Blog Jurišić

To content | To menu | To search

Thursday, May 9 2019

Microphone crackling sound on chipset Realtek ALC1220

I using Debian 10 Buster GNU/Linux with kernel 4.19.37  and have on microphone crackling sound when talk over Steam Chat, Discord, etc.

My motherboard is ASRock Fatal1ty X399 with Realtek ALC1220 audio chipset.

I try fix problem but all result with fail.

 

But I workround this problem with  Delock USB Sound Adapter 7.1 and after the successful use of the microphone I completely disable Realtek ALC1220 audio chipset in BIOS of motherboard.

 

Wednesday, April 24 2019

Setting up Samba as an Active Directory Domain Controller on Debian 9 Stretch

Introduction

Samba is great project and if wont make Samba AD DC today is very simple. More about Samba look at https://www.samba.org/.

Preparing the Installation

  • select hostname(dc1.internal.example.com),domain name(internal.example.com)
  • installation and configure of time server (ntp)
  • installation and configure of domain name system (bind9)

 

Set hostname of my Samba ad dc server:

hostnamectl set-hostname dc1.internal.example.com

Edit hosts:

nano /etc/hosts

192.168.0.100  dc1.internal.example.com dc1


Installation and configure of time server (ntp):

apt-get install ntp

Change settings in ntp.conf

nano /etc/ntp.conf

logfile   /var/log/ntp.log
driftfile /var/lib/ntp/ntp.drift
ntpsigndsocket /var/lib/samba/ntp_signd/

pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict 127.0.0.1
restrict source notrap nomodify noquery
restrict default kod nomodify notrap nopeer mssntp

Fix bug apparmor (Thanks to  Louis van Belle):

Enable the local file part for ntpd:

sed -i 's[#include <local/usr.sbin.ntpd>[include <local/usr.sbin.ntpd>[g' /etc/apparmor.d/usr.sbin.ntpd

NTPD fix.:

echo "
  # To sign replies to MS-SNTP clients by the smbd daemon /var/lib/samba
  /var/lib/samba/ntp_signd r,
  /var/lib/samba/ntp_signd/{,*} rw,

  # samba4 winbindd pipe
  /{,var/}run/samba/winbindd r,
  /{,var/}run/samba/winbindd/pipe rw,

  # samba4 winbindd privileged pipe ? Needed?
  /var/lib/samba/winbindd r,
  /var/lib/samba/winbindd/pipe rw,

" >> /etc/apparmor.d/local/usr.sbin.ntpd

Installation and configure of domain name system (bind9):

Instalirati bind9 paket:

apt-get install bind9

Configure neamed.conf.options

nano /etc/bind/named.conf.options

//  Add any subnets or hosts you want to allow to use this DNS server
acl internal {
   127.0.0.0/16;
   192.168.0.0/16;
};

options {

        auth-nxdomain yes;
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        listen-on-v6 { none; };

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        allow-query { internal; };
        allow-recursion { internal; };
        allow-transfer { none; };
};

Finale step start service and test ntp and bind9:

systemctl restart ntp.service bind9.service

Set in resolv.conf our bind9:

nano /etc/resolv.conf

search internal.example.com
nameserver 192.168.0.100

Now test bind9:

Test the localhost forward zone):

host -t A localhost 

Default respond is:

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

localhost has address 127.0.0.1

To test the 0.0.127.in-addr.arpa reverse zone:

host -t PTR 127.0.0.1 

Default respond is:

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

1.0.0.127.in-addr.arpa domain name pointer localhost.

Test NTP server:

ntpdate -q 192.168.100.31

Default respond is:

server 192.168.0.100, stratum 2, offset -0.000073, delay 0.02602
24 Apr 12:10:30 ntpdate[10143]: adjust time server 192.168.0.100 offset -0.000073 sec

 

Installing Kerberos & Samba and configure Bind9 with Samba:

  • Installing Kerberos and configure
  • Installing Samba and configure
  • Configure Bind9 to work with Samba

Installing Kerberos and configure:

apt-get install krb5-config krb5-user

Configure krb5.conf

nano /etc/krb5.conf

[libdefaults]
        default_realm = INTERNAL.EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

 

Installing Samba and configure:

Debian bring Samba 4.5.16 but that version don't have JSON module (Need 4.7+ for JSON), and I find great repository apt.van-belle.nl by Louis van Belle (Please feel to free Donate to Louis).

Add van-belle.nl repos:

wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add -

echo "# AptVanBelle repo for samba." | sudo tee /etc/apt/sources.list.d/van-belle.list

echo "deb http://apt.van-belle.nl/debian stretch-samba410 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list

apt-get update

Install samba:

apt-get install samba winbind attr acl

Configure service samba for AD DC:

systemctl stop smbd nmbd winbind
systemctl mask smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl daemon-reload

Configure Samba as AD DC:

If exist old configuration of samba /etc/samba/smb.conf then make backup of config and delete.

cp /etc/samba/smb.conf /etc/samba/smb.conf.bck
rm /etc/samba/smb.conf

samba-tool domain provision --use-rfc2307 --realm INTERNAL.EXAMPLE.COM --domain EXAMPLE --server-role dc --dns-backend=BIND9_DLZ  --adminpass StrongPassword

Configure Bind9 to work with Samba:

Add under section options { }

nano /etc/bind/named.conf.options

allow-update { 192.168.0.100; };

// https://wiki.samba.org/index.php/Dns-backend_bind
// DNS dynamic updates via Kerberos (optional, but recommended)
//tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";    //samba 4.8 and lower
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";    // samba 4.9 and up

 

Add rndc.key, bind-dns include in named.conf

nano /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
    controls {
     inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
};

include "/var/lib/samba/bind-dns/named.conf";

Set pemission for Bind9:

setfacl -m g:bind:r /etc/krb5.conf
setfacl -m g:bind:r /var/lib/samba/bind-dns

Set permission for NTP:

chown root:ntp /var/lib/samba/ntp_signd/
chmod 750 /var/lib/samba/ntp_signd/

Restartati all services:

systemctl restart bind9.service ntp.service samba-ad-dc.service

Test Kerberos:

kinit administrator
klist

Test DNS over Samba:

samba_dnsupdate --verbose

* Change from internal samba dns to bind9_dlz use (If you are running a older samba ad-dc and then upgrade as shown, The file dns.keytab isnt move the the new folder, you need todo that manualy. Its already in the debian bugreport for samba):

samba_upgradedns --dns-backend=BIND9_DLZ

Tweak service start order for Samba then Bind9 and disable reload for Bind9(bug sometime confuze Samba) :

Samba:

systemctl edit samba-ad-dc.service 

Add in file:

[Unit]
After=network.target network-online.target bind9.service

Bind9:

systemctl edit bind9.service

Add in file:

[Service]
ExecReload=

Test Samba:

samba-tool domain info 192.168.0.100
net ads info
net rpc info -U administrator
wbinfo -P
wbinfo -t
wbinfo -pPt 

Congratulations enjoy in Samba World.

 

 

 

 

Monday, April 8 2019

Debian Stretch - Nextcloud 15.0.7

Upgraded nextcloud server package to 15.0.7 for Debian Stretch.

I highly recommend upgrading, check list of changes.

Process of upgrade is very simple, example:

apt-get update
apt-get upgrade

Changes (source from https://nextcloud.com/changelog/):

Version 15.0.7 April 9 2019

Changes

 

Version 15.0.6 April 4 2019

Changes

Friday, March 1 2019

Debian Stretch - Nextcloud 15.0.5

Upgraded nextcloud server package to 15.0.5 for Debian Stretch.

I highly recommend upgrading, check list of changes.

Process of upgrade is very simple, example:

apt-get update
apt-get upgrade

Changes (source from https://nextcloud.com/changelog/):

Version 15.0.5 February 28 2019

Changes

 

Monday, January 14 2019

Debian Stretch - Upgrade Nextcloud 15.0.0 to 15.0.2

Upgrade nextcloud server package from 15.0.0 to 15.0.2 for Debian Stretch.

I highly recommend upgrading, check list of changes.

Process of upgrade is very simple, example:

apt-get update
apt-get upgrade

Changes (source from https://nextcloud.com/changelog/):

Version 15.0.2 January 11 2019

Version 15.0.1 January 10 2019

Tuesday, December 25 2018

Debian Stretch - Upgrade Nextcloud 14.0.4 to 15.0.0

Upgrade nextcloud server package from 14.0.4 to 15.0.0 for Debian Stretch.

I highly recommend upgrading, check list of changes.

Process of upgrade is very simple, example:

apt-get update
apt-get upgrade

Changes (source from https://nextcloud.com/changelog/):

Nextcloud 15 introduces social networking, next-gen 2-factor authentication and innovative collaborative document editing abilities. This release also adds a new design and grid view, workflow features and 2-3x faster loading performance.

As this is a major release, the changelog is very long. Find an overview of what has been improved in this series of blog posts:

Friday, November 23 2018

New update of Nextcloud 14.0.4

Updated nextcloud server package from 14.0.3 to 14.0.4 for Debian Stretch.

I highly recommend upgrading, check list of changes.

Changes (source from https://nextcloud.com/changelog/):

Tuesday, October 16 2018

Nextcloud upgraded packages for Stretch and Jessie

Updated nextcloud server package from 14.0.1 to 14.0.3 for Debian Stretch and 13.0.6 to 13.0.7 for Debian Jessie.

I highly recommend upgrading, check list of changes.

Changes (source from https://nextcloud.com/changelog/):

Version 14.0.3 October 12 2018

Changes

Version 14.0.2 October 11 2018

Changes

Version 13.0.7 October 11 2018

Changes

 

 

Thursday, October 4 2018

How to install self hosted Mozilla Sync for Pale Moon in 3 min on Debian 9

Introduction

My default internet browser is Pale Moon and I'm very satisfied. Very stable, in six months of use has never collapsed or obstructed. The rendering speed of the web site is great thanks to the Goanna layout engine. Compatibility with NPAPI plugin is supported (some apps need that plugin). Pale Moon is multi platform browser and work on Linux, Windows and soon on Mac. This is not "one man project". Read "BLOG: This is rumor control, here" before you make your prejudices about this internet browser.

 

Let's start

Open console and add Jurisic repository and install mozsync package:

echo "deb http://apt.jurisic.org/debian/ stretch main contrib non-free" >> /etc/apt/sources.list.d/jurisic.list
wget -q http://apt.jurisic.org/Release.key -O- | apt-key add -
apt-get update
apt-get install mozsync

Strong recommendation to turn on support https on new fresh installed apache.
Short example how to enable ssl:

a2enmod ssl
a2ensite default-ssl
systemctl restart apache2

Now configure service, open address https://192.168.22.150/mozsync (replace ip with Your IP/dns name):

For my personal using no need MySQL database, I select SQLite and press OK.

Congratulations you have successfully installed the mozilla sync 1.1 server!

Setup Sync in Pale Moon

Click on Tools->Preferences then click on tab Sync:

Now click on "Set Up Pale Moon Sync"

Fill form with e-mail,password and under server select "Use a custom server ..." and enter link of Your sync server.

Click Next to finish proces:

That is all. Enjoy in Pale Moon browser and own Sync service !!!

Thursday, September 27 2018

Nextcloud 14.0.2 & 14.0.3

Updated nextcloud server package from 14.0.0 to 14.0.1 for Debian Stretch and 13.0.6 to 13.0.7 for Debian Jessie.

I highly recommend upgrading, check list of changes.

Changes (source from https://nextcloud.com/changelog/):

Friday, September 21 2018

Nextcloud upgrade from 13.0.6 to 14.0.0

I update nextcloud server package from 13.0.6 to 14.0.0 for Debian Stretch.

Update proces is now simple.

Example:

apt-get update
apt-get upgrade

Package will do rest. When start with apt-get upgrade, apt will get new package and check depency then fix if need and deploy Nextcloud on /var/www/nextcloud then set harder permission on installed files. Then with occ commands make upgrade.

 

Changes in packages

  • Add cron job
  • Add strong directory permissions /var/www/nextcloud
  • Add on install default log path /var/log/nextcloud
  • Add upgrade only with apt-get (web upgrade block by permission)

 

Changes in Nextcloud

Nextcloud 14 merged nearly 1000 pull requests with improvements and changes, almost 150 more than Nextcloud 13. This only covers the core server, hundreds more changes were made in the apps that make up our release, making this version officially our biggest release ever.

While we can never cover everything that has improved, these are the main feature highlights:

  • Video Verification - use a video call with Talk to verify the identity of somebody before granting them access to a share
  • Two-factor authentication now with Signal and Telegram as well as NFC and SMS
  • Accessibility improvements & dark theme
  • Add a note to shares, share files in a Talk chat, new Deck Kanban app and much more

Blog with more details is here.

Tuesday, September 11 2018

De-Googling my phone

For a long time I've been using the Xiaomi Mi 5 phone with MUI interface that is base on based Android. That means that on my phone I have installed Bloatware that came with MIUI and additionally with Android. The result of all this is the weaker performance of mobile phone, faster battery discharge, the disruption of privacy and the very questionable security of the data I have on my mobile.

 

 

The main objection, from my point of view, is that I must have google account to access Android apps. Why couldn’t I install an application anonymously? After long search for alternatives for Google Play, I found the Yalp Store program from the F-Droid repository. I thought Yalp was the answer to the earlier question, so I deleted the google account from my cell phone and all looked just like I wanted.

 

Screenshot F-Droid Screenshot Yalp Store Screenshot Blokada

 

As I often use internet browser on my mobile phone, I wanted to install a program for blocking unwanted ads. I use the uBlock Origin on my computer and I'm very satisfied, and I found Blokada for the mobile and now there is a shocking discovery. All the applications I received with my cell phone (pre-installed) and the apps I installed from my google store were still trying to send some information to google. Even if I did not have a google account assigned to a mobile, still all apps generated network traffic towards google. Paradoxically, when I returned google account to my cell phone, I still generated the traffic but less.

Then I downloaded a couple of programs from F-Droid and network packages did not generate from those applications but only from google play service and that points to only one thing. Google analyzes what you have installed on your mobile phone even though you have not used their service.

 

I found interesting articles on the google service Youtube about google android:

 

After active search for alternative andorid os, I found various projects but one of them particularly attracted my attention - /e/ project. Unfortunately, the project is just in the initial phase so I looked for something that would be compatible with the android os and that there is no installed default google play service with the loads of bloatware installed in it. The answer is an open source LineageOS project where google play service can, but it does not have not be installed. Luckily for me, my cell phone Xiaomi Mi 5 is officially supported and I am starting the great adventure great adventure.

 

Complete manual for installation can see at link https://wiki.lineageos.org/devices/gemini but in practice it looked like this:

1. Download software for fastboot

I using Debian GNU/Linux 9 and installation of fastboot is very simple:

apt-get install fastboot

2. Download TWRP loader for Xiaomi Mi 5 (phone need to be unlock to apply new loader)

wget https://dl.twrp.me/gemini/twrp-3.2.3-0-gemini.img

3. Download LingeageOS za Xiaomi Mi 5

wget https://mirrorbits.lineageos.org/full/gemini/20180903/lineage-15.1-20180903-nightly-gemini-signed.zip

4. Start phone in fastboot and flash loader

With the device powered off (connect phone with pc -usb ), hold Volume Down + Power. Keep holding both buttons until the word “FASTBOOT” appears on the screen, then release and in linux console put command:

fastboot flash recovery twrp-3.2.3-0-gemini.img

After success upload of image, I power off phone, then hold Volume Up + Power. Keep holding both buttons until TWRP appears on screen. First all wipe (dalvik,cache,data,internal storage)

5. Copy LineageOS-a and installation

First open on my PC file explorer (Nemo) and copy lineage-15.1-20180903-nightly-gemini-signed.zip in internal memory of phone, then in TWRP select Install and select zip file. Waiting to complete install and reboot phone and new LineageOS is ready for me.

 

The first thing I did when I started LineageOS, I started browsing and I installed F-Droid. I've installed a few programs that are very useful. Some programs are replacement for some programs that I used before, and for some, unfortunately, I have no alternative.

LineageOS is based on the original Android and applications, so I've replaced a default google keyboard with a Simple Keyboard, an e-mail client with K-9 Mail in combination with OpenKeychain and google chrome with Privacy Browser.

 

Lists of programs on my phone now:

Namjena Banned Alternative
App store Google Play F-Droid
E-mail client Gmail/Mail K-9 Mail
Email Encryption - OpenKeychain
Instant Messaging WhatsApp or Viber Conversations or Telegram
SMS Messaging - Silence
Media Youtube NewPipe
Password Managers LastPass Password Store
Social Network Facebook dandelion*
Social News Twiter Tusky or Mastalab
VPN Cisco VPN OpenVPN
Enterprise Suite Google Apps Nextcloud
Internet Browser Google Chrome Privacy Browser
Navigation Google Maps OsmAnd~
Phone Contacts Google Contacts DAVdroid
Phone Calendars Google Calendars DAVdroid
Phone Tasks Google Tasks Tasks
PDF Viewer Google PDF Viewer Document Viewer
Office Documents Google Docs LibreOffice Viewer
Keyboard Google Keyboard Simple Keyboard
File Share & Sync Google Disk, Files Go Nextcloud

Did I achieve my goal? Do I have more privacy and security on my mobile? Yes and no, it is difficult to answer on that but surely the cell phone now has fewer unwanted programs and the battery on my mobile lasts longer. This is one step towards a better OS but it is still far from the destination I am heading for. I have great expectations from /e/ project and the time will show in which direction will it go.

 

Please check also interesting link :

 

 

 

 

 

 

 

Friday, August 31 2018

Nextcloud upgrade from 13.0.5 to 13.0.6

I update nextcloud server package from 13.0.5 to 13.0.6 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes

 

Monday, July 30 2018

Nextcloud upgrade from 13.0.4 to 13.0.5

I update nextcloud server package from 13.0.4 to 13.0.5 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes

Wednesday, June 13 2018

Nextcloud upgrade from 13.0.3 to 13.0.4

I update nextcloud server package from 13.0.3 to 13.0.4 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

This mini patch coming very fast after 13.0.3 :-)

Changes

 

Monday, June 11 2018

Nextcloud upgrade from 13.0.2 to 13.0.3

I update nextcloud server package from 13.0.2 to 13.0.3 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes

 

 

 

Friday, April 27 2018

Nextcloud upgrade from 13.0.1 to 13.0.2

I update nextcloud server package from 13.0.1 to 13.0.2 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes

Friday, March 23 2018

Nextcloud upgrade from 13.0.0 to 13.0.1

I update nextcloud server package from 13.0.0 to 13.0.1 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes

 

Tuesday, February 13 2018

Nextcloud upgrade from 12.0.5 to 13.0.0

I update nextcloud server package from 12.0.5 to 13.0.0 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes:

Over 1100 changes were merged in the server, with many hundreds more in existing or new apps. The main improvements include:

  • Collaboration features
    • Nextcloud Talk, a private videoconference software integrated with Nextcloud
      • real-time and asynchronous communication with push notifications, calls and chat web and mobile devices
      • Integration in business workflow with calendar invitations and calls directly from Nextcloud Files
      • Screen and note sharing with participant moderation capabilities
      • 100% secure peer-to-peer, end-to-end encrypted calls, mediated by self-hosted server
    • auto-completion of user names in comments and notification to the mentioned user
    • support free/busy scheduling in native calendar applications like Thunderbird Lightning
    • show meeting invites in the calendar
  • End-to-End Encryption
    • can encrypt data on a per-folder level rather than all-or-nothing approach
    • does not require users to remember or exchange passwords
    • does not require re-uploading data upon sharing
    • features an optional off-line administrator recovery key
    • allows full audit logging
    • can be combined with our File Access Control feature so administrator can enforce aspects of End-to-end Encryption
    • protects from identity theft with our Cryptographic Identity Protection feature
    This feature is in Tech Preview for Nextcloud 13 and does not yet implement sharing.
  • User Interface
    • new way of selecting files
    • easy way to quickly copy or move to a location
    • High DPI support
    • admin menu integrated in one list
    • no limitation to file uploads via the web interface
    • user quota in the side bar
    • social sharing (Twitter, G+, Facebook, Diaspora) now features a preview
    • improved theming
  • Performance
    • decreased page load times with up to 50% and faster search
    • 80% faster LDAP and up to 10x faster external storage
    • Server-side Encryption performance largely improved
  • Other
    • Support for PHP 7.2
    • Support for PostgreSQL 10

 

Friday, January 26 2018

Nextcloud upgrade from 12.0.4 to 12.0.5

I update nextcloud server package from 12.0.4 to 12.0.5 for Debian Jessie and Stretch.

Update proces is same as before, check on link.

Changes:

Nextcloud 12.0.5 delivers a lot of changes in various areas including:

Changes

Many fixes were merged, the most important ones include:

  • #7144 Unlock files even if an exception occurs
  • #7322 Set primary action button color to same as theming color
  • #7323 Use the correct root for shared jail when the source storage is also a jail
  • #7353 Fix translation of federation scope menu
  • #7362 Allow to skip data dir permission checks
  • #7407 Check if owner of share exists
  • #7409 Add retry wrapper when reading files from swift
  • #7451 Fix constructor spy in unit test with Sinon 4.1.3
  • #7455 Remove wrong entry in admin_settings that causes 500
  • #7456 CardDAV convertor check should not be to wide
  • #7457 Fix loading icon position in the app menu
  • #7464 Allow getting the filepath when getting cached mounts
  • #7468 Allow 'Nextcloud' in the user agent string of Android
  • #7558 Fix email buttons for white theme
  • #7567 Respect sharing options when searching for Sharees
  • #7568 Fix duplicate session token after remembered login
  • #7577 Check userExists later, saves lookups for appData_INSTANCEID userids
  • #7672 Added additional methods for removal of sensitive info
  • #7688 Fix scss webroot and url rewrite
  • #7717 Throw ServerNotAvailableException when LDAP is caught shutting down
  • #7666 Fix drag shadow not visible when dragging a file on a narrow screen
  • #7674 Do no run SyncJob in cron
  • #7684 Fix inverted app icons on IE11
  • #7694 Don't attempt to translate login names to uids when uids are provided
  • #7708 Don't show recurring msg when pages result was turned off
  • #7742 Hide favourite icon in details view if favourite action is not available
  • #7745 Don't lie about preview types
  • #7747 Update of composer
  • #7758 add option to use legacy v2 auth with s3
  • #7759 Use correct L10N files for jsconfig
  • #7757 Wait for the shared link to be set in the acceptance tests
  • gallery/#349 Fix date picker not visible in slideshow sharing dialog
  • activity/#229 Properly construct path of root on file rename
  • #7770 Fix SCSS processing when undoing theming values
  • #7774 Update icewind/smb to 2.0.3
  • #7777 Set height for sidebar icons
  • #7779 Improve zip support
  • #7786 Return correct mount type for federated shares
  • #7792 Fix empty details view after renaming a file
  • #7817 Fix preview when theming changes invertion of icons
  • #7821 Log full exception in cron instead of only the message
  • #7888 Keep all shipped apps enabled because they should be okay
  • #7962 update icewind/smb to 2.0.4

 

- page 1 of 3