pam_mount’ing CIFS volume with a different user

Posted on February 28, 2013 by j mozdzen

With the latest Linux tools, mounting CIFS volumes giving a different user name than one’s login name does no longer work. I.e. OpenSUSE 12.2 ships a version of pam_mount that by default includes a “user=%(USER)” mount option, which collides with a manually added “user=someotheruser” option. There’s a patch available for pam_mount, but recompiling pam_mount is not everybody’s cup of tea. Continue reading

Posted in Linux | Leave a comment

chan_capi with Asterisk 10.12

Posted on February 23, 2013 by j mozdzen

When configured for ISDN lines, updating Asterisk usually requires to upgrade chan_capi, too – else you risk running into i.e. SEGV crashes during Asterisk start-up.

The upgrade within a single version usually is a matter of minutes, especially if you have prepared the chan_capi module in advance. You need the latest Asterisk development package plus a (probably current) source archive of chan_capi.

Trouble compiling chan_capi against Asterisk 10.12

Our latest upgrade experience was a bit different, though: After fetching and installing the latest development packages for Asterisk (version 10.12.1 in our case) and the sources forĀ chan_capi 1.1.6, invoking “make” resulted in a tirade of error messages. Continue reading

Posted in Asterisk, howto, Linux | Leave a comment

switching from dnsZone to dlz-ldap

Posted on January 27, 2013 by j mozdzen

In our infrastructure, all our DNS data is stored in multiple LDAP servers, which synchronize via OpenLDAP-internal mechanisms. One of the DNS servers is an openSUSE 12.2 physical server, all others run on SLES11 virtual machines. All DNS servers are using the “bind” software by ISC, and on every host running the “named” process, there’s a local “slapd” instance providing the DNS data.

One of the major aspects of our setup is that any change in the LDAP-stored DNS data is instantaneously reflected in the answers handed out by the corresponding name server. Periodically generating new zone data files from the LDAP store and then reloading them from the name server was out of the question. For quite some time, that left us with only the “sdb:ldap” implementation, a BIND extension from the unsupported “contrib” area.

But is was not only that sdb:ldap had it shortcomings, even more it is nowadays hard to find a pre-compiled server package with that extension activated. We could compile our own server software (actually, we did that during the last years in order to incorporate local fixes), but it’s usually better to run software that has a broader user base and thus is more thoroughly tested. Not to mention incorporated upstream fixes to security problems.

dlz-ldap – the more current trend

While sdb:ldap is still available, the current notion is to use bind’s “dynamically loadable zone” extension (DLZ) and its LDAP back-end for this purpose. It’s newer, it’s multi-threaded, and it seems that support for it is still available. Unfortunately, the move from sdb:ldap to DLZ isn’t that smooth as one might have wished. Continue reading

Posted in Linux, Uncategorized | Leave a comment