15 December 2011

linux : show current subfolders size

The following command show the size used by each subfolder in the current folder ordered by size and in a human readable format :
paste <(du -xs *) <(du -xhs *) | sort -n | cut -f3,4

11 December 2011

Belgacom BBox2 : use TV as internet port

  1. Connect to the web interface of the bbox (http://192.168.1.1)
  2. Go to 'Advanced Settings' > 'Route' and select the tab 'Routing' on the top of page.
  3. At the really bottom of the page, uncheck the port you would use as internet ports and check those you want to use as TV ports.

03 November 2011

Easily delete Lan Server entries in Belgacom BBOX routeur

Deleting Lan Server entires via the BBOX web interface is a pain when there are more than five entries to delete.

Hopefully, you can connect to the telnet interface to achieve this task 10 times quicker :
  1. Connect to the router via telnet (check this post to figure out how to connect via telnet)
  2. Check the ID numbers of the entries you want to delete:
    1. You can hover the button to edit or delete an entry in the web interface in order to see the ID in the URI
    2. Or you can run this command rg_conf_print /fw/rule/loc_srv/ to see the list of Lan Servers
  3. Run the following command for each ID to delete where [ID] is the id to delete :
    rg_conf_del /fw/rule/loc_srv/[ID]
If you don't want to execute the command manualy, you can use my tool.
Usage : bbox_fw_delete_id -i [bbox_ip] -l [login_name] -p [password] -s [start_id] -e [end_id]
This tool is provided 'as is' and could not work as expected or even corrupt your BBox.

.NET library used to write this tool

02 November 2011

Disable UPnP on Belgacom BBox2 routeur

  1. Connect via telnet on your belgacom routeur
  2. telnet 192.168.1.1
  3. Login : admin
  4. Password : BGCVDSL2 (default password)
  5. Check if config is the same as expected 
    Following command should return (enabled(1))
  6. rg_conf_print upnp/enabled
  7. Change the configuration
    rg_conf_set upnp/enabled 0

Connect to your local router from wan through ssh

In a previous post, I've described how to open remote management for your bbox2 / local modem-router via ssh.

I've found an easier and more secure way to achieve this :

Prerequisites :
* You have PuTTY (or an ssh client)
* ssh server on your local network is reachable from wan

In PuTTY settings > Connection > SSH > Tunnels, define the following :

  • Source port : 8080 (or any free port on your computer running PuTTY)
  • Destination : 192.168.1.1:80 (assuming your router ip is 192.168.1.1 and the default web interface running on port 80)
  • Click on [Add]
  • Apply changes

You can now connect on your router web interface from your computer running PuTTY via the following address : http://localhost:8080/

Hex Edit Windows 7 SAM file to enable Administrator Account

It could happen that your were connected to a Windows Domain and that you've decided to leave this domain.
What about if all local users are disabled?

You cannot join anew a Windows Domain as you don't own any local user able to connect in order to join the domain.
You can still start your computer and see the login screen but you will definitely stay a click away from your desktop...

Hopefully, there is a bunch of tools allowing you to enable anew the Administrator account and even reset the password :
link1
link2
link3
...
(Simply search "offline windows password change" on Google)

But in my case, editing the SAM file on another computer simply didn't work and I didn't want to burn a CD or corrupt my multiboot usbkey.

So I've booted on Lubuntu already installed on my usbkey and decided to hex edit the file.

Later on, I've found a linux tool called chntpw that could be installed on my live lubuntu distro and could do the trick, but I went another way :
  1. apt-get install hexedit
  2. Open SAM file (containing local user accounts)
    1. hexedit /media/os/Windows/System32/config/SAM
  3. Find signature "00001F4"
    1. CTRL+S : 3030303030314634
  4. Find signature "2.9.8"
    1. CTRL+S :  3200390038
  5. Being on the char "2" position, calculate 18 hex position on the left (i.e. press 36 times the left arrow key)
  6. The hex char should be 11, replace it by 10
  7. Save by pressing F2
  8. Reboot on Windows
  9. Enjoy your local administrator account enabled with a blank password*
* If the administartor password wasn't changed by a user or a GPO

#1 #2

01 November 2011

Connect to SSH with a Public Key on a Synology Station

Prerequisites :
  • You own a public key and a private key, or you can generate one with puttygen or openssl
  • ipkg and nano installed if you want to use this editor

  1. First connect to your nas as root via ssh using your admin password.
  2. If you want to connect later on as root, go in the home folder of root
    If you want to connect as another user, go in the home folder of the other user, and follow the same instructions
    cd /root/
  3. Go to or create the directory .ssh
    mkdir .ssh
    cd .ssh/
  4. Open the file authorized_keys (assuming nano is installed with ipkg, otherwise use cat or vi) :
    nano authorized_keys
  5. Copy your public key inside the file and save it.
  6. Open sshd config file :
    nano /etc/ssh/sshd_config
  7. Ensure the two following parameters are enabled and uncommented :
    RSAAuthentication yes
    PubkeyAuthentication yes
  8. Configure your ssh client to use your private key and enjoy ;)

31 October 2011

FTP not reachable on Synology RackStation RS2211+ after Domain Controler shut down

Today we had to shut down our Domain Controler for backup purpose.
We wanted to backup our DC's vdisk to our Synology RS2211+ RackStation via FTP.

The problem was that our Synology RackStation was joined to the domain managed by this domain controler.
We obviously cannot connect with a domain user, but local users were also rejected by the FTP service.
Restarting the FTP service didn't help.

I've resolved this issue by restarting the RackStation...

28 October 2011

Resolve nameserver issue on RackStation RS2211+

I had an issue on a RS2211+ joined to a domain :
Each time I restarted the Station, the nameserver was reverted to an old value.

Changing parameters in the web interface didn't help.

So I connected to console via SSH and I changed nameserver ip in those 3 files :
/etc/resolv.conf
/etc/resolv.conf.sv
/etc/synoinfo.conf
And the problem seems to be resolved

11 September 2011

nmap not working after upgrading package with ipkg

Recently my 'nmap' failed to work after updating DSM to 3.2 or upgrading some packages from ipkg :
"nmap: error while loading shared libraries: liblua.so: cannot open shared object file : No such file or directory"

I fixed the issue by installing the 'lua' package:
> ipkg install lua

#1

08 September 2011

Finally found some headphone working with Samsung Galaxy Ace

I bought an Samsung Galaxy Ace few months ago without any headphone in the package.
Since, I couldn't manage to find any working headphone system, even those provided by samsung.

Today I've finaly found an headphone system working with my Galaxy Ace : the BlackBerry Genuine's one.

Thank you Samsung...


Photo taken from amazon website : #1

11 August 2011

Use squid on ubuntu server linked with a domain controler in order to force NTLM authentication

(This installation was made on an ubuntu server 10.10)

Install squid:
sudo apt-get install squid

You can already test the installation by configuring your web browser to use your server on port 3128 as the proxy server. You should receive an error web page generated by squid or the requested web page.

In order to request your active directory server, you have to install the following packages:
sudo apt-get install samba krb5-user libpam-krb5 winbind

During the installation, you could be prompted for some information.
Just leave the default values, we will modify the config files later.

Edit /etc/krb5.conf and add or edit the following values :[libdefaults]
default_realm = YOURDOMAIN.COM
[...]
[realms]
STARWARS.LOCAL = {
kdc = dc
admin_server = dc
default_domain = YOURDOMAIN.COM
}
[...]
[domain_realm]
.yourdomain.com = YOURDOMAIN.COM
yourdomain.com = YOURDOMAIN.COM
[...]

where yourdomain.com is your network domain (respect the character casing !) and dc is the dns name of your domain controler.

You can test that all is running fine by typing the followinf command:
sudo kinit Administrator
You will be prompted for the administartor password.
If all is correctly configured, you should have no result from this command.

Before configuring samba, stop the samba and the winbind service :
sudo service winbind stop
sudo service smbd stop


Edit /etc/samba/smb.conf and add or modify the following items:
[global]
workgroup = YOURDOMAIN
realm = YOURDOMAIN.COM
security = ads
encrypt passwords = yes
password server = dc.yourdomain.com
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
# only add the following line if your server's name is longer than 18 characters
netbios name = mysquidserver
[...]

where dc.yourdomain.com is your domain controler.

Restart samba and winbind services:
sudo service smbd start
sudo service winbind start


Try to join the domain with the following command:
sudo net join -U Administrator

You should get the following result:
Using short domain name -- YOURDOMAIN
Joined 'mysquidserver' to realm 'yourdomain.com'


You can now test the configuration with the following command that give you the list of users:
wbinfo -u

In case of any problem, restart samba and winbind before googleing.


Now that your server is joined to your AD domain, we can configure squid.

First, test the ntlm authentication:
sudo /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
Directly after, enter a valid domain user and password:
username password
The answer should be:
OK

Edit the file /etc/squid/squid.conf.
Add or edit the following:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid AD
auth_param basic credentialsttl 2 hours
acl ntlm proxy_auth REQUIRED
http_access allow ntlm
append_domain .yourdomain.com


Restart squid : service squid restart

Enjoy !

--- EDIT 10/01/2012
I've tried a fresh install based on the current procedure on a ubuntu server 11.10 without success.
I've executed the following command in order to ge it working:
chmod -R 777 /var/run/samba/winbindd_privileged
--- ENDIT 10/01/2012

#1 #2 #3 #4 #5 #5

15 July 2011

Install and configure dnsmasq on Synology NAS

ipkg dnsmasq
In /opt/etc/dnsmasq.conf, modify the path where dhcp lease file is saved:
dhcp-leasefile=/opt/var/dnsmasq/dnsmasq.leases

Configure OpenVPN package on Synology to enable DNS

An openvpn package is now available on Synology Website.

  • After the openvpn package is installed, the configuration file is located here :
  • /usr/syno/etc/synovpn/openvpn/openvpn.conf
  • Add the following line in the configuration file :
    push "dhcp-option DNS 192.168.1.3"
    where ip address is your DNS server ip address.
  • Restart the openvpn package.

Open web remote access on Belgacom BBOX router via Synology NAS

Prerequisites :
  • Synology NAS accessible via SSH
  • lynx installed on the nas (you can install it with ipkg)

If you want to remotly access to the router's web configuration page but didn't enable the option before, here is the way to do it :
  1. Connect via SSH to your server inside your local network
  2. Telnet the BBOX (192.168.1.1)
    1. login : admin
    2. pwd : BGCVDSL2 (if you didn't change it)
  3. Change the remote port with the following command 
    1. rg_conf_set admin/https/1/port 7777
  4. Enable the remote access
    1. rg_conf_set admin/https/1/remote_access 1
  5. Exit telnet
  6. Connect to the web interface localy with lynx (a command line webbrowser)
    1. lynx 'http://192.168.1.1/index.cgi?user_name=admin&password=BGCVDSL2'
    2. This is done probably because the admin web interface need to be accessed in order to load the new parameters
  7. You can now connect on your BBOX web interface through port 7777

25 May 2011

Take a print screen on Samsung Galaxy Ace

There is a shortcut to take a print screen on the Samsung Galaxy Ace :

Press the back and the home buttons at the same time.

----- EDIT 2012-02-01 -----
The trick has changed on newer Android versions (I'm currently on Android 2.3.3) :

Press and hold the home button and then press the switch off button.
---- END EDIT -----

Files are saved on /sdcard/ScreenCapture

#1

22 February 2011

Use WebDav on Windows 7

WebDav isn't supported anymore on Windows since Windows 7.

I've tried BitKinex that is working fine but I didn't find any option to map a network drive to my WebDav share.

I'm now using DirectNet Drive. You can map a network drive to a server using the major network protocols (ftp, sftp, WebDav).
There is some drawbacks inherent to the fact that you are using files over the network, but this is running quite smoothly...

23 January 2011

Show errors in prestashop

From the installation directory of prestashop, edit the file config/config.inc.php and modify the following line :
@ini_set('display_errors', 'on');

use include in tpl files with smarty in prestashop modules

The smarty version included in prestashop seems to be slightly different than the offical release.

If you want to use the include instruction in a tpl file, you have to be aware of these limitations inside the instruction:
  • you cannot concat strings
  • you must use full path
One easy way I've found to achieve this is to use the following code in your .php file:
// Get the full path of the mytpl template
[...]
$smarty->assign('one_var', dirname(__FILE__).'/mytpl.tpl');
return $this->display(__FILE__, $this->name.'.tpl');
And the following code in your .tpl file:
[...]
{include file=$one_var}
[...]

20 January 2011

fix uptime and ls commands after coreutils install on synology DS211+ nas

After installing coreutils with ipkg, lots of system commands will be used from /opt/bin instead of /bin.
Most are working fine but some should be reverted. For example uptime seems completly broken and ls doesn't use color anymore.

I've fixed this issue with the following commands:

ln -sf /bin/ls /opt/bin/ls
ln -sf /usr/bin/uptime /opt/bin/uptime

19 January 2011

rc.d and init.d occurences in synology nas

(Took on a DS211+)

/usr/syno/etc/rc.d link to /usr/syno/etc.defaults/rc.d -> synology standard applications
/usr/local/etc/rc.d -> synology standard packages (*.spk)
/opt/etc/init.d -> optware applications (ipkg)
/etc/init.d -> linux standard applications

18 January 2011

quickly fix misencoded characters in mysql DB

If some accentuated characters of your database have been misencoded in the db, for example the french character é appears as é you can follow these steps to correct the accentuation :
  1. Export the db to an sql script
  2. Open file in notepad++
  3. In menu > encoding, select convert to ANSI
  4. In menu > encoding, select encode to UTF8
  5. Save the file
  6. Import the converted sql file in mysql

install ipkg on synology DS211+ NAS

Find out your processor version :
cat /proc/cpuinfo
Processor : Feroceon 88FR131 rev 1 (v5l)
BogoMIPS : 1589.24
Features : swp half thumb fastmult edsp
CPU implementer : 0x56
CPU architecture: 5TE
CPU variant : 0x2
CPU part : 0x131
CPU revision : 1

Hardware : Synology 6282 board
Revision : 0000
Serial : 0000000000000000
The Feroceon 88FR131 processor is also known as Marvel 6282

Installation of ipkg is done with the following steps :
cd /tmp
wget http://wizjos.endofinternet.net/synology/archief/syno-mvkw-bootstrap_1.2-7_arm-ds111.xsh
sh syno-mvkw-bootstrap_1.2-7_arm-ds111.xsh

Credit : 1 2

install redmine on ubuntu server 10.10 x64

Install Redmine, mySQL and Apache1
apt-get install redmine-mysql redmine mysql-server apache2
Link the redmine code to /var/www/redmine:
ln -s /usr/share/redmine/public /var/www/redmine
Install the apache2 passenger and fastcgi
apt-get install libapache2-mod-passenger libapache2-mod-fastcgi
Add this line to /etc/apache2/mods-available/passenger.conf (inside the IfModule directive):
PassengerDefaultUser www-data
Edit /etc/apache2/sites-enabled/000-default and add after the two first <directory> directives:
RailsBaseURI /redmine
PassengerResolveSymlinksInDocumentRoot on
Options Indexes ExecCGI FollowSymLinks
In /var/www/redmine/, create the file .htaccess, with exactly this content:
RewriteEngine On
RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
Restart apache:
apache2ctl restart

Credit : 1

17 January 2011

CNAME in dnsmasq

In order to get working the CNAME directive in dnsmasq config, you need to configure the alias as FQDN
cname=myalias.mydomain.tld,dhcp_host
#1

Use smtp.gmail.com as postfix relay

As some ISPs are blocking outgoing mail from home smtp server, we have to use a relay.
smtp.gmail.com is a good choice.

Here are the steps I've followed in order to configure postfix on ubuntu 10.10 to use gmail as a relay :

Install postfix
Choose Internet Site and keep the proposed next option
aptitude install postfix
configure postfix
cd /etc/postfix
nano main.cf
add the following lines at the end of the file :
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
(there is no need to comment out the same options that can be present before in the file as only the last ones are used)

create the file passwd
cd /etc/postfix/sasl/
nano /etc/postfix/sasl/passwd
insert this line, changing your own logon information
[smtp.gmail.com]:587 yourname@gmail.com:yourpassword
generate a db file that postfix can read
postmap passwd
give the right to postfix to read the two files
chmod +r /etc/postfix/passwd*
Generate the cacert.pem file
/usr/lib/ssl/misc/CA.pl -newca
I input the following information (but I don't think that any data input below are important):
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Liege
Locality Name (eg, city) []:Liege
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google
Organizational Unit Name (eg, section) []:Google
Common Name (eg, YOUR name) []:nicolas jolet
Email Address []:myaddress@gmail.com
Copy cacert.pem
cp demoCA/cacert.pem /etc/postfix/
EDIT 17/01/2011:
if you copy the content of the equifax certificate, this is also working and much more simple that the two previous steps
cat /etc/ssl/certs/Equifax_Secure_CA.pem > /etc/postfix/cacert.pem
Restart postfix deamon
/etc/init.d/postfix restart

I saw on some blogs/forums that you should add the ca cert of Equifax, but in my case, I didn't do it and this is working fine.



Credit : 1 2 3

16 January 2011

TXT_DB error number 2 failed to update database

As I m completly unaware of the openssl use, I only write here some observations I made :

If after the command :
openssl ca -out cert.pem -infiles req.pem
you got the following error message :
failed to update database
TXT_DB error number 2
This is probably because you have generated your own signing certificate with the same Common Name (CN) information that the CA certificate that you've generated before.

Simply input a different Common Name each time you are asked should do the trick.

Credit : 1