Well… not much of a guide really.  Just a very quick how-to on what I did to get Time Machine on my Macbook Pro with OSX Lion 10.7 to save the backup data to my Linux server network share using AFP, rather than SMB (Windows Share), a Time Capsule, or and Apple Server.  I will attach my working config files for your reference as well.  Note that, 1) I am using the source code for Netatalk, compiled and installed, not the Ubuntu or Debian package, and 2) I am assuming you are comfortable with installing software from source.  Last note, I owe a HUGE THANK YOU to post I found on the basic’s of this configuration. (located here: http://www.trollop.org/2011/07/23/os-x-10-7-lion-time-machine-netatalk-2-2/)  I had a hard time getting anything working otherwise, and that post mostly got things working for me.

I really love this setup, because:

A) I am running a tiny ITX case with a 1.5TB ZFS mirror in it for data integrity. (back when drives were cheap, this makes a powerful and inexpensive NAS)  (oh and I am running this using the zfs-native package on Ubuntu Lucid! Love it!)

B) I love having the network-based Time Machine running, because it just runs whenever I am on my home network. I don’t have to think about, “Well, should I plug in my USB drive and backup tonight?”  It just runs all the time.

C) I also have Crashplan running on that ZFS pool, to save all my local machines here as well.

None of that has anything to do with getting an AFP share running, so, moving on.  The instructions below don’t cover the creation of your sparce file for the AFP share, which Time Machine uses.  Once you get to the Sixth step below, you’ll need to create that sparce bundle and copy it to your share. I used the script located on this post to generate my sparce bundle and copy it over to my server share. Anyway, to get your Mac talking to your Linux box, setup Netatalk like below. :)

FIRST:

Go get the latest Netatalk source code from Sourceforge.  http://netatalk.sourceforge.com/

Download and un-tar that code into a directory of your choice. But before we configure and compile this…  we need some supporting software.

SECOND:

Get the supporting software packages for Avahi and other items.  We need Avahi for zeroconf and other libs for authentication purposes.

I ran this apt-get command:

apt-get install avahi-daemon mdns-scan \
 avahi-utils libavahi-common-dev \
 libavahi-compat-libdnssd1 libavahi-compat-libdnssd-dev \
 libssl-dev libacl1-dev libwrap0-dev libgcrypt11-dev libdb4.8 libdb4.8-dev

Install the above items, then we can move on to the compile and install of afpd/Netatalk.

THIRD:

Now, “cd” to the directory where you un-tar’d the netatalk download code.  For example, mine was in this folder:

cd /mpool/Shares/Shared/netatalk-2.2.1

Assuming all the above packages installed successfully, let’s run ./compile. Here’s my command line:

./configure --enable-debian --with-acls --enable-ddp  --enable-zeroconf

Then, if that ran successfully, you should end up with some summary information as follows:  (may not be exact)

Using libraries:
    LIBS = -lpthread  -L$(top_srcdir)/libatalk
    CFLAGS = -I$(top_srcdir)/include -D_U_="__attribute__((unused))" -g -O2 -I$(top_srcdir)/sys
    SSL:
        LIBS   =  -L/usr/lib64 -lcrypto
        CFLAGS =  -I/usr/include/openssl
    LIBGCRYPT:
        LIBS   = -lgcrypt
        CFLAGS =
    BDB:
        LIBS   =  -L/usr/lib64 -ldb-4.8
        CFLAGS =
Configure summary:
    Install style:
         debian
    AFP:
         Large file support (>2GB) for AFP3: yes
         Extended Attributes: ad | sys
    CNID:
         backends:  dbd last tdb
    UAMS:
         DHX     ( SHADOW)
         DHX2    ( SHADOW)
         RANDNUM ( SHADOW)
         passwd  ( SHADOW)
         guest
    Options:
         DDP (AppleTalk) support: yes
         CUPS support:            no
         Apple 2 boot support:    no
         SLP support:             no
         Zeroconf support:        yes
         tcp wrapper support:     yes
         quota support:           yes
         admin group support:     yes
         valid shell check:       yes
         cracklib support:        no
         dropbox kludge:          no
         force volume uid/gid:    no
         ACL support:             yes
         LDAP support:            no

Notice the section on “UAMS” containing “DHX” and “DHX2″?  You must have those listed, or your Mac OSx Lion system wont work on it.  It needs the encrypted authentication.  If you don’t see those listed, you are missing some libraries on your system.

FOURTH:

Now if all is well…  run make.

make

make install

Run the above command, while still in that source directory.

Netatalk will install binaries for you under: /usr/local/sbin  and config under: /usr/local/etc/netatalk.
It also installs a basic startup script under your /etc/init.d directory called, easy enough, “netatalk.”

FIFTH:

Setup your config.  I’ll attach my configs for your reference, but here’s a couple basics.

1. afpd.conf  - comment out anything else, and add this line:

- -udp -noddp -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword

2. AppleVolumes.default – also comment out others, and add these.
These are just an example, based on my config. You’ll need to adjust the names and paths.
(NOTICE the “tm” at the end of the time machine share below, you must have that for TM to work.)  

/dapool/bu/tm TimeMachine allow:greg cnidscheme:dbd options:usedots,upriv,tm
/mpool/Shares/AppleShare AppleShare allow:greg cnidscheme:dbd options:usedots,upriv

3. netatalk.conf – I didn’t have this file on one system, so I just created it and added the config below:

#### machine's AFPserver/AppleTalk name.
ATALK_NAME=`echo ${HOSTNAME}|cut -d. -f1`

#### server (unix) and legacy client (<= Mac OS 9) charsets
ATALK_UNIX_CHARSET='LOCALE'
ATALK_MAC_CHARSET='MAC_ROMAN'

#### Don't Edit. export the charsets, read form ENV by apps
export ATALK_UNIX_CHARSET
export ATALK_MAC_CHARSET

#########################################################################
# AFP specific configuration
#########################################################################

#### Set which daemons to run.
#### If you use AFP file server, run both cnid_metad and afpd.
CNID_METAD_RUN=yes
AFPD_RUN=yes

#### maximum number of clients that can connect:
AFPD_MAX_CLIENTS=20

#### UAMs (User Authentication Modules)
#### available options: uams_dhx.so, uams_dhx2.so, uams_guest.so,
####                    uams_clrtxt.so(legacy), uams_randnum.so(legacy)
AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"

#### Set the id of the guest user when using uams_guest.so
AFPD_GUEST=nobody

#### config for cnid_metad. Default log config:
CNID_CONFIG="-l log_note"

#########################################################################
# AppleTalk specific configuration (legacy)
#########################################################################

#### Set which legacy daemons to run.
#### If you need AppleTalk, run atalkd.
#### papd, timelord and a2boot are dependent upon atalkd.
ATALKD_RUN=no
PAPD_RUN=no
TIMELORD_RUN=no
A2BOOT_RUN=no

#### Control whether the daemons are started in the background.
#### If it is dissatisfied that legacy atalkd starts slowly, set "yes".
ATALK_BGROUND=no

#### Set the AppleTalk Zone name.
#### NOTE: if your zone has spaces in it, you're better off specifying
####       it in afpd.conf
ATALK_ZONE=@AFP

SIXTH:

Start ‘em up!

/etc/init.d/netatalk start

That should start up the services. I did a quick check using “netstat -tapn” and if you see these below, you should be running:

tcp        0      0 0.0.0.0:548             0.0.0.0:*               LISTEN      22146/afpd
tcp6       0      0 ::1:4700                :::*                    LISTEN      22144/cnid_metad

Again, may look a bit different on your system, but you should at minimum see the afpd process on port 548 and soemthing listed for “cnid_metad” on its default port of 4700.  I don’t know why mine says tcp6, but it works, so I am not complaining.

I should note, I set this up on two systems.  One worked right away, the other wouldn’t start cnid_metad.  Your startup should respond with:

..Starting Netatalk services (this will take a while):  cnid_metad afpd.

See that “cnid_metad” listed in the services starting?  My problem system wouldn’t show this, it only showed afpd.  As a result, Time Machine and Finder on my Mac would give me an error about CNID DB not working and “using temporary” or something like that.  Time Machine failed everytime.

What I did to fix it, was a cheesy hack.  I just found the lines below in my /etc/init.d/netatalk script:

# prepare startup of file services
if [ "x$CNID_METAD_RUN" = "xyes" -a -x /usr/local/sbin/cnid_metad ] ; then
   echo -n " cnid_metad"
   /usr/local/sbin/cnid_metad $CNID_CONFIG
fi

I changed the above to look like this:

# prepare startup of file services
if [ -x /usr/local/sbin/cnid_metad ] ; then
   echo -n " cnid_metad"
   /usr/local/sbin/cnid_metad $CNID_CONFIG
fi

I don’t care if CNID_METAD is “yes” or not, I just want it to run!  Everytime!  So I just check if that binary is executable and launch it.  This worked!!  And Time Machine connected to my AFP share (which was this: afp://draygon/TimeMachine ) and started backing up!

I won’t go into the Time Machine config on your Mac here. All you really need to do is in the “Select Disk” button, it will list your available disks, just select the one on your server.  I did make sure I could connect to it first.  In Finder, go to “Go” on the menu and select “Connect to Server”.  Type in the server path or browse to it.  ( afp://YOUR_SERVER_NAME/YOUR_SHARE_NAME  )  If that opens, and you can create files in there in Finder, you should be good to go!

It should be obvious, as well, that on your Linux system you need a user account created with a matching password (which Finder on your Mac may ask for).  You should also have file system permissions configured on your Linux system accordingly.  If not, you will have trouble connection and/or creating files.  Therefore, Time Machine won’t work either.  So make sure the “sharing” stuff works.

My Config Files:

Located in /usr/local/etc/netatalk, the links below will open up at pastebin.com.

afpd.conf  - http://pastebin.com/3kvHLLph  

AppleVolumes.default - http://pastebin.com/Z0L7pzGi

netatalk.conf - http://pastebin.com/agVs4RW0

Extra Note:

I wanted to mention this link:  http://lifehacker.com/5691649/an-easier-way-to-set-up-time-machine-to-back-up-to-a-networked-windows-computer 

In order to get Time Machine to use that AFP share, you need to create a Sparse bundle file which saves your data.  The link above has some great instructions on that.  And they link you to this script for your Mac to create the file and copy it, makes it easy!

 EDIT 12/02/11:

On OSX Lion, you apparently DO NOT need to manually create that sparse file.  I had to remove my backup data and recreate it, and when I did, I did not create the sparse file.  I simply opened Time Machine, clicked Select Disk, and there was my network share. I selected that network share and it created a new sparse file and started to backup automatically. Nice!!

Maybe that’s a Lion thing, I don’t know. BUT YOU DO NEED to tweak your Mac to allow backup to an unsupported network share.  The articles listed above mention using the “secrets pref pane” in OSX and a checkbox to allow the unsupported backup location. PrefPane can be downloaded from this site:
http://secrets.blacktree.com/ 

(you can really BREAK your Mac with that program with some of those settings, so use at your own risk!  I only used it to set my Time Machine to use Linux.)

Its a quick-n-easy install.  Open that program once installed, go to the Time Machine section and check the box to allow unsupported backup locations.  There is a manual, command line way to do this as  well.

Below is a very quick example of what I did to configure a system DSN connection to a Mysql and PostgreSQL database using UnixODBC drivers on Ubuntu Lucid server from command line only.

# Do the obvious, install mysql an postgresql first. :)

# install unixodbc
apt-get install unixodbc unixodbc-dev libmyodbc odbc-postgresql

# cd to /etc/ODBCDataSources

# setup mysql driver, make myodbc_template file
[MySQL]
Description = MySQL driver
Driver = /usr/lib/odbc/libmyodbc.so
Setup = /usr/lib/odbc/libodbcmyS.so

Edit 7/7/11:

I think pgsql odbc should not be /usr/lib/odbc/libodbcpsql.so , but rather /usr/lib/odbc/psqlodbca.so.
I have not tested, but I later realized libodbcpsql.so does not exist.  Just an FYI.

I was asked about the resources used on the Dell Inspiron Mini 1012 using either Windows 7, Ubuntu 10.04 Lucid, or JoliCloud operating systems.  So… here’s what I found…

I didn’t do anything fancy, just boot each up and look at their system/task managers.  The Linux systems have Chromium/Google Chrome running, and Jolicloud has Apache and Mysql services running, but they both ran at about 200Mb – 250Mb and minimal CPU usage.  On the Linux systems, I immediately launched the system monitors upon boot and took a screenshot. On Windows, however, I didn’t even have a screenshot app, so I had to find one first.  This brought the usage down a little, down to around 650Mb (it boots with about 750Mb), but CPU was still up there and bouncing around a lot, just lower than during bootup.  Keep in mind also, on Windows, the Dell came with McAfee antivirus, which is running and using resources.  But NO WEB BROWSER is running on Windows in the screen shot.

What I found really annoying, was that once Internet Explorer was launched, so I could upload a screenshot, the memory went up and over 800Mb!  I only have 1Gb in this thing, so there’s really no room for apps to run.  I am sure an extra 1Gb of memory would help, but it wouldn’t make it any faster. The thing just runs slow regardless under Windows.  On the Linux side, they run slow too, just *not as slow* feeling as Windows does.  At least there’s room in 1Gb to run some apps.

It was odd though, because Windows sitting idle would run a low cpu percentage, like under 10%, and commonly with 2-5%.  Once you do anything, the cpu spikes up, and with IE running, it runs 100% for a while.  On Ubuntu, you can see it running consistently around 25%, which spikes just like Windows, only not 100%.  Jolicloud runs a little better, with about 10 – 15% resources at idle, with the occasional spikes too.  They all spike up when you do anything, but Windows spikes way up, and a lot of the time its at 100%.  Could be, that’s why it seems slower, and that may be caused by extra swapping to disk because Windows requires much more memory.  (I don’t really know, just a theory)  Just my opinion, concerning the general operational responsiveness, Ubuntu 10.04 seems to run a little better than either, but Jolicloud is very close and not really noticeable. I think its just the UI they’ve got that’s just a tiny bit slower than the Ubuntu GUI.  But its not a big deal.

Anyway, here’s the screenshot of Windows after about 5 minutes from boot.

Larger image here: http://www.1stbyte.com/wp-content/uploads/2011/03/Screenshot-windows7resources-1.jpg

And below is the Jolicloud screenshot.

Larger Image here: http://www.1stbyte.com/wp-content/uploads/2011/03/Screenshot-jolicloudresources.jpg

And last, below is Ubuntu 10.04 Lucid Netbook Remix version.

Larger image of Ubuntu here: http://www.1stbyte.com/wp-content/uploads/2011/03/Screenshot-Ubunturesources.jpg

Quick note about using chntpw command to reset Windows passwords. Mostly, I just couldn’t remember what the command line program was or the switches.

Boot to System Rescue CD.
mount the Windows drive RW (mine was RO)
cd to the config dir: cd /mnt/sda1/Windows/System32/config
Backup your sam,security,system,software (just copy them to another directory)

Now run this to list user while in the config directory:
chntpw -l ./sam

And this will run in interactive mode and ask you which user to edit the password.
chntpw -i ./sam

Chntpw can also edit your registry. One time it really saved the day when I was locked out of a computer and something was causing boot to fail. This made it pretty quick to edit the registry in a way that allowed me access to the system again. (then we proceeded to run a bunch of antivirus checks)  By the way, this worked for me on Windows XP and Windows 7.

Great tool!

If you are like me, you don’t have time to run nmap scans and do other network maintenance. Running nmap is one of those really fun and useful tools that are easy to use, but since I rarely use it, I never remember the options.  Today was one of those situations where I needed to hunt down a host on my client’s network remotely running certain software. It wasn’t responding to any remote services (like RDP) or pings, so I didn’t even know if it was on the correct IP address.  I thought it would easy enough to do a quick network scan with nmap to discover the hosts running.

At a simple level, and on a small, class C network, I just ran this:

sudo nmap -PR 192.168.0.*

This allowed me to quickly see all the hosts that were up on the local subnet, and here’s an example showing the end of the output on the last host found:

Interesting ports on 192.168.0.210:
Not shown: 992 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
139/tcp  open  netbios-ssn
427/tcp  open  svrloc
443/tcp  open  https
515/tcp  open  printer
631/tcp  open  ipp
9100/tcp open  jetdirect
MAC Address: 00:1B:xx:xx:xx:xx (NEC AccessTechnica)
Nmap done: 256 IP addresses (20 hosts up) scanned in 42.07 seconds

That was super helpful.  The host I needed showed right up, at the correct IP address, with most of the ports I expected. (not the one shown above) Now I just need to remote into the system (if I can) and adjust things.  Nmap made it real easy on our Linux server.

There are some more useful commands, and as I need them, I’ll blog them. For today, this was all I needed.

I tested Windows 7, Jolicloud, Ubuntu 10.10 Maverick, and Ubuntu 10.04 Lucid on my new Dell Inspiron Mini 10 (1012) Netbook.  First let me say, Window 7 on this netbook is barely usable. If you wait for the OS to finish booting, which takes at least 5 minutes before all the background processes finish loading, then it operates *Ok*.  But to be honest, I didn’t want to run this thing with Windows from the start.  Biggest reason…  from initial power on, it takes 3 minutes and 13 seconds to boot, connect to Wifi, and have your home page open.  WHAT!  Are you kidding me?  That’s just way too long for something that you want for some periodic web use.  And remember, that’s Windows 7 without any Antivirus software loaded up (at least any that I saw from a fresh Dell install from factory).  Once you load up some basic programs, Antivirus, Dropbox, backup software (I prefer Crashplan, but you could consider Dropbox just for essentials.), Office, just basic stuff for any Windows system, it’s going to slow down even further.   I don’t expect much from this little, underpowered Atom-based, mini laptop, but it should be something reasonable to use.  I think another post is coming for “My advice on buying a Netbook, for non-Geeks.”

So… I didn’t like the idea of Windows on my netbook. I am a Linux/Unix guy anyway, and I know there’s been some big improvements in the Linux Desktop area.  I use Ubuntu 10.04 Lucid as my primary desktop and laptop OS anyway, and I love it.  ( I still have a secondary Windows 7 system though.)  I wanted to give Ubuntu Netbook Remix 10.10 Maverick a try. I installed it, and immediately noticed something, I had no wireless.  Man, still!  For the last 1 to 2 years I’ve tried netbooks with Linux based OS’s and they always have issues with the wirless!  And to make it worse, getting the wireless to work looked easy, but it didn’t work. The “restricted drivers” in Ubuntu didn’t want to load. I did get everything working, but Maverick has some major issues that drove me nuts.

Maverick netbook version uses that nice looking, and clever user interface called Unity.  But I had a very hard time with it.  For one, I couldn’t add my own launchers.  Right click menu’s didn’t work, and it customizing it, if you even can, was very difficult.  For two, it crashed constantly!  For three, once I added the current Apt updates, the whole thing slowed so much I could barely operate it!  Maverick was such a pain to use, I just formatted and loaded Lucid after wasting over a day of tweaks and adjustments.

I will say this, Ubuntu Maverick did boot quickly. Times below are from initial power button, which includes BIOS POST.
- In about 50 seconds I had a desktop.
- 1:13 I saw the Wifi connection established
- 1:27 the web was launched and home page loaded.
Not too bad, in my opinion.

However, continuing with Maverick was a NO-GO.  Next, I installed Ubuntu 10.04 Lucid. Install was easy, just like Maverick, but I didn’t see the crashing, it got all the updates and didn’t slow to a crawl, and most importantly, the Restricted Drivers for the Broadcom Wireless adapter loaded without an issue and connected right away.  NICE! Even better, the boot times were almost identical to Maverick! Including waiting 20 seconds for the Dell to POST, it was about a minute and a half and I was online surfing.

Of course, I’ve also heard recently that there’s this OS called Jolicloud.  So I had to test that out too.  I guess its Ubuntu 10.04 based, so should be easy and familiar for me.  And it was! Install didn’t work using their USB creator. I had to get a separate tool and do a manual USB disk creation of their ISO, but I am not complaining about that because you have to deal with this for all the Linux-USB-netbook installations.  It just didn’t use their own USB creator as described on their website and required more steps, but still easy.

Jolicloud installed effortlessly on the netbook! I had pre-allocated about 30G of free space on the hard drive just for this. When install ran, it asked if it could install into the free space, I said Yes, and it was easy from there.  You do have the option to resize and change the partitions if you want, I had done this previously with Ubuntu in my case.  Install took same amount of time as Ubuntu,and I think was about 20-30 minutes.

Initial boot asked for user credentials and to create an account with Jolicloud.  You can even use Facebook login with it, but the base Linux still requires a user account.  I think the developers don’t really intent it to be used by more than one person, just for ease of use.  But I wanted my family accounts on there, so I created one for each, which is a little odd and buggy process. (it didn’t work right away, gave me an error, looked like it was crashing, but then did actually work with a disabled account.)

Best thing about Jolicloud was, THE WIRELESS JUST WORKED!  I love it!  Install was easy, system booted, and I clicked the icon to use my Wifi connection.  Nice!  Even better, I was online and adding their apps easily and everything just worked in that area.  For most people, this is all you need.  It installed and things get you online and functional with ease.  Next best thing… it boots with the same times as Ubuntu!  In about 1 minute 30 seconds, I am online and browsing, from the moment I pushed power.

Two things I don’t like about Jolicloud.  1. Suspend doesn’t seem to work, but that may not be the fault of Jolicloud, and rather a driver issue or Dell issue.  Hibernate works great, so I setup the system to use that on lid close. (which takes about 17 seconds to power down).  2. They seem to want you to use their apps.  I can understand that, but this is Linux,and I like to geek-out!  I couldn’t find a way to make a launcher, anywhere, for specialized apps.  In my particular case, I was using Netbeans, which installed fine, but there was no way to launch it, except to A) use command line, or B) browse to the folder and double-click the launch script.  I have other apps that may be an issue with this. I don’t like it,and I don’t like being confined to their launcher interface. Although, their user interface is very nice and for most all other operations it works very well and I like it!

Also, I don’t think they recommend it, but I used “apt-get” easily with no configuration. Everything I wanted to load with apt, worked without issue, so far.  I installed Mercurial, Apache2 and PHP5 to run a testing web server. Yes, I know, why would you do that on a Netbook?  Well, because, my son and I are playing with Javascript and PHP, and the netbook is really handy for him to play with while I use my laptop next to him.  Its fun!  Plus, with Jolicloud, using their built-in app install UI, they have about a Gazillion games and there’s lots to do on there for a kid.

So far, for me anyway, I am really liking Jolicloud. For most people, they’ll like it too, and its faster than Windows and you don’t need to deal with AV software. Not that you can’t get spyware or viruses, just that its not Windows, where you WILL get one without AV.

As for the Dell Mini 1012 netbook, I like it!  It’s got a nice, high-res display at 1366×768, unlike most netbooks that have only 1024×600. It’s battery is great too, and so far is lasting close to 5 hours. (probably average about 4 hours)  And with hibernation and only periodic use, it goes a couple days till I need to charge. Charging is slow though!  The keyboard is a little small for me, but usable.

This is not a post about comparison with an iPad, but I just have to say, even though I like this netbook and Jolicloud, it will only have limited use.  Now that my family has had an iPad for about 9 months or so, they don’t really want to use the netbook.  Main reason being… even with fairly quick boot time and ease of use, the iPad is WAY FASTER and easier to get online!  There’s also a “cool” factor, but even my anti-technology wife, she insists on using the iPad.  They all like it for that reason more than anything, that it powers on and you are online in literally a few seconds.  Also, the batter needs charging about once a week for us on the iPad.  I should also say, there’s no logins, weird moments where you need to “wait for that thing to show you are online”, or confusion about what to click and where to go. For the non-tech people, the iPad is hands down the best casual web device.  My kids use it for super quick Facebook checks and updates, my wife handles her recipes and does quick web lookups, and all if it without any of my help, and all of it very fast and easy.  A netbook, even with Windows, just doesn’t even compare.

If any of you readers have further questions regarding Jolicloud or Ubuntu Lucid or the Dell Mini, just comment and ask. I have the 250G drive loaded with all 3 in a triple boot setup, so I can probably check for specific issues if you like.

UPDATE 3/14/11 :

I added a new post on resource usage of each OS, if you are interested, with Screen shots.

Go here to check it out: http://www.1stbyte.com/2011/03/14/resource-usage-on-dell-inspiron-mini-1012-with-window-7-ubuntu-10-04-lucid-and-jolicloud/

I keep forgetting what to do to add the Firefox 4 beta to my Ubuntu Linux 10.04 Lucid systems. It’s quick and easy, just copy the lines below (one at a time) into Terminal and add the PPA sources to Apt. Then Minefield browser will be installed as the pre-packaged version of the Firefox 4 beta.


sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa
sudo apt-get update
sudo apt-get install firefox-4.0


broadcom STA wireless driver “systemerror: installarchives() failed” on Ubuntu Maverick Dell Mini

While attempting to Activate the proprietary Broadcom STA Wireless driver in Ubuntu 10.10 Maverick, I waited and then recieved the error, “systemerror: installarchives() failed”. I am using a Dell Inspiron Mini 1012. I am also booted into the Live USB install flash disk, not from my hard drive.

Some installs and uninstalls failed using the “Software Center.” So on to apt.

First thing I thought was, “we probably need our sources updated.” So, from terminal, run:

sudo apt-get update


(obviously, you will need to be connected to the “wired” ethernet and have a live internet connection, so make sure that’s working first.)

I had to do a little Googling,and I also checked in Software Center for anything with Broadcom in the search, and I found the bcmwl-kernel-source package. Let’s reinstall this and see if it works.
Next I ran:

sudo apt-get remove bcmwl-kernel-source


This process started to remove the package, but I noticed that it also was trying to remove DKMS Modules. This failed. Next, let’s try removing DKMS.

sudo apt-get remove dkms

That uninstalled ok, but then failed, again, on the bcmwl-kernel-source package. What’s the deal with this package?! Maybe just reinstalling inplace?

sudo apt-get --reinstall install bcmwl-kernel-source

Same problem!
Let’s try:

sudo apt-get -f --reinstall install bcmwl-kernel-source
sudo apt-get --purge remove bcmwl-kernel-source

Still not working! Fails on update-initramfs!
Seems that nothing I do will allow me to update/reinstall/fix this issue. The problem has something to do with the update-initramfs process and its not working on the USB stick. There may be some further log info, but what I found online was a bug in the “casper” system. I guess the USB sticks are not writable and update-initramfs will fail.
https://bugs.launchpad.net/ubuntu/maverick/+source/casper/+bug/591207
So I tried this: (be careful , you may end up with a non-bootable USB disk)

sudo apt-get install casper
sudo /usr/share/casper/casper-update-initramfs -u
sudo reboot


Woah!! Nice!! It worked on reboot!! Boom – Headshot! I didn’t even need to reinstall the Broadcom drivers! After booting into the Netbook Remix on the Live USB disk, once I clicked on the network manager icon, it showed me all the available wireless networks!

That was awesome! It felt like when I play Call of Duty Modern Warfare 2 when I get a headshot, which always comes as a surprise to me. Boom! Headshot! And then I think, “Ok, that was cool! Didn’t expect that to work!” ROFL!

Well, now that I can see the Wifi is working, I’ll install on my hard disk.

Good luck!

This took a while to solve, its not exactly user-friendly.  I have a FreeBSD server running VirtualBox virtual machines in headless mode, and I need to do everything using VBoxManage command line. (CLI)  In one case I wanted to remove the attached DVD ISO image from my machine. They don’t have a “storagedetach” or “removehd” command, you have to use the “storageattach” command, with some extra info.

List the VM info to see the port and device attached.
VBoxManage showvminfo vmMaridia
(My VM name is vmMaridia)

You will see stuff like so:

Storage Controller Name (0): maridiasata
Storage Controller Type (0): IntelAhci
Storage Controller Instance Number (0): 0
Storage Controller Max Port Count (0): 30
Storage Controller Port Count (0): 30
Storage Controller Name (1): maridiaide
Storage Controller Type (1): PIIX4
Storage Controller Instance Number (1): 0
Storage Controller Max Port Count (1): 2
Storage Controller Port Count (1): 2
maridiasata (0, 0): /vm/sys/maridia/mir1.vdi (UUID: fd813be8-dd38-4784-a374-d96263aae1ba)
maridiasata (1, 0): /vm/sys/maridia/mir2.vdi (UUID: dab57578-4de5-4bef-91ee-232c56eea671)
maridiasata (3, 0): /vm/sys/maridia/mardia-bu.vdi (UUID: 6ac3c6aa-ae5b-4d57-8f30-24e59d2ef381)
maridiasata (4, 0): /vm/sys/maridia/share-sata.vdi (UUID: d16a4847-95fb-43bd-b8b4-c7d9e38d9946)
maridiaide (0, 0): /vm/iso/sysresc156.iso (UUID: 10cbebd7-e058-4c8e-9487-52e7776d9935)


So, in my system, I wanted to remove from maridiaide controller, the port 0, device 0. Which is the sysresc156.iso.
To remove the DVD:

VBoxManage storageattach vmMaridia --storagectl maridiaide --port 0 --device 0 --medium none


The trick was, you just specify “none” as the medium when you want to remove it. Now when you run “showvminfo” on that VM, you’ll see no drive attached, in fact no maridiaide controller listed. (although, I do think it is registered still?)

I thought I’d be smart and enable data=journal on my root file system. I know its slower, but I prefer data integrity over speed on this system. Even if its not my main data volume, I like the idea of the whole OS running with the best integrity.

So, here’s what I did… I edited my /etc/fstab file, and added “data=journal” in the mount options. Here’s my old fstab:

/dev/mapper/vg1-root / ext4 defaults,errors=remount-ro 0 1

I changed it to:

/dev/mapper/vg1-root / ext4 rw,data=journal,journal_checksum 0 1


Well… upon reboot, I got an error and it wouldn’t load the system:

EXT4-fs: cannot change data mode on remount


Turns out, during boot it’s first mounted as read only, if I understand things correctly, then remounted per your fstab options. When I created the file system I didn’t use the option to journal_data, which is not “ordered” mode, per ext4 default. And the root file system is remounted during boot. (correct Linux Pros out there? I have that right, right?) So to fix this, I booted into my trusted SystemRescueCD (on USB) and ran this:

tune2fs -o journal_data /dev/vg1/root


Yahoo! It booted right up with my new fstab options. Note that YOU MUST have created that file system with journaling enabled in the first place, like you would with “mkfs.ext4 -j /dev/sda1″. (with the -j option)

PS. You can list the options on the file system with “tune2sf -l /dev/sda1″.

BTW, I am using Ubuntu 10.04 server, in case you wondered. :)

sed -i '53d' ~/.ssh/known_hosts
Run in your home directory. Replace “53″ with the line number referred to in the known_hosts error from the ssh login attempt. You need the “d”. If you had line 12, then you’ll show ’12d’ in that sed command.

I found some info on Google searches to get Windows 7 to join a Samba domain controller.  I have Ubuntu 9.04 Jaunty which runs Samba 3.3.2, which I guess does not work.  You need 3.3.4.   Windows 7 needs a registry change:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000

The above need to be added to allow the join to work.  Then find the key below and set those values to 0.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOnSeal”=dword:00000000
“RequireStrongKey”=dword:00000000

The Netlogon values need to be updated, or Windows 7 will not allow domain logons.  You’ll get an error about credentials and no domain controller, or something like it.  Adding the second two will allow the logon.

Adding the registry keys above, plus upgrading Samba, did the trick.  I was able to join Windows 7 to Samba 3.3.4, but I did get a weird error about the DNS suffix being wrong.  I just said OK and left it.  I tried to change it several times after, too, but always get the same error.  System working fine so far though!

As for upgrading Samba, you’ll have to Google that one.  But here’s what I did, in a nutshell. (This is NOT a HOWTO, just a record of my experience, so if you follow this, it might break your system. Just be warned.  A Samba Server book might be nice for more information.)  I had a working domain controller, so I had a SAM database already with SID’s and passwords.  I didn’t want to lose those.  After backing up my server and Samba configs (including all the tdb files) I removed Samba 3.3.2 package from Ubuntu.  Then I downloaded the Samba source tar.gz for version 3.3.4, unpacked and “./configure” and then compiled. (make && make install)

At this point I found all my tdb files and copied them into the default Samba installation, which was different than the Ubuntu package.  I think the original tdb files from Ubuntu are in /var/lib/samba.  I copied all that to /usr/local/samba/var/lock. (the default when compiling from source)  I also setup a link from the original smb.conf in /etc/samba to /usr/local/samba/lib/smb.conf.

Now I’ve got my Windows 7 system logged in and joined to my Samba domain!

Just wanted to add a quick note about this as I couldn’t find a reason why dynamic DNS on my Ubuntu 9.04 system were failing. I had all the right perms, ownership, etc. I even opened up the files to full world writable and still, I got errors that the journal files could not be written to.

Log snippets:

error: journal open failed: unexpected error

jnl: create: permission denied

Learning as I go… there’s a thing in Ubuntu called Apparmor. Never even heard of this. This is what was keeping the files from being written to by the bind daemon.  I guess Apparmor has been in this for a while now, but for several yeas now, I have not run into a situation where I had to mess with it.

Here’s what you change.  And keep in mind, this is NOT the correct way to handle this on a production or public DNS server.  You’ll need to read up more on the correct config for this one.  But on my tiny LAN or at home, here’s what I did.  In the /etc/apparmor.d directory, edit the usr.sbin.named file.  Find the line:

/etc/bind/** r,

Change it to:

/etc/bind/** rw,

Then restart the apparmord daemon.  If your DDNS config in Bind and DHCP are correct, you should start seeing successful updates now.

Here’s a coulple links that were helpful on the DDNS setup:

http://brunogirin.blogspot.com/2007/11/dhcp-and-dynamic-dns-on-ubuntu-server.html
http://ubuntuforums.org/showthread.php?t=274665
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html

Also, I wanted to make a note to myself. Creating a new key for DDNS:

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dhcp-update-key

That creates keyfiles in which you’ll get your key string, this is added in your dhcpd.conf and named.conf.* files as “secret”.   RTFM dnssec-keygen. and read up on the links above. :)

When you clone or image your Linux hard drive with Ghost or Drive Image (or any other imaging software) you might not be able to load Grub. Usually just running some Grub commands off a Linux System Rescue CD will fix it. I think most any bootable Linux Live CD will work. You would run these commands:

After boot, run “grub”. (the following lines are from the “grub>” prompt.)

……………………

find /boot/grub/stage1

    (hd0,0)

root (hd0,0)

setup (hd0)

quit

……………………

You would replace “root (hd0,0)” with whatever is output from the find command above. The above assumes you have /boot on the same root partition.

On IPCop, boot is on a separate partition. So you need to be a little fancier. The key is to tell it what device to use. In the example below, we will assume we know what drive the boot record is on. (hd0,0). Also note, that IPCop because IPCop has boot on a separate partition, running the find command would be like so:

find /grub/stage1

Ok, so using the device command, and since we know our root is on hd0 …
(all on the grub prompt)

……………………

device (hd0) /dev/hda

root (hd0,0)

setup (hd0)

quit

……………………

Now grub should load ok. This would apply to most images/clones made, I think. But, now, what if your distro uses symlinks to represent your hard drives? I ask, because this stopped me from running IPCop off an image. Took me a while to realize two things.

1. IpCop uses symlinks for /dev/harddisk instead of /dev/hda. (Can someone tell me why they do that? Why change that? Every other Linux distro I have used uses /dev/hda1 for the first partition on IDE drive.)
2. When I cloned the system, the grub.conf (also known as menu.lst on other systems) listed the root filesystem as /dev/hda4, and yet, there was no hda4 in dev directory. It didn’t even exist on the old drive, so I have no idea how IpCop was booting!

Solution to #2 above was again to boot to a Linux Live CD, mount the boot partition on hda1, edit grub.conf and change all the /dev/hda4 entries to /dev/hda3, where the root filesystem actually resided.

On number #1 above, I don’t think fixing it actually caused the system to boot, but I did it anyway. While booted to the Live CD, I edited the /etc/fstab file on the hard drive and changed all the entries for /dev/harddisk1 through 3, to point to /dev/hda1 through 3. There is probably a reason for them doing this, but ya got me why. ?? Changing this might bite me it the butt some day, but for now, it boots beautifully!

Oh, and one might ask, why make a drive image of IPCop when they provide a backup and restore feature using floppy? Well, here’s why: 1. I have a ton of add-on programs installed, and they don’t backup. 2. I like an image better than a floppy!

IpCop is an awesome system, and I’ve had zero problems with it over many years now. But, it doesn’t do enough by itself. I mostly like the BlockOutTraffic addon you can install, giving you detailed control over all communication. I also modify the SSH setup to work the way I like it, using certificate auth and custom ports for several users tunneling into our networks. (works way better than VPN!) On some networks, I have to use PopTOP, the PPTP addon for Ipcop VPN. (not by my choice, it’s a requirement by an application we use.) All these might not backup to a floppy, and it’s so fast to make a Ghost image of the drive. You just have to spend a few extra minutes during restore.

Note: I was using IPCop 1.4.16 during all this.

EDIT 10/22 (later that evening…)

For IPCop, YOU MUST boot to an existing drive on /dev/hda that contains a working copy of IPCop and have your newly cloned drive operational as /dev/hdc. When you run grub, and then all the device, root and setup commands, you need to do it like so.

……………………

device (hd0) /dev/hdc

root (hd0,0)

setup (hd0)

quit

……………………

Notice the /dev/hdc above? Don’t ask me why, but when you try to run this from a Live CD, it won’t work. I really would like to know though, because the fact that it doesn’t work drives me nuts. There must be a simple explanation, and I know it’s just my ignorance of the grub boot loader, but this shouldn’t be needed. (and yet it is!) I just don’t have time to figure it out, when I can simply boot an IPCop as hda and run this quickly. Sometimes it is easier to not ask why, and move on. So make a note of this, YOU MUST boot to and IPCop OS with your new drive installed, then run the grub setup. Stupid, but at least it works.

Uber quick howto:  (based on Debian)
1. Make sure ssh, rsync and sudo are installed and working.
2. Add a user account,  on remote system.
2.a Add a certificate with openssl or ssh-keygen (look that up elsewhere)
2.b Make sure the cert is unencrypted with no password. Yes,  that is a slight security concern, HOWEVER, if you are very careful to secure that private key, you are ok.  In other words, don’t share it or let it out!
2.c Add your public key to your new users /home/username/.ssh/authorized_keys file.  (how to’s for this stuff are on the web)
2.d Test this user’s login and make sure it logs you in from your local machine.
3.  Now, this new user is unprivileged, so you need to use sudo for running the remote rsync command.  Add this to your remote machine /etc/sudoers file:

 nameofnewuser	remotemachinename=NOPASSWD:/usr/bin/rsync

Above, you replace with the appropriate names.

4. Copy your private key from the remote machine and save it on the local machine where you will be backing up to.  For example, save it in the local user’s .ssh directory.  /home/localuseraccount/.ssh/private.key

5. You need to create a script.  In the example below, I have an exclude.txt file also, so I can exclude directories and files.  Look that up in the rsync how-to’s.

#!/bin/bash

rsync -avz --rsync-path="sudo /usr/bin/rsync" 	

	--exclude-from=exclude.txt -e

 	"ssh -p 22 -i /home/localuseraccount/.ssh/private.key"

  	remoteuseraccount@remote.server.com:/ /backup/to/path

In case you didn’t catch that, the section above with the rsync command is all one line!