• asked about biohub
• show list of orthologs
• links to expression array
• links to motifs
• link to structure
• show data source
• map viewer

So I read through quite a bit of the samba howto and finally got samba setup.

One big problem I ran into was the following

operation is not possible without initialized secure memory (you may have used the wrong program for this task) [2005/08/16 14:24:27, 0] smbd/server.c:main(798)

It appears that happens when I have SSL or TLS initialized, I solved it by upgrading libldap2 from 2.1.23-1 to 2.1.30-8 and libgnutls7 from 0.8.12-3.1 to 0.8.12-7

• Getting ldap auth working

apt-get install libnss-ldap pam-ldap

Still have some big problems in that i have too many different password databases floating around.

I tried getting chilispot working, but it needed to talk to my webserver/radius server which is the main thing i'm trying to protect. Since I also didn't feel like getting radius properly setup, I just punted and went for the simpler WPA-PSK configuration.

However before I went simple I split the wired and wireless networks into two IP address ranges, and I renumbered my IP address space out of 192.168.1

I followed wiki.openwrt.org/HotspotOpenvpnHowto to split the wifi (many nvram commands) Later I discovered that some of my problems getting chillispot working were actually caused by routing issues so I needed to add iptables -A FORWARD -i eth1 -o vlan1 -j ACCEPT # wifi to outside iptables -A FORWARD -i eth1 -o vlan0 -j ACCEPT # wifi to lan iptables -A FORWARD -i vlan0 -o eth1 -j ACCEPT # lan to wifi

I also added slightly more generalized commands to the firewall.user

Eventually I decided I didn't actually need the complexity of chillispot yet, and just started down the WPA-PSK path

http://openwrt.org/OpenWrtDocs/nas Gave some information on setting up the propritary wpa config tool.

I also installed wpasupplicant on my linux laptop. Theoretically it'd be better if I actually got the WPA2/cert mode working, but eh, i'm not ready for that yet.

To get wpa working on the WRT54G I needed to add

nvram set wl0_akm=psk nvram set wl0_crypto=aes+tkip nvram_wpa_psk=<password>

I needed both wl0_akm and wl0_crypto for openwrts nas startup script.

Next I need to move the mini out to the living room, and then set up a some kind of client box in my office. Do I try for getting LDAP authentication working so I can unify the passwords between my mac, my windows partition and all my linux boxen?

$ ldapsearch -H ldaps://127.0.0.1/ -b dc=mydomain -x ldap_bind: Can't contact LDAP server (-1)

It turns out that the problem was in my /etc/ldap.conf file

http://www.openldap.org/lists/openldap-software/200409/msg00060.html

suggested using -d 1

The interesting line was

TLS: could not load verify locations (file:/etc/ldap/slapd.pem',dir:').

Ah! I'd renamed that file... so it was trying to validate the self signed server cert which wasn't working... ok

However the openldap howto http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html recommended putting both the public and private key into the same file. Since it appears i need to distribute the key to my client machines it'd be really nice if they were seperate.

Ok now I get it...

In the ldap.conf file you need to make sure that TLS_CACERT is pointing to either the certificate (for self signed certs) or the certificate authority chain (for trusted certs)

Note it's also important for the base to be set properly in /etc/ldap/ldap.conf (it certainly cuts down on the amount of typing one needs to do)

To get apache to work I needed to add LDAPTrustedCA /etc/ldap/mus-slapd.crt.pem LDAPTrustedCAType BASE64_FILE to get apache to me happy with my cert, and i still think its using ssl and not tls.

installed pam_ldap and nss_ldap, they both wanted a proxy user for authentication, and also the admin user for changing passwords.

Tailor http://nautilus.homeip.net/~lele/projects/tailor/ allows syncing between multiple source code control systems, and since there's several projects in unpleasant sccs's i thought I'd try converting them to darcs

• orange

orange certainly looks promising other than the fact they have bugs, don't have doc strings, and lack unit tests. though their tutorials were pretty straightforward.

Unfortunately they're a bunch of OSS windows developers, so their code is sitting in CVS (blech) so I wanted to convert out of it

My first attempts with earlier versions of tailor didn't work so I upgraded to the latest version, and it had problems as well.

What I ended up doing was checking the HEAD out of cvs first, and then telling tailor to convert it to a darcs repo, I don't know if this'll work when they commit something, but it's worth trying.

I used the following to start creating the config file.

$ tailor --verbose -s cvs -R :pserver:cvs@estelle.fri.uni-lj.si:/CVS --module orange -r INITIAL --subdir orange orange > orange.tailor

the file ended up like this

[DEFAULT] verbose = True

[py] target = darcs:targetpy start-revision = HEAD root-directory = /home/diane/src/orange state-file = orange.state source = cvs:sourcepy subdir = orange.cvs

[darcs:targetpy]

[cvs:sourcepy] module = orange repository = :pserver:cvs@estelle.fri.uni-lj.si:/CVS

[csrc] target = darcs:targetc start-revision = HEAD root-directory = /home/diane/src/orange/orange.cvs state-file = orange.state source = cvs:sourcec subdir = source

[darcs:targetc]

[cvs:sourcec] module = source repository = :pserver:cvs@estelle.fri.uni-lj.si:/CVS

• compclust

both chris and I want to try using darcs with compclust but that'll require 2way syncing.

http://www.darcs.net/pipermail/darcs-users/2005-January/005070.html

debian currently has diskless and lessdisks.

Diskless appears to be an NFS root system where apps run on the client Lessdisks is a terminal based system that runs software on the server.

First off we want a version of grub that has has pxegrub apt-get source grub

I then edited the debian/rules file and added the following --enable-diskless (several net cards)

apt-get install lessdisks

I mostly followed along the lessdisks-doc/install

On the router I added the following to dnsmasq.conf (I really should back that bugger up)

# configure network booting #dhcp-vendorclass=pxe,PXEClient dhcp-boot=net:/tftpboot/pxegrub,dara,192.168.1.13

dhcp-option=17,/var/lib/lessdisks #root-path dhcp-option=42,192.168.1.1 #ntp-server dhcp-option=48,192.168.1.13 #font-server dhcp-option=49,192.168.1.13 #x-display-manager dhcp-option=66,dara.ghic.org # tftp-server-name dhcp-option=pxe,67,pxegrub #bootfile-name dhcp-option=69,192.168.1.13 #smtp-server

sigh the pxe client wasn't smart enough to boot off of a different computer than what we started with. So i tried with dara being the dhcp server, i got further but then ran into problems with not being able to load pxegrub from things other than /tftpboot

pxegrub had problems, when i switched to pxelinux.0, installed the default file into pxelinux.cfg (and then copied all of /var/lib/lessdisks/boot into /tftpboot I was able to boot. Unfortunately the kernel they installed doesn't support the ethernet card on my amd64 box.

What do i have to do to get a tftp server to server files off of something other than /tftpboot (or is just the pxeclient that has trouble with it?)

Whee

Spent some time browsing through the linux howtos http://fiona/cgi-bin/dwww?type=file&location=/usr/share/doc/HOWTO/en-html/LDAP-HOWTO/sasl.html

it looks like sasl ships with a number of different auth types with the kerberos stuff split out into sperate modules. The above link documents some information about getting MD5-Digest working with ldap, which should be useful for setting up an ldap auth server.

I forgot to update my xlibs package when upgrading to Xorg so its missing the keymaps necessary to change keyboard settings :( (no caps lock to control mapping)

Another question is should my home net have the wireless VPNed? and if so which protocol? IPSec or OpenVPN

http://openwrt.org/HotspotOpenvpnHowto?highlight=%28Howto%29 Talks about setting up openvpn on the wrt54

One interesting thing that I did do was http://thinkwiki.org/wiki/How_to_make_use_of_Graphics_Chips_Power_Management_features Enable power management of the graphics chips.

Hopefully I the library has free wifi

Home net: what do i want

priority routing for my traffic control / monitering of guest access securing wireless traffic