Monday, July 22, 2019

Meraki L2TP VPN Connection In Slackware64-current Plasma 5 - KDE 5

I needed a Meraki VPN connection for Slackware64-current as listed here: https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Linux

I took the idea from http://stuffjasondoes.com/2018/08/16/configuring-meraki-client-vpn-on-linux-mint-19-network-manager/

You can find more information here: https://wiki.gnome.org/Projects/NetworkManager/VPN

1) Download NetworkManager-l2tp 1.2.12 from https://github.com/nm-l2tp/NetworkManager-l2tp/releases

2) Repackage NetworkManager-l2tp using the following, modified SlackBuild:

#!/bin/sh

# Slackware build script for NetworkManager-l2tp

# Copyright 2010-2017 Robby Workman, Tuscaloosa, Alabama, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=NetworkManager-l2tp
VERSION=${VERSION:-1.2.12}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.xz
cd $PRGNAM-$VERSION
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;

CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--sysconfdir=/etc \
--localstatedir=/var \
--mandir=/usr/man \
--docdir=/usr/doc/$PRGNAM-$VERSION \
--without-libnm-glib \
--build=$ARCH-slackware-linux

make
make install DESTDIR=$PKG

# Create the chroot directory
mkdir -p $PKG/var/lib/l2tp/chroot

find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

3) Download, repackage and install xl2tpd 1.3.14 using the SlackBuild from ponce's repository: http://cgit.ponce.cc/slackbuilds/tree/network/xl2tpd

4) Download, repackage and install strongswan 5.8.0 using the SlackBuild from ponce's repository: http://cgit.ponce.cc/slackbuilds/tree/network/strongswan

5) Create the VPN connection using NetworkManager, as a "Layer 2 Tunneling Protocol (L2TP)" connection:

Give the connection a name under "Connection name:" on the top section
Under the "VPN (l2tp)" tab, enter the "Gateway:", "User name:", "Password:" and "NT Domain:"
Under the "VPN (l2tp)" tab, click on "IPsec Settings...", check "Enable IPsec tunnel to L2TP host", enter your secret under "Pre-shared Key:", enter 3des-sha1-modp1024 under "Phase1 algorithms:" and 3des-sha1 under "Phase2 algorithms:", click on "OK"
Under the "VPN (l2tp)" tab, click on "PPP Settings...", check only "PAP" under "Allow following authentication methods" and uncheck all other methods, uncheck "Use MPPE Encryption", check "Allow BSD compression", "Allow Deflate compression", "Allow TCP header compression", "Use protocol field compression negotiation", and "Use Address/Control compression". Leave "Send PPP echo packets" unchecked. Under "Other Settings", change "MRU:" and "MTU:" to 1400, click on "OK"
Under the "IPv4" tab, enter your Active Directory domain or domains under "Search Domains:". Click on "Routes...". Click on "+ Add" and enter the proper "Address", "Netmask", "Gateway" and "Metric". Click on "+ Add" and follow the same instructions until you add all proper routes (Hint: Routes can be found by running route in a terminal session). Click on "OK"
Click on "Apply" and then on "OK"

6) Test your newly created L2TP connection

Regards,

F. Bobbio C.

Friday, September 28, 2018

Microsoft Exchange Mozilla Thunderbird Integration

Update 08-18-2019: Since ExQuilla has slowed down the opening of Thunderbird (2 to 3 minutes to open Thunderbird, with constant "freezing" during the day) I am now using the Exchange accounts via IMAP + TbSync + ExchangeCalendar

Update 12-30-2018: I now use ExchangeCalendar (https://github.com/ExchangeCalendar/exchangecalendar/releases) instead of TbSync. ExchangeCalendar integrates seamlessly with Thunderbird to display meetings and times slotted in Exchange

Most of the users I encounter work in a Microsoft Windows environment or use a Microsoft Windows based machine (desktop or laptop). Some others use a macOS based machine (iMac, MacBook Air or MacBook Pro). The rest of us, though, prefer to work in a Linux based machine, some with access to cli and others with a GUI

In a Microsoft Windows business environment, the business "de facto" E-Mail client is Microsoft Outlook, since it communicates with Exchange servers to synchronize E-Mails, calendars, tasks and contacts. Microsoft Outlook can also be installed in macOS based devices, with similar capabilities. In Linux, some of us use Mozilla Thunderbird

One big issue that most Mozilla Thunderbird users encounter is the inability to tie directly to Exchange. The workaround is either using the web portal for Microsoft (https://outlook.office365.com), but in some cases (nowadays less and less) the Exchange server is on premises. Meet ExQuilla for Microsoft Exchange by R Kent James and TbSync by John Bieling. Both, ExQuilla and TbSync, are add-ons for Mozilla Thunderbird

ExQuilla can be downloaded from https://addons.thunderbird.net/en-US/thunderbird/addon/exquilla-exchange-web-services/ as an xpi file and installed in Mozilla Thunderbird by clicking on "Tools", "Add-ons", the gear on the top section, towards the left, "Install Add-on From File...". Once it is installed, either use the "Autodiscover" feature or the "Manual" one. In my case, I had to use the "Manual" one, enter the "Microsoft Exchange EWS URL" (https://outlook.office365.com/EWS/Exchange.asmx) and "Test EWS URL". The proper EWS URL can be found following step 2. in https://support.neuxpower.com/hc/en-us/articles/202482832-Determining-the-Exchange-Web-Services-EWS-URL

TbSync can be downloaded from https://github.com/jobisoft/TbSync/releases as an xpi file as well using the same procedure for installing ExQuilla. Once installed, double click the icon on the lower right corner of Mozilla Thunderbird labeled "TbSync: Idle", click on "Account actions", "+ Add new account", "Exchange ActiveSync (EAS)", enter proper information and either use the "Automatic configuration via ActiveSync Autodiscover" or "Custom configuration". In my case, I had to use the "Custom configuration", with "Server address" https://outlook.office365.com and "ActiveSync version" v2.5. Click on "Enable account & try to connect to server"

The E-Mails will show as a new account with an "X" preceding it on the left pane in Mozilla Thunderbird. The contacts will show in the "Address Book". The address book with "/GAL" will allow for contact queries/searches, as if you were using Microsoft Outlook. The same procedure can be used in Mozilla Thunderbird in Microsoft Windows and macOS based machines

Regards,

F. Bobbio C.

Friday, August 3, 2018

Automated Data Transfer - Linux To Windows + Vice Versa

Recently one of the developers where I work had an interesting task to accomplish: Transfer data from a Windows server to a Linux server and vice versa automatically every 5 minutes for a production environment. The data originated at the Windows server, was processed in the Linux server, copied to a different path and the result needed to be copied back to the Windows server, to a different folder. The accounting users were saving the original data to a Windows shared folder. The process needed to originate at the Windows server, since my team mates were not proficient in Linux, in case the files needed to be modified later on

Thanks to WinSCP, the solution was simple:

1) Create a batch file (WinSCP2Linux.bat) with permissions for service account to read and execute. The content should be something similar to this:

winscp.com /ini=nul /synchronize /script=C:\Users\LocalAdmin\ScriptCopyToOracle.txt

2) Create a text file (C:\Users\LocalAdmin\ScriptCopyToOracle.txt), with permissions for service account to read and execute. The content should be something similar to this:

open sftp://LinuxServerUsername:LinuxServerUserPassword@LinuxServerName/ -hostkey="ssh-rsa 2048 xx:yy:zz:aa:bb:cc..."
put C:\Path\To\Windows\Original\Files\* /path/to/Linux/server/firstfolder/
get /path/to/Linux/server/secondfolder/* C:\Path\To\Windows\Processed\Files\
exit

Note: LinuxServerUsername requires read and write permissions to both Linux folders for this procedure to work. Both Windows folders have read and write permissions

3) Create a task via "Task Scheduler" which runs the batch file every 5 minutes and runs under the service account specified in step 1)

The task will only synchronize files that are not in the folders every 5 minutes. I would recommend testing if the task works by opening an elevated command prompt ("Start", cmd, right click, "Run as administrator"), pasting winscp.com /ini=nul /synchronize /script=C:\Users\LocalAdmin\ScriptCopyToOracle.txt into it and hitting the "Enter" key. If there are no errors, you should see the processed files in the firstfolder in Linux and in the processed files folder in Windows

The Linux server was running Red Hat Linux and the Windows server was on Windows Server 2012

Regards,

F. Bobbio C.

Corrupted Profile - In A Mac

Any IT professional that deals with users needs to know a bit of other Operating Systems. The three main ones currently are Windows, macOS and Linux.

I recently had a case where a customer using a Mac could not open any application. When the application icon was clicked, there were errors pointing to the Library folder and cache. All applications had the same issue. I thought about it for some minutes and logged out and back in, but under a different profile. The other profile did not display those issues, thus the issue being with the original profile

I created a new profile with Administrator priviledges (that was the access level for the original profile) and copied all documents over, thinking that all permissions would transfer, but, how wrong was I! The permissions for the iPhoto and Photo libraries did not transfer. They were under OriginalUser:OriginalGroup and the new user was NewUser:staff and when the customer tried to open iPhoto or Photos, there was an error about permissions

I had to use a bit of "command line" (or console/terminal) "magic" and change the permissions for the whole folder/application. I logged out and back in with another Administrator account, since the new user account did not allow me for the change. The other account did not have any password, which did not allow for sudo access. I changed the password and ran the commands, each in a different terminal session. Click on the upper right corner on "Spotlight" and type terminal. Open the application. Right click on the application icon on the lower bar and "New window" for the second terminal session

First terminal session:
sudo chown -R NewUser:staff /Users/NewUser/Pictures/iPhoto Library.photolibrary

Second terminal session:
sudo chown -R NewUser:staff /Users/NewUser/Pictures/Photos Library.photoslibrary/

Let both commands run until they finish. In this case, the customer had well over 250 GB of pictures in each application. The process took all night long. Once the terminal session showed the MacDeviceName:~ AdminUser$ prompt in each terminal session, the customer closed everything (Command + Q in each window) and logged out and back in. The customer reported all the pictures were accessible and viewable. No more permissions errors

I hope this helps someone

Regards,

F. Bobbio C.

Wednesday, June 20, 2018

Barco ClickShare In Slackware64-current

Update 06-23-2018: According to https://www.barco.com/en/support/clickshare%20csc-1/knowledge-base/KB1191 users can use MirrorOp or the Google Cast extension to share screen

ClickShare is a neat way of presenting the content of your machine (and 3 others) without having to plug and unplug an HDMI cable. ClickShare, by Barco (https://www.barco.com/en/clickshare), requires a USB port to work. Simply plug in the USB adapter and run the .exe (MS Windows) or .dmg (macOS) file.
Unfortunately, back in December 2017, Barco stopped support for Linux clients (https://www.barco.com/en/support/clickshare%20csc-1/knowledge-base/KB1191).
Since a Slacker does not give up easily, I setup to install and run ClickShare on Slackware-current. Here are the steps I needed to follow to accomplish this task.

1) Download and install ffmpeg 2.1.5 (http://slackware.uk/slacky/slackware64-14.1/multimedia/ffmpeg/2.1.3/ may also do it) (ffmpeg 3.X does not work with ClickShare). This version of ffmpeg will allow the use of libswresample.so.2
Note: Even ffmpeg 2.8.6 will use libswresample.so.3 which will not work with ClickShare

2) Download the SlackBuild script for libresample from PhantomX (https://github.com/PhantomX/slackbuilds/tree/master/libresample). This will repackage libresample in 64-bit for your system. There are some libresample packages for Slackware, but for x86, not x86_64
Repackage libresample and install it

3) Download clickshare_01.07.01-79_amd64.deb (https://drive.google.com/drive/folders/0B9IKZqXvLKM_Yno1UmpGLVRXNDg)
This package was a bit harder to find, since Barco does not offer it anymore on its website

4) Decompress the contents and cp -a the content into the appropriate folders

5) Start ClickShare by typing clickshare in a terminal session or from your launcher

Regards,

F. Bobbio C.

Saturday, April 21, 2018

Citrix Receiver In Mozilla Firefox (64-bit) In Slackware64-current

Update 01-02-2019: Citrix Receiver has not updated for a while and has been replaced by Citrix Workspace: https://www.citrix.com/downloads/workspace-app/linux/workspace-app-for-linux-latest.html but I still received error messages regarding "0.0.0.2 - Application No such file or directory. Verify your connection settings and try again." even after installing certificates and creating symbolic links for libidn. The internal storefront works without any issues, while the external one has some issues if using Mozilla Firefox or Google Chrome in Slackware64-current. This issue does not happen in Microsoft Windows 10.
After a bit of research and reading, I found this forum https://www.linuxquestions.org/questions/slackware-14/citrix-receiver-problems-due-to-missing-libidn-so-11-in-current-of-2018-06-21-a-4175632430/ where they listed this URL for Chrome: https://chrome.google.com/webstore/detail/citrix-workspace/haiffjcadagjlijoggckpgfnoeiflnem?hl=en as an "app" for Google Chrome. The "app" is working great so far. No need to install Citrix Receiver anymore, just point the "app" to the proper URL for your storefront and enjoy

Update 12-23-2018: In cases where there is a black square around the mouse pointer, follow the instructions in this page: https://support.citrix.com/article/CTX212013

Citrix Receiver is a virtualization client which allows to run applications and programs running on a Citrix server from within a browser connection

In the Microsoft Windows world, you can simply download and install an application that would start when you login to your computer and even allows to use single sign on (https://www.citrix.com/downloads/citrix-receiver/windows/receiver-for-windows-latest.html), but my laptop is Linux based and I prefer to use Citrix Receiver natively in Linux

In the past, you needed to run a multilib system to run Citrix Receiver (https://docs.slackware.com/howtos:network_services:citrix_client or https://alien.slackbook.org/blog/new-multilib-versions-of-glibc-and-gcc-for-slackware-current/), but luckily for all of us, now the 64-bit version of Citrix Receiver can be run on Firefox without an issue

1) Download Citrix Receiver from https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html by choosing "Tarball Packages" and "Receiver for Linux (x86_64). Accept the license agreement and save the tar.gz file

2) Navigate to the location where you saved the the tar.gz file and extract it (tar vxf linuxx64-13.9.1.6.tar.gz in this case)

3) Run setupwfc as root and choose "1. Install Citrix Receiver for Linux 13.9.1"

4) Follow the prompts, making sure to select "n" for "Do you want to install USB support? [default n]:"

5) Follow steps "5. Add more SSL certificates" and "7. (64-bit only) Fix Firefox plugin installation" from https://help.ubuntu.com/community/CitrixICAClientHowTo

Note: If steps 5 and 7 from https://help.ubuntu.com/community/CitrixICAClientHowTo are not followed, error message "Cannot connect to "0.0.0.2 - Application No such file or directory. Verify your connection settings and try again." may display on the screen when trying to launch an application

6) Alternatively follow step "6. Configure Citrix Receiver" from https://help.ubuntu.com/community/CitrixICAClientHowTo if you want to map drives to allow access to files in the remote Citrix session

7) Create symbolic links, if needed, for libidn:
ln -s libidn.so.12.6.0 libidn.so.11
ln -s libidn.so.12.6.0 libidn.so

Regards,

F. Bobbio C.

VPN Connections In Slackware64-current Plasma 5 - KDE 5

I use three different VPN connections in my laptop: OpenConnect, OpenVPN and PPTP. I like these connections to be managed by NetworkManager and not by third parties

The first one (OpenConnect) is compatible with Cisco AnyConnect: http://www.infradead.org/openconnect/

The second one (OpenVPN) is compatible with pfSense: https://openvpn.net/

The third one is used to connect to a Point-to-Point Windows server: http://pptpclient.sourceforge.net/

After some updates in Slackware-current and KDE5, the connections stopped working. These are the steps I followed to have the connections up and running

OpenConnect:
I repackaged openconnect from https://www.slackbuilds.org/repository/14.2/network/openconnect/ and used the same NetworkManager-openconnect package for 14.2 from https://www.slackbuilds.org/repository/14.2/network/NetworkManager-openconnect/
I also found a Plasma 5 NetworkManager package at https://github.com/philipvdh/slackbuilds/tree/master/plasma5-nm-openconnect (from rworkman) by searching on Google for plasma5-nm-openconnect and followed the .info file in there to download the latest version of the package from https://github.com/KDE/plasma-nm/releases which matched with the Plasma packages (5.12.4). This last step did the trick for OpenConnect
The alternative would be to download and run the Cisco AnyConnect native client for Linux

OpenVPN:
I repackaged openvpn from https://ftp.osuosl.org/pub/slackware/slackware64-current/source/n/openvpn/ and used the NetworkManager-openvpn SlackBuilds script from https://www.slackbuilds.org/repository/14.2/network/NetworkManager-openvpn/ which worked fine, but I changed the tar.xz file to be the latest (1.8.2) and used the package from https://download.gnome.org/sources/NetworkManager-openvpn/1.8/NetworkManager-openvpn-1.8.2.tar.xz
The plasma5-nm-5.12.4 package from alienBOB worked perfectly for this connection
I imported the ovpn file that I have saved and used before

PPTP:
I repackaged pptp from https://www.slackbuilds.org/repository/14.2/network/pptp/using the latest version (1.10.0) from https://sourceforge.net/projects/pptpclient/files/ and used the NetworkManager-pptp SlackBuilds script from https://www.slackbuilds.org/repository/14.2/network/NetworkManager-pptp/ which worked fine, but I changed the tar.xz file to be the latest (1.2.6) and used the package from http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-pptp/1.2/NetworkManager-pptp-1.2.6.tar.xz
The main part is to click on "Advanced..." and select only "MSCHAP" and "MSCHAPv2" under "Allow following authentication methods:" and "Use MPPE Encryption" with "Crypto: Any"

Regards,

F. Bobbio C.