Tuesday, November 21, 2006

Automatically mount samba shares with pam_mount

I wanted to mount a samba share on login whitout any fancy stuff like encrypted home directories or even single sign on. For my convenience and to cope with my fainting memory, some notes how to do it:

I am configuring a standard ubuntu installation where pam is simulating traditional unix authentication (pam_unix.so).

1. Install pam_mount and read the documentation

apt-get install libpam-mount

The relevant documentation is scattered around the files (Debian/ubuntu):
/etc/security/pam_mount.conf
/usr/share/libpam-mount/README.gz
/usr/share/libpam-mount/README.Debian.gz

Usefull howto-style pages on the web:
http://www.novell.com/coolsolutions/feature/15354.html
http://linux.blogweb.de/archives/189-Automount-the-PAM-way.html

2. Include pam_mount in the relevant pam configuration files
pam_mount works as an auth module. You have to include

@include common-pammount

into the login modules you use. In my case /etc/pam.d/login and /etc/pam.d/gdm
As stated in the tutorials and the module documentation mentioned above, you have to paste the include statement after the common-auth und common-session include statements

If you want to allow user specific configuration files, uncomment luserconf in
/etc/security/pam_mount.conf

Add necessary mount options to options_allow (in my case e.g. credentials,iocharset and username – see below)

3. Configure your personal .pam_mount.conf
The hardest part to figure out (it is a one-liner).

volume my_linux_username cifs server volume_on_server mount_point
username=win_username,credentials=/path/to/.smbcredentials,
iocharset=utf8,nosuid,nodev - -


Don't forget to include two dashes. They are fill-ins for the encryption options i do not use.

The tricky part was to get pam_mount to use a special username for authentication at the windows server and not my linux username, as they are not identical. pam_mount includes automatically the username you specify as second argument in the configuration file into the mount options. My problem was that my linux username and my username on the windows machine were not the same. The fact that i specified my samba credentials in a file did not help. The workaround is the extra username argument in the example above. If you look at the resulting command pam_mount will build out of your configured credentials (/var/log/auth.log), you will see that pam_mount will pass two username parameters to the mount command, but it will work the way intended.

Pam_mount will give you an error in the logs even if it succeeds, which is irritating. There is an explanation on the pam_mount mailinglist though.

Pam_mount does not work "out of the box" in ssh sessions. There are some hints in the pam_mount FAQ (typically /usr/share/doc/libpam-mount/FAQ.gz, but i have not managed to make it work yet.

Saturday, October 14, 2006

Deploying PHP with Capistrano

If you are looking for an automated way to deploy your php application you'd problably stumble over this blog post. So did I.

I wanted to try this on ubuntu Dapper. But there was no ruby, so I did:

apt-get install ruby
apt-get install rdoc

Then i fetched the rubygems archive from:
http://rubyforge.org/frs/?group_id=126

Follow the instructions of the README. I got an error message the first time i tried to install it because the rdoc package was missing from my ubuntu installation (see above the apt-get).

setup.rb failed too. After further google research i found this comment:

At this point you must MAKE SURE you install gems from the top
of directory you unpacked it to, otherwise you will get an error
stating

.... ./post-install.rb has failed
"No such file or directory - pkgs/sources"

Hope this helps someone, Thanks everyone.


Then i followed the instructions on simplistic complexity i mentioned in the beginning.

gem install capistrano
...

On Dapper i needed an additional apt-get install libopenssl-ruby for capistrano to install.

You still have to make sure that pubkey authentification is setup correctly for your target server. You need subversion (at least the client) installed there too, if you want to use capistranos default deployment procedure and your php application's filesytem layout should be ruby-like in order to make things easy.

The fact that your doc_root changes to /path_to_your_php_app/current is mentioned as well on simplistic complexity. Once you are set up it makes life lot easier.

Sunday, August 27, 2006

ibook hd replacement

Installed a new harddrive (HTS721080G9AT00) yesterday on my 3.5 year old ibook g3. Used the excellent instructions from pbfixit.com. It was not easy but certainly doable. Messed up the lower case a little bit, but you won't see the scratch if you don't know what you're looking for. So everything went fine.

I noticed that the Apple guys who replaced my logic board when i got the notorious problem, did a pretty good job ruining a couple of screws and even a torx.
The yellow tape, described in the instructions from ifixit, i found removed by apple care. Besides the instructions were excellent, if you don't mind some small inaccuracies.

The fun part was reinstalling my system software and restoring the backup. I had about 25 GB of data and approx. 18 GB on my backup medium. So there was no way of backing up the whole system avoiding the need to install everything from scratch (compiling my mysql, postgres, php ... fink, darwinports). Long story short: made a partial backup consisting mainly of my home directory – reinstalled Mac OS ... restored the backup.


ditto -V /Users/myname /Volumes/myIpod/myname
ditto -V /Volumes/myIpod/myname /Users/myname


Most interesting/frustrating part: this procedure corrupted the spotlight metadata. Folders were not folders anymore. They had no kMDItemKind of public.folder or something like that. Even erasing the whole index by

mdutil -E /

and waiting 45 min. to reindex the Volume was of no avail. After playing around with the spotlight tools i found the following:


  1. I was able to recreate the index and metadata by using mdimport folder

    I actually used

    mdimport -d1 folder

  2. and discovered to my great dismay that i got lots of errors like the following:

    mdimport[6456] Importer using too much memory
    (147 MB), hit critical threshold.
    Last file imported was: ...

    I could not see a pattern why this was happening. In some (most?) cases this behaviour was triggerd by larger files (around 10 MB of PDF), but sometimes it was simply erratic. Importing problematic files again helped.

  3. Getting Metadata and index back for Mac OS related Applications like iCal or Adressbook was as simple as deleting the ~/Library/Caches Directory