Phabricator: Settings for LDAP authenticator and SBS Active Directory

August 21st, 2013 No comments

I’m trying Phabricator (perhaps switching from Bugzilla after 10 years) and I wanted an integration with LDAP service on the Active Directory of the Microsoft Windows Small Business Server – users should use their usernames to login.

It took me a while to find out correct parameters, the error provided by Phabricator was not very helpfull:

Argument 1 passed to PhutilAuthAdapterLDAP::readLDAPRecordAccountID() must be an array, null given, called in /usr/share/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php on line 111 and defined

Correct settings for Small Business Server are:

Setting Value
LDAP Hostname YOURSERVER.YOURDOMAIN.local
LDAP Port 3268
Base Distinguished Name OU=SBSUsers,OU=Users,OU=MyBusiness,DC=YOURDOMAIN,DC=local
Search Attribute mailNickname
Username Attribute mailNickname
Realname Attributes sn, givenName
Anonymous Username anonymous
Anonymous Password <empty>
ActiveDirectory Domain YOURDOMAIN.local
Categories: Missing Answers Tags:

Import CSV with UTF-8 into Excel for Mac

June 28th, 2013 3 comments

Excel for Mac 2011  does not support UTF-8 in CSV files. On Windows you can simply add Byte Order Mark (BOM) to the file and it will open correctly in Excel. This does not work on Mac. You can try importing the file with different encoding and some people declare success with UTF-16 Little Endian, but for me this simply does not work.

The best solution that I have found is a script made by Konrad Foerstner, which I have improved little bit, to support different colum delimiters.

Download the script from Github https://github.com/brablc/clit/blob/master/csv2xlsx.py, install library for writing Excel format sudo easy_install openpyxl.

Now you can covert the file from CSV to XLSX.

Categories: MacOSX, Missing Answers Tags:

Mac OS X: Cannot edit crontab

February 26th, 2013 4 comments

I wanted to edit crontab for a user on Mountain Lion and it did not work. Repairing permissions with Disk Utility did not help. I saw following error messages:

$ crontab -e
crontab: no crontab for player - using an empty one
crontab: "/usr/bin/vi" exited with status 1

$ EDITOR=vim crontab -e
crontab: no crontab for player - using an empty one
crontab: temp file must be edited in place

$ EDITOR=mcedit crontab -e
crontab: no crontab for player - using an empty one
crontab: installing new crontab
crontab: tmp/tmp.13840: No such file or directory
crontab: edits left in /tmp/crontab.Gyxvel8v43

$ crontab path-to-file-to-replace-current-tab
crontab: tmp/tmp.13784: No such file or directory

To reduce the problem, I have used mcedit. I have found that someone had this issue in 2007 – UNSOLVED. If you were a programmer you would be suspicious about the path without the leading slash. But how to find the real path? I made me comfortable with dtruss (strace for Mac) but it did not move me forward, I just saw that it is problem when opening the file for writing. But hey, this is BSD! We should find sources … and indeed they are available. Now it took just a while to go through the C code and finally find file install_misc.sh.

The solution of this problem is to create missing tmp directory in /var/at!

mkdir /var/at/tmp
chmod 700 /var/at/tmp

I have no idea where I have lost the tmp directory. But I should not be supposed to drill into the source code. Am I?

UPDATED: I believe this problem was caused by my attempt to wipe Parallels out of the system. I was deleting all files installed by the package and afterwards I was deleting empty directories system wide.

Categories: MacOSX, Missing Answers Tags:

I did one hundred push ups

October 15th, 2012 1 comment

I know there is only one person in the universe who cares – myself. But after 44 weeks, restart with deeper push ups and after injuries from ice hockey, countless questions why I did not give up, when there was obviously no visible progress … I have to record it for my later days 😉

It took me 314 days, it was 120 training evenings. Together 28343 push ups.

I could have been faster – reaching the end of hundredpushups.com training program program did not make me strong enough, so I continue without a plan and it was lost time. Finally I added 4 push ups to each series of the 3rd day of the 3rd level of the 6th week. I supported this with more proteins and cookies for last couple of weeks (2kg up!) And once I finished this, I felt confident that today was the right evening. 99th was tough, but I knew I did not want to fail at this number and I did it.

Thanks to @kaja47 who made the application for Czech community and to @HosipLan, who started the challenge. I have used iPhone application.

[Stats]

Categories: Family Blog Tags:

Windows phone registration problems

February 23rd, 2012 No comments

I spent many hours to figure out why I cannot register my developer device HTC HD7 to the App Hub:

An error occurred registering your phone.  Please try again.

The help forum does not really help:

The phone registration service returned an unexpected ErrorCode value.
Try this:
Check App Hub site for service alerts and/or retry after a few hours.

I have discovered that when the phone is connected to Zune, the internet connection in the telephone is broken, although it has wifi connected. So I became suspicious and finally started Wireshark. And indeed, Wireshark has answer to all your network questions. Zune bypasses proxy settings of the Windows 7 system. My setting say, it should neither use proxy nor try to discover one. I do this on purpose, because the default company proxy is too restrictive (Facebook blocking). But hey, this is not a forbidden site:

CONNECT developerservices.windowsphone.com:443 HTTP/1.0
Host: developerservices.windowsphone.com:443
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 407 Proxy Authentication Required (Access is denied)
Via: 1.1 GFI WebMonitor Proxy
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Proxy-Authenticate: NTLM
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0

Of course, it bypasses settings, discovered a proxy but it is not able to authenticate – even though it offers NTLM!

In order to make any debugging even worse, it does some connections directly. So Zune will let you login to your account. It just uses different way how connect your phone to the internet – it will not let you even update the software if you are connected over proxy which requires authentication.

Registration of the company developer account has been a nightmare too, days of waiting. Support finally contacted us, but apparently things got fixed without their intervention.

Should I mention 10 steps of software update, which took 30 minutes, 3 automatic restarts and at the end told me it has more updates for me? How many of them were there waiting in the queue? Cancel.

Categories: Missing Answers Tags:

Disable password expiration in Windows 7 Home Premium

January 30th, 2012 20 comments

It looks like admin accounts in Windows 7 Home Premium have password expiration set on. However, Windows 7 in Home Premium edition does not have a GUI tool to remove it. There is, however, a command line tool which allows to do it over Windows Management Instrumentation – its name is wmic.

If you want to remove password expiration do the following:

  1. Click on Start button.
  2. Type wmic
  3. Right click listed program wmic and “Run as Administrator”
  4. Now paste this commmand:
    UserAccount where PasswordExpires=TRUE set PasswordExpires=FALSE
  5. Confirm change for each account with password expiration.

This is not really a missing answer, however, there are plenty of solutions which do not work well, or contain typos – mostly because of different quotes used in the command. This script allows changing the expiration at once for all users that have it set – and it does not contain any quotes 😉

Anyway, this is so far the biggest failure I have encountered when using Windows 7 Home Premium edition: Force password expiration in home environment and do not provide a GUI how to disable it.

Categories: Missing Answers Tags:

Hasičský směnový kalendář

January 4th, 2012 No comments

Pro všechny hasiče, kteří používají Google potažmo Android tu máme perpetuální Hasičský směnový kalendář a to nejen pro rok 2012. Doufám, že to těm skvělým chlapíkům alespoň trošku pomůže.

Categories: Czech Tags:

Write into multiple ssh screens at once

September 15th, 2011 No comments

Sometimes I need to write commands to a handful of SSH sessions at once. I use putty terminal from Windows and did not find anything useful. So I let myself inspired by Rusty Klophaus’s pecho and wrote a Perl script, which is little bit more gentle to the escape sequences and than a small bash script which will nicely open multiple SSH sessions to given list of hosts. The nice think is that this works almost everywhere and does not need more than one standard Perl library on the writer side (on CentOS just run yum install perl-TermReadKey).

Categories: Missing Answers, Tools Tags:

Internal cryptographic library error when signing document

June 25th, 2011 No comments

Adobe Reader marked document signed with PDFCreator as invalid with this error message:

Error during signature verification.
Error encountered while validating:
Internal cryptographic library error.
Error Code: 0x2711

— Czech equivalent —
Chyba v průběhu ověřování podpisu.
Při ověřování se vyskytla chyba:
Interní chyba šifrovací knihovny.
Kód chyby: 0x2711

There is no info available on the internet what does it mean, so I contacted support and the answer was easy – I was signing the document with backup of my private key – there was no certificate present in that file, so there was not way how to calculate hash of the document. The solution is to export the private key including your certificate.

Categories: Missing Answers Tags:

How to use own vim configuration after sudo to shared account

June 17th, 2011 3 comments

Recently I became a fan of vim – and after storing my tuned dotvim on github, I found out, that I miss my configuration when I sudo to the root account. However, I’m not the only sudo user and I we have our own dotvim configuration. In the root’s .bashrc I put this line (it makes it a lot safer afterwards):

export SUDO_HOME=$(eval "echo ~$SUDO_USER")

In the root’s .vimrc following code is added (you may need to add more paths):

if !empty($SUDO_HOME)
    set runtimepath+=${SUDO_HOME}/.vim/bundle/vundle,${SUDO_HOME}/.vim
    let $MYVIMRC=$SUDO_HOME.'/.vimrc'
    source $MYVIMRC
endif

When logging as root using a key, I put following at the beginning of the authorized_keys file:

environment="SUDO_USER=ondrej" ssh-rsa ...

This may require PermitUserEnvironment yes in your sshd configuration.

Categories: Missing Answers Tags: