Notice: register_sidebar was called incorrectly. No id was set in the arguments array for the "Sidebar 1" sidebar. Defaulting to "sidebar-1". Manually set the id to "sidebar-1" to silence this notice and keep existing sidebar content. Please see Debugging in WordPress for more information. (This message was added in version 4.2.0.) in /usr/share/wordpress/wp-includes/functions.php on line 4139 Tech Notes » 2011 » February

Windows7 DAV on Apache2 Works!

howto No Comments »

It’s well-documented that Windows7 is a serious backstep in networking core, even missing some enhancements and fixes that are in Vista. Yeah, Vista.

Of course, you can’t tell that to Windows people because it works fine with the $1000 of other software Microsoft will sell you. … so even though your DAV works fine for everything non-microsoft, and for XP, Vista, and earlier, “Windows7 is the latest, greatest, ever” is the party-line. Toe it. Just make your DAV work.

So here’s what works for me. A few notes:

  1. a location of “/” doesn’t work on Windows, so even though your Cadaver and MacOSX works, not WIndows. Add a path.
  2. BasicAuth is a non-happener: Windows7 doesn’t react to an unauthenticated second action failing (401) after it’s authenticated once in its lifetime. Use Digest. Of course, that means no AuthUserFile /etc/shadow
  3. All shares from a certain hostname need to be the same user/pass (Windows7 cannot understand different shares under different passwords) so use CNAMEs and VirtualHosts

My Config (a virtualhost, of course!)

<VirtualHost *:80>
ServerAdmin username@example.com
ServerName serv1.example.com

DocumentRoot /home/serv1
ErrorLog logs/error_log
CustomLog logs/access_log vhost
# there is a DAVLockDB elsewhere in my config

# from http://www.perlcode.org/tutorials/sysadmin/mod_dav.txt
  BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
  BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
  BrowserMatch "^Microsoft-WebDAV-MiniRedir/" redirect-carefully
  BrowserMatch "^WebDrive" redirect-carefully
  BrowserMatch "^WebDAVFS" redirect-carefully

# from http://www.debian-administration.org/articles/279
<IfModule !mod_header.c>
LoadModule headers_module   modules/mod_headers.so
</IfModule>
  Header add MS-Author-Via "DAV"

# Location / and /shared are exactly the same, but only "/shared" is accessible from Windows
<Location />
   DAV on

   <LimitExcept PROPFIND OPTIONS>
      AuthType Digest
      AuthName "Server1 Access"
      AuthDigestProvider file
      AuthDigestDomain /shared/
      AuthUserFile  /etc/server1/DAV.htdigest
      AuthGroupFile /etc/server1/DAV.groups
      Require group server1group
   </LimitExcept>
</Location>

<Location /shared>
   DAV on

   <LimitExcept PROPFIND OPTIONS>
      AuthType Digest
      AuthName "Server1 Access"
      AuthDigestProvider file
      AuthDigestDomain /shared/
      AuthUserFile  /etc/server1/DAV.htdigest
      AuthGroupFile /etc/server1/DAV.groups
      Require group server1group
   </LimitExcept>
</Location>

</VirtualHost>

Also, the documentation doesn’t describe the “Realm” so well. To match this configuration, the htdigest command to use is (to add the user “scott”):

First time:
htdigest -c /etc/server1/DAV.htdigest 'Server1 Access' scott

After the file’s been created:

htdigest /etc/server1/DAV.htdigest 'Server1 Access' scott

Also, don’t forget to chown -R apache /home/serv1/

Users should connect to this share using http://serv1.example.com:80/shared (note: use “:80” on XP to force the older handler). Windows7 users should:

  1. use the Windows Explorer,
  2. choose “My Computer”,
  3. choose the “Map Network Drive” that shows up with “My Computer” selected,
  4. type in “http://serv1.example.com:80/shared” (no trailing “/”),
  5. select “login with other credentials” and click “next”
  6. carefully, give the username (ie “scott”) and the password
  7. the filesystem should be available. test by creating a file, creating a directory, and moving the test file into the test directory
  8. unmounting is done by restarting the system
  9. If you type your password incorrectly, you must restart your system to retry

Mac Users just Command-K, type in “http://serv1.example.com” or “http://serv1.example.com:80/” or “http://serv1.example.com/shared” (it doesn’t matter with Mac, it just works) and when connecting, they’ll be asked for the authentication details if it’s not in their keychain. Otherwise, it’ll just mount the filesystem, easy-peasy. Unmounts like any ejected disk or filesystem.

Timeout added to CoreUtils, I Don't Need to Maintain it :)

Uncategorized No Comments »

I just found that a tool I use often has been added to CoreUtils so now I don’t need to carry my version around.

For years, I’ve used a version of a program called variously “limitedrun” or “timeout” in order to run servers so I can self-test against them. An example is my work on Apache (minimal) and Nagios (lots, especially testing Nagios-LDAP). If the autotest failed, which meant that the script would immediately stop, the service would not be stopped by the cleanup commands, so the shell would not complete, and the self-test would appear to hang.

Instead, I used a limited-run facility to add the logic “well, if you ran for 30 seconds without being shutdown, the test must have failed, so … BLAM snuff it!”… which would allow the self-test to completed and report the failure. A passing self-test would gracefully shutdown the services used.

I think on my work on Nagios, it’s even called “timeout”.

At v7.0-beta, CoreUtils gained timeout, which I haven’t checked for compatibility in featureset (not hard, few features in mine) but now I can use that rather than keep packing mine around (the issue is when I added to it: I had to go and update every project that had a copy, or I needed my custom RPM on every testbox).

Less work for me! More standardized! Colour me happy 🙂

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in