From zanchey at ucc.gu.uwa.edu.au Fri Feb 3 15:03:20 2017 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Fri, 3 Feb 2017 15:03:20 +0800 (AWST) Subject: [tech] Moving to Active Directory Message-ID: Is there any appetite from wheel members or interested parties to spend Sunday dragging our Windows network kicking and screaming into the early 2000s? We've been talking about shifting from the NT domain to an Active Directory style setup for at least five years and I think we should just bite the bullet and do it. The Windows machines are actually the easy bit, but we'll need to do some work to bring the Unix gear (and ucc-adduser, dispense etc.) into line. Let me know what you think. This is the last weekend I have free before O'Day is basically upon us. [DAA] zanchey@ From zanchey at ucc.gu.uwa.edu.au Sat Feb 4 19:14:36 2017 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sat, 4 Feb 2017 19:14:36 +0800 (AWST) Subject: [tech] Moving to Active Directory In-Reply-To: References: Message-ID: On Fri, 3 Feb 2017, David Adam wrote: > Is there any appetite from wheel members or interested parties to spend > Sunday dragging our Windows network kicking and screaming into the early > 2000s? > > We've been talking about shifting from the NT domain to an Active > Directory style setup for at least five years and I think we should just > bite the bullet and do it. > > The Windows machines are actually the easy bit, but we'll need to do some > work to bring the Unix gear (and ucc-adduser, dispense etc.) into > line. After much discussion on Facebook, let's do it - but not tomorrow, on February 19. More details to follow. [DAA] From oscarhermoso852 at gmail.com Mon Feb 6 21:09:39 2017 From: oscarhermoso852 at gmail.com (Oscar Hermoso) Date: Mon, 6 Feb 2017 21:09:39 +0800 Subject: [tech] Wheel Meeting Minutes 28th January 2017 Message-ID: Wheel Meeting Minutes 2017-01-28 ================================ Attendance: =========== Present: -------- - [CHS] Oscar Hermoso [President] [wheel] - [SAS] Samuel Shenton [OCM] [wheel] - [BOB] Andrew Adamson [wheel] - [NTU] Nick Bannon [wheel] - [BG3] Mitchell Pommry [wheel] - [CJS] Chris Squire [wheel] - [DIE] Cam Locke Apologies: ---------- - [DAA] David Adam [wheel] - [MRD] Matt Didcoe [wheel] - [MSH] Matt Johnston [wheel] - [SJH] Susan Johnston [wheel] - [TPG] John Hodge [wheel] - [MTL] Mark Tearle [wheel] - [SJY] Scott Young [wheel] Meeting opened 1055 Business Case ============= - [SAS]: So essentially we've been working on trying to move clubrooms/trying to get improvemetns to the clubroomj for many years - Started with by and [BOB]'s loft plan - Was kinda dropped for the master plan - For the last however many years, I've been trying to push for the master plan, and Cam hall kept being pushed back - [SAS] introduced entire tenancy reallocations - Has started a whole bunch of drama - I believe that we've reached the only reasonable solution for a new clubroom that satisfies following requirements - Accesibility - Security - Cleanliness - Machine Room - Space - Climate Control/Ventilation - [CJS]: Actually super vital, needs redunancy - Anyway yeah, the combination of those two rooms actually satisfy those requirements - It's the old Pelican and Relay rooms, above the ref - Comms room is right next door, may be hard to get that too - So yeah, that's why we proposed the move - Initially we went through tenancy, but [SAS] changed the plan mid way thgough - Like it still went to tenancy, but [SAS] didn't kick up a fuss at the meeting to try to get the rooms - Tenancy basically said Strategic Resources Committee were doing stuff with the rooms, tenancy didn't know what to do with them - SRC is Guild Exec + PSA president + two other members of council - Going to SRC seems to be a better bet because they are more approachable and willing to consider the move - [CJS]: How solid are SRC's plans? - [SAS]: As far as I've heard, they haven't decided anything - They're probably more concerned with the food side of the ref - SRC seem to want it to be a proffesional space, not neccesarily commercial, but still proffessional - [BOB]: So how can we instead improve the current UCC clubroom? - Accesibility - Can't really - Machine room - We keep our machine room or try to take comms room - Cleanliness - Build a roof - Set up glass/perspex walls on top of our current walls - Walls may not be structurally sound for that - Security - See above - Space - Rebuild server room - The business case does say that we would like these rooms ideally, but if we don't get that it comes back to what can we do with this space - [BOB]: I think that as the current proposal standards where we're gonna be coughing up 30 grand, I don't think so - I'm worried about power capacity of the new room - Could add an extra 10 grand - [NTU]: One thing we were always worried about is starting to get charged for power - New network, maybe one would be? - [SAS]: There's no really defining factor about what comes under Guild and what doesn't, I don't have specific understanding of what they're planning to do - If they're putting a bunch of commercial tenants in the Ref, there will be refurbishments that we can ride off - [SAS]: I don't really know anything until I walk into that meeting - [BOB]: One of my problems with the business case is that we're prepared to cough up this much rather than this is how much it'll cost - [SAS]: This will change - [BOB]: I guess the next question is, what are we going to do if Power and Network are going to cost lets say 20 grand more, do we have the power to get out of the agreement - [SAS]: We're not going to relinquish this room until we get the new room and renovate it - [CHS]: Anyone have any serious concerns? - [BOB]: I have concerns about the social aspect - Back to financials for a second - It was raised in committee meeting that it was only $45/mth, but percentage wise thats still significant, and interest rates will still go up - Also business case proposes we're happy to spend up to $30k, but we only plan to open up 1 term deposit, aka $18k - [SAS]: Any refurbishments assists with membership, income etc and will assist us financially - [BOB]: Back to social, I'm even more concerned with more space and a new room into turning into a laptop lounge - What policies will we implement to maintain a balance, how will we lay out the room to ensure that we maintain that balance - [SAS]: Everyone agrees taht we want to maintain an educational focus, increase the amount of for example workbench space - Any improvement to the clubrooms should have a focus that isn't just more desktop PCs - [NTU]: We also cut ourselves from all of the other Guild clubs, we really need to keep all of our ties - [BOB]: In terms of maintaining connection to other clubs, we can run a line to Cameron Hall and maintain services - [DIE]: As much as people make a fuss about losing services, the bigger loss and people's real problem with the UCC move is losing the face to face connection - [NTU]: Having the big 3 Cameron Hall clubs together definitely helps our membership on O-Day - [SAS]: There will definitely be a culture shift if we move, we can't exactly say who walks through the door - [DIE]: LANs become a hell of a lot harder with a disconnect from the Cameron Hall loft - [CHS]: We'll get in the habit of moving desktop machines to the loft O-Day ===== - [SAS]: Things in the marquee - Sign-up table out the front - Kind of an L Shape - Arm and 3D printer towards the back - Projector on the wall Machine Room ============ - [BOB]: Murasoi is a very reliable machine - It's a Sun - It's a workhorse - But it's also kinda hot, and it's kinda old - [BOB]: There's that and also mooneye - It's the only machine that also runs SCUZI disks, so if one fails we'll have a problem - [BG3]: They're too reliable and noone knows how to fix them - [BOB]: Well there's that and we're also not playing with anything new > Attendees are informed that we can go and take a look at the new potential > clubroom, everyone leaves Meeting closed 1206 ------------------------------- Meeting minutes are also available at http://www.ucc.asn.au/infobase/minutes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20170206/953a809e/attachment.htm From oxinabox at ucc.asn.au Tue Feb 7 00:29:31 2017 From: oxinabox at ucc.asn.au (Frames) Date: Tue, 7 Feb 2017 00:29:31 +0800 Subject: [tech] TLA script kinda broken for people with hyphens in their name Message-ID: <370e9643-5d80-25a9-2e45-af5e73436fa7@ucc.asn.au> I just added [LCY] to the TLA script. It is more broken than expected with hyphens in peoples names. (Find it yourself which `which tla` if you don't know already) Basically to make it work, I had to just remove the hypen entirely, but with that constraint seems to work perfectly. It is scary kinda bash+awk+sed I don't want to touch it til it is in version control. Also I am busy. I might touch it at some point. Regards [*OX] Wheel Member From zanchey at ucc.gu.uwa.edu.au Thu Feb 16 07:41:41 2017 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Thu, 16 Feb 2017 07:41:41 +0800 (AWST) Subject: [tech] Active Directory / UCC Tech Day Message-ID: This Sunday, 19 February, we're going to work on bringing UCC's authentication and authorisation systems firmly into the 2000s by converting our Windows NT Domain to Active Directory, and using Samba as the primary database instead of OpenLDAP. Also, it's a good opportunity to sort out any lingering issues with other systems before O'Day. Everyone is welcome - whether you're a wheel member or just interested in making UCC work a bit better. Let's try and get started from 11 am or thereabouts. Basically, I think we need to: * Set up a test server (or, you know, just do it live) * Convert the Windows machines * Work out how to convert the Linux machines * Write a new adduser script * Look at how to change dispense See you then, David Adam UCC Wheel Member zanchey@ From oxinabox at ucc.asn.au Sun Feb 19 20:36:06 2017 From: oxinabox at ucc.asn.au (oxinabox at ucc.asn.au) Date: Sun, 19 Feb 2017 20:36:06 +0800 Subject: [tech] Catfish is on UCCDOMAYNE Message-ID: Catfish (the computer that often has the Vive attached) is now connected to the temporary experimental windows AD domain. Because it is better than it not working at all. This means anyone can log in successfully (unlike is historically true for windows 10). But it does not load your local profile. I believe it will maintain a consistent local profile on just this computer. Also changing your password on this computer will not affect the rest of the UCC computers, and visaversa. Anyone should be able to log in and do what ever they want with it. Like play Vive games etc (Committee probably has some rules about door members not allowing people to be dumb.) If we do not successfully fully upgrade the network to AD, then we may have to format it to go back. But that is a minor concern and for another day. Thank David Adam, who did most of the work. [*OX] Wheel Member From oxinabox at ucc.asn.au Tue Feb 21 20:38:16 2017 From: oxinabox at ucc.asn.au (oxinabox at ucc.asn.au) Date: Tue, 21 Feb 2017 20:38:16 +0800 Subject: [tech] BBC LV-ROM player Message-ID: Hello, We have been going through some of our possessions, looking to clear space. We came across a BBC LV-ROM player. It seems to work. We can plug it in, and the lights work. It can change from replay to play, and the ejection mechanism is functional. We thus suggest that it may well be in perfect working order. However, we have not attempted to connect it to any kind of output device. Because we do not have any compatible displays on hand. We also do not possess a remote for it, nor any media. It came to our attention from an alumni, that your museum has a room dedicated to such a device. As such, we would like to inquire if you would be interested in receiving it. It would be a small feat to transport it from our location in Perth, Western Australia; but not completely infeasible. If you were able to cover the costs of such transit, we would happily arrange it at our end. Kind Regards Lyndon White & Roland Kerr The University Computer Club The University of Western Australia From oxinabox at ucc.asn.au Sat Feb 25 19:51:38 2017 From: oxinabox at ucc.asn.au (Frames) Date: Sat, 25 Feb 2017 19:51:38 +0800 Subject: [tech] Fwd: Re: BBC LV-ROM player In-Reply-To: References: Message-ID: -------- Forwarded Message -------- Subject: Re: BBC LV-ROM player Date: Sat, 25 Feb 2017 10:58:45 +0000 From: Donations To: oxinabox at ucc.asn.au Hello Lyndon and Roland, Thank you for thinking of The National Museum of Computing for your donation. I have contacted our Acorn/BBC Curator and I'm afraid we have to decline your very kind offer. As always storage space (at any museum) is at a premium and our inventory is sufficient for this item. Certainly sufficient enough to exclude any need to ship such an item over such a large distance and it is not standard Museum policy to finance delivery. I would normally suggest other museums you might try but I'm afraid I don't know of the situation in Australia. Over here we have The Centre for Computing History (Cambridge) and The Museum of Computing (Swindon) Thank you again for considering us and please feel free to contact us again if you have anything else you might like to offer in the future. yours sincerely Oliver Harlow TNMOC Donations Team - Volunteer PS. Please ignore/delete any further automated responses you may get and reply only using this email thread. On 2017-02-21 12:38, oxinabox at ucc.asn.au wrote: > Hello, > We have been going through some of our possessions, > looking to clear space. > > We came across a BBC LV-ROM player. > It seems to work. > We can plug it in, and the lights work. > It can change from replay to play, > and the ejection mechanism is functional. > We thus suggest that it may well be in perfect working order. > However, we have not attempted to connect it to any kind of output > device. > Because we do not have any compatible displays on hand. > > We also do not possess a remote for it, nor any media. > > > It came to our attention from an alumni, > that your museum has a room dedicated to such a device. > > As such, we would like to inquire if you would be interested in > receiving it. > It would be a small feat to transport it from our location in Perth, > Western Australia; but not completely infeasible. > If you were able to cover the costs of such transit, we would happily > arrange it at our end. > > Kind Regards > Lyndon White & Roland Kerr > The University Computer Club > The University of Western Australia -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20170225/f890e9e4/attachment.htm From andrew at ucc.gu.uwa.edu.au Sat Feb 25 21:26:28 2017 From: andrew at ucc.gu.uwa.edu.au (Andrew Williams) Date: Sat, 25 Feb 2017 21:26:28 +0800 Subject: [tech] Fwd: Re: BBC LV-ROM player In-Reply-To: References: Message-ID: On 2017-02-25 7:51 PM, Frames wrote: >> However, we have not attempted to connect it to any kind of output >> device. >> Because we do not have any compatible displays on hand. >> >> We also do not possess a remote for it, nor any media. For what it's worth, I have a couple of SCART adaptors (to composite video yellow/red/white RCA leads) if anyone has any media and wants to get it going. I suspect finding a BBC Master to drive it would be the hardest job... Have you contacted the Australian Computer Museum (WA, or any other branch?) to see if they want it? Please don't throw it away, I'll pick it up and stick it in my shed if that's the only alternative to a dumpster. Andrew From zanchey at ucc.gu.uwa.edu.au Mon Feb 27 12:29:32 2017 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Mon, 27 Feb 2017 12:29:32 +0800 (AWST) Subject: [tech] Active Directory migration status Message-ID: TLDR: more work to be done. Thanks to [*OX], [JVB], [TPG] and [BOB], we got a test environment for the migration from LDAP + NT Domain to Active Directory up and running. This took a while. Some notes as follows: I abused the current LDAP setup somewhat; there is now another entry for a classic domain called UCCDOMAYNE, which happens to have the same SID as the production domain UCCDOMAIN. This allows for a test setup using live data initially. We initially started with a FreeBSD VM, in order to closely mimic the current setup with the domain controller on Molmol. This caused a lot of problems; the binary packages for Samba 4.4 on FreeBSD crash with a segmentation fault when trying to provision a new domain. We spent a couple of hours working out whether there was some problem with our data affecting the upgrade process, but then I discovered that even a clean-slate provision operation segfaults! I've reported this upstream [1]. We decided to move to a Debian VM (samson.ucc) running testing for two reasons: the segfault above, and also the guidance from Samba[2] suggesting that running a fileserver on the DC is unwise. Using Samba 4.5.4-Debian, the migration process was a lot smoother and we have a running test domain (UCCDOMAYNE / adtest.ucc.gu.uwa.edu.au). Windows computers are able to join the domain and logons work; interestingly, users are still pointed at Molmol home directories and Windows tries to use the same password, which works! Getting the Linux machines on the domain is proving trickier. Although the upgrade process cleanly migrates the users and groups, including home directory and shell data, exposing that data to NSS and PAM on Linux is proving a bit tricky. We have Winbind working, but it requires a lot of annoying setup on local machines and doesn't appear to allow users to have a GID of 0. Other options include using nss-pam-ldapd backed by Kerberos, which I have not managed to get working yet. [TPG] managed to separate the handling of MIFARE cards from LDAP, instead storing them in the dispense database. This led to problems, although I don't know what they were; perhaps he can comment. There is no adduser capabiility yet. I was hoping we could just use the standard Active Directory tools, but that doesn't seem to allocate a Unix user ID or shell, so we probably have to stick to a custom script for now. Some bright spark - I hope it wasn't me - has previously set the winadmin group to have the same Windows security ID as the Domain Controllers group (using net groupmap in our current live system). We need to change this. Password changing has not been tested. RADIUS has not been tested (required for VPN and wireless). Webmail has not been tested. Proxmox has been tested, and [BOB] tells me that it works. David Adam zanchey at ucc.gu.uwa.edu.au [1]: https://lists.freebsd.org/pipermail/freebsd-questions/2017-February/276273.html [2]: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server From zanchey at ucc.gu.uwa.edu.au Mon Feb 27 15:21:23 2017 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Mon, 27 Feb 2017 15:21:23 +0800 (AWST) Subject: [tech] Active Directory migration status In-Reply-To: References: Message-ID: On Mon, 27 Feb 2017, David Adam wrote: > We initially started with a FreeBSD VM, in order to closely mimic the > current setup with the domain controller on Molmol. This caused a lot of > problems; the binary packages for Samba 4.4 on FreeBSD crash with a > segmentation fault when trying to provision a new domain. We spent a > couple of hours working out whether there was some problem with our data > affecting the upgrade process, but then I discovered that even a > clean-slate provision operation segfaults! I've reported this upstream > [1]. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209787 is the upstream issue as already reported. [DAA]