Freebsd 6.2 Ports Install Needs XORG_UPGRADE Environment Variable

On a FreeBSD 6.2 machine, installing a port having an xorg dependency returned with this error:

...
===> Verifying install for /usr/local/libdata/xorg/libraries in /usr/ports/x11/xorg-libraries
Read /usr/ports/UPDATING for the procedure to upgrade or install xorg 7.2.
*** Error code 1
...

At least 2 workarounds are available.
1.) Setting an environment variable XOR_UPGRADE will bypass the xorg upgrade message:

% make deinstall clean
% set XORG_UPGRADE=yes
% make install clean

2.) Pass WITHOUT_X11 argument to make:
% make -DWITHOUT_X11 install clean

Works for me! ;)

On FreeBSD CVS Checkout

This is just to point out that FreeBSD now ships with a CVS checkout tool equivalent to the usual cvsup. It is called "csup" and there is no need to run "pkg_add -r cvsup-without-gui".

The csup project is here.

The Guihulngan Wireless Network

Yes, this is my beloved hometown. Here, we've got at least 3 internet service providers one can subscribe to for home or business use. Still, to most people, a thousand or more pesos a month for internet is still expensive and extravagant.

While others subscribe to the slower dialup internet service from the privacy of their homes, others enjoy the faster services offered by internet cafes. Unfortunately, as compared to the dialup service which is available 24 hours a day, internet cafes are open until midnight only.

Today, as technology becomes more affordable and accessible to the grass roots, we are able to build a wireless network of access points that we call "nodes", making it possible to access the internet from laptops and desktops, giving birth to the first Guihulngan Wireless Network.

This sleepy old hometown of mine already has a service similar to those found in cities and airports.

So, when you visit Guihulngan with your wifi-ready laptop, just try to spend a while at a restaurant or in a hotspot-designated area, turn it on, connect or associate your wireless adapter to the nearest node and surf the net.

Creating A PDF File From Any Application on Windows XP

A PDF file is viewable from any platform. You just have to have a PDF reader and Abobe's Acrobat Reader is freely downloadable.

There are applications, like OpenOffice.Org that provide a facility to export documents to PDF format, but some do not make it available for free. Pagemaker 7 does have a facility to export the document to PDF, but not without purchasing Distiller.

It's not really a big problem and the solution is to let the application print the document to a PDF Printer. What's nice is that we have this PDF printer available for personal or commercial use and no fee is required!

Perform these in order:

1. Download and install the latest GPL Ghostscript (working old version GPL Ghostscript 8.5)
   
2. Download and install Bullzip PDF Printer Driver

When done, you will have a new printer called BullZip PDF Printer and you can print from any application into this printer--- the output of which is a PDF File.

Cheers!

Port-Forwarding on Prolink H9200P DSL Modem

Just learned this while helping a friend in Dumaguete City--- hosting a web server from his PC behind the router.

The server is to be accessed on port 80 so that http://his_wan_ip will be forwarded to port 8080 of a server on LAN. This requires changing the default admin port on Prolink to 61900 as an example.

In short, using a browser with the url http://his_wan_ip:61900 will access the Prolink admin interface, and http://his_wan_ip:80 or simply http://his_wan_ip will access the webpage in his internal web server on port 8080.

From the Services->NAT page, add an RDR rule as shown in the image.

192.168.1.4:8080 is the web server address on the local PC. TCP requests arriving on port 80 of the Prolink WAN interface will be redirected to port 8080 of the server.

Click 'Submit' then go to Admin Page and 'Commit' then 'Reboot' for the changes to take effect.

I don't have this type of modem, but a large telecom company in the Philippines is using this for their DSL clients. The default username and password with the remote Admin interface enabled pose security risk, but that's another story!

Transparently Disconnect WiFi Stale Sessions (Chillispot, FreeRadius, MySQL)

I've been running this hotspot for months already, and yet I see stale client sessions from time to time preventing them access when they try to login again. By the way, the access controller is Chillispot and Simultaneous-Use is set to 1 for all clients.

Thanks to a few pointers I've read from the net, I finally got it ;)

The solution is to execute a script (and I prefer php for this) from radiusd every time a user logs in successfully. The script will check if an unterminated session is already present for the current user. If none, then the script will just return cleanly, otherwise, the session is "terminated."

Terminating a session is done by writing a non-zero value to the radacct table's AcctStopTime field. This can be done by sending a disconnect request to the Chillispot server for this username using "radclient". If the client is successfully disconnected by radclient, Chillispot will send the appropriate Accounting Stop packet to the radius server. If radclient fails to disconnect the user, which often indicate that the session is really "stale", the script will access the database and write the correct value to the radacct table's AcctStopTime field.

Here's what I did:

1. Create this php script in /usr/local/etc/raddb and name it mpp_disconnect.php and make it "executable".

#!/usr/local/bin/php -q

$db_host = "radius.guihulngan.net";
$db_name = "radius";
$db_user = "radiususer";
$db_pass = "radiususerpassword";

if (($db = mysql_connect($db_host, $db_user, $db_pass))==NULL) {
exit(0);
}

mysql_select_db("radius");

$mpp_max = 1;

//count how many online sessions for this user
$sql = "SELECT COUNT(*) FROM radacct WHERE Username='".$argv[1]."' AND AcctStopTime=0";

if (($result = mysql_query($sql, $db))==NULL) {
exit(0);
}

if (($row = mysql_fetch_row($result))==NULL) {
exit(0);
}

$mpp = $row[0];
if ($mpp < $mpp_max) {
exit(0);
}

//prepare to call radclient to send disconnect request to NAS$nas_type = get_connection_type($argv[2]);
$nas_target = "10.9.8.200:3799"; //this is the Chillispot ip address and COA port
$nas_secret = "testing123";

if ($mpp > 0){
//disconnect the user now and exit denying him login for now.
$rad_result = shell_exec("/root/test/radclient -c 1 -r 1 -t 3 " . $argv[1] ." $nas_target $nas_secret");

if (substr_count($rad_result, "Code 41,")>0) {
exit(0);
}
else {
//Radclient wasn't able to disconnect the user,
//so remove the stale sessionsfrom database to avoid MPP errors
$sql = "SELECT RadacctId, AcctSessionId, Username, NasPortType, AcctStopTime,AcctSessionTime FROM radacct WHERE Username='".$argv[1]."' AND AcctStopTime=0 LIMIT 1";

if (($result = mysql_query($sql, $db)) == NULL) {
exit(0);
}

if (mysql_num_rows($result)==0) {
exit(0);
}

if (($row = mysql_fetch_row($result))==NULL) {
exit(0);
}

if ($row[4]==0){ //No AcctStopTime, Fix or End using AcctStartTime and AcctSessionTime
$sql = "UPDATE radacct SET AcctStopTime=ADDDATE(AcctStartTime, INTERVALAcctSessionTime SECOND),AcctTerminateCause='User-Reset' WHERE RadAcctId=".$row[0]." LIMIT 1";
} else { //No AcctSessionTime, Fix or End using AcctStartTime and AcctStopTime
$sql = "UPDATE radacct SET AcctSessionTime = UNIX_TIMESTAMP(AcctStopTime) - UNIX_TIMESTAMP(AcctStartTime), AcctTerminateCause = 'User-Reset' WHERE RadAcctId = ".$row[0]."LIMIT 1";
}

if (($result = mysql_query($sql, $db))==NULL) {
exit(0);
}
}
}
exit(0);
?>


2.) Edit radiusd.conf to include these lines in modules section:


modules {

...

exec mpp_disconnect {
wait = yes
program = "${confdir}/mpp_disconnect.php %{User-Name} %{Nas-Port-Type}
%{Acct-Session-Id:-NOSESSIONID}"
packet_type = Access-Accept
}

...

}

and in post-auth section:

post-auth {

...

mpp_disconnect

...

}

3. Remove any "Simultaneous-Use" attributes from your users. Your script won't be executed when the user is rejected when Simultaneous-Use restriction is violated.

4. Restart radiusd.

I modified my script to log debugging information to a file to simplify troubleshooting. By the way, this example is for FreeBSD but it should work in other platforms too.

This way, the stale session resolution is done transparently... and no more client calls at night.

Cheers!

Introduction

This blog is about documenting things--- anything worth noting for the sole purpose of reminding me of what I've done, good or bad, and hopefully sharing to all those who come across these same things in the future.

Please don't mind me talking about this, and that, and those too! In my native dialect, it's "Bisa'g unsa ra!"

Feel free to comment on any post. I also love to learn a few things from you also.

Welcome.