I bought myself a YubiKey Neo and it works great on my Linux systems but there's one little snag I hit tonight (and solved).
The problem:
I took my YubiKey to another computer and wanted to SSH to my server which is configured to let me log in using it as the key. Unfortunately I couldn't get the key to be recognized by gpg-agent.
Doing this: gpg-agent --enable-ssh-support --daemon ssh-add -l
didn't work. No keys were listed (except ones on the hard drive).
Turns out my problem was I needed to install gnupg2-smime.
After the fact I remembered I did that on the first computer I setup to use it.
This is probably your problem if gpg --card-status works but gpg2 --card-status doesn't.
Friday, October 4, 2013
Monday, September 16, 2013
Yay KDE
http://www.kde.org/
https://fedoraproject.org/en/get-fedora-options
Fedora 19 + KDE = My favorite Linux setup.
I'm using it at work on my primary workstation as the primary OS.
I've got my co-programmer using it too as his primary OS on his workstation.
I've got my awesome Laptop running it (along with Steam and games).
And if I'd known more about it when I first set up my Grandmother's laptop I would have installed that instead of the Gnome version of Fedora.
It's not perfect but it's good.
- Chris
https://fedoraproject.org/en/get-fedora-options
Fedora 19 + KDE = My favorite Linux setup.
I'm using it at work on my primary workstation as the primary OS.
I've got my co-programmer using it too as his primary OS on his workstation.
I've got my awesome Laptop running it (along with Steam and games).
And if I'd known more about it when I first set up my Grandmother's laptop I would have installed that instead of the Gnome version of Fedora.
It's not perfect but it's good.
- Chris
Thursday, June 6, 2013
Android keyboard update
Just testing out the keyboard update. It's pretty good at figuring out what I mean. I only had to make one correction and only because I changed my mind about what to write. No more tap tap sound. One tap per word is better than one tap per letter.
Friday, May 24, 2013
Apple Time Capsule and IP Problems
Stupid Apple Time Capsule keeps disappearing.
Turns out the IP being advertised over Bonjour is wrong and I have not figured out how to fix it.
I used a Linux system with avahi-tools installed
]# avahi-browse -a -r -t
= wlan0 IPv4 User's Time Capsule Apple File Sharing local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [548]
txt = []
= wlan0 IPv4 User's Time Capsule Microsoft Windows Network local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [445]
txt = ["netbios=H=n"]
= wlan0 IPv4 User's Time Capsule Apple TimeMachine local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [9]
Well that's not right when the subnet is a 192.168.10.X
Checking the DHCP client table of the cable modem shows the capsule was given a valid address and I can even ping it. Still, the wrong address. The AirPort Utility can't greys it out since it can find it. Oh and it's connected to the router via Ethernet to rule out wifi issues.
Turns out the IP being advertised over Bonjour is wrong and I have not figured out how to fix it.
I used a Linux system with avahi-tools installed
]# avahi-browse -a -r -t
= wlan0 IPv4 User's Time Capsule Apple File Sharing local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [548]
txt = []
= wlan0 IPv4 User's Time Capsule Microsoft Windows Network local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [445]
txt = ["netbios=H=n"]
= wlan0 IPv4 User's Time Capsule Apple TimeMachine local
hostname = [Users-Time-Capsule.local]
address = [169.254.65.2]
port = [9]
Well that's not right when the subnet is a 192.168.10.X
Checking the DHCP client table of the cable modem shows the capsule was given a valid address and I can even ping it. Still, the wrong address. The AirPort Utility can't greys it out since it can find it. Oh and it's connected to the router via Ethernet to rule out wifi issues.
Monday, April 29, 2013
Slow Snow Leopard and .local Domains in Active Directory and How I Fixed It
I had a very annoying problem with a Mac in an Active Directory domain. It's not completely solved but it's much better...
What you may wonder?
Well my Mac at work would hang for long periods of time any time I needed to authenticate like at the logon screen or to unlock a the screen saver or connect to a network share.
An important part of the problem is the domain is something.local so my mac is mac.something.local and the domain controller is dc.something.local.
I couldn't solve the problem completely but I do have a fairly satisfying workaround which could be fleshed out into a full fledged workaround.
Basically the mac when querying for dc.something.local would use mDNS and should to the subnet rather than asking the DNS server specified by DHCP.
In wireshark I'd see something like this.
Mac -> mDNS: Give me the A and AAAA record for dc.something.local
Mac -> correct DNS server: Give me the AAAA record for dc.something.local
DNS server -> Mac: No AAAA record for dc.something.local
wait....
timeout....
fail.
So Snow Leopard is being dumb and despite ipv6 being disabled and being given a DNS server to ask via DHCP, it's asking the wrong questions to the wrong places.
Solution? None found.
Workaround? Yes! I have a Linux server on the network and it happens to be running some old version of Fedora (these instruction should work on newer Fedora's and CentOS and RHEL's of the world) and the service called avahi-daemon installed.
That program talks mDNS and and reply. In a file called hosts in /etc/avahi I put in the following gems.
::ffff:0:192.168.1.2 dc.something.local
::ffff:0:192.168.1.100 mac.something.local
192.168.1.2 dc.something.local
192.168.1.100 mac.something.local
That has the nice effect of causing the mDNS requests to timeout immediately because it gets a reply to the AAAA request (it doesn't seem to matter that the ipv6 address isn't accessible because again I turned off ipv6). Also, it gets the ip4 address immediately and it can also resolve itself. (oh my mac is has a reserved ip in DHCP so this works for me) I can even get my Kerberos tickets nearly instantly.
I have another file server though and connections take a day and a half too... or at least they did.
I just added
::ffff:0:192.168.1.3 filesrv.something.local
192.168.1.3 filesrv.something.local
And boom, fast connection times.
Wishlist for the internet time. I would really like someone to write a program that would listen to for mDNS requests in a given something.local domain and query the answer via the normal unicast DNS server and then reply over mDNS with the real answer and the fake ipv6 answer so it will work for any given host on my network. Bonus points if it's safe enough to run right on the DNS server (which in this case is the Windows Domain Controller) so I don't need a third party to the DNS conversations.
What you may wonder?
Well my Mac at work would hang for long periods of time any time I needed to authenticate like at the logon screen or to unlock a the screen saver or connect to a network share.
An important part of the problem is the domain is something.local so my mac is mac.something.local and the domain controller is dc.something.local.
I couldn't solve the problem completely but I do have a fairly satisfying workaround which could be fleshed out into a full fledged workaround.
Basically the mac when querying for dc.something.local would use mDNS and should to the subnet rather than asking the DNS server specified by DHCP.
In wireshark I'd see something like this.
Mac -> mDNS: Give me the A and AAAA record for dc.something.local
Mac -> correct DNS server: Give me the AAAA record for dc.something.local
DNS server -> Mac: No AAAA record for dc.something.local
wait....
timeout....
fail.
So Snow Leopard is being dumb and despite ipv6 being disabled and being given a DNS server to ask via DHCP, it's asking the wrong questions to the wrong places.
Solution? None found.
Workaround? Yes! I have a Linux server on the network and it happens to be running some old version of Fedora (these instruction should work on newer Fedora's and CentOS and RHEL's of the world) and the service called avahi-daemon installed.
That program talks mDNS and and reply. In a file called hosts in /etc/avahi I put in the following gems.
::ffff:0:192.168.1.2 dc.something.local
::ffff:0:192.168.1.100 mac.something.local
192.168.1.2 dc.something.local
192.168.1.100 mac.something.local
That has the nice effect of causing the mDNS requests to timeout immediately because it gets a reply to the AAAA request (it doesn't seem to matter that the ipv6 address isn't accessible because again I turned off ipv6). Also, it gets the ip4 address immediately and it can also resolve itself. (oh my mac is has a reserved ip in DHCP so this works for me) I can even get my Kerberos tickets nearly instantly.
I have another file server though and connections take a day and a half too... or at least they did.
I just added
::ffff:0:192.168.1.3 filesrv.something.local
192.168.1.3 filesrv.something.local
And boom, fast connection times.
Wishlist for the internet time. I would really like someone to write a program that would listen to for mDNS requests in a given something.local domain and query the answer via the normal unicast DNS server and then reply over mDNS with the real answer and the fake ipv6 answer so it will work for any given host on my network. Bonus points if it's safe enough to run right on the DNS server (which in this case is the Windows Domain Controller) so I don't need a third party to the DNS conversations.
Subscribe to:
Posts (Atom)