Margus Pala is fixing IT!

What to do if there is problem with IT

Archive for July, 2009

Cannot install flash player 10 for firefox 3.5

Jul 31

Posted by smartman in windows | No Comments

Youtube.com only plays HD videos with flash player 10. If you have lesser flash player then you see notice under the video that please upgrade to flash player 10. I upgraded and upgraded but nothing changed.

Problem was that now i had shockwave flash 9 and 10 simultaneously installed. Open Tools > Add-Ons > Plugins then you see which firefox plugins you have installed.

I disabled shockwave flash 9 but then youtube did not show any video at all. Upper right corner is pop-out button and then it showed me notice how i have plugin disabled.

I removed Adobe Flash from Control Panel > Add or Remove Programs but problem did not went away.

Finally i manually deleted:
* NPSWF32.dll
* flashplayer.xpt
* NPSWF32_FlashUtil.exe
from Mozilla Firefox plugins directory.

Then i installed flash 10 fresh as it is supposed to do.

See also http://kb.mozillazine.org/Flash for flash plugin uninstall removal information

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

Putty: “Server refused our key”

Jul 14

Posted by smartman in Linux, ssh | 1 Comment

Scenario: you want to log into the server from one location with one key and from other location with another key.

First i did this easy way between 2 linux servers: generated key with ssh-keygen, added public key to server with ssh-copy-id, tested and it was all working.

I have also windows machine at hand and i want to use putty to log into server along with different key. Little problem is that openssh and putty keys are not interoperable. You need to import private key generated with ssh-keygen into puttygen and convert this into putty format key.

So far so good until i tried logging into server and i got error message in putty saying “Server refused our key”. I tried several times over until i managed to find out that if you have more than one authenticated key then you need to add them to authenticated_keys2 not authenticated_keys.

There are 2 good pages also about this subject http://ornellas.apanela.com/dokuwiki/pub:ssh_key_auth and http://andremolnar.com/how_to_set_up_ssh_keys_with_putty_and_not_get_server_refused_our_key

Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

-bash: crontab: command not found

Jul 12

Posted by smartman in Linux | No Comments

OS is fedora core 9 and seems like crontab is installed but no crontab executable can be found

yum install crontabs.noarch
Setting up Install Process
Parsing package install arguments
Package crontabs-1.10-19.fc9.noarch already installed and latest version
Nothing to do

You can verify which packages related to cron you have installed..

rpm -qa | grep cron
crontabs-1.10-19.fc9.noarch

..and what files these packages contain.

rpm -ql crontabs-1.10-19.fc9.noarch
/etc/cron.daily
/etc/cron.daily/000-delay.cron
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.monthly/000-delay.cron
/etc/cron.weekly
/etc/cron.weekly/000-delay.cron
/etc/crontab
/etc/sysconfig/crontab
/usr/bin/run-parts

Seems there is problem with some fedora releases that actual cron daemon is not installed by default. To get yourself crontab issue:

yum install cronie
Share on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit

How to install ubuntu in less than a week!

Jul 10

Posted by smartman in Linux | No Comments

I have lying around half of a broken laptop that i want to turn into server station. IBM T23 800MHz 128MB RAM, 20GB HDD and most importantly around 25W power consumption. Currently running stolen winXP that came preinstalled.

Problem is that this comp does not have CD-ROM. Not bootable from USB either so best option is to boot and install over PXE.

I have desktop running ubuntu that i used server for booting. It needs following to do its job: DHCP, TFTP and APACHE.  DHCP server assigns ip to comp with parameter where to find boot files, tftp server serves boot files and apache webserver is later needed to serve actual iso install image.  openbsd-inetd is little funny package helps tftp server.

You have already downloaded ubuntu install image and now please mount this to apache, if /var/www is apache root then do like this:

sudo mount -o loop ubuntu-9.04-server-i386.iso /var/www/ubuntu/

ln -s /var/www/ubuntu/install/netboot/ /var/lib/tftpboot

Need for second command along with whole easy part and setting up PXE netboot environment is described very well in this tutorial https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install.

If you boot up then you see installation menu and can start installation. You want to use your own iso image or CD then stop at the page with heading “Choose a mirror of the Ubuntu archive” scroll up and select “enter information manually”. If you are given a prompt offering us.archive.ubuntu.com or CC.archive.ubuntu.com you’ve gone too far! Enter ip of server where you host your ubuntu installation files.

If you are lucky then you are not reading this text anymore but instead browse happily through your new installation.

I guess i was not so lucky.

My first try was to install ubuntu 8.04 with LTS. If your computer has a stink of floppydrive, especially when it is laptop, then keep your hands off hardy as installation fails to find hard drive when looking at floppy. Some people manage to disable and hide floppy from bios but you cant do this on T23. Netbook allows to drop to shell and dmesg showed like.

"[  131.675341] end_request: I/O error, dev fd0, sector 0"

I tried also ubuntu 6.06 and xubuntu 9.04 alternate cd and as first did not find network card after netboot then latter almost finished saying kernel install had failed.

Solution to problems with installing ubuntu: install Debian!

Netboot is very similar, detecting hard drive and NIC works until it cannot find the installation files from apache.  Checking access log showed 

GET /debian/dists/lenny/Release.gpg HTTP/1.1

and error log 

File does not exist: /var/www/debian/dists/lenny/Release.gpg

. As turns out Release.gpg is signature file and it is not supposed to be on CD at all!!! I tried to be clever added http://ftp.debian.org/debian/dists/lenny/Release.gpg to where it was missing and error log did not have any problems anymore but installation failed at the same place excatly same wa. I had enough, time to try something new.

Due unfortunate consequences i have only 1Mbps internet connection so i set my desktop downloading in night another ubuntu, fedora, mandriva, opensuse and debian releases hoping that at least some of them works.

What amazed me that next day i was able to install via netboot ubuntu Jaunty Jackalope 9.04 server edition at the first try.

Perfect installation, i have nothing but the core, memory usage is only 50MB HDD usage 700MB+swap. I have 70MB for applications and even  if something goes to swap i dont mind a lot :)

Now next problem was that i need more than core but apt-get was thinking the ip where i installed ubuntu is ubuntu mirror which is not entirely correct.

/etc/apt/sources.list needs to be told about actual repositories like described here https://help.ubuntu.com/community/Repositories/CommandLine

/etc/apt/sources.list changed but installing apache2 still did not work, it had missing apache2-mpm-event which had missing libapr1.  Actually this has simple solution that please issue 

sudo apt-get update

when you’re done editing sources.list.

Some messages senn during investigation:

sudo apt-get install apache2-mpm-event
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed.
The following packages have unmet dependencies:
apache2-mpm-event: Depends: libapr1 but it is not installable
Depends: libaprutil1 but it is not going to be installed
Depends: apache2.2-common (= 2.2.11-2ubuntu2.1) but it is not going to be installed
E: Broken packages

sudo apt-get install libapr1
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libapr1 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package libapr1 has no installation candidate
Share on TumblrSubmit to StumbleUponhttp://marguspala.com/wp-includes/images/smilies/icon_smile.gifDigg ThisSubmit to reddit

When apache ignores your SSL certificate!

Jul 3

Posted by smartman in Linux, ssh | 1 Comment

Almost everybody realizes nowadays that pages where login and passwords are used must use encrypted datatransfer like https. To use secure connection webserver must have correctly configured certificate.

Usually certificates are bought from some Certificate Authority and these cost around $100 per year. Here i will show how to make your own cert for free and very simple.

  1. Create private 1024bit RSA key encrypted with des3 into file server.key: 
    openssl genrsa -des3 -out server.key 	1024

    http://www.openssl.org/docs/apps/genrsa.html#

  2. Create new certificate signing request for private key located in file server.key and plase request into server.csr. This asks information about your site and most important common name must match your site name: 
    openssl req -new -key server.key -out 	server.csr

    http://www.openssl.org/docs/apps/req.html#

  3. Finally create certificate in X.509 format from request in file server.csr, sign it with server.key and save results in server.crt, certificate is valid for 365 days.http://www.openssl.org/docs/apps/x509.html#

vhost conf in /etc/httpd/conf/httpd.conf for https with newly created certificate and private key looks like this:

<VirtualHost *:443>
ServerName marguspala.com
DocumentRoot /var/www/marguspala.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
</VirtualHost>

If you are lucky then now after apache restart you have encrypted connection, if not so lucky then apache will not start :)

Problems:

  • If you have several https enabled sites then whatever you want to use you end up only in one site. Probably you are using default httpd.conf and you must enable name based virtual hosts for https. Add this line to httpd.conf 
    NameVirtualHost *:443
  • No matter what certificate you define apache still uses its own that you dont know about and have not seen before.
    If you navigate to webpage, rightclick, view page info etc then you can see certificate data that you entered when creating signing request. If this is not what you enterd then something is not correct.
    I searched whole server to see if there are any other certificates present and found one at /etc/pki/tls/certs/localhost.crt:

    find / 	-name *crt

    Something was using this cert but this was not defined in httpd.conf but instead in /etc/httpd/conf.d/ssl.conf. Command findig this out was

    find / |xargs grep localhost.crt

    Changing location of SSLCertificateFile and SSLCertificateKeyFile in ssl.conf made server work.

Some more useful tips

openssl x509 -text -in /etc/pki/tls/certs/localhost.crt

shows sertificate information

openssl s_client -connect marguspala.com:443

connects to https enabled website and shows among others this website certificate info.

Share on TumblrSubmit to StumbleUponhttp://marguspala.com/wp-includes/images/smilies/icon_smile.gifDigg ThisSubmit to reddit