Search This Blog

Loading...

2014-10-28

vnc xauth: timeout in locking authority file /home/user/.Xauthority

OS: CentOS 6.8

For some unknown reason when I setup VNC, I found following timeout warning when starting VNC. The commands pause for about 30 seconds prior of printing the warning. VNC seems to work, but I dislike the long pause, so I troubleshoot and solved the problem

-bash-4.1$ vncserver :2
xauth:  timeout in locking authority file /home/oracle/.Xauthority

New 'iccs2.rogers.com.my:2 (oracle)' desktop is iccs2.rogers.com.my:2

Starting applications specified in /home/oracle/.vnc/xstartup
Log file is /home/oracle/.vnc/iccs2.rogers.com.my:2.log

The solution is as below

Checks audit log for issue

# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1414515075.757:51357): avc:  denied  { write } for  pid=4590 comm="xauth" name="oracle" dev=dm-3 ino=12 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1414515075.757:51357): arch=c000003e syscall=2 success=no exit=-13 a0=7fff35dc7f60 a1=c1 a2=180 a3=8 items=0 ppid=3707 pid=4590 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 ses=8452 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)

This leads me to a known bug in RedHat below
https://bugzilla.redhat.com/show_bug.cgi?id=994752

Folowing command fix the problem
restorecon -R -v /home
[root@iccs2 audit]#  restorecon -R -v /home
restorecon reset /home/oracle context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
restorecon reset /home/oracle/.vnc/iccs2.guidewire.com:0.pid context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/.vnc/xstartup context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/.vnc/passwd context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/.gnome2/panel2.d/default context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gnome_home_t:s0
restorecon reset /home/oracle/.gnome2/panel2.d/default/launchers context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gnome_home_t:s0
restorecon reset /home/oracle/scchen/gc.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/scchen/cognos/cc705_cognos_sichen.dmp context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/scchen/b.txt context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/.local/share context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/Trash context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/Trash/info context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/Trash/info/VNC 1024.desktop.trashinfo context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/Trash/files context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/Trash/files/VNC 1024.desktop context unconfined_u:object_r:user_home_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/.converted-launchers context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/root context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/uuid-4e2249c7-2a94-41e5-b1ea-23ac20d6ad3c context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/home context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/home-a0f4bb81.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/root-e107fc3e.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/computer: context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/uuid-4e2249c7-2a94-41e5-b1ea-23ac20d6ad3c-5037733c.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/gvfs-metadata/computer:-e750142c.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/applications context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/applications/preferred-web-browser.desktop context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.local/share/applications/preferred-mail-reader.desktop context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:data_home_t:s0
restorecon reset /home/oracle/.gconf/desktop context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome/accessibility context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome/accessibility/keyboard context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome/accessibility/%gconf.xml context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/gnome/%gconf.xml context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.gconf/desktop/%gconf.xml context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:gconf_home_t:s0
restorecon reset /home/oracle/.config/gnome-session/saved-session context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:config_home_t:s0
restorecon reset /home/oracle/script/db_backup.sh context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/script/afiedt.buf context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/script/db_backup.log context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/oracle/.dbus/session-bus context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:dbus_home_t:s0
restorecon reset /home/oracle/.dbus/session-bus/e7dac32006df225a8bda685e0000001a-0 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:dbus_home_t:s0
restorecon reset /home/oracle/.dbus/session-bus/e7dac32006df225a8bda685e0000001a-1 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:dbus_home_t:s0
restorecon reset /home/oracle/.dbus/session-bus/e7dac32006df225a8bda685e0000001a-2 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:dbus_home_t:s0
restorecon reset /home/oracle/.pulse/e7dac32006df225a8bda685e0000001a-device-volumes.tdb context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:pulseaudio_home_t:s0
restorecon reset /home/oracle/.pulse/e7dac32006df225a8bda685e0000001a-card-database.tdb context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:pulseaudio_home_t:s0
restorecon reset /home/oracle/.pulse/e7dac32006df225a8bda685e0000001a-stream-volumes.tdb context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:pulseaudio_home_t:s0
restorecon reset /home/oracle/.pulse/e7dac32006df225a8bda685e0000001a-runtime context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:pulseaudio_home_t:s0


After completed above command, now starting vncserver is immediate, and no more warning message

Other possible error is current user doesn't has permission to create new file in home directory. Manually create a file to verify whether this is the root cause

touch /home/oracle/test1
rm /home/oracle/test1

If you can't create file, then use "chmod +w /home/oracle" to give the permission

If the file system is not EXT3/EXT4 and so on, but a read-only mount point, then ensure you re-mount it and give it write permission, or set variable HOME to a different directory where writing is possible

2014-06-04

Cognos BI: Override ORACLE_HOME When Multiple Oracle Version Install in Windows

Product: IBM Cognos Business Intelligent
Version: 8.x - 10.x
OS: Windows

Cognos BI still uses 32-bit Oracle driver in Windows edition although in their latest version of 10.2. This is so upsetting that Windows has been running in 64-bit since Windows XP more than 10 years ago, and IBM's product management still not keeping up with the technology.

Software wise, I really can't argue what is the benefit of using 64-bit Oracle database driver for reporting, but technology wise, I see it is causing administrator to keep multiple version of the same Oracle software (client version in this case), and confusion in software management, and complication in environment testing and testing, especially the junior IT admin are clueless about 32-bit vs 64-bit testing.

This post is going to hack Cognos BI such that you can manually set the ORACLE_HOME to point to any 32-bit Oracle client or server installation instead of relying on Windows system environment.

It is very common that in mid to small scale environment, there will not be a dedicated Cognos BI server, but the same server will be running other software, especially sharing the server with multiple teams. When there are multiple version of Oracle database server/client installed into the machine, Cognos BI will only use (default) the ORACLE_HOME set in global environment variable.

To override this behavior, you need to simulate what UNIX does:
1. create a local Windows user. Recommend not to use Windows domain user, because if the lost network connection with PDC or backup DC, then Cognos will not able to startup due to authentication error. For this example, let's call this login as cognos_admin
2. grant this user administrator privilege, and remote desktop connection, if needed to use RDC to login
3. login to Windows as cognos_admin user
4. Change user Windows environment ORACLE_HOME
4.1. In Control Panel, click on System and Security
4.2. Click on System
4.3. Click on Advanced system settings on left panel
4.4. Click on Advanced tab
4.5. Click on Environment Variables...
5. Under "User varaibles for cognos_admin" on the top half of screen, click on New... button to add ORACLE_HOME
6. Enter variable name as oracle_home (not case sensitive), and value p:\Oracle\product\11.2.0\client_1


7. Now we can configure the Cognos Windows service to run using above username
8. Press key Windows-R, and type services.msc. This will run Windows Services program
9. Double click on IBM Cognos service to change its setting
10. Click on Log On tab
11. Enter username as cognos_admin and password

Now, stop and start Cognos BI from IBM Cognos Configuration or Windows services. You do not need to close and restart Cognos Configuration to activate the new ORACLE_HOME setting

2014-04-07

BMW E46: 2001 330Ci Coupe Automatic Engine Valve Cover Gasket Replacement

Car Model: BMW 330Ci Coupe Automatic
Series: E46
Mileage: 207,xxx km


Weather is warming up and it is time to replace my new BMW’s engine valve cover gasket. I originally plan to replace it for my old 1992 Prelude, but sold it.

I bought the BMW with minor leaky around engine valve cover gasket. This is 13 year old, so it is fair to see leakage.

When buying a used car, it is helpful for me to see precisely how the previous owners maintain and keep up the car. This gives me a clear indication for ongoing car maintenance for the entire cost of ownership.

This repair cost $150 - $360, depending on the quality of the gasket and hourly rate for the labor ($360 - $500 will be dealer price). I read the DIY from BMW forums as well as YouTube for a day to fully aware of the procedure.
For the engine valve cover gasket, it is a very easy job, although it has lots of screws. For this car, it has about 36 screws and nuts. I bought a Made in China gasket which cost CAD$25 plus CAD$30 shipping from RockAuto.com. Original BMW gasket will cost about $100, which has proven to last about 10 years, so I am risking to use China gasket that should last 5 – 8 years. The company, Victor Reinz, is a US company, but its part is manufactures in China, so this gives me some feel of quality compare to crappy Made in China company.


I am actually replacing 3 gaskets, which comes together in the package. The entire replacement took about 1 hr, but I spent another 2.5 hr trying to clean up the engine valve cover itself and the oil contamination. I discovered additional parts (CCV) are starting to fail in the process, which is good, because that is a $70 repair that I can DIY as well. This is shown in the last picture where you see the tube is full of yellow color oil.

The car still has original gasket with printing showing it assembled in Germany back in 2000. When I trying to remove the old rubber gasket, few of them cracked like biscuits, so I have to slowly remove them with extra caution. It is going to be more difficult to clean up the debris. I am glad I do this myself, else the mechanic going to charge me more due to longer time spend to remove the debris. They are often rough and not gentle.

Installing the new gasket is quick, like 10 sec. Following are the pictures











This is the PCV valve (part of CCV) which connects to the front of the engine valve cover. This yellow sludge indicates either to find compress air to clean the entire 5 parts CCV, or replace the CCV system, which is another $70 repair DIY. If you are looking for one, don't buy ÜRO Parts, because 2 of the hose won't fit, although all of the hose are manufacturered by ÜRO Parts

2014-04-03

SAP BO Data Services: Missing SAP BO Data Services Job Server

Product: SAP BusinessObject Data Services
Version: 4.x

While I was installing SAP BusinessObject Data Services IPS and Job Server with Oracle database server, where all are running in DHCP with dynamic IP. I don't want to add these IP into DNS while doing proof-of-concept.

Very soon I discovered I made a mistake to use IP while configuring database server connectivity, which affects entire SAP Data Services and SAP CMC installation. Anything that has a repository in database are broken soon after I reboot Oracle database, because the IP address of the database server changed (dynamic IP).

My immediate action is to add a temporary hostname to Windows\system32\drivers\etc\hosts to point to the dynamic IP of Oracle database server, as well as all the new SAP BusinessObject servers that I am installing.

Subsequently, I login to CMC and changed every database connectivity to temporary hostname that I added just now from IP.

After everything completed, things are working properly, except when trying to execute Data Services job, no Data Services Job Server is found.

Following are some screenshots of the problem

1. Login to Data Services Managment Console

http://hostname:8080/DataServices/admin.jsp
2. Click on Administrator link to view server status

3. Found 1 Data Services repository I created during installation, called JobRepo1

4. This repository name is configured by CMC (Central Management Console) under Data Services. If I change the database login from CMC, it will immediately reflect the change in above Data Services page


5. Clicking on Access Servers, nothing is defined. I'm not sure whether this required manual setup (clicking on Add button to add), or due to my database server's IP change. Anyway, simple task to click on Add button


6. I'm going to show the problem now by executing a batch job. You can see that field "Job Server or Server Group" is empty, and I can't choose a Data Services Job Server, even if I click on the dropdown button
 
 
7. This implies my Data Services Job Server is broken due to dynamic IP. So I launch Data Services Server Manager


8. From Data Services Server Manager, I can see there is 1 Job Server defined called JobServer1
9. Clicks on button "Configuration Editor..." to view more info
10. I went in and click every where as well as checked in Task Manager, I can see Job Server running, with a process name al_jobserver.exe. After days and attempts, I found the solution is to delete it and add back again

11. Highlight JobServer1, and click on Delete button

12. You will need to delete the database repository first, and supply the database password. Click on Delete button under "Associated Repositories"

13. Click OK to return to previous screen, then click Add button to re-create the JobServer1. Specify the database connection
14. After clicked OK button, process al_jobserver.exe should be launch automatically, but you can click on "Close and Restart" button. This is really not required from my finding
 15. Return back to Step 6 and 1 entry will be showing for Data Services Job Server

Data Services Job Server Verification

Another way to verify Job Server is detected from Data Services Managment Console is using Server Groups

1. Navigates to Server Groups - All Server Groups
2. Click on ServerGroupConfiguration

3. Click on button Add, and a list of Data Services Job Server will be shown

If it is not shown, then there is a problem with the DS Job Server, which can use above steps to re-create them, or define additional Job Server using Data Services Server Manager

Please note that Job Server repository is defined from CMC and there is no daemon attached, while Job Server defined in Data Services Server Manager and it has 1 al_jobserver.exe daemon for each Job Server entry defined.

2013-09-12

Fedora: Configure WiFi with DHCP

Product: Fedora 13 - 18, CentOS

Assume the WiFi uses eth1. Use following command to determine the device name. All commands must run as root UNIX user

Installation:
rpm -i wpa_supplicant*rpm
rpm -i wireless-tools*rpm

Step 1: Bring up the network device
ifconfig eth1 up
ifconfig

This should make the device visible using "ifconfig" command

Step 2: Confirm the device name for the WiFi
iwlist scan (pls note that eht1 must be up in order to run iwlist)

Expect: The device name should be eth1 and wifi0, but if there are multiple network card (USB, PCMCIA, or PCI), then the number will be higher, such as eth4, wifi2

Step 3: Configure DHCP
Reference URL: https://www.whoi.edu/CIS/networking/configure/dhcp_linux.html

File: /etc/sysconfig/network-scripts/ifcfg-eth1

Create above text file with following content. This will activate the WiFi on reboot, and any user can control it

DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes
USERCTL=yes

Step 4: Test WiFi SSID and Passphase

Assume the SSID is "CIK 102C" and WPA2 passphase is "VoIP Public"

Ensure SSID "CIK 102C" detected with following command
iwlist eth1 scanning

Manually connect to the SSID
iwconfig eth1 essid "CIK 102C" key s:"VoIP Public"

Verify WiFi is connected. The ESSID will has the value "CIK 102C" if password is correct

iwconfig

Step 5: Permanently Configure SSID and Passphase

File: /etc/sysconfig/network-scripts/ifcfg-eth1

Modify the same file again with following additional configuration
TYPE=Wireless
MODE=Managed
ESSID="CIK 102C"

File: /etc/sysconfig/network-script/keys-eht1

wpa_passphrase "CIK 102C" "VoIP Public"

Step 6: Enable Network Card

ifconfig eth1 up

Step 7: Request IP from DHCP Server

dhclient eth1
ifconfig

2013-09-10

UNIX: Running vi commands in script

Product: vi
Version: All

I was trying to search for ways to run vi scripted commands alike running the vi command manually, but most of the answer I found in Internet are to use shell scripts, awk, or sed. It seems like most people unaware that vi itself can run its command from a script.

So following is an example,

I have following file to do 4 search-replace vi commands

File: replace1.vi

:%s/:1/33807/g
:%s/:2/32/g
:%s/:3/33/g
:%s/:4/34/g

Let say I wanted to execute above vi script inside another SQL script to replace several bind variables

1. vi demo1.sql
2. Type ":so replace1.vi"
3. vi will execute above script and replace all 4 bind variables if found. In Linux, it will display warning message if it found nothing to replace

2013-08-28

ISP: CIKtel SVG6000RW Configuration

Model: SVG6000RW

Recently signed up with CIKtel, and received a free VoIP + WiFi box from them.

This is a white color mini square box very much like a compact media player, and made in China. The build quality looks below average, but it has build in VoIP as well as a N band WiFi.

I tried hunting high and low for the login to the web console, as well as making tons of call into CIKtel customer service, cable service e-mail, and technical support, but none of them able to tell me how to login to the box to configure the WiFi SSID, or view the SIP login information.

Finally I told the customer service to escalate to their technical support and call me back. After 2 days of waiting, finally there is 1 support personnel who given me the login

Login URL: http://192.168.15.1 (Depending on your router IP. Basically look at your PC's IP then replace the last digit with 1)
Username: user
Password: cikvoip

This login only can configure the WiFi functionality, but cannot create additional user account, nor configure SIP phone.

CIKtel is reluctant to provide me the superuser login which can configure VoIP, and told me that while I am using their VoIP, they managed it. If I don't use it, then it cannot be re-use for other VoIP provider. That's the reason for free VoIP/WiFi at the first place.

I have to hack the VoIP with other approach, but this is the information I found from

http://www.jlisbz.com/node/93

It is saying the X-Lite login is as below, but it is dated 2007., and I am unable to figure out what is the SIP password as CIK is giving me nothing about it I have to request for the SIP password explicitly and for several days only then they give me the password. He told me that their SIP server is not stable with other SIP client other than their VoIP ATA adapter, so they are not sharing the info with customer.

Anyway, I found it works for x-Lite softphone:
cmtor1.ciktel.com   64.187.25.78 (get from VoIP router)
Enabled: Yes
Display Name: 4165487147 (your phone number)
Username: 999****** (get from VoIP router)
Authorization User: CIK******* (get from VoIP router)
Password: **** (call or e-mail CIK to ask. Not provided by default)
Domain/Realm: 64.187.25.78 (get from VoIP router)
SIP Proxy: CMTor1.ciktel.com (get from VoIP router)
Out Bound Proxy: CMTor1.ciktel.com (get from VoIP router)

More hacking to be done to find out how to login to their SIP server

Please donate CAD$1 for me spending 1 weeks looking high and low in the Internet, and knowledge in WiFi, VoIP, X-Lite, SIP, hacking

Update 2013-11-24

I have been able to use 3CXPhone SIP client to use CIKtel's phone in my Android phone, Samsung Galaxy Note 2 without problem. CIKtel's customer support has been saying their SIP will not be compatible with any SIP client and not stable, but I proof them wrong. I made a 15 min voice call from 3CXPhone SIP client without any disconnect. This works in Apple iPAD as well

Pay me CAD$50 if you need help set it up, but support is chargeable

Blog Archive