pengelly.info has moved!

August 2019 was a move from Cornwall to Essex and to the ‘birthplace of radio’ – Chelmsford! Very happy here…

Posted in Uncategorized | Leave a comment

How to password protect a PDF document (on linux OS)

Install pdftk if needed

pdftk <source>.pdf output <destination>.pdf userpw <password>

example:

pdftk Mydocs.pdf output Mydocs_pass.pdf userpw secretword

Posted in conversion, pdf, ubuntu | Leave a comment

Drivers for AC1200MBS on xubuntu 18.04

promised my lovely ‘no wires in the new house’, so trying to get some 5ghz wifi sorted. Doesn’t work out the box. Simply: sudo apt install rtl8812au-dkms

Posted in Uncategorized | Leave a comment

LTSP Public Lab – 2019

LTSP has the ability to offer thin or fat clients which boot from a centrally controlled image from a server using tftp network boot.

The following guide uses Xubuntu 18.04 (LTS desktop 64bit version), using a ‘chrootless’ (aka PNP ltsp) setup, which unlike the more common chroot-ed ltsp setups, uses the configuration of the server’s desktop to create the image the clients will boot from. The reason for not doing this in the past was related to the DHCP setups for such networks, but dnsmasq used in conjunction with a separate dhcp server makes for a simpler setup, as long as using the server’s desktop to create the client desktop is not an issue. With a chroot setup (my first attempt) a server can have no gui and multiple desktop environments can be deployed, independently of how the server is setup, if required. I found it more complex to administer and the script for resetting the clients upon each boot I found never worked.

The following is based on this guide, which in my opinion breathes new life into ltsp after what looked to me like it not being developed much recently. For those wanting to create public lab/ICT suite setups on a budget there is still much to be gained from using this approach, especially when combined with the possibilities that Dashamir Hoxha suggests. LTSP can offer normal user accounts for many users, but in the public lab situation clients that auto login and then reset themselves clean upon logging out is a real administrative boon. All the clients have a single point of control: updating, maintaining and adding new software for the lab is done once on the server using a template ‘guest’ account. This creates the settings for the all the individual client accounts to clone when they boot.

Create a clean Xubuntu 18.04 server

apt install --yes synaptic

add-apt-repository --yes ppa:ts.sch.gr

apt update

Choose the ‘chrootless’ option

apt install --yes --install-recommends ltsp-server-standalone ltsp-client epoptes
gpasswd -a ${SUDO_USER:-$USER} epoptes
ltsp-update-image --cleanup /

Choose the single NIC option

ltsp-config dnsmasq

Create the lts.conf

ltsp-config lts.conf

Auto-create ‘guest’ accounts using Dashmar’s script: https://gitlab.com/Virtual-LTSP/VirtualBox/blob/bionic/scripts/create-guest-accounts.sh

Suggested location for the creation of this file: /usr/local/bin Then: chmod 0700 create-guest-accounts.sh and execute the file (as root) from within that folder with: ./create-guest-accounts.sh

This creates 254 users: ltsp1 – ltsp254. These user accounts will be allocated per client machine based on the IP address given to each client by (in my case) the pfSense DHCP server. ie 192.168.14.100 will login with user ltsp100 . Nb. in pfSense DHCP server must be running for the ‘LTSP’ subnet, and the Ignore BOOTP queries option must be checked, becasue the LTSP server must respond to the bootp queries.

The script also does a number of other things: it creates a user called ‘guest’ which acts as a template master for all the client guest accounts. Any changes to the configuration of that account/desktop are replicated to all the ‘ltspxxx’ accounts. When those accounts logout they are reset to the guest account template each time (brill), means all the usual detritus of people logging in and using a pc is eliminated. Serious kudos to Dashamir Hoxha for this work. Strangely I had thought that this setup would be ltsp default, but it’s taken some time to find the solution and deploy it.

Adding:

[Default] 
LDM_GUESTLOGIN=True[00:25:64:e6:b5:0a]
LDM_AUTOLOGIN = True
LDM_USERNAME = wesleyonline1
LDM_PASSWORD = wesley

to the lts.conf file, (on the chrootless setup it’s at /var/lib/tftpboot/ltsp/amd64/lts.conf ) adds a ‘Login as Guest’ button to the LTSP client login screen. Ideal for very large deployments. In my smaller lab I’ve edited the lts.conf file adding:

[00:25:64:e6:b5:0a]
LDM_AUTOLOGIN = True
LDM_USERNAME = ltsp100
LDM_PASSWORD = ltsp100

… for each pc. This is allows clients, per mac address, to be automatically logged in with a particular account number. In our context we are often dealing with people who have never used a PC before, so not requiring them to use a username and password as the first thing they have to do is advantageous.

Issue re: “Configured directory for incoming files does not exist Please make sure that directory “/home/guest/Downloads” exists or configure it with blueman-services”

remove the applications related with bluetooth because the ltsp123 client accounts cannot access the absolute path from the template ‘guest’ account. On the xfce desktop the ‘Application Autostart’ list is found in the ‘Session and Startup’ section of Settings Manager. Remove the ‘Blueman Applet (Blueman Bluetooth manager)’ on your guest template account from this list.

Ubuntu and the XFCE desktop which Xubuntu uses is usually not greeted with the excitement I get when logging into it. ‘Oh it’s not windows’ is often the fearful or dissapointed reaction. Users have soon realised that navigating a slightly different desktop isn’t as hard as they might have thought – not as hard as adapting to Windows 10 in my experience, however, to make things less fearful I have ‘made it look like windows’ (a bit!)

There are several places to get themes and icon sets to make the xfce desktop environment look a bit like windoze. I have used boomerang (google for it). To make them available (for all users) on a pc add the theme folder to: /usr/share/themes . Add the icons to /usr/share/icons . Add the win10 wall paper to /usr/share/xfce/backdrops/ ensure the file has permission set: 0644

You might need to create the icon cache: sudo gtk-update-icon-cache /usr/share/icons/Windows-10-Icons/

Printer:

To get the Xerox printer working with the LTSP clients use CUPS. This connects using ipps. On the guest login (template master) browse to: localhost:631 and the CUPS admin page appears. Although the Xerox C405 might be listed, I’ve had better success with adding the printer as a new one (couldn’t share the automatically detected ones); no need to install drivers for an ipp printer (which prints using http). Within the control webpage go to: Administration and choose: ‘Share printers connected to this system’ this allows the client PCs to see the printer. Only a sudo account can authorise these changes, not the guest account itself.

Posted in Uncategorized | Leave a comment

WordPress WYSIWYG Notes

Just a reminder about the wysywyg page builder in WordPress, when using the ‘X’ theme from theme.co:

When this was first installed (2015) X included a copy of the ‘Visual Composer’ (VC) page building tool. This paid for plugin was included in the price of ‘X the theme’. Alongside this was an additional plugin called ‘X-Shortcodes’, which allowed insertion of many pre made X themed page components by simply pasting the shortcode text (this is a common way of adding content to any WordPress page).

After a while (2016?) theme.co decided they could do better than VC (there were frequent compatibility issues when either the (3rd party) VC plugin or the X theme was updated) and they launched their own pagebuilder tool ‘Cornerstone’. This tool essentially inserts the X-Shortcodes easily into pages (I think?). This tool was one of the main attractions, along with the 4 theme ‘stacks’ complete with their demo-content, which allows the setting up of several dozen different looking themes.

It is interesting to note that now WordPress has created its own free tool (with the introduction of WordPress 5.0), which (perhaps), aims to offer the wysywyg approach to all for free with the introduction of the Gutenberg

Posted in Uncategorized | Leave a comment

LTSP Xubuntu thin and fat clients v1 2018

Used this: http://www.havetheknowhow.com/Configure-the-server/Install-LTSP.html

for fat client build:

–fat-client-desktop

ti implement that into each rebuild edit:

/etc/ltsp/ltsp-build-client.conf

as per here:

https://help.ubuntu.com/community/UbuntuLTSP/FatClients

 

http://wiki.tolabaki.gr/w/LTSP_Fat_Client_Setup#Build_a_fat_client.27s_root_filesystem

 

Controlling and maintenance of the server image:

https://ubuntuforums.org/showthread.php?t=2177959

 

TFTP boot problems:

check the name/location of the image in dhcp.conf

Is the tftp port open?

netstat -an | grep 69

is there a tftp service running?

netstat -tupln | grep ftp

 

Helpful info on fat client setup: https://wiki.cdot.senecacollege.ca/wiki/Set_up_FatClient_Configuration

Don’t forget to rebuild the image at the end of making changes!

 

Tweaking?

switch to “direct X” mode for better scalability and performance, at the expense of reduced security on the LAN

https://ubuntuforums.org/showthread.php?t=2173749

Posted in Uncategorized | Leave a comment

Editing OpenLP database using CSV

An attempt to more quickly create and edit OpenLP database (SQLite) files, using sqlitebrowser in Ubuntu. As I’m not an SQL guru I concluded it’d be better to do some of the things I wanted to do to the songs db in LibreOffice using a CSV file.

Simply exporting the ‘songs’ table to CSV then importing it back into sqlitebrowser as a new table, subsequently renamed to songs, results in a table that is not identicle. it make openLP crash wne trying to edit the songs (wrong structure).

So… create a new table using ‘Execute SQL’ , using the CREATE statement of an untouched good ‘songs’ table, then import from the edited CSV, name it ‘songs2’. It will be empty. Import from the amended CSV file into this one. switch the names of this one with ‘songs’ table. should work.

Editing tanks in the CSV:
to concatenate ‘SoF1149’ with a space in fornt of the title: =F4&” “&G4

Posted in Uncategorized | Leave a comment

extending USB extension over cat5 cable

Three things on running USB over Cat-5 wiring:
1. On the RJ-45 8-pin jack, you want to avoid pins 1,2,3,6 because if it accidentally gets plugged into a switch or PC Ethernet jack, the 5-volts could fry something.

2. You want the power (+5v,ground) on the same color (blue,blue-stripe) so it doesn’t make an electronic field that can ruin the valuable data lines. the phone company runs 24V to our homes on one twisted pair of wires and it works fine.

3. Twisting the two data lines on one color (brown,brown-stripe) will keep data integrity over a longer run of lines. Ethernet lines do that and it works just fine.

I suggest the following from the USB to the Cat-5 jack:
1. usb pin 1 (+5v,red) goes to RJ-45 pin 5 (blue-stripe)
2. usb pin 2 (d-,white) goes to RJ-45 pin 8 (brown)
3. usb pin 3 (d+,green) goes to RJ-45 pin 7 (brown-stripe)
4. usb pin 4 (ground,black) goes to RJ-45 pin 4 (blue)

Using this configuration, you could simultaneously run Ethernet to a hub AND your USB extension with splitters and all.

Posted in Uncategorized | Leave a comment

DD WRT dual SSID Access Points using vlans – Routers with gigabit switches

Main thing to bear in mind when setting up these devices is that conceptually the wifi AP needs to seen as quite separate from the setting up of the switch for the vlans etc. So the creating of the vlans etc is one job, the assigning the various APs to subnets, with bridging, is another.

Having used E1000 APs for some time (100mbit switch, single 2.4ghz G wifi ap), this post develops on that by utilizing gigabit based switches. Linksys/Cisco hardware used for this so far:
E2000 1000mbit switch, single, selectable 2.4ghz or 5.0ghz N wifi ap
WRT610n v2 1000mbit switch (aka E3000), dual 2.4ghz and 5.0ghz N wifi ap

Here’s my set up of: Linksys-Cisco E2000 (and explanatory recap on the command lines settings needed).

When initially flashed with DD WRT (small build tailored to exact model needed before upgrade to a full build needed btw):

telnet IP
from within the subnet to access CLI of the router

root@megstemp:~# nvram show | grep vlan.*ports
vlan2ports=0 8
vlan1ports=4 3 2 1 8*


Explanation:

So, 2 vlans: 1 is for lan – main ports (1-4, numbering reversed). 2 is for wan, port 0. The CPU internal port, 8, must be included on any VLAN that must be visible to the CPU. The asterisk (*) signifies that the VLAN it is attached to is the default VLAN (only put this in one VLAN). If the switch receives a packet on the CPU internal port that is not tagged then it is put into the VLAN where the * is configured; always make sure this is the LAN VLAN.

root@megstemp:~# nvram show | grep port.*vlans | sort
size: 28660 bytes (32780 left)
port0vlans=2
port1vlans=1
port2vlans=1
port3vlans=1
port4vlans=1
port5vlans=1 2 16


Explanation:

The port#vlans variables contain a list of VLAN’s that the port is in. The variables control what the GUI displays. ports 0-5 relate to the 6 port switch which virtually all these router devices contain – 5 physical external ports plus the ‘internal’ port ‘hardwired'(?) on the processor chip.

The port5vlans is a bit odd. It corresponds to the internal port regardless of whether you have 100mbit or gigabit ports. ie. gigabit models do not have a port8vlans variable. It is also essential to set it correctly if you are enabling additional VLAN’s. It must be set to include every active VLAN and be tagged because it tag-trunks everything into the CPU internal port.

The =numbers above mean the following in the GUI:

0 = VLAN 0 is checked
1 = VLAN 1 is checked

15 = VLAN 15 is checked
16 = Tagged is checked
17 = Auto-Negotiate is unchecked
18 = 100 Mbit is unchecked or greyed because Auto-Negotiate is checked
19 = Full-Duplex is unchecked or greyed because Auto-Negotiate is checked
20 = Enabled is unchecked.

802.1q VLAN Trunk:
For every VLAN that you want to be trunked you must put the trunk port into the VLAN and add a “t” after the port number to indicate that it will be tagged.

A “t” after a port number means to tag the VLAN ID using 802.1q spec.

Application of above:

The example here will:
1. make the wan port and port1 trunked ports for vlans 1,12,13 (all tagged vlans)
2. make port 2 an untagged port for vlan1
3. make ports 3 and 4 untagged ports for vlan12


nvram set vlan1ports="0t 1t 2 8*"
nvram set vlan12ports="0t 1t 3 4 8"
nvram set vlan13ports="0t 1t 8"

[note: running this set command does not change what shows in the gui!]

nvram set port0vlans="1 12 13 16 18 19"
nvram set port1vlans="1 12 13 16 18 19"
nvram set port2vlans="1 18 19"
nvram set port3vlans="12 18 19"
nvram set port4vlans="12 18 19"
nvram set port5vlans="1 12 13 16"

[use the above set command to update the gui in line with port/vlan settings]

If the additional vlans haven’t already been created ‘declare’ them:
nvram set vlan12hwname=et0
nvram set vlan13hwname=et0

nvram commit
reboot

Setting up the bridging:
For the two vlans 12 and 13 we need the DD WRT AP to keep them in different subnets. The settings in the Setup–> Networking –> Bridging –> Create Bridge seem a bit fiddly. After creating you need to press ‘Apply Settings’ (NOT ‘Save’) using the buttons at the bottom of the gui page. Only by doing this do the IP address and Subnet Mask for the new bridge appear.(?) Add the IP addresses etc.
Next, assign the interfaces to the bridges. eth1 is (I think) the primary wifi IF, this has usually been used with SSID Methodist_inhouse, on the ’12’ vlan/subnet. Bridge this to vlan12. wl0.1 is a virtual IF that is created when adding wireless ‘virtual interfaces’, so wl0.1 is bridged to vlan13.

Other DD WRT General/Various settings:
Security –> Firewall –> Firewall Protection –> SPI ‘Disable’

WAN Connection type: Disabled

Assign WAN port to switch: yes

Advanced Routing –> Operating mode = router. These switches are not internet gateways.

DHCP – I’m unclear whether I’m doing this right. I have set DHCP to ‘forwarder’ on the main settings page, but I get the impression this only relates to vlan1. DHCP for all three vlans is via these routers is coming from the pfsense router so in that sense it works OK. I note in this e2000 there are additional

Posted in 802.1q, AP, bssid, switch, tagging, technical, trunking, vlan, vlans, wifi, wrt | Leave a comment

Ricoh Printer manager

http://www.copytechnet.com/forums/ricoh-savin-gestetner-lanier/92473-print-driver-packager-nx-instructions.html

Posted in Uncategorized | Leave a comment