Monthly Archives: October 2007

Single Sign-On with Apache and Active Directory – Part 2

Posted on by
Reply

Part 1 | Part 2

Back on May 23rd, 2007 I wrote an article titled Single Sign-On with Apache and Active Directory which I have now made Part 1 of this topic. In that article I wrote:

There are 3 major solutions for this which are mod_ntlm, mod_auth_kerb and Apache2:AuthenNTLM…I tried mod_ntlm which seemed to be very easy to setup and worked well. But there was one catch…If the browser did not send the NTLM information or correct NTLM information, see the footnotes1 below as to why, the user had to login with the username in the form of DOMAIN\username. In my experience with applications already in place they did not require this form of DOMAIN\username. This could be resolved if you could specify the default domain in mod_ntlm which you cannot.

Now I will explain why there is a Part 2 to this topic. I used the Apache2::AuthenNTLM Apache Perl module in a large environment and quickly found a serious problem which I could not diagnose or resolve. When using the Apache2::AuthenNTLM Perl module Apache would stop responding to requests to the site after an undetermined number of requests. I tried limiting the file types that would be authenticated but in the end it would still stop reaponding after a while.

So I finally decided to use the Apache mod_ntlm module to handle the authentication. And with the article I had written titled Enabling NTLM Authentication (Single Sign-On) in Firefox, the problem with having to use the username in the form of DOMAIN\username in Firefox can be eliminated.

This how to is intended for CentOS 4 and RHEL4 but can be easily adapted for other distributions.

Now for the HowTo:

1) Start by installing Apache by issuing the following command:
yum install httpd

2) Next we need to install the mod_ntlm Apache module

wget http://sivel.net/repo/i386/mod_ntlm-2-0.1.el4.sn.i386.rpm
rpm -ivh mod_ntlm-2-0.1.el4.sn.i386.rpm

3) Now we need to configure mod_ntlm

cd /etc/httpd/conf.d
vi mod_ntlm.conf

Modify the conf like so (the documentation in the conf pretty much covers it also):

<location ~ "/path/to/dir/to/protect/here)/(.*)" >

  # NTLMAuth - set to 'on' to activate NTLM authentication here
  NTLMAuth on

  # AuthNTGroups - text file containing (NT) group names and member user IDs

  # NTLMBasicAuth - set to 'on' to allov Basic authentication too

  # NTLMBasicRealm - realm to use for Basic authentication

  # NTLMAuthoritative - set to 'off' to allow access control to be passed along to lower modules if the UserID is not known to this module
  NTLMAuthoritative on

  # NTLMDomain - set to the domain you want users authenticated against for cleartext authentication - if not specified, the local machine, then all trusted domains are checked
  NTLMDomain MYDOMAIN

  # NTLMServer - set to the NT server to contact to authenticate users
  NTLMServer primary.mydomain.com

  # NTLMBackup - set to the alternate NT server to contact to authenticate users
  NTLMBackup secondary.mydomain.com

  # NTLMLockFile - set to the lock file that is used to prevent simutaneous contacts to DC
  NTLMLockfile /tmp/_mod_ntlm.lck

  AuthName NTAuth
  AuthType NTLM
  require valid-user
  Satisfy all

</location>

4) We need to modify the global conf file now.
vi /etc/httpd/conf/httpd.conf
Find ‘KeepAlive Off’ and change it to ‘KeepAlive On’

5) Let’s start Apache
/etc/init.d/httpd start

6) Let’s setup a simple test page that will utilize the server environment variable that mod_ntlm sets.

cd /path/set/in/step/3/in/location/directive
touch index.php
vi index.php

* Insert the following information:

<?php
echo "You have logged in as <b>" . $_SERVER['REMOTE_USER'] . "</b>";
?>

If you do not have PHP installed you can just place a page in the directory and if you login you should be able to see it.

If you get a login prompt check the footnotes1.

Part 1 | Part 2

Footnotes
1. Getting a login prompt can be caused by using Firefox with the default configuration, not being logged on in the domain that you are attempting to authenticate against, or not having the site listed in the Local Intranet security zone in Internet Explorer. Or worst of all you could have mis configured something in step 3

Using Sprint PCS Connection Card with Fedora

Posted on by
1

I have seen a good number of incoming links requesting this page that I had written back when I was using a wiki for my web site. So I decided to bring it back and make some redirects to direct people to the correct location.

With that being said these instructions are for configuring Fedora (Core 5 was used at the time) to use a Sprint PCS Connection Card to connect to the internet. I cannot verify or test this functionality as I no longer have a Sprint PCS Connection Card. So let the fun begin.

1. With the Sprint PCS Connection Card PC-5740 not inserted boot up the computer into Fedora Core 5.
2. Open a terminal window and SU to root.
3. Execute the following command:

tail -f /var/log/messages

4. Insert the card.
5. You should see something similar to the following:

Aug 15 13:01:24 fedora-mobile kernel: pccard: CardBus card inserted into slot 0
Aug 15 13:01:24 fedora-mobile kernel: PCI: Enabling device 0000:03:00.0 (0000 -> 0002)
Aug 15 13:01:24 fedora-mobile kernel: ACPI: PCI Interrupt 0000:03:00.0[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: OHCI Host Controller
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: new USB bus registered, assigned bus number 5
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: irq 11, io mem 0xc2000000
Aug 15 13:01:24 fedora-mobile kernel: usb usb5: configuration #1 chosen from 1 choice
Aug 15 13:01:24 fedora-mobile kernel: hub 5-0:1.0: USB hub found
Aug 15 13:01:24 fedora-mobile kernel: hub 5-0:1.0: 1 port detected
Aug 15 13:01:24 fedora-mobile kernel: PCI: Enabling device 0000:03:00.1 (0000 -> 0002)
Aug 15 13:01:24 fedora-mobile kernel: ACPI: PCI Interrupt 0000:03:00.1[B] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: OHCI Host Controller
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: new USB bus registered, assigned bus number 6
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: irq 11, io mem 0xc2001000
Aug 15 13:01:24 fedora-mobile kernel: usb usb6: configuration #1 chosen from 1 choice
Aug 15 13:01:24 fedora-mobile kernel: hub 6-0:1.0: USB hub found
Aug 15 13:01:24 fedora-mobile kernel: hub 6-0:1.0: 1 port detected
Aug 15 13:01:25 fedora-mobile kernel: ohci_hcd 0000:03:00.0: wakeup
Aug 15 13:01:26 fedora-mobile kernel: usb 5-1: new full speed USB device using ohci_hcd and address 2
Aug 15 13:01:26 fedora-mobile kernel: usb 5-1: configuration #1 chosen from 1 choice
Aug 15 13:01:26 fedora-mobile kernel: cdc_acm 5-1:1.0: ttyACM0: USB ACM device
Aug 15 13:01:26 fedora-mobile kernel: usbcore: registered new driver cdc_acm
Aug 15 13:01:26 fedora-mobile kernel: drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

6. The above is all important but the line we are most interested in is the following:

Aug 15 13:01:26 fedora-mobile kernel: cdc_acm 5-1:1.0: ttyACM0: USB ACM device

7. The above line shows us that the device created is ttyACM0 which is actually located at /dev/ttyACM0.
8. Assuming you are running Gnome, download and install gnome-ppp with the following:

yum install -y gnome-ppp

9. In order for gnome-ppp to work properly it must be run as root.
10. Open a terminal window and su to root.
11. Execute gnome-ppp (Tip: You can add a ” &” to the end of gnome-ppp to disconnect it from the active session allowing you to close the terminal window without closing gnome-ppp).
12. Click the “Setup” button.
13. Click the “Detect” button. Your modem (/dev/ttyACM0) should automatically be detected. If not then something above went wrong.
14. Click the “Init Strings…” button and change “Init 2″ to “ATZ” (without the quotes).
15. For the username you will need to boot into Windows, open the PCS connection application and select Diagnositcs from the menu. Your username will be in the form of username@sprintpcs.com.
16. With gnome-ppp you are required to enter a password. This will not affect the dial up seeing as though the Sprint servers wont even respond to the password being sent. So type whatever you want in this field.
18. The phone number is “#777″.
19. Click connect. You’re done.
20. If you can’t access anything on the internet after connecting and you have IP address info, it is probably due to gnome-ppp not updating the nameserver statements in resolv.conf

Using gnome-ppp eventually got old for me so I wrote a bash script to take care of it. I won’t post extensive usage information on how to use it so use at your own risk (although I don’t see any actual risk involved).

You will need to do several things to get this up.

1. Download sprint-dial.sh to your home dir or where ever you want.

wget http://cdn.sivel.net/s/p/sprint-dial.sh

2. Download or configure your own .wvdial.conf and place it in your home dir and /root

wget http://cdn.sivel.net/w/v/.wvdial.conf

3. Execute the script

sudo ./sprint-dial.sh

or

su
./sprint-dial.sh

Right Brain v Left Brain

Posted on by
5

I normally try to not post news that I got off of a news site but in this event I just had to.

Article from:http://www.news.com.au/heraldsun/story/0,21985,22556281-661,00.html

THE Right Brain vs Left Brain test … do you see the dancer turning clockwise or anti-clockwise?

If clockwise, then you use more of the right side of the brain and vice versa.

Most of us would see the dancer turning anti-clockwise though you can try to focus and change the direction; see if you can do it.

LEFT BRAIN FUNCTIONS
uses logic
detail oriented
facts rule
words and language
present and past
math and science
can comprehend
knowing
acknowledges
order/pattern perception
knows object name
reality based
forms strategies
practical
safe

RIGHT BRAIN FUNCTIONS
uses feeling
“big picture” oriented
imagination rules
symbols and images
present and future
philosophy & religion
can “get it” (i.e. meaning)
believes
appreciates
spatial perception
knows object function
fantasy based
presents possibilities
impetuous
risk taking

This just absolutely freaks me out. I see the dancer spinning clockwise and anti-clockwise. It switches while I am watching. I apparently use both the right and left side of my brain equally.

No Widget Category Cloud WordPress Plugin

Posted on by
20

I am releasing version 0.2 of the No Widget Category Cloud WordPress plugin that I have written for use on my site.

Creates a function that can be placed in a wordpress template for a category cloud that exists without the requirement of widgets or a widget ready theme.

I created this plugin after I started using a single column theme that is not widget ready. I found that there were multiple plugin widgets available, but no plugin that would allow me to just place a php function into my theme to display a category cloud.

Some ideas for oter uses of this plugin:

1. Install WP-Sticky and Exec-PHP. Create a Sticky post which will stay at
the top of your page and type the php code for this plugin in the post. Now
you have a Category Cloud that stays at the top of your page.

Screenshots

Installation

1. Upload the `no-widget-category-cloud` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

NOTE: See “Other Notes” for Upgrade and Usage Instructions as well as other pertinent topics.

Requirements

1. WordPress 2.x
2. Web server that supports PHP

Upgrade

1. Deactivate the plugin through the ‘Plugins’ menu in WordPress
2. Delete the previous `no-widget-category-cloud` folder from the `/wp-content/plugins/` directory
3. Upload the new `no-widget-category-cloud` folder to the `/wp-content/plugins/` directory
4. Activate the plugin through the ‘Plugins’ menu in WordPress

Usage

<?php nw_catcloud(small_size,big_size,size_unit,align,orderby,order,min_posts,hide_empty,title); ?>

small_size = font size, integer (default 75)
big_size = font size, integer (default 200)
size_unit = %, px, pt (default %)
align = left, right, center, justify (default left)
orderby = count, name (default name)
order = asc, desc (default asc)
min_posts = minimum number of posts, integer (default 1)
hide_empty = 0,1 (default 1, 1=yes,0=no)
title = string (This can contain HTML to format the title)

1. Open the theme files, in your favorite editor, that you wish to add the category cloud to (index.php, single.php, page.php, etc…).
2. Add a line that looks like above. You can also use the defaults by not specifiying anything between the parentheses. See example 2 below.
3. Enjoy.
4. As I mentioned in the description you can also use this plugin with Exec-PHP and it would make a nice combo with WP-Sticky.

Examples:

<?php nw_catcloud(75,200,'%','left','name','asc',1,1,'<h2 class="posttitle">Categories</h2>'); ?>
<?php nw_catcloud(); ?>

Change Log

0.2

  • Initial Public Release

To Do

1. I am open to suggestions.
2. I am sure I will think of something.

Credit

I’ve got to give credit where credit is due. And that credit goes to Lee Kelleher and his Category Cloud Widget. I used a lot of his code in this plugin modifying it where needed to make it work the way I wanted.

Download
No Widget Category Cloud version 0.2