Dirk-Jan’s blog

Last week I’ve spend some time doing an Asterisk PBX setup at home. Because I like the technique and my girlfriend likes to use the phone I decided to build my own PBX (Private Branch Exchange). In other words a telephone exchange. So doing some research I figured out what the requirements where and came up with the following components:
- a SIP provider
- a SIP compliant phone
- Asterisk PBX software
- an Internet connected Linux server running 24/7

As for the SIP provider I chose the Budgetphone company because they support Asterisk and you get a local area number on which you can be called.

On my search for a suitable phone selected the Siemens Gigaset A580 IP. The main reasons I chose this phone where:
- it’s a hybrid phone so you can use POTS and or VOIP
- it’s energy efficient by using multiple energy-saving technologies
- it’s in a affordable price range

The installation of Asterisk was a piece of cake. Being a very happy user of Debian Linux, I installed the pre-compiled package from the Debian repository by executing the following command:

In my case the Asterisk server has a public ip-address, and the phone base station is located in private ip space behind a NAT router.

Below you’ll find the Asterisk configuration. This configuration is known to work on Asterisk version 1.4.21.2~dfsg-3. In my case all configuration files reside in ‘/etc/asterisk/’.

sip.conf:

extensions.conf:

voicemail.conf

When done editing those files, you need to connect to the Asterisk CLI (Command Line Interface) by using the following command:

Set the verbosity level to 10:

To reload the new configuration issue:

To see if the SIP services have registered succesfully issue:

I needed to configure the next fields in the base station configuration to get the phone registered with Asterisk. Go to ’settings’ -> ‘telephony’ -> ‘connections’ -> ‘edit’ -> ’show advanced settings’.
- Authentication Name: phone
- Authentication password: *******
- Username: phone

- Domain: local
- Proxy server address: Asterisk server ip
- Registrar server: Asterisk server ip

To make the MWI (Message Wait Indicator) work on the handset you need to follow the next steps:
Web browse to the Siemens phone web interface, go to ’settings’ -> ‘telephony’ -> ‘Network Mailbox’. For the connection you want MWI with, enter the voicemail access number into the ‘Call Number’ box, in my case 1001 and tick the ‘Active’ box. This will make the Siemens phone subscribe to the mailbox status.

Have fun!

Recently I have a personal certificate also known as a Digital ID on a smart card (Aladdin eToken) to access a secure web service. While installing the certificate I noticed it is also possible to use it to digitally sign and encrypt email with the same certificate, so I fired up Thunderbird and added the PCKS#11 security device to configure signing using S/MIME. See the steps below.

“PKCS#11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards.” (Source: http://en.wikipedia.org/wiki/PKCS11)

I assume you already have installed the eToken software. In case you haven’t, take a look at this article I wrote earlier.

Open Thunderbird and go to Preferences -> Advanced -> Encryption -> Security Devices

Click on “Load” and enter a Module name or choose the default like I did, which is “New PKCS#11 Module” and browse for the ‘libeTPkcs11.so’ library. This file probably sits in ‘/usr/lib’ or ‘/usr/lib64′. Be sure to pick the right one, because you need the 64bit version if you’re using 64bit Firefox.

Open Account Settings -> Security

Select the certificate on your smart card you like to use.

Thunderbird and Firefox are not bundled with the needed CA’s to support GlobalSign PersonalSign Class 2 out-of-the-box. You have to Import the GlobalSign Primary Class 2 CA (http://secure.globalsign.net/cacert/PrimClass2.crt) and GlobalSign PersonalSign Class 2 CA (http://secure.globalsign.net/cacert/PersonalSignClass2.crt) to make it work in Thunderbird, otherwise you’ll notice you’re not able to send digitally signed email.

To make the eToken PKI 5.0 client work on my 64bit Fedora 11 workstation with the 32bit version of the Aladdin eToken middle ware I had to install the following packages: hal-libs.i586, libusb.i586, openct.i586, pcsc-lite-openct.i586, pcsc-lite-libs.i586, pcsc-lite.i586 and dependencies.

If you don’t install the 32bit version of the packages, the installation of the pkiclient software will result in a error. The pkiclient software does need one of the following bundle dirs ‘/usr/lib/readers’ or ‘/usr/lib/pcsc/drivers’, or else it will exit with the error message below.

Do not try to add the eToken as a security device in Firefox or Thunderbird as you’re probably running the 64bit version of the applications. The 64bit applications refuse to load the 32bit ‘libeTPkcs11.so’, you’ll be prompted with a message “Unable to add module”.
I have requested the 64bit version of the middle ware, which should make things easier.

Recently I had to use a laptop for a course I was doing. This Fujisu Siemens Amilo Li 2727 laptop came with Windows Vista pre-installed. Since the installed OS didn’t matter for the course I installed the latest Ubuntu which is 9.04 (Jaunty). All worked well except for the wireless card (Atheros Communications Inc. AR242x 802.11abg Wireless PCI Express Adapter (rev 04)). The network applet says “Wireless is disabled”. The ath5k driver for the wireless card is being correctly initialised, as you can see:

You can also use the following command to see if the device is blocked (not tuned on!):

It appears that the wireless card is enabled but not activated, so you’ll need to turn it on. Using Windows you use the Fn-F1 key combination to activate the wireless card, but this doesn’t work with Linux. The easiest way to get wireless going is by activating a kernel module called acer_wmi. As soon as you execute the following line you’ll notice the wireless led will light up. There are other ways, but this is by far the most easy and elegant way to do it.

The wireless card is now active! Wait a moment and you’ll see wireless networks appear in the NetworkManager if you’re in range. Just for the record I am using Ubuntu kernel 2.6.28-11-generic at the moment of writing.

To make this solution last on a reboot, you’ll have to add the module name ‘acer_wmi’ to ‘/etc/modules’.

30 Apr 2010: I can confirm this work-around also works for Ubuntu 10.04 LTS (Lucid).

During the upgrade from Etch to Lenny I was surprised that the Gallery2 package was not available for the current stable release of Debian. At first it was no problem, but the Gallery2 package of old stable Etch is to old for the most recent WPG2 plug-in for Wordpress, so I had to upgrade Gallery2 using a upstream version as one of the package maintainers made clear:

“Gallery2 is not available in Lenny due to the large amount of differences between the previous version and 2.3-1 from unstable. The release team decided not to include Gallery2 in stable due to this disruptive change late in the release process. The gallery2 package from sid can be installed via pinning.”

I’ve documented the steps I took for upgrading Gallery2.

1. Create to following file if it not exists:

2. Add the following lines:

* If you are using testing Debian make sure testing is the bigger number.
* This file will install only from the highest pin but it will show you if the packages is available in testing or unstable.

3. Edit /etc/apt/sources.list and add the following lines:

4. Update the apt database and upgrade the gallery2 package:

You’ll notice that the package will be kept back. Issue a dist-upgrade to install the upstream package.

Restart apache and as soon as you visit the gallery2 site you’ll be asked to start the upgrade process, which went very smoothly.

This guide will help you setup Firefly Media Server to serve iTunes. This server based program, previously known as “mt-daapd” shares your media collection to iTunes. DAAP stands for Digital Audio Access Protocol and is developed by Apple to share media across a local network.

I have done the installation on Debian Lenny, but Firefly (still called mt-daapd on the Debian repository!) is even available on Windows. In order to publish the firefly shared library on the network I have used Avahi, which is a free implementation of Zeroconf including mDNS/DNS-SD.

1. Install the needed packages including dependencies

2. Setup Avahi by creating /etc/avahi/services/mt-daapd.service

3. Restart the Avahi daemon

4. Edit /etc/mt-daapd.conf. The following variables where important to me:

5. Restart mt-daapd

The first time you start mt-daapd it will do a full scan to update the mt-daapd database. Watch the /var/log/daemon.log file to see when it’s ready.

Now you should be able to connect to the mt-daapd admin webinterface at http://yourservername:3689.

6. You’re done!
Fire up iTunes and you’ll see the just created Firefly library become available under Shared. You can also use this service with Rhythmbox Music Player, XMMS with the DAAP plugin, or any other DAAP compatible music player.

Today I had to add a static-route on a Fedora 10 workstation to gain access to a web application. Because it needs to be persistent, survive reboots, I wanted to configure the static-route the way Fedora (Red Hat) likes it.

The script ‘/etc/sysconfig/network-scripts/ifup-routes’ is responsible for setting the route. You have to create a ‘route-eth1′ file depending on the interface the static route has to be configured on.

You can check if it works by calling the script followed by the interface name.

Use the route command to see if the new route has been added to the route table.

Since there were not enough free PPs available within the VG to extend our fast growing LV we had to increase disk space and extend this LV, but this was a little different from the usual manner because of this LV was a striped one. At first we thought we had to rebuild the entire LV to expand to the new capacity, but… since AIX 5L version 5.3 it is possible to enlarge the size of striped LVs online thanks to the concept of striped columns for LVs. The only thing is that you can raise the upper bound with a multiple of the stripe width. Our SAN team was so happy to supply the necessary LUNs.

This is what it looked like:

Use the -u option to extend the upper bound. This can only be a multiple of the stripe width, which is 12 in my case.

After that we had to extend the Maximum LPs for this LV.