Blogger Tool for Suse 10

Ok, so this may be the least coolest of the new Suse 10.1 stuff but its one of the most useful. A tool straight out of the box that lets you blog without having to use a website. Yes I know there are a dozen of them but this is just great to have it out of the box.

WG511U worked out of the box

Here I was expecting the worst, googling around told me how to make such a card compatible, but from online reports, the card would be identified, but not be able to work without help from ndiswrapper.

Today I simply configured my wireless network via Yast and lo and behold I connect, get a DHCP and I am browsing the net as you see here. No ndiswrapper looking for ini files, no hw/if up/down, just entering the wireless settings in yast – KInternet was shut too.

Funny how the simplest things work the best

Printing and Linux

http://www.networkcomputing.com/showitem.jhtml?articleID=160910914&pgno=1

With back to school sales there are a lot of multifunction printers on the cheap. Essentially the Canon Pixma MP150 or HP PSC1410 are both offered for $89AUD. Generally, this will allow me to get rid of the current Canon scanner and Lexmark P707 combo I have at the moment and give back much need desk space. Given the lexmarks poor quality, annoying drivers and unreliability coupled with expensive cartridges is why I’m looking at the options available.

So a quick shopping list of what I need (no particular order)
– cheap cartridges
– ability to print in linux (although the print server is a Windows box, it is feasable that linux drivers can be avoided)
– good milleage on print media
– durable

The printer will, as it is currently, connected to the Windows machine. Laptop printing will be facilitated by Windows Networking.

Through my investigations I learnt that Epson and HP models are best for Linux printing. Although a little dated, this linuxprinting.org article about picking the best printer was helpful. Canon’s should be avoided like the plague.

That said, the thought entered my head about the Print Server taking on the task of preparing the print job. Perhaps the linux device would create the print job in a postscript format to which the Windows side would re-render and print the job. This means the linux support is indifferent (but inflexible, you can’t expedite a big print job by connecting your laptop directly to the printer and if the desktop is unavailable so is your printing).

In the article attached Windows to Linux Printing (and Vice Versa) explains about how to set something up along those lines, using CUPS and Samba. It also explains the difference between a print server, spooler, queue and how tasks are delegated between machines and the CUPS/Samba subsystems.

The most important concept is that in the ‘default’ networked printing environment, (platform independent), the client computer has the print drivers for the target printer installed and creates a RAW print file. When the file is ready, it is passed along the printer to the spooler and the spooler organises the printing of the document.

I thought I could implement this on my current setup before purchasing any hardware and learnt that I didn’t have to. Some clever monkey had built a Lexmark driver for the P707 based on the Z55 drivers lexmark have released.

No one had implemented drivers for new canon printers, even support from third party vendors such as TurboPrint and EPS was lacking.

Whilst HP didn’t support the printer directly, they do have drivers for the model down, PSC1400 and someone had used this to get a slowly working version going.

One side note to these requirements is to get a laser printer. The HP Laserjet 1020 is $149 AU and whilst it wouldn’t solve space problems. Again linux support is experimental but being a laser it would be more easy to support with a PCL/PPD type interface.

Decision forthcoming with the next edit. Its just good to know what is out there though.

WPA passkeys don’t like ‘&’

I’ve been attempting to get Suse 10 working with my wireless network again after I upgraded the network security to WPA-PSK (TKIP).

Problem

  • Wireless network being detected in KInternet as a WEP network.
  • KInternet doesn’t appear to support WPA.
  • Unable to authenticate with Wireless network using WPA-PSK.

Most Importantly:

  • Ampersands in the WIRELESS_WPA_PSK setting of wireless interfaces config file (/etc/sysconfig/network/ifcfg-wlan-yourNICsMacAddy) can not have an ‘&’ character in them. Characters after the ‘&’ will be ignored.

Solution:

  • Configure your wireless interface in YAST such that it refers to the WPA-PSK network you are directly connecting to. For example, specify the SSID of the access point rather than ‘any’.
  • Disable KInternet from launching on KDE login.
  • Cleanup the wireless interfaces config file (/etc/sysconfig/network/ifcfg-wlan-yourNICsMacAddy), remove WEP passwords from the previous configuration.
  • Set USERCONTROLsetting to ‘no’. Disabling KInternet from launching at logon in Yast previously should have set this automatically.
  • In WIRELESS_WPA_PSK setting, precede the ampersand with the ‘‘ escape character.
  • Use hwdown / hwup to restart the interface.
  • Do an ifstatus interfaceName to ensure that the reconnection is successful.


Troubleshooting steps

  1. Read documentation for the hw{up, down, status} commands & ifcfg-wireless configuration file.
  2. Learnt that the paramater to use with hw… commands are the filenames found in /etc/sysconfig/hardware/hwcfg-*
  3. Opened a command shell, sudo as root user.
  4. Took down the device with /sbin/hwdown hwcfg-bus-pci-00:02:0a.0 (enter this command while your in the /etc/sysconfig/hardware directory so you can get tab completion to fill in the hwcfg name including escape sequences.
  5. Did a hwup (essentially this and the previous step give me a clean slate)
  6. Did an ifup-dhcp eth1
  7. Got the following

icarus-lx:/etc/sysconfig/hardware # /sbin/ifup eth1
eth1 device: Intel Corporation PRO/Wireless LAN 2100 3B Mini PCI Adapter (rev 04)
eth1 configuration: wlan-id-your:wNICs:MAC:addy
scripts/ifup-wireless: line 515: 2: command not found
eth1 starting wpa_supplicant
Line 7: Invalid passphrase length 7 (expected: 8..63) charsUp‘.
Line 7: failed to parse psk ‘”charsUp‘.
Line 8: WPA-PSK accepted for key management, but no PSK configured.
Line 8: failed to parse network block.
Failed to read configuration file ‘/var/run/wpa_supplicant-eth1.conf’.
DHCP client is already running on eth1
ERROR: Warning: Could not set up default route via interface
Command ip route replace to default via 192.168.1.254 returned:
. RTNETLINK answers: Network is unreachable
Configuration line: default 192.168.1.254 – –
This needs NOT to be AN ERROR if you set up multiple interfaces.
See man 5 routes how to avoid this warning.

I’ve modified the output for security reasons, but just pretend in this case my WPA passkey is charsUp&BeyondTheAmpersand. The error message (Line 7:…) is telling me that the password is too short, rather that its not reading past the ampersand sign.

  1. Modified the /etc/sysconfig/network/ifcfg-wlan-00:00:00:00 with the correct password
  2. Bought down the interface with ifdown.
  3. Bought down the hardware device with hwdown
  4. Bought up the hardware device with hwup, which automatically does an ifup on the connected interface
  5. Do a ifstatus to verify that you are now connected to the network. The last few lines should look similiar to
  6. bssid=ap’s:mac:address
    ssid=apName
    pairwise_cipher=TKIP
    group_cipher=TKIP
    key_mgmt=WPA-PSK
    wpa_state=COMPLETED
    ip_address=ip.assigned.by.dhcp
    Supplicant PAE state=AUTHENTICATED
    suppPortStatus=Authorized
    EAP state=SUCCESS

Useful Commands
/usr/sbin/hwinfo – displays a list of hardware devices and the parent devices to which they are joined

Its worth noting I managed to get by with just the simple hwup, down, status & ifup-dhcp, ifdown, ifdown-dhcp and ifstatus commands to resolve the problem. /usr/sbin/iwconfig was not required.

Useful Files and Directories
/etc/sysconfig/hardware/hwcfg-…. – The filenames of the hardware config files. Specify this filename when running the hwup/down/status commands
/etc/sysconfig/network/ifcfg-wlan-… – The config files for the wireless interfaces

Samba vs SuSE Firewall

This Novell Cool Solutions page begins a trail on figuring out how to get Samba working with the SuseFirewall switched on. It explains all the key components well and provides references to further reading.

Although a solution is provided, it only covers the situation that you will never be using one of the interfaces and talks about using other software to manipulate the iptables system (the kernal level firewall if you will). I wanted to keep things simple and thought I’d try to champion a way, or at least build reasoning on enabling SMB over the firewall using the standard Yast tools, without opening the share up to who knows what on the big bad Internet.

It actually led me to read Chapter 23 of the Suse Linux Reference Guide about Security in Linux. It’s a well written doc that explains how the operating system uses iptables to manipulate packets that flow through a machine. The other key concept explained in this doc, are the firewall zones, internal, external and DMZ (demilatarised zone) which may be new to you if you are coming from using a mainstream firewall in a Windows OS. Each interface is associated with one zone only.

The internal zone consists of interfaces that are usually plugged into each other – places on a local LAN you can trust. You have an external zone consisting of the Internet and other untrusted sources. Suse’s default setup is to place both your network interfaces in the external zone. The yast wizard is very leading and the only place you can dictate allowed services with minimal effort is in the external zone.

I think SuSEFirewall makes the assumption that you are connecting one port directly to a dsl modem (ppp interface) and you have a seperate network cable going out to your local server. One interface is external and the other internal and thus you can specify what services can run between LAN machines and what services can run between internet machines seperately.

When researching this problem, I noticed that writers of firewall articles were careful to emphasise the importance of setting the zones correcly and that is another piece of the puzzle. If all your interfaces and services run out of the external zone, but the external zone merely represents a connection to a router than its your routers responsibility to be the firewall for your network.

There is still more to read, and I’ll edit this blog as I get to them.

Ways to configure SuSEfirewall

Consider SuSEFirewall as an interface to the iptables that the operating system uses to dictate its packet filtering. SuSEFirewall can be configured with Yast’s Security->Firewall component which provides wizards for ‘ease-of-use’ setup. The only problem is that there is no specific SMB Client rule and the SMB Server rule doesn’t appear to work.

/etc/sysconfig/SUSEfirewall2 is the controlling file of the firewall. Its a good config file to read as it explains all the paramaters with examples. This file is what the Yast module actually writes to once you’ve made changes to the firewall. I found that you can also manipulate this file via the /etc/sysconfig module in Yast which just wraps the comments and their paramaters up in a nifty GUI.

Why the clipboard in Suse/KDE behaves like Windows

Having used various *nix desktops, I’ve grown accustom to the everything you select, goes to the clipboard. Using either a middle or right click, or CTRL-V will paste the contents where its intended.

What I didn’t realise is that there are actually 2 clipboards. One for the keyboard shortcut method and one for the selection. As per the Klipper documenation:

The X Window System® uses two separate clipboard buffers: the “selection” and the “clipboard”. Text is placed in the selection buffer by simply selecting it, and can be pasted with the middle mouse button. To place text in the clipboard buffer, select it and press Ctrl-X or Ctrl-C. Text from the clipboard buffer is pasted using Ctrl-V or by selecting Edit->Paste.

There is a setting in the Klipper preferences to either keep the clipboards seperate (default) or automatically synchronise them. Selecting the former led me back to my happy, select text anywhere and paste with CTRL-V as well as middle mouse button. As I grow to become more of a haXor, I may see the benefit in two clipboards, but for now…

Old Windows habbits die hard

The freeze on wireless networking

The freeze on wireless networking

At present I’m trying to solve an issue with the wireless lan causing the entire system to freeze up at the point it picks up an IP address.

Still yet to find anywhere online that mentions the problem, but it would be nice to see me rip the guts out of it and start again.

The site above though did provide a good intro to wireless components on linux. I’m starting to get my head around the wireless tools commands (they are in /usr/sbin instead of regular /sbin/

I did try a variety of things. The only thing I could pinpoint was that I could establish a connection to the Access Point, it was only freezing on obtaining an IP address. I had made a change to my router as well specifying the DNS addresses to divy out instead of relying on the defaults that I get from PPPoE session it establishes automatically – Could that be causing the problem? Well, not really, because I was still getting freezes when I was on the train… perhaps picking up someone else’s access point, not uncommon on my train line.

Initially the device was set to activate At Boot Time which is why I couldn’t even launch KDE with the wireless card switched on. After starting the laptop with the wireless card switched off, changing the start device to MANUAL alieviated the boot time crash.

Using YAST, I changed a few more settings. First I specified a static IP address. I noticed that the MTU setting had been removed entirely, so I set that back to 1500 (not sure of the suitability of this value on a wireless connection but oh well). I changed the activation to Hot Plug which is close enough to AtBootTime but the documentation claims to be a bit less of a crybaby when things go wrong. Because I suspected the DNS to be the problem to, I specified the DNS servers in the Host and Routing prefs rather than let DHCP find them.

Using Kinternet, I reestablished the connection. To my suprise it connected, used the IP’s I had assigned it. The only problem was that I couldn’t resolve domain names, I could only ping my router and computers on my network.

I went back in, set the DNS to obtain values via DHCP and so far, so good.