0

Asterisk / TrixBox – “That is not a valid conference number” problem

Posted by Matt Hardy on Mar 4, 2010 in Uncategorized

Recently I ran across a problem with an asterisk setup (trixbox on centos) where the conference rooms did not work. Everything was configured properly, but when trying to enter the conference room and entering the pin number, the lovely woman said “That is not a valid conference number”.

After looking through the logs, I noticed the following error messages:

Mar 4 17:04:20 WARNING[12213] chan_zap.c: Unable to open '/dev/zap/pseudo': No such file or directory
Mar 4 17:04:20 WARNING[12213] app_meetme.c: Unable to open pseudo channel - trying device
Mar 4 17:04:20 WARNING[12213] app_meetme.c: Unable to open pseudo device

After digging around a while, I realized it was because the zaptel drivers did not have a zaptel device to base the timing off of. In this case I needed to install the ztdummy drivers. I looked around but could not find any support for this in trixbox, so I decided to install from scratch.

First I checked out the latest zaptel src code from digiums svn repository and configured it:

cd /usr/src
svn co http://svn.digium.com/svn/zaptel/tags/1.4.2.1 zaptel

When trying to make, it gave errors about needing the linux kernel src, which I installed:

yum install kernel-smp-devel

With this, make went further, but got hung up on :

make[2]: Entering directory `/usr/src/kernels/2.6.9-34.EL-i686 '
CC [M] /usr/src/zaptel/torisa.o
/usr/src/zaptel/torisa.c:132: error: syntax error before "torisa"
/usr/src/zaptel/torisa.c:132: warning: type defaults to `int' in declaration of `torisa'
/usr/src/zaptel/torisa.c:132: error: incompatible types in initialization
/usr/src/zaptel/torisa.c:132: error: initializer element is not constant

This was an error with the kernel headers spinlock.h file. Navigate to the spinlock.h file is located (use uname -r to verify your own kernel version):

vi /usr/src/kernels/2.6.9-34.0.2.EL-smp-i686/include/linux/spinlock.h

and change the line:

#define DEFINE_RWLOCK(x) rw_lock_t x = RW_LOCK_UNLOCKED

to

#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED

(Notice the rw_lock_t vs rwlock_t)

After this, run make, and make should run successfully.

# make

Now when you run make install, it will seem to work but for me was timing out on downloading zaptel firmware from ftp.digium.com. So I edited the Makefile, and commented out these 3 lines:

#ifeq ($(HOTPLUG_FIRMWARE),yes)
# $(MAKE) -C firmware hotplug-install
#endif

Then make install worked properly.

# make install

Now you should have a working version of zaptel installed.

When you start it, you should get no errors!

[root@asterisk1 zaptel]# /etc/init.d/zaptel start
Loading zaptel framework: [ OK ]
Waiting for zap to come online...OK
Loading zaptel hardware modules: ztdummy.
Running ztcfg: [ OK ]

voila!

Tags: , , ,

 
5

Configure OpenVPN to authenticate against Active Directory (LDAP) in Linux

Posted by Matt Hardy on Oct 29, 2009 in Uncategorized

I recently had to setup OpenVPN server setup on Linux (Ubuntu 9.04) to authenticate against Active Directory via LDAP. This assumes I already had the OpenVPN server setup and generating keys properly. All I added was the LDAP Authentication with Active Directory.

First, download and extract the openvpn-auth-ldap package from:
http://code.google.com/p/openvpn-auth-ldap/

/tmp$ wget http://openvpn-auth-ldap.googlecode.com/files/auth-ldap-2.0.3.tar.gz
/tmp$ tar xvfz auth-ldap-2.0.3.tar.gz
….

Then follow the instructions on compiling (note for this you will need to have installed the appropriate compilers for your system. e.g. $ sudo apt-get install build-essential)

To configure, there are a few pre-requiesites:

$ wget http://sourceforge.net/projects/re2c/files/re2c/0.13.5/re2c-0.13.5.tar.gz/download
$ tar xvfz re2c-0.13.5.tar.gz
$ cd re2c-0.13.5.tar.gz
$ ./configure
$ make
$ sudo make install

  • You’ll need the OpenVPN src files. In my case I’m using Ubuntu, so I went to the /src directory, and downloaded/unpacked them there.
    $ cd /src
    $ sudo mkdir openvpn
    $ cd openvpn
    $ sudo apt-get source openvpn
    $ tar xvfz openvpn_2.1~rc11.orig.tar.gz



Now, on to installing the auth-ldap plugin.  The first thing I noticed when trying to ./configure was that it was giving me an error about the “Objective C preprocessor /lib/cpp”.  To get around this, I had to install the gobjc package, which wasn’t included in build-essential

After this is installed, you can configure the code for your environment:

$  ./configure –prefix=/usr/local –with-openldap=/usr/local –with-openvpn=/src/openvpn/openvpn-2.1_rc11
This should exit displaying what files have been created, with no error messages.

If that worked properly, you can now build the plugin
$ make
This should exit with no errors, and you should now have the openvpn-auth-ldap.so file in your src directory.

Now, install to the lib folder
$ sudo make install
This will copy the plugin to the /usr/local/lib directory

The next step is to configure your LDAP bind and search strings. I edited the sample auth-ldap.conf file to work with my Active Directory scenario. Here’s a sample:

<LDAP>
# LDAP server URL
URL             ldap://dc.server.local

# Bind DN (If your LDAP server doesn’t support anonymous binds)
BindDN          “cn=testuser,ou=Users,dc=server,dc=local”

# Bind Password
Password       testpassword

# Network timeout (in seconds)
Timeout         30

TLSEnable       no
FollowReferrals yes
</LDAP>

<Authorization>
# where to start search
BaseDN                  “ou=Users,dc=server,dc=local”

# For active directory, I used sAMAccountName to search by username
# I also configured the original search filter to contain the group membership, instead of using the
# RequireGroup directive below
SearchFilter    “(&(sAMAccountName=%u)(memberOf= CN=testGroup,OU=Users,DC=server,DC=Local))”

# Require Group Membership
RequireGroup    false
</Authorization>

Then, I copied this file to /etc/openvpn/auth-ldap.cfg
NOTE: Don’t save in openvpn folder with .conf extension, or openvpn will try to load that directly!

To test your auth-ldap config against Active Directory, you can use testplugin tool included with the auth-ldap plugin:

/tmp/auth-ldap-2.0.3/src$ ./testplugin /etc/openvpn/auth-ldap.cfg
Username: user
Password:
Authorization Succeed!
client-connect succeed!
client-disconnect succeed!

If everything works ok, you can then add to openvpn. In your openvpn config, add the line:

plugin /usr/local/lib/openvpn-auth-ldap.so auth-ldap.cfg

And Restart openvpn

sudo /etc/init.d/openvpn restart
* Stopping virtual private network daemon(s)…                                                               *   Stopping VPN ’server’                                                                             [ OK ]
* Starting virtual private network daemon(s)…                                                               *   Autostarting VPN ’server’                                                                         [ OK ]

Now, the server should be good to go.

Next step, the client. Here’s a client config I used:

client
auth-user-pass
dev tun
proto udp
remote vpn.server.com 1194
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20

Now, try to connect with incorrect user:

* Starting virtual private network daemon(s)…
*   Autostarting VPN ‘client’
Enter Auth Username:wrong
Enter Auth Password:
[ OK ]
user@user-laptop:/etc/openvpn$ egrep AUTH /var/log/daemon.log
Oct 29 14:08:54 user-laptop ovpn-client[7728]: AUTH: Received AUTH_FAILED control message

Try again with correct user:

* Starting virtual private network daemon(s)…
*   Autostarting VPN ‘client’
Enter Auth Username:user
Enter Auth Password:
[ OK ]

Voila! Worked…

Copyright © 2010 Matt Hardy

-->