FreePBX/Asterisk DAHDI_ATTACH_ECHOCAN failed on channel 1

 

DAHDI_ATTACH_ECHOCAN failed on channel 1: Invalid argument (22)

Currently, on a new install of the latest FreePBX, the DAHDI module has some problems with echo cancellation on FXO/FXS cards. This will cause the module to not load correctly. This may be fixed in the future.

First and foremost, reboot. I’ve had it to where I run dahdi_cfg and it produce this error when setting hwec as the canceler. A reboot fixes it.

DAHDi seems to want to use oslec echo canceler by default, however it’s not a module that’s normally loaded. There are 2 solutions to this issue. First is to use the MG2 echo canceler. This is the easiest, however, the oslec echo canceler is actually better. I will go through both:

Change to MG2 Echo Canceler:

sudo vi /etc/dahdi/system.conf

Change the line:

echocanceller=oslec,1,2

to:

echocanceller=mg2,1,2

You’re line may vary based on how many channels you have.

Run the config again with some output, it should work now:

sudo dahdi_cfg -vvvvv

 

Fix OSLEC Echo Canceler:

I haven’t been able to get it work yet… stay tuned.

Raspbian: VIM Syntax Highlighting

I always install VIM, it’s easier to use than VI, however for some reason in Raspbian, syntax highlighting is not enabled by default. It’s such a useful feature I don’t know who wouldn’t want it on. Anyway, to enable it:

sudo vim /etc/vim/vimrc

Remove the quotes from the line: “syntax on

Write and Quit, done!

Raspbian: Going on a Diet (Remove X11)

I recently set up a pi to act as a dedicated headless server with a default install of Raspbian (from NOOBS). It is solely to serve information and a couple services. In that case, there are a lot of things that aren’t needed for a headless server. One of those things (and the biggest) is X11. On a headless server, you don’t need graphical interfaces 99% of the time. I also don’t need sound or printing capability (although you could share a printer with it). Below are some suggestions on freeing up some of that already thin SD card space:

First, it’s important to understand what is installed so you can see what you have, and what might be a candidate for removal:

dpkg --get-selections | grep -v deinstall

This will get you a very long list of what’s all installed. It’s great software, but in my case, completely unneeded. X11 has processes running, and everything I didn’t need took up about 2GB of space. Sure, on a desktop hard-drive that’s just a drop in the bucket these days, but SD cards are still cramped for space. Below are just suggestions on what can be removed.

Note: Be sure to scroll to the right, as these commands are very long.

 

Removing X11:

apt-get --purge remove x11-*

Doing this command will free up the most space and resources by far. About 2GB will be freed, and several running processes will be stopped, freeing up memory and CPU. All 3 of the most restricted and important resources on a pi. This does however remove every GUI piece on the Pi, which means console only from here on out.

 

Removing Extra Multimedia:

sudo apt-get remove alsa-base alsa-utils gstreamer1.0-alsa:armhf gstreamer1.0-libav:armhf gstreamer1.0-omx gstreamer1.0-plugins-base:armhf gstreamer1.0-plugins-good:armhf gstreamer1.0-x:armhf

I don’t plan on listening to music on my pi server, so all of this was also removed.

 

Removing Printing:

sudo apt-get remove cups-common

I don’t plan on doing any printing, or sharing any printers (my printer is networked anyway), so CUPS was removed.

 

After removing everything:

sudo apt-get --purge autoremove

This will remove any leftover packages (usually mostly libraries) from other stuff that was removed above.

sudo apt-get clean;sudo apt-get autoclean

I ran these commands after just to clean up apt-get, so I don’t run into any problems in the future.

After doing all of the above, I ended up with only 879MB of SD card space used, which is fantastic for a still fully functioning and working pi. You will probably end up with even more free space, as I have other stuff installed. Remember, everything you remove can always be put back.

Samba: Simple and Secure File Sharing

Samba can be overwhelming. Especially since unless you use the help of tools like SWAT, you basically are staring at a huge and complicated looking smb.conf in /etc/samba. I’ve been messing with Samba for many years, and I still learn a bunch every time I mess with it. I was talking to an IRC friend earlier and Samba came up as he wanted to make his shares useable to Windows, readable to everyone, but writable only to logged in users. In the past, because of my poor understanding of Samba, I always got frustrated and just made it completely open and writable by the world. To accomplish this, I even had to make the entire folder structure open to everyone, by setting the permissions to 777 (readable, writable, and executable by EVERYONE!). After our conversation I figured now is as good as any time to learn how to implement at least a little bit of security, as what he wanted to do makes complete and total sense. So after doing some Google-ing, I figured it out!

First, some prerequisites:

  1. I recommend setting all of your sub directories to be mapped to a user and group of a non-privileged user and a user that is not a human. In my case, I ran chmod to my entire file server (a little bit over 1TB of bad permissions worth) so that everything is owned by the user ftp, and the group ftp. I will show the command later.
  2. Every user you want to have write access to the folders must be a member of the same group that you set the file permissions to. I use the group “ftp” to accomplish this. All the files however, do not have to be owned by the user “ftp”.
  3. I decided to have one directory that is still available to everyone for writing called “Inbox”. That way I can open it up via sftp or what have you for any convenience reasons.
  4. Understand Windows behavior. If you map a drive as a user, even if you disconnect, Windows will still authenticate as that user even without re-mapping the drive. I am still trying to figure out how to remove those cached credentials. In the mean time, for testing I used a second “virgin” Windows machine, one that has never logged in as a Samba user so I can make sure my one public folder is writable and test different configurations.
  5. When logging into the share with Windows (e.x. mapped drive), use: serverhostname\username and then the password as normal.
  6. I strongly recommend making a backup copy of the current smb.conf. You never know. I have been beating that habit into my head when it comes to configuration files. Always back it up! I will also show that later.
  7. I completely removed printer sharing from the Samba config. I personally never will share a printer from my file server for various reasons. If you do want to share a printer, don’t forget to leave the printer shares in.

The following instructions are based on sudo usage of Debian type machines (my server is Ubuntu Server 14.04). You may not need sudo. I also use vim which is just an enhanced version of vi. Any editor will do of course. Your mileage will vary, so take the following as a guide, and not as “type these in exactly”, unless you happen to have your server setup exactly the same as mine, which would be weird.

The following also assumes /mnt/data is where all of my files that I serve are. This is actually a mount point to a RAID array. Inside of that, I have a folder called Inbox.

Part 1: Setting up Users, Groups, and the File System

The first bit will be users. Following my case, I did the following to set everything to owner and group to “ftp”. Now, you may not have either, which just means you will need to create the user and group first. Of course, it doesn’t matter what you name it. The ftp user/group is usually created upon installation of an FTP server, so I just use that.

To create ftp user and group (if you don’t already have it, cat /etc/passwd will show you all of the users):

Note: You will need to change /mnt/data (that’s just my file serving location). Login is disabled with this command though, so it won’t matter too much.

To set the permissions and ownership correctly (if you have existing files), I ran the following:

Note: I always use full paths with cmod and chown if I am changing more than one object, even if I am already in the folder, because these commands are so powerful. You can easily damage beyond economic repair your entire system with these. Always use extreme caution! My personal rule is “If I use -R, I use full path”.

Setting 775 and running chown on everything allows read, write, and execute by the user ftp, and anyone in the group ftp. It only allows read and execute access to everyone else. This allows the anonymous user to read and execute, but not modify for security. Samba will be set similarly, but having it set correctly file system wise will make it secure against any Samba mis-configurations or other attacks.

Now, there if you have a lost+found folder in your path, you will need to fix it so that root owns it again, and permissions are back to normal:

Now, one thing to keep in mind, as my point #2 above stated, every user you want to have write access to these folders and files must be a member of the group you just put on them. Simply run (usermod -G group user):

The user will now have modification rights on any folder that has the ftp group on it, with write permissions set for groups (e.x. 775).

Note: If you add a system user, and your non-Ubuntu specific distribution does not have a package called “libpam-smbpass”, you will need to either install that package, or also add the user to the Samba database manually with:

(Thanks to Mr. Wiebe for pointing that out with his Debian install)

Part 2: Setting Up Samba

Setting up the configuration of course depends entirely on what you want to do exactly. For instance, I want to be able to share everything in /mnt/data for public read and execute. I also want a place for any guest or anonymous user to place new files for me to sort through later. I called this location /mnt/data/Inbox. On top of that, I want logged in users to be able to read and write /mnt/data. This way I can mount a drive as another user in Windows and modify, delete, and change things at will. I personally took the default Samba config file, made a backup copy of it, and almost wiped it clean. Sure the comments are really useful, but reading a file with a million comments is more of a pain than just searching Google for what I really need.

Make a backup!

Now, here is what mine looks like as it might be easier to understand it after seeing it all in one place. Some key entries will be explained below:

Starting from the top, these are what I feel to be the most important options to understand, and also deviate from default:

[global]
security=user – This allows Samba to use local Linux system users to control file/folder access. There other available levels of course, mostly dealing with external means of authentication.
usershare allow guests=yes – This allows non-authenticated users access to the shares defined.

Note: Everything in between is default from the original configuration file. The directives mostly handle authenticating users and logging.

[data] – The first share I define. This is the name of the folder that appears to clients.
path=/mnt/data – The path to the files for this share. Since I try to keep things simple, this is the path to everything.
available=yes – Makes this available to clients. For example, if you want to temporarily make the share unavailable, you can change it to no and keep the configuration in place.
read only=yes – Makes the share read only to everyone, except anyone in the write list, seen below.
browsable=yes – Announces the share in browse lists. This is especially important for Windows.
guest ok=yes – Allows guests to see folders and files inside the share.
guest account=nobody – Maps the guest account to “nobody”. This way guests can’t impersonate a user.
write list=@ftp – A comma separated list of users that are allowed to write to files and folders in the share. Using the @ symbol, you can specify entire groups.
create mask=0775 – The file creation permissions. This does the same as discussed in part 1 above. Change this to match how you control permissions on your file share. This is what gets applied when a logged in user creates a new file. 775 gives permission to read, write, and delete to the user and group, but not everyone.
directory mask=0775 – Same as create mask for files, but for directories.
hide unreadable=yes – I use this specifically to hide the lost+found folder, however it is also useful to hide directories that the logged in user has no access to (not even read). This can be useful for user directory lists too.
force group=ftp – Forces new files/folders to belong to the group ftp which keeps the files available as originally designed. If you omit this option, new files and folders will only be available to the primary group of the user who wrote them.

[inbox] – This is the “public” guest writable share I have defined.
There are only 4 differences from the above entry. Both “write list” and “hide unreadable” are not present. The following directives are modified:
path=/mnt/data/Inbox – The path to the share that will be available for writing to guest.
read only=no – Opens the share to be writable from anyone, including guests..

The Inbox works for guest because using the “force group=ftp” directive allows new files and folders to be created under that group, but as the “nobody” user. This is akin to running “chmod nobody:ftp” after adding the object. Because my Inbox folder is a sub folder of the data share, there is one idiosyncrasy to keep in mind with this setup. If a guest goes to \\server\inbox, they will be able to write and modify, however, if they go through \\server\data\Inbox, they will not be able to modify even though it’s really the same folder. This is because the data share itself is locked down to guests. If this is bothersome, just make sure it is not a sub folder of another further locked down share.

After editing, remember to restart the service:

 

A great quick reference source for configuration options can be found here: http://www.oreilly.com/openbook/samba/book/appc_01.html. Otherwise, don’t forget to check out https://www.samba.org/ and https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/. And remember, just have fun and play around with all of the options to see what the results are. The best way to learn is to do.

Ubuntu 14.04+: Changing Login Messages

The login messages you get when you log into SSH or the console are actually a bunch of bash scripts in /etc/update-motd.d. You can modify these and customize them as you would like. For example, all of my Ubuntu servers include a line advertising landscape.canonical.com, which would be fine, but I’m just a home user and that’s a pay for service, so I’m not interested. It also has a link to documentation which I also don’t need to be reminded of every time.

Here is what the default server version login looks like:

The following instructions assume you are in the directory:

To pare the long message down, I first started by moving the script that barks out the documentation link to my home directory (just in case I need it back, but it can also be deleted). You can move it wherever you want of course, but I don’t use my home directory in my servers for anything.

To remove some of the extra returns in the system information section, I edited 50-landscape-sysinfo and commented some of the echos:

(# means comment, the script will ignore those lines).

To remove the “Graph this data and manage this system at:” lines, we will need to edit landscapelink.py instead (note, your path may very. It might also be python2.5 instead of python 2.7. use “locate landscapelink.py” to find it for sure).

Change the following lines:

to:

That wasn’t too bad. Now we have this upon login:

Much better, and much less screen taken up by extra crud. Of course, if you don’t care about the pretty information block, you can just move or delete the 50-landscape-sysinfo file from the directory.

Ubuntu 14.04+: Automatically Start a Script as a User

There are several different ways to start a script as root, in rc.d, crontab, etc. Starting a script as a user however can be just as easy in crontab:

and then add:

So, why do this? Security. In my case I had a public service that I run (an IRC bot) that refuses to run as root for good reason. The program will only run as a user to prevent any hacking attempts getting root easily. Never run public services as root.

Ubuntu 14.04+: ia32-libs

ia32-libs isn’t an installable package by default anymore, thankfully a kind poster over at stackoverflow posted a simple solution to get the libraries installed. This is useful if you are running an older 32bit application in a 64bit only Linux.

Note: Others on that same page say this isn’t a good idea, although they don’t clarify exactly why. So, this is your warning, works for me, may break things, your mileage may vary, etc.

Ubuntu 14.04: ‘no talloc stackframe’ Error

Update (12/2/14): This is still a problem in Ubuntu, however the bug has been fixed in Samba itself since version 4.1.10. The latest version in Ubuntu’s repositories for some reason is still 4.1.6, which mean the bug still exists for us.

I have been getting this error whenever I set up an Ubuntu 14.04 machine with Samba, also when I upgraded a 12.04 LTS with Samba. This apparently is a bug problem between Samba and PAM authentication. Hopefully soon a fix will come out and get this resolved, because even the work around is not good.

Basically, the work around is to run “sudo pam-auth-update” and uncheck “SMB password synchronization”. This prevents Samba from getting updated passwords from PAM and vice-versa. This also prevents Samba from getting new passwords/accounts. If you have an existing Samba server, don’t upgrade until this problem has been resolved.

To add a user to Samba, use:

See the reported bug at: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1257186

XenServer 6: Adding a New Ubuntu 14.04 Template

Currently XenServer does not have a template for the new Ubuntu 14.04. This will most likely be fixed in a future update, but for now it’s a really easy to add a new template. Thanks to http://virantha.com/2014/05/21/ubuntu-14-04-trusty-on-xenserver-62/ for the quick instructions.

In XenCenter, head over to the console of the server and log in.

Run the following 3 commands (I chose to name it the full name Trusty Tahir instead of just Trusty):

These three commands basically just copy the template from Lucid Lunx 10.04 and renames it. Simples!

XenServer 6: Problems Starting a New Ubuntu 14.04 VM

Currently XenServer has a problem starting a new Ubuntu 14.04 image. There is a problem with one of the Python scripts it uses to start machines. This should be fixed by an update soon, but for now it’s a really easy fix to perform real quick. Thanks to http://virantha.com/2014/05/21/ubuntu-14-04-trusty-on-xenserver-62/ for the quick instructions.

In XenCenter, head over to the console of the server and log in.

Edit the file in question to fix the line:

In vi, head down to line 428. You can do this quickly by typing “:428” and pressing enter. Then press “i” or the insert key to start editing.

Change this line:

to say:

Save and quit (Press ESC and type “:wq”), and you’re done. The Ubuntu 14.04 machine should now start.