipe should be writable by the webserver. To allow that access, I add user apache to the group wbpriv: usermod -G wbpriv apache

Step 4. Download and compile mod_auth_ntlm_winbind

svn co svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind
cd mod_auth_ntlm_winbind/
autoconf
./configure
apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c

Step 5. Configure it

In /etc/httpd/conf.d/mod_auth_ntlm_winbind.conf I put the following configuration

LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so
<Directory "/var/www/html">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "NTLM Authentication"
AuthType NTLM
Require valid-user
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
</Directory>

In /etc/httpd/conf/httpd.conf, change KeepAlive Off to KeepAlive On. Preferably, also set MaxKeepAliveRequests and KeepAliveTimeout to a high value. On my intranet server, they're set to 1000 requests and 600 seconds.:w

Step 6. Change your firewall to enable incoming HTTP

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
service iptables save

Step 7. Go!

Run service httpd restart, make httpd start on reboot using chkconfig httpd on and test your configuration.

© GeekLabInfo Install mod_auth_ntlm_winbind on CentOS 6.0 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5,00 out of 5)
Loading...

X11 over SSH

CentOS 5's and Fedora 15's base installations are pretty good prepared to use X11 over SSH. You just need to install one more package on the server you're connecting to: xorg-x11-xauth. According to yum info, the purpose of this package is:
xauth is used to edit and display the authorization information used in connecting to an X server.
This editting probably means synchronising X11 authority cookies between SSH peers.

Installing is done using:
yum install xorg-x11-xauth

Then ssh into the box using:
ssh -X [servername]

© GeekLabInfo X11 over SSH is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Updating the Dell PERC H200 firmware

My brand new Dell R300 servers contain a PERC H200 SAS/SATA controller that has pretty bad firmware. Luckily, Dell released better firmware, but you'll need to update it yourself.

  • Install and boot RedHat 5.6 or CentOS 5.6
  • Download the file RAID_FRMW_LX_R294620.BIN from the Dell support site
  • run yum install compat-libstdc++-33 to install libstdc++ compatibility functions required for the RAID_FRMW_LX_R294620.BIN file.
  • also run yum install libxml2 to install required xml libs
  • make RAID_FRMW_LX_R294620.BIN executable chmod +x RAID*
  • and run it: ./RAID_FRMW_LX_R294620.BIN

Ubuntu/Debian

I'm running RedHat-based software on all of my machines. Above information may be useful for Ubuntu/Debian users, but it's not tested and I'm not supporting it.

Servers: RedHat Enterprise Linux/CentOS is more suitable for servers, as there's a lot of professional level support available. I think that's important, because if I say, get a car accident, I want the servers to be managable by another professional.

Desktops/Laptops: RPM packages are pretty exchangable between RedHat-based platforms. That's a good reason to run Fedora on the desktop.
© GeekLabInfo Updating the Dell PERC H200 firmware is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Squid active directory authentication on Centos 5.6

Step 1. Install ntp and synchronize clocks

We'll be using winbind, kerberos and ntlm to authenticate the user. This requires the clocks of the AD server and the proxy server to be synchronized.

rpm -qa ntp || yum -y install ntp
sed -i "s/^server /#server /g" /etc/ntp.conf
echo "server YOURSERVERNAME" >> /etc/ntp.conf
ntpdate YOURSERVERNAME   #synchronize right now
service ntpd start                #and keep in sync
chkconfig ntpd on       #after reboot as well

Step 2. Install required software

yum install krb5-workstation samba-common authconfig squid
chkconfig squid on

Step 3. Connect to active directory

Please note that MYCOMPANY.local and mycompany.local may be different domains due to the upper/lowercase.

ADSERVER=sbs.MYCOMPANY.local
DOMAIN=MYCOMPANY.local
WORKGROUP=MYCOMPANY
authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=$ADSERVER \
--krb5realm=$DOMAIN --smbservers=$ADSERVER --smbworkgroup=$WORKGROUP \
--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=$DOMAIN \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall

I found some information saying that /var/cache/samba/winbindd_privileged should be chowned 750 to root:squid or that you should add user squid to group wbpriv. Also, squid.conf should not have cache_effective_group defined. However, this part was not relevant on my Centos 5.6. The reason could be that I installed 5.4, then upgraded, i'm not sure. Just leaving it as a note.

Now check your winbind connection using the following commands:
wbinfo -u
wbinfo -g

Step 4. Configure squid

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
auth_param ntlm children 5
auth_param ntlm keep_alive on
acl our_networks src 192.168.0.0/16
acl ntlm proxy_auth REQUIRED
http_access allow our_networks ntlm
authenticate_ip_ttl 900 seconds

This will allow all valid, logged in users to surf the web. You could also limit which users can surf by adding
--require-membership-of=ADGROUPNAME to the ntlm_auth command

Start Squid using /sbin/service squid restart and you're good to go.

You may want to check what else I'm writing on Squid. I'm planning to document a lot more in the next few weeks.

© GeekLabInfo Squid active directory authentication on Centos 5.6 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5,00 out of 5)
Loading...