Workgroup Bridge with older Cisco Accesspoints and new Mobility Express Releases

Since I just spent the better part of a weekend to finally get this working, here’s a nasty little bug that took forever to track down: Starting from 8.10.150.0 if you want some older Cisco accesspoints connect to your network in WGB mode, you need to tweak your security setting a little bit otherwise they just wont connect: “cannot associate: EAP authentication failed” is one of the various not exactly helpful error messages you’re probably very familiar at this point if you found this post…

Cisco actually points to it in their documentation, but of course that was the last place I looked at: config wlan security wpa akm psk pmkid {enable | disable} wlan_id

That is, if you want have a WGB connect to your wlan 3:

config wlan disable 3
config wlan security wpa akm psk enable 3
config wlan security wpa akm psk pmkid enable 3
config wlan enable 3

Once that’s set, just configure your WGB like you usually would – for example:

dot11 ssid yourssid
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii yourpresharedkey
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid yourssid
station-role workgroup-bridge
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

With PMK ID set, a 2600 Series or even something as old as a 1131AG would connect like it’s supposed to.

Husqvarna chain-brake fix

Can’t get the cover on your Husqvarna chainsaw back on after working on your chain? Chances are you forgot to disengage the chain brake before removing the cover (it probably didn’t come off quite that easy, remember?) and now you’re stuck with a chainsaw you can’t reassemble without getting the chain stuck…

There are quite a few videos on YouTube with different methods on how to fix this, but most of them aren’t exactly easy or risk-free (it’s a quite strong coil with a lot of energy stored) and take way longer than they need to. Apparently Husqvarna even has a dedicated tool to do this… Well, here’s an easy 5-10 second fix that worked just fine for me on a Husky 135, once I figured out what the problem was:

  1. With the cover, blade and chain removed – move the brake handle forward into the “engaged” position.
  2. Put the cover in place and wiggle it (and the brake handle) a bit so the star-like metal piece slips into place, aligned with the notches on the brake handle.
  3. With everything aligned, pull the handle carefully back to disengage the brake, using the handle as a lever exactly the way you’d normally use it when working with your chainsaw. You’ll hear it click in place.
  4. Remove the cover again, attach the bar and put on the chain. Put the cover back on the way it’s supposed to work: without much resistance at all.

No disassembly of the brake required and certainly no special tool, only takes a couple seconds. Possibly even works without removing the bar and chain, though I haven’t tried it that way.

Updating SmartArray controllers on 64-bit Ubuntu 14.04

Want to install a firmware update on one of your HP SmartArray controllers while running a 64-bit OS? Turns out, the binaries distributed by HP seem to be 32-bit only – running for example Ubuntu 14.04, here’s what you gotta do…

root@host:~#./CP021971.scexe 
./CP021971.scexe: 153: ./CP021971.scexe: pushd: not found
./CP021971.scexe: 158: ./CP021971.scexe: popd: not found
./ccissflash: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory

 

But libstdtc++6 seems already installed, hmpf… 32-bit maybe?

root@host:~# dpkg --add-architecture i386
root@host:~# apt-get update
root@host:~# apt-get install libstdc++6:i386
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  gcc-4.8-base:i386 gcc-4.9-base:i386 libc6:i386 libgcc1:i386
[...]

 

Let’s try that again…

root@host:~#./CP021971.scexe                                                                                                                                               
./CP021971.scexe: 153: ./CP021971.scexe: ./CP021971.scexe: 158: ./CP021971.scexe: popd: not found
pushd: not found

        This program consists of two phases: device discovery and device update.
        No device will be updated until you answer.

Do you want to run device discovery?
(yes/no) yes
Finding hardware. This may take a few minutes.
Found 1 devices.

Do you want to upgrade the device that has older ROM?
(yes/no) yes
1 devices will be updated.
Updating: P410i Slot: 0 from [5.70] to [6.40]
Updating: P410i Slot: 0 from [5.70] to [6.40]

As part of the reboot process, you must power cycle the server and any external array storage devices.

Well, that was rather easy…

Fix check_hpasm for 3.x kernels

After upgrading one of my HP ProLiant servers to Ubuntu 12.04 LTS (better late than never) the check_hpasm Nagios plugin broke, resulting in no regular checks of the internal arrays being performed.

Apparently that’s a known bug with the hpacucli utility doing the actual checks, which can’t uname returning a 3.x kernel version. You can manually fix this by running it like this:

Usage:
 setarch x86_64 --uname-2.6 [[program] [program arguments]]
Example:
 setarch x86_64 --uname-2.6 hpacucli ctrl all show

Therefore a quick and dirty fix for check_hpasm would be to open up /usr/lib/nagios/plugins/check_hpasm and go to the part that reads:

if [ -x "$hpacucli" ]; then
 for i in config status
 do
$hpacucli ctrl all show $i | while read line
 do
 printf "%s %s\n" $i "$line"
 done
 done
 fi

and replace the line (553 in my case) calling hpacucli with:

/usr/bin/setarch x86_64 --uname-2.6 $hpacucli ctrl all show $i | while read line

Worked just fine for me.

PositiveSSL not working with Android?

Namecheap currently offers one of the most affordable ways to get a (not self-signed) SSL cert to use with your web-/mailserver – the only drawback being, that it isn’t signed by a CA Root, but through some subsidiaries, which means you’ll also have to install a supplied CA bundle on the server or else you’ll get a bunch of SSL errors.

With dovecot as POP/IMAP server, that’s actually quite easy – just put all the certs in single file, starting with your servers cert and followed by the three certs supplied by Namecheap/Comodo.

This should work fine with most mail clients, like Thunderbird or Evolution. The cert also worked with Apache for HTTPS. But for some reason, it didn’t work with my Android mail app.

Turns out, Android can be quite picky about the order of the cert chain…

#~$ echo|openssl s_client -connect yourserver.tld:993
CONNECTED(00000003)
depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=yourserver.tld
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=PositiveSSL CA
 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=PositiveSSL CA
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
 3 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

If the certs are in any other order, Android threw an error. So your cert file should contain (again: in that order):

  1. Your Cert as supplied by Namecheap/Comodo/…
  2. PositiveSSLCA.crt
  3. UTNAddTrustServerCA.crt
  4. AddTrustExternalCARoot.crt

Fallout New Vegas, Honest Hearts: No more sound using wine-1.3

After installing the Honest Hearts DLC for Fallout New Vegas, all of the sudden the in-game sound stops working the second I load a savegame. Running FalloutNV.exe from the console, I get tons of these as soon as the game goes mute:

fixme:quartz:Parser_QueryInterface No interface for {2dd74950-a890-11d1-abe8-00a0c905f375}!
fixme:quartz:Parser_QueryInterface No interface for {2dd74950-a890-11d1-abe8-00a0c905f375}!
fixme:quartz:Parser_QueryInterface No interface for {2dd74950-a890-11d1-abe8-00a0c905f375}!
fixme:quartz:Parser_OutputPin_QueryInterface No interface for {56a868a5-0ad4-11ce-b03a-0020af0ba770}!
fixme:quartz:Parser_OutputPin_QueryInterface No interface for {56a868a5-0ad4-11ce-b03a-0020af0ba770}!
fixme:quartz:Parser_QueryInterface No interface for {2dd74950-a890-11d1-abe8-00a0c905f375}!
fixme:quartz:Parser_QueryInterface No interface for {2dd74950-a890-11d1-abe8-00a0c905f375}!

As a quick workaround, go into your Wine configuration, create a custom application setting for Fallout if you haven’t already, click the Libraries tab and add an override for quartz.

Native then Builtin did the trick for me.

WordPress 3 All in One SEO Pack breakage

If you recently upgraded to WordPress 3 and you’re using their new default Theme together with the famous All in One SEO Pack Plugin, you probably already noticed an annoying little bug: Your blog title is now appearing twice. Kinda defeats the whole SEO thing…

While the bug itself hasn’t been fixed yet, there’s a simple workaround.

Open up functions.php of your TwentyTen theme and go to line 262.
You’ll see a line that looks like

add_filter( 'wp_title', 'twentyten_filter_wp_title', 10, 2 );

Just add two forward slashes in front of it so that it looks like

//add_filter( 'wp_title', 'twentyten_filter_wp_title', 10, 2 );

Everything looks like it’s supposed to and AIOSEOP is back to doing its magic.