Finally able to open Citrix from Chrome

Posted on 2012-02-23 by ken_fallon

I have been tracking a long running issue with regard with Citrix ICA client not working in Google Chrome. This has been reported on the Citrix and Google sites but neither seem to supply a working solution.

Then today I came across the following link by Eudemus on the ubuntuforums which was based on a a post over at the Chromium forums

Edit the file /usr/share/applications/wfica.desktop include the following:
[Desktop Entry] Name=Citrix ICA client GenericName=Citrix ICA Client Comment=Citrix nFuse session file Categories=Application Encoding=UTF-8 Exec=/opt/Citrix/ICAClient/wfica Icon=wfica Terminal=false Type=Application MimeType=application/x-ica

Edit the file /usr/share/mime/packages/ica.xml include the following:

<?xml version="1.0" encoding="utf-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
    <mime-type type="application/x-ica">
    <comment>Citrix ICA launcher</comment>
    <glob pattern="*.ica"/>
  </mime-type>
</mime-info>

And finally run the command
xdg-mime install --novendor /usr/share/mime/packages/ica.xml

Then you should be able to open the ica files and citrix will start just like in Firefox. Why was this so hard.

Posted in citrix | Leave a comment

How to install checkpoint ssl extender VPN SNX under Fedora 16 64bit

Posted on 2012-02-22 by ken_fallon

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

The SNX saga continues and this time it’s on Fedora 16 64 bit. I followed the steps in my post “How to install checkpoint ssl extender VPN SNX under Fedora 16” but I was not able to run snx.
# snx -bash: /usr/bin/snx: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
I even ran into trouble running ldd which responded with a strange error saying that it was not a dynamic executable.
# ldd /usr/bin/snx not a dynamic executable
When I checked that type of file it was, file reported that it was a executable file.
# file /usr/bin/snx /usr/bin/snx: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped
I was stumped for a while until I realised that this was a 64 bit system and ldd is having problems with identifying a 32 bit application.
# uname -i x86_64
So I had to ignore what ldd said and instead focus on what snx complained about when it ran.

One handy feature of yum is that you can specify the file you want installed and it will install any package that it is in. I installed /lib/ld-linux.so.2 and ran snx again only to have some other files missing. In the end I installed everything I needed with the following command.
yum install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5
Well that’s it (until the next upgrade).

Posted in General, snx | 4 Comments

HPR Scheduling System

Posted on 2012-02-21 by ken_fallon

I have been trying to learn inkscape so that I could have a vector based version of the HPR logo. This would be useful for printing out large posters for use at the Linux Festivals that we attend. I had been following the excellent tutorials over at screencasters.heathenx.org, and while their site is brilliant, my progress has been very slow. So slow that a new year festival season is upon us and I had made no progress. Finally I just gave up and asked them for help. Not only did they say yes but they asked if they could “tweak it slightly”. You can see the results of that here.

Spurred on by that success, I’m putting the call out for some help with a new version of the scheduling system for HPR. I’ve been working on it for some time now and it’s also going nowhere. I’d like to release it so that it can be used by anyone who wants to setup a syndicated community podcast network like ours. I’ve put some thoughts into the design and would like to get involvement from people with experience in doing this type of thing.

FAQ:

What is it called ?

The HPR Scheduling System, until something better is suggested.

What License will it be under ?

AGPL v3 (GNU Affero General Public License) because this is a web application and Bradley would be impressed.

How will it work ?

Community members and spammers will upload the shows via a custom PHP component integrated into an off the shelf frontend CMS. That will be kept in quarantine until it is approved.
The scheduling manager will verify the show, approve it and change priority.
The backend will transcode it and add it to the database based on the scheduling rules.
A cron job will:

ssh static RSS 2.0 Compliant XML feed to the front end system(s)
ssh a html/xml file listing upcoming shows to the front end system(s)
will upload the new episode to archive.org

Why split it up ?

The idea is to provide two security zones. The backend with restricted access and a frontend that is public facing. Reusing a popular CMS like wordpress will limit the scope for compromise as the RSS 2.0 Compliant XML will be the source of the data on the site and can be reloaded at any time. The only component we need to manage is the file and metadata upload.

The backend will contain the actual database and user information and is intended to be managed via ssh and command line tools. This could be run on a home pc or on a cheap vps running Debian/Fedora/Slacker media. As this code will be reviewed by a lot less people than the frontend, we can restrict the access to trusted keys etc. Using archive.org will allow others to avail of free hosting for media files.

What will it be written in ?

The backend will be written in perl/mysql and will be driven by cron, which will produce a RSS 2.0 Compliant XML feed.

The frontend will be any CMS (WordPress/Drupal/Joomla) with a plugin to federate RSS 2.0 Compliant XML feeds.

Why use RSS 2.0 Compliant XML ?

It’s a standard and it supports categories (series), tags, host addresses etc. It provides a clean, common well defined interface.

Why use PHP/MySQL for the frontend ?

That’s what hosting providers provide cheaply and so that’s what WordPress, Drupal, Joomla are written in.

Why use perl/MySQL on the backend ?

That’s what comes standard on many linux distros and has a lot of modules available in cpan.

Why not use Python/PHP/C/C++/Java/Mono/* instead of perl/php ?

It’s what I know so as I’ll probably be dumped with doing most of this, I want to make sure that I can trust the code.

Seriously Perl/php ?

If you want to do this in another language then fine but you are accepting been the project lead for at least two years – ok.

Where will the code be stored ?

Don’t know yet – HPR FTP Server 🙂

But Project XYZ already does this ?

Great. Send me a link – job done.

What help do you need ?

People with PHP, Perl, MySQL, DBA, security skills.

Who do I contact ?

email: admin@hackerpublicradio.org

Posted in General, Podcasts | Leave a comment

How to install checkpoint ssl extender VPN SNX under Fedora 16

Posted on 2011-11-11 by ken_fallon

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

It’s time for Fedora 16 and the obligatory how to get Checkpoint SSL extender VPN (SNX) working under it.

The first step is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

[root@laptop checkpoint]# sh +x snx_install.sh
Installation successfull

All going well so far. Now let’s check that the required libraries are loaded.

[root@laptop checkpoint]# ldd /usr/bin/snx | grep "not found"
        libstdc++.so.5 => not found

This can be solved easily enough using the command

yum install compat-libstdc++-33.i686

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build XXXXXXXXXXXX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

Posted in snx | 8 Comments

Installing Citrix on Fedora 16/17

Posted on 2011-11-11 by ken_fallon

The steps involved in getting Citrix installed on Fedora 16 are not that much different to the steps involved in Fedora 14. The major difference is that it is now called Receiver for Linux 12.0 and not ICAClient, Citrix Linux client. As of now you can find the product page ~~here here~~ here. Once you download the file click on it in Dolphin and the application manager will install it.

yum install --nogpgcheck ./ICAClient-12.0.0-0.i386.rpm
yum install --nogpgcheck ./ICAClient-12.1.0-0.i386.rpm

The location of the application has also changed to /opt/Citrix/ICAClient/wfica.

I ran into more problems with missing libraries

# ldd /opt/Citrix/ICAClient/wfica | grep -i "not found"
        libasound.so.2 => not found

Which I installed using the command

yum install libasound.so.2

I didn’t have any of the usual certificate issue this time.

Fedora 17 you probably won’t see that error but it fails to load you will see errors related to selinux. The first part is to run the following commands as root:

# grep wfica /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

The next error is a permissions issue related to All_Regions.ini:

“Cannot find the file: (/home/{your home}/.ICAClient/All_Regions.ini). Please check your installation, or contact your help desk.”

After reporting the bug and getting a very prompt reply (props to Miroslav Grepl) with the fix:

restorecon -Rv ~/

Posted in citrix, General | 11 Comments

Any topic that is of interest to Hackers

Posted on 2011-11-09 by ken_fallon

It’s not often that I comment on HPR episodes – other than to beg for you to send them in – but I want to make an exception for today’s show. Episode 0853 :: Pat Volkerding of Slackware Linux chats with Klaatu

HPR logo I’m not making this exception because it was “better”, I would find it impossible to make such a call. The HPR community produces a massive amount of content and I have listened to every single one at least once. There has not been a single HPR show that I have not enjoyed and learned from.

Nor is it that it was submitted by Klaatu as given that he has submitted 12 ½% of all shows, I would have written this long before now. Sure today’s ‘topic’ was special – a interview with Patrick Volkerding the man behind SlackWare, the longest continually developed Linux distribution – but we’ve had other interviews with people of note before.

The reason for this deviation is simply because it embodies the qualities that I feel define Hacker Public Radio.

It’s about taking a topic and exploring it, looking at all sides, exposing otherwise hidden and unknown facts, it’s about events, it’s about community, it’s about people, it’s about technology, it’s about music, it’s about history, it’a about life, it’s about questioning – everything – our very existence – space time – ancient cultures. In short it’s about “Any topic that is of interest to Hackers”

If you have never listened to a HPR then this is surely the best sample of what you are likely to find. Sure it arrived just in time to fill an otherwise empty slot, the audio isn’t perfect, it might not follow a script, random people wander in and out, there may be tangents from the topic at hand but if you can open your ears to listen you’ll hear the passion of the community, our community. Then maybe, just maybe, you too will be inspired to share your unique point of view with us.

http://hackerpublicradio.org/contribute.php

Posted in Podcasts | Leave a comment

Follow symlinks

Posted on 2011-10-14 by ken_fallon

If you have symlinks to symlinks to … etc, you might find this command useful

readlink -f

Posted in General | Leave a comment

Setting time on a Linux client from a Windows PDC

Posted on 2011-08-23 by ken_fallon

You can set the time on a linux client using NTP, using the ntpd daemon. For a quick and dirty approach you can use the deprecated ntpdate command. The following script will set the time on the pc

cat /usr/local/bin/syncclock
#!/bin/bash
/usr/sbin/ntpdate -s nl.pool.ntp.org
/sbin/hwclock --adjust
/sbin/hwclock --systohc

If you are running a Linux Client on a windows network where there is no access to a NTP server, you might want to use the samba command net time to get the time and net time set to set it. Adding the following command to the roots crontab file will set the time on your linux bot against the windows primary domain controller each afternoon.

* 12 * * * net time set > /dev/null 2>&1

If you run net time and it reports “Could not locate a time server. Try specifying a target host.” you may need to specify the address of your Primary Domain Controller. If you don’t know the name of the PDC in your domain, you can find it by typing net time on a windows server. The response will include the address of the PDC.

C:\>net time
Current time at \pdc.example.com is 8/23/2011 1:12 PM

The command completed successfully.

Now you can modify your crontab to include the server name

* 12 * * * net time set --server=192.168.1.100 > /dev/null 2>&1

Posted in General | Tagged ntp, samba | Leave a comment

RTE Radio on the command line

Posted on 2011-07-12 by ken_fallon

If you go to the RTÉ on a device that isn’t running “Real Player” or “Windows Media Player” then you’re out of luck. It’s not that your device isn’t capable of playing it, it’s jut that they don’t make it easy for you to do so.

If you want to play hear them regardless of your device, here are the direct links to the audio streams:

Smplayer (a windows version of mplayer) or VLC (a cross platform media player) will have no problems playing the streams.

Enjoy.