Saturday, May 31, 2008

FreeMind manual installation in Ubuntu Hardy 8.04

So you like the mind mapping software FreeMind, but the distribution package for Ubuntu 8.04 is hideously out of date. Your solution awaits... simply by installing FreeMind from source. While this is fairly easy to follow, there is some complexity with getting full desktop integration. I am including the steps I followed, but if you scroll all the way to the bottom, you can find a compiled archive with 0.9.0 beta 17 included with a script to do all the work referenced in the article.

First, you need a few packages (if you are going to use the version of FreeMind I compiled below, you do not need sun-java6-jdk):

sudo aptitude install sun-java6-jre sun-java6-fonts sun-java6-jdk


Now download FreeMind. I recommend the latest beta version, found here. You will also need to download Apache Ant. There is an Ant package in the Hardy repositories, but it is broken, so you will need the binaries directly from Apache. I used 1.7.0, the latest version available at the time of this article.

Unpack Ant and copy it to its destination (execute the following in a terminal wherever you placed the downloaded Ant archive):

tar xf apache-ant-1.7.0-bin.tar.bz2
sudo mkdir /usr/local/ant
sudo mv apache-ant-1.7.0/* /usr/local/ant


Set up Ant's environment variables:

gksu gedit /etc/rc.local

# In gedit, append the following to this file before "exit 0":

export ANT_HOME=/usr/local/ant
export PATH=${PATH}:${ANT_HOME}/bin


Reboot for the above to take effect, or just execute the two export commands within your current terminal. Now you are ready to compile FreeMind. Unpack it and build it with Ant:

tar xf freemind-src-0.9.0_Beta_17.tar.gz
cd freemind
ant


Now copy the built contents of the dist folder into /opt/freemind, and set up the executable:

sudo mkdir /opt/freemind
sudo cp -R ../bin/dist/* /opt/freemind
sudo chmod +x /opt/freemind/freemind.sh
sudo ln -s /opt/freemind/freemind.sh /usr/local/bin/freemind


Congratulations, you can now run FreeMind by simply typing the command: freemind

The harder part was registering the x-freemind MIME type and getting Gnome to open .mm files with a double-click (and having an icon assigned to those files!). For the MIME type, there are two existing conflicting MIME types you will have to get rid of: x-troff-mm and x-matlab. As I have no use for these applications, this is not a problem for me. These are defined in /usr/share/mime/packages/freedesktop.org.xml, and you have to comment out the nodes as follows:

<!--
<mime-type type="text/x-matlab">
<sub-class-of type="text/plain"/>
<comment>MATLAB script/function</comment>
<comment xml:lang="bg">Скрипт/функци� — MATLAB</comment>
<comment xml:lang="ca">script/funció MATLAB</comment>
<comment xml:lang="cs">Skript/funkce MATLAB</comment>
<comment xml:lang="de">MATLAB-Skript/-Funktion</comment>
<comment xml:lang="en_GB">MATLAB script/function</comment>
<comment xml:lang="es">script/función de MATLAB</comment>
<comment xml:lang="eu">MATLAB script/funtzioa</comment>
<comment xml:lang="fi">MATLAB-skripti/funktio</comment>
<comment xml:lang="fr">script/fonction MATLAB</comment>
<comment xml:lang="hu">MATLAB parancsfájl/funkció</comment>
<comment xml:lang="it">Script/Funzione MATLAB</comment>
<comment xml:lang="ja">MATLAB スクリプト/関数</comment>
<comment xml:lang="ko">MATLAB 스�립트/함수</comment>
<comment xml:lang="nb">Skript/funksjon for MATLAB</comment>
<comment xml:lang="nl">MATLAB-script/functie</comment>
<comment xml:lang="nn">MATLAB-skript/funksjon</comment>
<comment xml:lang="pl">Skrypt/funkcja MATLABa</comment>
<comment xml:lang="pt_BR">Script/função do MATLAB</comment>
<comment xml:lang="sv">MATLAB-skript/funktion</comment>
<comment xml:lang="uk">Сценарій/функці� MATLAB</comment>
<comment xml:lang="vi">Văn lệnh/chức năng MATLAB</comment>
<magic priority="10">
<match value="%" type="string" offset="0"/>
</magic>
<magic priority="50">
<match value="function" type="string" offset="0"/>
</magic>
<glob pattern="*.m"/>
<alias type="text/x-octave"/>
</mime-type>
-->


...and....

<!--
<mime-type type="text/x-troff-mm">
<sub-class-of type="text/plain"/>
<comment>Troff MM input document</comment>
<comment xml:lang="bg">Изходен документ — Troff MM</comment>
<comment xml:lang="ca">document d'entrada Troff MM</comment>
<comment xml:lang="cs">Vstupní dokument Troff MM</comment>
<comment xml:lang="da">Troff MM inddata-dokument</comment>
<comment xml:lang="de">Troff-MM-Eingabedokument</comment>
<comment xml:lang="el">έγγ�αφο/π�όγ�αμμα εντολών troff MM</comment>
<comment xml:lang="en_GB">Troff MM input document</comment>
<comment xml:lang="eo">eniga dokumento de Troff MM</comment>
<comment xml:lang="es">documento de entrada Troff MM</comment>
<comment xml:lang="eu">Troff MM sarrerako dokumentua</comment>
<comment xml:lang="fi">Troff MM -syöteasiakirja</comment>
<comment xml:lang="fr">document d'entrée Troff MM</comment>
<comment xml:lang="hu">Troff MM bemeneti dokumentum</comment>
<comment xml:lang="it">Documento di input Troff MM</comment>
<comment xml:lang="ja">Troff MM 入力ドキュメント</comment>
<comment xml:lang="ko">Troff MM input 문서</comment>
<comment xml:lang="lt">Troff MM įvesties dokumentas</comment>
<comment xml:lang="ms">Dokumen input Troff MM</comment>
<comment xml:lang="nb">Troff MM-inndatadokument</comment>
<comment xml:lang="nl">Troff MM-invoerdocument</comment>
<comment xml:lang="nn">Troff MM inndata-dokument</comment>
<comment xml:lang="pl">Dokument wejściowy Troff MM</comment>
<comment xml:lang="pt">documento origem Troff MM</comment>
<comment xml:lang="pt_BR">Documento de entrada Troff MM</comment>
<comment xml:lang="sq">Dokument input-i Troff MM</comment>
<comment xml:lang="sr">Troff MM улазни документ</comment>
<comment xml:lang="sv">Troff MM-indatadokument</comment>
<comment xml:lang="uk">Вхідний документ Troff MM</comment>
<comment xml:lang="vi">Tà i liệu nhập MM Troff</comment>
<comment xml:lang="zh_CN">Troff MM 输入文档</comment>
<glob pattern="*.mm"/>
</mime-type>
-->


You then need to add a file at /usr/share/mime/packages/freemind.xml with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
<mime-type type="application/x-freemind">
<comment>FreeMind Mind Map</comment>
<glob pattern="*.mm"/>
</mime-type>
</mime-info>


Once you have edited/created these files, you need to update the MIME database:

sudo update-mime-database /usr/share/mime


To assign icons to the FreeMind .mm files, It turns out you have to create 48x48, 32x32, and 24x24 icons (PNG files) for FreeMind, copy these to /usr/share/icons/gnome under the appropriate size-named folders, and then update the icon cache. I used GIMP to create the icons based on an svg icon that came with the FreeMind source package. Each icon PNG must be named gnome-mime-application-x-freemind.png. To update the icon cache once these are in place:

sudo gtk-update-icon-cache --force gnome


Once you are done, log out and back in, and enjoy your FreeMind goodness.

NOW, if that all seems a bit much... I have created an archive containing a script that does everything except set up the main menu item pointing to FreeMind. It contains a version of FreeMind 0.9.0 beta 17 I compiled (on 64-bit Ubuntu, so this may or may not work on 32-bit versions) along with the modifications to the MIME types and the icons I created.

Download it here: freemind-0.9.0_Beta_17.tar.bz2


Monday, May 05, 2008

Integrating Ubuntu Hardy Heron 8.04 with Active Directory

I have three primary goals with integrating Ubuntu Server with Active Directory:
  • Join the server to the domain
  • Allow domain admins to be Ubuntu Server administrators
  • Allow Windows clients in domain groups access to Samba shares
Goal #1: Join the Server to the Domain

Thanks to this post for helping with this portion. The steps are:
  1. sudo apt-get update
  2. sudo apt-get install likewise-open
  3. sudo domainjoin-cli join fqdn.of.your.domain Administrator
  4. sudo update-rc.d likewise-open defaults
  5. sudo /etc/init.d/likewise-open start
Goal #2: Allow Active Directory Domain Administrators to Administer Ubuntu

Ubuntu Forums to the rescue... thanks, gotee12. This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt:
  1. visudo
  2. Add this line to the resulting file:
%YOURDOMAINNAME\\domain^admins ALL=(ALL) ALL
Note the carat symbol to substitute for spaces.

Goal #3: Allow Windows Clients in Domain Groups to Access Samba Shares

*** UPDATE *** My friend Chris got the plumbing to wire up Likewise Open with Samba figured out. Good grief, this was opaque:
http://chrplunk.blogspot.com/2008/06/allow-windows-clients-in-active.html

Now you have to set up your shares. The shares are defined as individual text files under /var/lib/samba/usershares. Create a file in this folder named with the name of the share (e.g. "test") and contents like the following, but be careful--match the spaces and casing with nothing extra, and **make sure the file name is in all lowercase regardless of the casing of the share name**:
#VERSION 2
path=/path/to/shared/folder
comment=
usershare_acl=<Group SID>:<access modifier>
guest_ok=y
For example:
#VERSION 2
path=/testShare
comment=
usershare_acl=S-1-1-0:F
guest_ok=y
To get the SID of the group that will have access to enter in the usershare_acl row, execute:
wbinfo -n "DOMAIN\group"
(S-1-1-0 is Everyone.)

The access modifiers after the group SID are as follows:
  • R - read-only
  • F - full access
  • D - deny access
The last thing you need do is to set the permissions on the shared folder itself. I found it easiest to give world-writable permissions to the folder, as it seemed not to dereference my group memberships at the folder permission level (unlike Samba at the share level). So:
chmod -R 0777 /path/to/shared/folder
If anyone knows how to get the group security to work at the folder level so it need not be world-writable, I'd appreciate a comment. I tried:
chgrp -R 'DOMAIN\group' /path/to/shared/folder
chmod -R 2770 /path/to/shared/folder
...but I kept getting access denied.

*** UPDATE 2 *** I had to grant read access to everyone for the usershares folder to avoid 'cannot stat' errors by ordinary users:
chmod o+r /var/lib/samba/usershares



Original post for this section follows:

Oooh, I haven't managed to get this one to work. I can issue successful commands like the following while logged on to the Ubuntu machine with my domain credentials:

smbclient -k -L //dmsc01
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]

Sharename Type Comment
--------- ---- -------
C$ Disk Default share
IPC$ IPC Remote IPC
ADMIN$ Disk Remote Admin
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]

Server Comment
--------- -------

Workgroup Master
--------- -------

So SOMETHING's working, but I can't manage to get remote machines to connect to hosted shares. I've tried the following smb.conf (key lines included):

workgroup = mydomain
security = ads
realm = MYDOMAIN.LOCAL
encrypt passwords = yes
idmap uid = 10000-40000
idmap gid = 10000-40000
template homedir = /dev/null
template shell = /bin/false
winbind separator = \
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
winbind nested groups = yes

#=====================Shares====================
[tmp]
path = /tmp
browseable = yes
writeable = yes
guest ok = no


All I get when attempting to connect, however, is errors like the following in the client logs:

[2008/05/05 10:27:14, 1] libads/kerberos_verify.c:ads_secrets_verify_ticket(237)
ads_secrets_verify_ticket: failed to fetch machine password
[2008/05/05 10:27:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

And from the log.winbindd-idmap:

[2008/05/05 10:25:11, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
idmap uid range missing or invalid
idmap will be unable to map foreign SIDs
[2008/05/05 10:25:11, 0] nsswitch/idmap.c:idmap_alloc_init(750)
ERROR: Initialization failed for alloc backend, deferred!


Any ideas?