Posted by Matt Hardy on Mar 4, 2010 in
Uncategorized Recently I ran across a problem with an asterisk setup (trixbox on centos) where the conference rooms did not work. Everything was configured properly, but when trying to enter the conference room and entering the pin number, the lovely woman said “That is not a valid conference number”.
After looking through the logs, I noticed the following error messages:
Mar 4 17:04:20 WARNING[12213] chan_zap.c: Unable to open '/dev/zap/pseudo': No such file or directory
Mar 4 17:04:20 WARNING[12213] app_meetme.c: Unable to open pseudo channel - trying device
Mar 4 17:04:20 WARNING[12213] app_meetme.c: Unable to open pseudo device
After digging around a while, I realized it was because the zaptel drivers did not have a zaptel device to base the timing off of. In this case I needed to install the ztdummy drivers. I looked around but could not find any support for this in trixbox, so I decided to install from scratch.
First I checked out the latest zaptel src code from digiums svn repository and configured it:
cd /usr/src
svn co http://svn.digium.com/svn/zaptel/tags/1.4.2.1 zaptel
When trying to make, it gave errors about needing the linux kernel src, which I installed:
yum install kernel-smp-devel
With this, make went further, but got hung up on :
make[2]: Entering directory `/usr/src/kernels/2.6.9-34.EL-i686 '
CC [M] /usr/src/zaptel/torisa.o
/usr/src/zaptel/torisa.c:132: error: syntax error before "torisa"
/usr/src/zaptel/torisa.c:132: warning: type defaults to `int' in declaration of `torisa'
/usr/src/zaptel/torisa.c:132: error: incompatible types in initialization
/usr/src/zaptel/torisa.c:132: error: initializer element is not constant
This was an error with the kernel headers spinlock.h file. Navigate to the spinlock.h file is located (use uname -r to verify your own kernel version):
vi /usr/src/kernels/2.6.9-34.0.2.EL-smp-i686/include/linux/spinlock.h
and change the line:
#define DEFINE_RWLOCK(x) rw_lock_t x = RW_LOCK_UNLOCKED
to
#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED
(Notice the rw_lock_t vs rwlock_t)
After this, run make, and make should run successfully.
# make
Now when you run make install, it will seem to work but for me was timing out on downloading zaptel firmware from ftp.digium.com. So I edited the Makefile, and commented out these 3 lines:
#ifeq ($(HOTPLUG_FIRMWARE),yes)
# $(MAKE) -C firmware hotplug-install
#endif
Then make install worked properly.
# make install
Now you should have a working version of zaptel installed.
When you start it, you should get no errors!
[root@asterisk1 zaptel]# /etc/init.d/zaptel start
Loading zaptel framework: [ OK ]
Waiting for zap to come online...OK
Loading zaptel hardware modules: ztdummy.
Running ztcfg: [ OK ]
voila!
Tags: asterisk, conference, meetme, trixbox
Posted by Matt Hardy on Oct 29, 2009 in
Uncategorized I recently had to setup OpenVPN server setup on Linux (Ubuntu 9.04) to authenticate against Active Directory via LDAP. This assumes I already had the OpenVPN server setup and generating keys properly. All I added was the LDAP Authentication with Active Directory.
First, download and extract the openvpn-auth-ldap package from:
http://code.google.com/p/openvpn-auth-ldap/
/tmp$ wget http://openvpn-auth-ldap.googlecode.com/files/auth-ldap-2.0.3.tar.gz
/tmp$ tar xvfz auth-ldap-2.0.3.tar.gz
….
Then follow the instructions on compiling (note for this you will need to have installed the appropriate compilers for your system. e.g. $ sudo apt-get install build-essential)
To configure, there are a few pre-requiesites:
$ wget http://sourceforge.net/projects/re2c/files/re2c/0.13.5/re2c-0.13.5.tar.gz/download
$ tar xvfz re2c-0.13.5.tar.gz
$ cd re2c-0.13.5.tar.gz
$ ./configure
$ make
$ sudo make install
- You’ll need the OpenVPN src files. In my case I’m using Ubuntu, so I went to the /src directory, and downloaded/unpacked them there.
$ cd /src
$ sudo mkdir openvpn
$ cd openvpn
$ sudo apt-get source openvpn
$ tar xvfz openvpn_2.1~rc11.orig.tar.gz
Now, on to installing the auth-ldap plugin. The first thing I noticed when trying to ./configure was that it was giving me an error about the “Objective C preprocessor /lib/cpp”. To get around this, I had to install the gobjc package, which wasn’t included in build-essential
After this is installed, you can configure the code for your environment:
$ ./configure –prefix=/usr/local –with-openldap=/usr/local –with-openvpn=/src/openvpn/openvpn-2.1_rc11
This should exit displaying what files have been created, with no error messages.
If that worked properly, you can now build the plugin
$ make
This should exit with no errors, and you should now have the openvpn-auth-ldap.so file in your src directory.
Now, install to the lib folder
$ sudo make install
This will copy the plugin to the /usr/local/lib directory
The next step is to configure your LDAP bind and search strings. I edited the sample auth-ldap.conf file to work with my Active Directory scenario. Here’s a sample:
<LDAP>
# LDAP server URL
URL ldap://dc.server.local
# Bind DN (If your LDAP server doesn’t support anonymous binds)
BindDN “cn=testuser,ou=Users,dc=server,dc=local”
# Bind Password
Password testpassword
# Network timeout (in seconds)
Timeout 30
TLSEnable no
FollowReferrals yes
</LDAP>
<Authorization>
# where to start search
BaseDN “ou=Users,dc=server,dc=local”
# For active directory, I used sAMAccountName to search by username
# I also configured the original search filter to contain the group membership, instead of using the
# RequireGroup directive below
SearchFilter “(&(sAMAccountName=%u)(memberOf= CN=testGroup,OU=Users,DC=server,DC=Local))”
# Require Group Membership
RequireGroup false
</Authorization>
Then, I copied this file to /etc/openvpn/auth-ldap.cfg
NOTE: Don’t save in openvpn folder with .conf extension, or openvpn will try to load that directly!
To test your auth-ldap config against Active Directory, you can use testplugin tool included with the auth-ldap plugin:
/tmp/auth-ldap-2.0.3/src$ ./testplugin /etc/openvpn/auth-ldap.cfg
Username: user
Password:
Authorization Succeed!
client-connect succeed!
client-disconnect succeed!
If everything works ok, you can then add to openvpn. In your openvpn config, add the line:
plugin /usr/local/lib/openvpn-auth-ldap.so auth-ldap.cfg
And Restart openvpn
sudo /etc/init.d/openvpn restart
* Stopping virtual private network daemon(s)… * Stopping VPN ’server’ [ OK ]
* Starting virtual private network daemon(s)… * Autostarting VPN ’server’ [ OK ]
Now, the server should be good to go.
Next step, the client. Here’s a client config I used:
client
auth-user-pass
dev tun
proto udp
remote vpn.server.com 1194
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
Now, try to connect with incorrect user:
* Starting virtual private network daemon(s)…
* Autostarting VPN ‘client’
Enter Auth Username:wrong
Enter Auth Password:
[ OK ]
user@user-laptop:/etc/openvpn$ egrep AUTH /var/log/daemon.log
Oct 29 14:08:54 user-laptop ovpn-client[7728]: AUTH: Received AUTH_FAILED control message
Try again with correct user:
* Starting virtual private network daemon(s)…
* Autostarting VPN ‘client’
Enter Auth Username:user
Enter Auth Password:
[ OK ]
Voila! Worked…
Posted by Matt Hardy on Oct 12, 2009 in
Wordpress After installing Wordpress, I immediately started customizing with content and plugins. One particular plugin I installed was the Contact Form 7 Plugin
After installing and configuring, I realized the plugin would give an error message: “Failed to send your message. Please try later or contact administrator by other way.” After digging around, I realized the Contact Form 7 plugin uses the PHP mail() function, which by default uses sendmail to send email. On my server, I had not installed sendmail yet. So after installing that… no more error message.
Now, after clicking send and waiting a REALLY LONG time, the form said “Your message was sent successfully. Thanks”. This was a hopeful message. However, when checking my inbox… no new messages.
After digging further, I noticed “DSN: Service unavailable” error messages in my /var/log/mail.log file, as well as complaints about my hostname being unqualified:
Oct 12 00:49:44 lamp sm-mta[3230]: My unqualified host name (lamp) unknown; sleeping for retry
Oct 12 00:49:46 lamp sm-msp-queue[3235]: My unqualified host name (lamp) unknown; sleeping for retry
So when using sendmail to send email messages, it’s best if the hostname of the machine is a FQDN. So I changed my hostname to the FQDN of my server
# sudo hostname www.matthardy.info
and restarted the sendmail service
# sudo /etc/init.d/sendmail restart
Now, sendmail works properly, and the form instantly and successfully sends the email message to my mail server!
Hope that helps some others of you out there having issues.
-Matt
Posted by Matt Hardy on Oct 12, 2009 in
Wordpress I finally decided to crack down and give WordPress a try for my personal information / blogging site.
The installation documentation was quite accurate as the installation on a new LAMP server took about 5 minutes!
