Home Home > 2010 > 11
Sign up | Login

Deprecation notice: openSUSE Lizards user blog platform is deprecated, and will remain read only for the time being. Learn more...

Archive for November, 2010

Handling of Features in openFATE

November 12th, 2010 by

The boosters have been working on enhancing feature handling in openFATE so that features can be evaluated and implemented by everybody. The current state of the development is visible in the openFATE preview. Now we can start evaluating features so that they get implemented.

openFATE Preview

The openFATE screening team needs further members, if you’re interested, please add yourself to the list and start getting familiar with openFATE. To get familiar with it, it’s best starting with openSUSE 11.3 clean up.

We had a first meeting about openFATE on IRC yesterday and will have another one in two weeks time.

Right now the major tasks for the screening team are:

  • Evaluate features for openSUSE 11.4
  • Push features forward
  • Define a proper process on how to evaluate features
  • Cleanup features from openSUSE 11.3

I have written a proposal for the feature process and would like feedback on that one on the opensuse-project mailing list.

OPENSUSE 11.3/SLES 11 ** INTEGRATING FREERADIUS TO LDAP SERVER

November 12th, 2010 by

FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, anApache module, and numerous additional RADIUS related utilities and development libraries (wikipedia)

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards(wikipedia)

Well, then again a bit of introduction about “what is RADIUS ?” and the FreeRADIUS, the most popular OpenSource RADIUS Server :D.

This tutorial based on an existing LDAP Server Configuration ( you can read this post) and it already has 1-2 users on it ( you can read this post again ūüôā ), ¬†and this post is explain how-to integrate FreeRADIUS to read and use existing user on LDAP Server.

you can install the FreeRadius server on the same server or on a seperate server ( it’s your choice :p )

  • Add the FreeRADIUS repository from software.opensuse.org
# zypper ar http://download.opensuse.org/repositories/network:/aaa/SLE_11/ FreeRadius
# zypper ref
  • Install the FreeRADIUS Server Package
# zypper in freeradius-server freeradius-client freeradius-server-utils
  • After Installing the FreeRADIUS Packages, edit /etc/raddb/modules/ldap file, and then find and edit following lines (in my case : dc=malayin,dc=net) :
ldap {

server = “192.168.0.30” the LDAP Server
#identity = “cn=Adminstrator,dc=malayin,dc=net”
#password = admin
basedn = “dc=malayin,dc=net” —¬†The Base DN LDAP Server
#filter = “(uid=%{Stripped-User-Name:-%{User-Name}})”
filter = “(uid=%u)”
#base_filter = “(objectclass=radiusprofile)”
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1

tls {
start_tls = no
}
access_attr = “uid”
edir_account_policy_check = yes
}
  • After editing the ldap file, save it and then edit /etc/raddb/sites-available/default. FIND THE LINES that contain LDAP word and uncomment the lines :

authorize {
#
#  The preprocess module takes care of sanitizing some bizarre
#  attributes in the request, and turning them into attributes
#  which are more standard.
#
# ¬†It takes care of processing the ‘raddb/hints’ and the
# ¬†‘raddb/huntgroups’ files.
#
#  It also adds the %{Client-IP-Address} attribute to the request.
#preprocess
#
#  If you want to have a log of authentication requests,
# ¬†un-comment the following line, and the ‘detail auth_log’
#  section, above.
# auth_log
#
# ¬†The chap module will set ‘Auth-Type := CHAP’ if we are
#  handling a CHAP request and Auth-Type has not already been set
#chap
#
#  If the users are logging in with an MS-CHAP-Challenge
#  attribute for authentication, the mschap module will find
# ¬†the MS-CHAP-Challenge attribute, and add ‘Auth-Type := MS-CHAP’
#  to the request, which will cause the server to then use
#  the mschap module for authentication.
#mschap
#
#  If you have a Cisco SIP server authenticating against
# ¬†FreeRADIUS, uncomment the following line, and the ‘digest’
# ¬†line in the ‘authenticate’ section.
# digest
#
# ¬†Look for IPASS style ‘realm/’, and if not found, look for
# ¬†‘@realm’, and decide whether or not to proxy, based on
#  that.
# IPASS
#
#  If you are using multiple kinds of realms, you probably
# ¬†want to set “ignore_null = yes” for all of them.
# ¬†Otherwise, when the first style of realm doesn’t match,
# ¬†the other styles won’t be checked.
#
#suffix
# ntdomain
#
#  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
#  authentication.
#
#  It also sets the EAP-Type attribute in the request
#  attribute list to the EAP type from the packet.
#
# ¬†As of 2.0, the EAP module returns “ok” in the authorize stage
# ¬†for TTLS and PEAP. ¬†In 1.x, it never returned “ok” here, so
#  this change is compatible with older configurations.
#
#  The example below uses module failover to avoid querying all
# ¬†of the following modules if the EAP module returns “ok”.
#  Therefore, your LDAP and/or SQL servers will not be queried
#  for the many packets that go back and forth to set up TTLS
#  or PEAP.  The load on those servers will therefore be reduced.
#
#eap {
# ok = return
#}
#
# ¬†Pull crypt’d passwords from /etc/passwd or /etc/shadow,
# ¬†using the system API’s to get the password. ¬†If you want
#  to read /etc/passwd or /etc/shadow directly, see the
#  passwd module in radiusd.conf.
#
#unix
#
# ¬†Read the ‘users’ file
#files
#
#  Look in an SQL database.  The schema of the database
# ¬†is meant to mirror the “users” file.
#
# ¬†See “Authorization Queries” in sql.conf
# sql
#
#  If you are using /etc/smbpasswd, and are also doing
#  mschap authentication, the un-comment this line, and
# ¬†configure the ‘etc_smbpasswd’ module, above.
# etc_smbpasswd
#
#  The ldap module will set Auth-Type to LDAP if it has not
#  already been set
ldap
#
#  Enforce daily limits on time spent logged in.
# daily
#
# Use the checkval module
# checkval
expiration
logintime
#
#  If no other module has claimed responsibility for
#  authentication, then try to use PAP.  This allows the
# ¬†other modules listed above to add a “known good” password
#  to the request, and to do nothing else.  The PAP module
#  will then see that password, and use it to do PAP
#  authentication.
#
#  This module should be listed last, so that the other modules
#  get a chance to set Auth-Type for themselves.
#
#pap
#
# ¬†If “status_server = yes”, then Status-Server messages are passed
#  through the following section, and ONLY the following section.
#  This permits you to do DB queries, for example.  If the modules
# ¬†listed here return “fail”, then NO response is sent.
#
# Autz-Type Status-Server {
#
# }
}
#  Authentication.
#
#
#  This section lists which modules are available for authentication.
# ¬†Note that it does NOT mean ‘try each module in order’. ¬†It means
# ¬†that a module from the ‘authorize’ section adds a configuration
# ¬†attribute ‘Auth-Type := FOO’. ¬†That authentication type is then
#  used to pick the apropriate module from the list below.
#
#  In general, you SHOULD NOT set the Auth-Type attribute.  The server
#  will figure it out on its own, and will do the right thing.  The
#  most common side effect of erroneously setting the Auth-Type
#  attribute is that one authentication method will work, but the
#  others will not.
#
#  The common reasons to set the Auth-Type attribute by hand
#  is to either forcibly reject the user (Auth-Type := Reject),
#  or to or forcibly accept the user (Auth-Type := Accept).
#
#  Note that Auth-Type := Accept will NOT work with EAP.
#
# ¬†Please do not put “unlang” configurations into the “authenticate”
# ¬†section. ¬†Put them in the “post-auth” section instead. ¬†That’s what
#  the post-auth section is for.
#
authenticate {
#
#  PAP authentication, when a back-end database listed
# ¬†in the ‘authorize’ section supplies a password. ¬†The
#  password can be clear-text, or encrypted.
#Auth-Type PAP {
# pap
#}
#
#  Most people want CHAP authentication
# ¬†A back-end database listed in the ‘authorize’ section
#  MUST supply a CLEAR TEXT password.  Encrypted passwords
# ¬†won’t work.
#Auth-Type CHAP {
# chap
# }
#
#  MSCHAP authentication.
#Auth-Type MS-CHAP {
# mschap
#}
#
#  If you have a Cisco SIP server authenticating against
# ¬†FreeRADIUS, uncomment the following line, and the ‘digest’
# ¬†line in the ‘authorize’ section.
# digest
#
#  Pluggable Authentication Modules.
# pam
#
# ¬†See ‘man getpwent’ for information on how the ‘unix’
#  module checks the users password.  Note that packets
#  containing CHAP-Password attributes CANNOT be authenticated
#  against /etc/passwd!  See the FAQ for details.
#
#unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means “check plain-text password against
# the ldap database”, which means that EAP won’t work,
# as it does not supply a plain-text password.
Auth-Type LDAP {
ldap
}
#
#  Allow EAP authentication.
# eap
}
#
#  Pre-accounting.  Decide which accounting type to use.
#
preacct {
preprocess
#
#  Ensure that we have a semi-unique identifier for every
#  request, and many NAS boxes are broken.
acct_unique
#
# ¬†Look for IPASS-style ‘realm/’, and if not found, look for
# ¬†‘@realm’, and decide whether or not to proxy, based on
#  that.
#
#  Accounting requests are generally proxied to the same
#  home server as authentication requests.
# IPASS
suffix
# ntdomain
#
# ¬†Read the ‘acct_users’ file
files
}
#
#  Accounting.  Log the accounting data.
#
accounting {
#
# ¬†Create a ‘detail’ed log of the packets.
#  Note that accounting requests which are proxied
#  are also logged in the detail file.
detail
# daily
#  Update the wtmp file
#
# ¬†If you don’t use “radlast”, you can delete this line.
unix
#
#  For Simultaneous-Use tracking.
#
#  Due to packet losses in the network, the data here
#  may be incorrect.  There is little we can do about it.
radutmp
# sradutmp
#  Return an address to the IP Pool when we see a stop record.
# main_pool
#
#  Log traffic to an SQL database.
#
# ¬†See “Accounting queries” in sql.conf
# sql
#
#  Instead of sending the query to the SQL server,
#  write it into a log file.
#
# sql_log
#  Cisco VoIP specific bulk accounting
# pgsql-voip
#  Filter attributes from the accounting response.
attr_filter.accounting_response
#
# ¬†See “Autz-Type Status-Server” for how this works.
#
# Acct-Type Status-Server {
#
# }
}
#  Session database, used for checking Simultaneous-Use. Either the radutmp
#  or rlm_sql module can handle this.
#  The rlm_sql module is *much* faster
session {
radutmp
#
# ¬†See “Simultaneous Use Checking Queries” in sql.conf
# sql
}
#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {
#  Get an address from the IP Pool.
# main_pool
#
#  If you want to have a log of authentication replies,
# ¬†un-comment the following line, and the ‘detail reply_log’
#  section, above.
# reply_log
#
#  After authenticating the user, do another SQL query.
#
# ¬†See “Authentication Logging Queries” in sql.conf
# sql
#
#  Instead of sending the query to the SQL server,
#  write it into a log file.
#
# sql_log
#
#  Un-comment the following if you have set
# ¬†‘edir_account_policy_check = yes’ in the ldap module sub-section of
# ¬†the ‘modules’ section.
#
ldap
#exec
#
#  Access-Reject packets are sent through the REJECT sub-section of the
#  post-auth section.
#
#  Add the ldap module name (or instance) if you have set
# ¬†‘edir_account_policy_check = yes’ in the ldap module configuration
#
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
  • save the file, then add these line to /etc/raddb/clients.conf filem to decide which network is ALLOWED to use and access FreeRADIUS service (in my case : 192.168.0.0/24) ¬†:

client 192.168.0.0/24 {

secret = testing123-1

shortname = testing123-1

}

  • After finish editing clients.conf file, save it and then test the connectivity by using radtest command

You can see detail http://www.malayin.net

openSUSE medical team releases stable version 0.0.6

November 11th, 2010 by

Some month our team was busy, and so you hasn’t heard about us. But we are alive. We are pleased to announce our new openSUSE Distribution who still medical needs.

Whats happened? In the beginning of the project we tried to package some stuff just as beginning. Then we published 2 pre versions, but there we found some things to fix. We have worked hard for you, and now we are pleased to announce openSUSE medical version 0.0.6 with fresh packaged packages.

What’s new?

FreeMedForms (FMF) is a multi-platform software (available on MacOS, Linux, FreeBSD, Windows), multilingual, free and open source, released under the new BSD license.
FreeMedForms is developed by medical doctors and is mainly intended for health professionals. Currently, the suite is under development. It is available only for testing purposes. The main objective of FreeMedForms is to manage the electronic medical records based on your medical practice or the practice of clinical research groups. Your records will be fully customizable through the use of plugins. Some parts of the suite are already operational and usable in practice as the prescriber FreeDiams (formerly DrugsInteractions). If you like to use FreeMedForms, you have to login yourself in the application as user “admin” with password “admin”.

FreeDiams prescriber is the result of FreeMedForms prescriber plugins built into a standalone application.
FreeDiams is a multi-platform (MacOS, Linux, FreeBSD, Windows), free and open source released under the GPLv3 license. It is developed by medical doctors and is intended for use by these same professionals. It can be used alone to prescribe and / or test drug interactions within a prescription. It can be linked to any application thanks to its command line parameters. FreeDiams can use several drugs database. Are currently available: Drugs database FDA_USA, the french AFSSAPS drugs database, the Canadian drugs databases (HCDPD), and the South African (SAEPI) are available. Drugs interactions calculation is available for all these drugs databases beginning with the upcoming v0.5.0.

The GNUmed project builds free, liberated open source Electronic Medical Record software in multiple languages to assist and improve longitudinal care (specifically in ambulatory settings, i.e. multi-professional practices and clinics). It is made available at no charge and is capable of running on GNU/Linux, Windows and Mac OS X. It is developed by a handful of medical doctors and programmers from all over the world. It can be useful to anyone documenting the health of patients including, but not limited to, doctors, physical therapists, occupational therapists, acupuncturists, nurses, psychologists

TEMPO is open source software for 3D visualization of brain electrical activity. TEMPO accepts EEG file in standard EDF format and creates animated sequence of topographic maps. Topographic maps are generated over 3D head model and user is able to navigate around head and examine maps from different viewpoints. Most mapping parameters are adjustable through appropriate graphical user interface controls. Also, individual topographic maps could be saved in PNG format for future examination or publishing.

But the openSUSE medical Distribution has more inside the DVD. The openSUSE medical team has hand-selected which package to add into the Distribution.

So we can say, that we have a good solution for Doctors, Students, Clinics and other people who trying to spread the word about Open Source.

We also have added a complete openOffice.org package, multimedia-codecs and multimediaplayer.¬† So you can play with different inputformats.¬† And the last addition was the KMyMoney Package, so you can know how to make money ūüôā

Thanks a lot on this time for the Upstream Coder: Eric Maeker from France,  Sebastian Siebert from Germany and the TEMPO Team.

Technically: From this version on we have fixed the *.desktop files. Now all medical desktop applications can found under Menu/Education/Science/. So it is easier for our users to find the needed software. Tomorrow i’ll starting to create a list of “Must have” applications for our project. So every Packager can choose the the product he like to package. But we need more Packagers in our team.¬† So if you know the BuildService and don’t know what should you do, just join the team.

But, where you can get this nice stuff?

You can get it there: http://susegallery.com/a/NETBqB/opensuse-medicalos11332bitkde4

How can you see our good Team?

You can visit our teampage: http://en.opensuse.org/openSUSE:Medical_team The site explains how you can be a part of our Mailinglist or Project.

All the other things you can find in our Portalpage: http://en.opensuse.org/Portal:Medical There you can find all important Links, and how to file a Bug or how to drop a openFATE Entry.

The Horizon: We can see good clouds on the horizon. ATM our team plans a collaboration between openSUSE and Fedora and Debian. The goal is that we can create new packages and share the package and all needed Informations and Experiences with other medical teams on the screen. We hope to arrange a shared Guideline for packaging medical Software and find new Ideas and Enhencements for the medical Community. Thats our Part for “Collaboration across Borders”.

Now enjoy your openSUSE medical.

Busy Oktober

November 10th, 2010 by

Last month I went to the Ovi and KDE sprint, Qt Developer Days 2010 -both in M√ľnich- and the openSUSE Conference 2010 in N√ľremberg. It was a busy Oktober. (pictures below!)

The Ovi and KDE sprint took place at Nokia’s M√ľnich office, where we discussed why integration between KDE and Ovi would be beneficial for both (better user experience, exposure to a large userbase). There I had the pleasure to meet lots of KDE people; Leinir, Frank Karlitschek, Chani, Myriam Schweingruber, Sascha Peilicke, Sivan Greenberg, Mark Kretschmann, Rune Jensen, Arjen Hiemstra, Jonathan, Dinesh, Krzysiek, Knut Yrvin…
After the Ovi sprint, the Qt Developer Days 2010 began. The training sessions took place the first day. Even though some exercises were skipped, I liked it. Days 2 and 3 were focused on showing how cool Qt is. I never thought QML could be that easy, powerful and straightforward. Besides all of the presentations, we also had dinner with the Trolls, played the “fact or crap” game and tried some Meego-powered devices. So yepp, I enjoyed it and I’m looking forward for the 2011 edition ūüôā
BTW, /me was wearing an openSUSE t-shirt which made Martin Mohring approach me and talk to me. That way I met him.

As I said, I also attended the openSUSE Conference 2010. Dan’s connecting flight was the same as mine (what a coincidence) so we took the Z√ľrich-N√ľremberg flight together. The same day we had dinner at Barf√ľsser with other people who had arrived earlier. Raymond Wooninck (tittiatcoke) drove 400 km in total to join us for the dinner only! Perhaps next time he can stay for a bit longer.
I stayed at the conference hotel. Having the conference and the hotel at the same place was a great idea. The location itself wasn’t that good since it was in the outskirts of N√ľremberg but hey you can’t have everything. The very first day I met more fellow contributors… many interesting conversation took place in the hallways, between talks which made me skip some presentations. Besides that, there were some interesting talks taking place at the same time, so I had to choose between one or the other. Frank and I organised a workshop, “the Open-PC case” which went well. There were many attendees interested in getting an Open-PC. I also had the chance to meet and talk with many people: Adrian Schr√∂ter and I talked about obs, Nuno Pinheiro showed me some of his Inkscape techinques, I talked with Bruno Friedmann about many things -KDE/Factory too, of course-, I discussed artwork stuff with Gnokii (S. Kemter), Nuno Pinheiro, Robert Lihm and Kai-Uwe Behrmann, testing Factory with Bernhard Wiedeman, how to improve the documentation’s visibility with the Documentation team (Frank, Thomas, Katja, J√ľrgen) KDE stuff with the KDE people (there were lots of them at the conference),… speaking of KDE stuff, Thomas Thym brought some KDE merchandising to sell. ūüôā
BTW, Gnokii’s Movie Night was nice. I really liked the free movies he played; not just software has to be made free!
This time I didn’t have time to go for a stroll in the city. From what I saw (little), N√ľremberg seems to be a quiet and nice place.
I have to say that it was a great experience, I really enjoyed it and that I’m looking forward for next year’s openSUSE Conference. So yes, it was a big success ūüėÄ

Thanks to all the people who made these events possible!

Some pics:

/me is leaving

November 9th, 2010 by

Moin,

after 7 years with SUSE and Novell I’ve chosen to change something in my life – and decided to accept a new job and will lay down my duties in the openSUSE project. I’ve been with the openSUSE project already prior to its launch in August 2005 and experienced a number of highs and lows. Overall the project¬† has been shaping up nicely, we reached a lot of our goals and the just passed openSUSE conference reflects this pretty well in my opinion.

Just to stop any rumours РI leave Novell because I found a new job in the trade show management area close to Nuremberg. Trade show management is where my expertise is and where I worked prior to coming to openSUSE. While I enjoyed the work at openSUSE, organizing the openSUSE conference meant doing what I really love and my new job will give me many more conferences and trade shows to plan and organise.  As I will leave Novell before the end of December the project needs a new openSUSE chairman who should serve until the openSUSE foundation is created.

Best wishes to the openSUSE project and the people behind it. I had a lot of fun over the past 7 years, met numerous outstanding people and learned a lot which will help me in my future life.

Best
Michael

10 obscure Linux office applications

November 9th, 2010 by

Last night I was trying to beauty up my Kraft Homepage a bit and while doing that I realised that half of the allowed transfer volume that is coming with the cheap hosting contract is already eaten up for November. Investigating how that could have happened I found out that Kraft was mentioned in a very nice blog called 10 obscure Linux office applications you need to try. It introduces some interesting apps out of the whole mass of all FOSS apps in that specific area. Kraft is mentioned there, which is of course nice, the author seems to like Kraft. I am, however, not really sure why the word obscure is in the headline of the blog, do you know ūüėČ ?

But the other nine applications are also really interesting, such as goldendict, which combines multiple dictionaries on the desktop or TOra which is a cool database GUI. We do not have them in Factory nor
Contrib.

The next openSUSE release 11.4 is slowly but surely coming up and I think it makes sense to add cool software now. Maybe the listed apps in the blog are ideas to spice up our distro a bit with good software? I volunteer to take care of Kraft ūüėČ

openFATE Screening Meeting

November 8th, 2010 by

With the progress the boosters made on the openFATE preview instance, we can now edit features and handle them. A screening team has been formed some time ago and now it’s possible to really start working on features.

I’d like to invite everybody that’s interested to join the openFATE team and discuss how to handle features on Thursday, 11th of November, 16:00 UTC on IRC freenode, channel #openSUSE-project.

LiMobile – Linux SDK for Mobile’s APPLE.

November 7th, 2010 by

LiMobile is a Linux distribution (based on openSUSE and created in fantastic SUSE Studio) designed for developing applications for the iPhone and iPad without using Xcode compiler, the system and MacOSX MacBook notebook.

See video below.