Solutions Log by Dan Reiland

7Mar/120

Compute SSH Public Key Fingerprint

1
ssh-keygen -lf id_rsa.pub
Filed under: Security, sysadmin No Comments
21Mar/119

Unable to Browse Windows Network Shares in Ubuntu

Issue:
When attempting to browse Windows network shares from Gnome Nautilus, the window will become unresponsive and the operation will eventually timeout.

Affects:

  • Ubuntu 10.04 LTS
  • Ubuntu 10.10

Cause:
wins is not enabled as a host resolution mechanism in /etc/nsswitch.conf; winbind is not installed.

Resolution:
Open /etc/nsswitch.conf in your favorite editor and ensure the hosts line matches the precise order below (you are adding wins).

 hosts:          files mdns4_minimal [NOTFOUND=return] wins dns mdns4

Install winbind

sudo apt-get install winbind

References:
http://ubuntuforums.org/showthread.php?t=1169149

Tagged as: , 9 Comments
21Mar/110

Slow Remote Login on OpenSolaris

Issue:
A delay is encountered when connecting to an OpenSolaris or Solaris 11 host via SSH before the login screen is presented.

Cause:
mdns is configured as a server lookup mechanism in /etc/nsswitch.conf

Resolution:

  1. Remove msdns from nsswitch.conf
  2. Enable svc:/network/dns/multicast:default
    svcadm enable svc:/network/dns/multicast:default
21Mar/110

Empathy Reports Network Error When Connecting to MSN

Issue:
telepathy-butterfly

Affects:

  • Ubuntu 10.04 LTS
  • Ubuntu 10.10

Cause:
A bug is present in the telepathy-butterfly package.

Resolution:
An update is pending approval and will be available for both Ubuntu 10.04 and 10.10. Informal patches are available, however, I prefer to stick to the mainline distribution as much as possible to avoid introducing tightly coupled dependencies.

Remove telepathy-butterfly and its dependencies.

sudo killall telepathy-butterfly
sudo dpkg --purge telepathy-butterfly
sudo apt-get install telepathy-haze

Reconfigure your MSN connections and attempt to activate them. You should experience no additional issues.

References:
https://bugs.launchpad.net/ubuntu/+source/telepathy-butterfly/+bug/513346

Tagged as: No Comments
28Feb/110

Updating rubygems on Ubuntu

If you have ever tried to update rubygems on a base Ubuntu 10.04 or 10.10 install you will have been greeted with:

# gem update --system
ERROR:  While executing gem ... (RuntimeError)
    gem update --system is disabled on Debian. RubyGems can be updated using the official Debian repositories by aptitude or apt-get.

You can work around this limitation:

# gem install rubygems-update
# /var/lib/gems/1.8/bin/update_rubygems

You will now be able to update rubygems using the standard set of commands.

Reference:
http://www.tinymission.com/blog/blogengine.web/post/2010/11/03/Updating-to-Rails-30-on-Ubuntu-1004.aspx

Tagged as: No Comments
18Feb/110

Add Certificate to Java Keystore on OS X

This is something I find myself doing annually and always need to look it up. I am putting this here to save me a few searches.

sudo keytool -importcert -alias dev -file certfile.cer -keystore /Library/Java/Home/lib/security/cacerts

The password will either be changeme or changeit

References:
http://mattfleming.com/node/310
http://www.java-samples.com/showtutorial.php?tutorialid=669

Tagged as: No Comments
13Jan/110

rsyslog consumes excessive memory when forwarding logs with compression

Issue:
rsyslog consumed growing amounts of memory when forwarding over TCP with compression enabled.

*.* @@(z1)hostname.domain.tld

Cause:
The compression flag causes the rsyslog process to allocate, and never release, memory. I have not determined root cause but the likely culprits are zlib or TLS (both involved when compression is enabled in this situation).

Resolution:
Do not use compression when forwarding with rsyslog. With the compression flag dropped, I was unable to reproduce the errant behavior.

*.* @@hostname.domain.tld

References:
http://www.rsyslog.com/doc/rsyslog_conf_actions.html

26Oct/101

/etc/hosts entries not being used for non-root users

Issue:
Non-root users are unable to resolve addresses for entries in /etc/hosts.

user@gentoo ~ $ ping localhost
ping: unknown host localhost

Troubleshooting:

Potential causes:

  • Malformed content or improper permissions on /etc/hosts
  • Malformed content or improper permissions on /etc/host.conf
  • Malformed content or improper permissions on /etc/nsswitch.conf

Diagnostics:
One may consider nslookup or dig to be suitable diagnostic tools given the use case, however, they are applicable only when troubleshooting DNS server name resolution issues; these tools do not bother to look at /etc/hosts. strace is suitable given the diagnostic task at hand.

user@gentoo ~ $ strace -e open ping localhost
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/nsswitch.conf", O_RDONLY)    = -1 EACCES (Permission denied)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libnss_dns.so.2", O_RDONLY)  = 3
open("/lib/libresolv.so.2", O_RDONLY)   = 3
open("/etc/host.conf", O_RDONLY)        = 3
ping: unknown host localhost

Cause:
As reported by our strace diagnostic, our user has insufficient privileges to read /etc/nsswitch.conf resulting in the file never being utilized for name resolution. In our case, /etc/nsswitch.conf had a permission mode of 600, allowing only the owner (root in our case) read/write access.

Steps to Reproduce:
Change the mode of /etc/resolv.conf, /etc/host.conf, /etc/hosts to 600.

Resolution:
Change the mode of /etc/nsswitch.conf to 644.

user@gentoo ~ $ sudo chomod 644 /etc/nsswitch.conf
user@gentoo ~ $ strace -e open ping localhost
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/etc/host.conf", O_RDONLY)        = 3
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
ping: icmp open socket: Operation not permitted
user@gentoo ~ $ ping -c 2 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_req=1 ttl=64 time=0.066 ms
64 bytes from localhost (127.0.0.1): icmp_req=2 ttl=64 time=0.056 ms
--- localhost ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.056/0.061/0.066/0.005 ms

Note: We expect "ping: icmp open socket: Operation not permitted" -- non-root users are not allowed to open raw sockets.

Tagged as: 1 Comment
25Mar/1012

The device, \Device\Ide\iaStor0, did not respond within the timeout period

Issue:
After an updated release of Intel's Matrix Storage Manager [v.8.9.0.1023] and chipset drivers for Windows, you experience unexpected system timeouts, lockups, pausing, or freezing. The following event is recorded in the System event log:

Log Name: System
Source: iaStor
EventID: 9
Level: Error
The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Cause:
The issue is the result of Aggressive Link State Power Management (ALPM) on the PCI-Express bus negotiating a lower power state for the link between the controller and disk when there is no activity. When ALPM works, disk requests are queued, the serial link revived, and the queued requests are sent to the relevant disk; this requires a disk that supports ALPM.

Resolution:
Modify the advanced settings of your active power management scheme in Windows to turn PCI Express Link State Power Management off.


Commentary:
Searching for a solution yielded a number of possibilities.

Setting the value of:

HKLM\SYSTEM\CurrentControlSet\Services\iaSTOR\Parameters\PortN\LPMDSTATE  0

as discussed by Derek Seaman did not resolve my issue.

Renaming:

HKLM\SYSTEM\CurrentControlSet\Services\iaSTOR\Parameters

to

HKLM\SYSTEM\CurrentControlSet\Services\iaSTOR\Parameters.dist

as suggested by Paul's Computer Service was also ineffective. At the time I was running the latest set of drivers for my platform. Caveat emptor: the solution I outlined in this article worked for me.

References:
Intel CS-025783 - Possible issues with Windows Vista* and IntelĀ® RAID
Windows 7 Intel SATA/AHCI Lockups
IntelĀ® Matrix Storage Manager Bug

4Mar/100

Acronis True Image Home 2010 Freezes During Backup on Windows 7

Issue:
When running backup jobs in Acronis True Image Home 2010 under Windows Vista or Windows 7, the backup job appears to stall and the operating system becomes unresponsive. The system will encounter a bugcheck condition and recover with an unclean shutdown.

Cause:
From Acronis:

Because of the latest major changes in Windows Vista and Windows 7 native snapshot driver (VolSnap), there were some modifications introduced in Acronis True Image Home 2010 (starting from Build 6029). The Acronis native snapshot driver (snapman) was moved from UpperFilters to LowerFilters to avoid conflicts with VolSnap (which could have lead to backups failure or data corruption in backups). This change may sometimes manifest itself in a freezing Windows Vista or Windows 7 operating system on machines with rare software and hardware configurations.

Resolution:
Download an updated SnapAPI build from Acronis. Unpack it and install with the Disable Logging option set. See Acronis KB6529 for the appropriate link.

Commentary: My hardware configuration is not esoteric; my software configuration is equally banal: an Intel Core i7 X58 system with 6GB of RAM, RAID1 on an ICH10R, and Windows 7 Ultimate 64-bit.

Reference: http://kb.acronis.com/content/6529