Wednesday, November 2, 2011

Connect to Windows 8 Remote Desktop / Terminal service from Linux



UPDATE: Since Ubuntu 12.04, Remmina, which is a native remote desktop client, is able to connect to Windows 8. Maybe, you will have to setup your remote desktop server (Windows 8) to allow connection from old clients in your Windows 8 box.
Important thing: When you will connect to your Windows 8 box, you may have only a black window. Don't worry, leave it like that, and open a second connection. The second connection will display your Windows 8 desktop. Now you can close the first connection with the black screen. Don't ask me why it happens this way, I don't know.




Actually, it seems that none of the Remote Desktop / Terminal server clients available for linux are compatible with the new Windows 8 Remote Desktop server / Terminal Server.

However, there is a simple way to connect to Windows 8 Remote Desktop server / Terminal Service from your linux box. Here is the process tested on Ubuntu 11.10 with the default Wine version.

  • Install wine by executing the following command:
    • For ubuntu: sudo apt-get install wine
    • For RHEL/Fedora, as root: yum install wine
    • For last version of wine and other distributions you can go here: http://www.winehq.org/site/download
  • Now download Windows Terminal Service Client from Microsoft website: http://www.microsoft.com/download/en/confirmation.aspx?id=20609
  • When it is donwloaded, double-click on the file to launch it, like for a normal software. 
  • If the installer doesn't launch, open a terminal, go in the folder of the file and launch it with: wine WindowsXP-KB969084-x86-enu.exe
  • Follow the normal install process, like for a standard Windows install. Keep all default options.
  • The install process will not add a launch icon in your application menu, so you will have to create the launcher by yourself. However, at this time, for the purpose of the test, we will launch it from a terminal with the following command: wine ~/.wine/drive_c/windows/system32/mstsc.exe
  • And voila, Remote Desktop Connection is Running, as you can see below. However, having the remote desktop displayed on your screen may need some more settings, as you will see below.

  • Configuring some settings is required. For example, on Ubuntu 11.10, the following configuration is required:
    • In "Wine configuration", disable Direct 3D Pixel Shader:
      • Open "Wine Configuration" interface from your application menu or using this command: wine winecfg.exe
      • Go in "Grpahics" Tab
      • In "Direct 3D" area, un-check "Allow Pixel Shader (if supported by hardware)".
      • You can set "Vertex Shader Support" to "None" if you want, but it's not sure it has an effect.
    • In remote desktop client, Disable Audio streaming to local computer: 
      • Go in "Local Resources tab"
      • Click on "Settings..." in "Remote audio" area
      • Select "Do not Play" in "Remote audio playback" area
  • Now you should be able to have the login screen working and the desktop displayed. Note that it may have some errors or crash.



Friday, April 15, 2011

Set a simple SMTP relay with TLS and authentication

The goal of this post is to show how to configure quickly a SMTP relay for a postfix server. This may allow for example a local postfix server to use a remote SMTP to send emails. It is very useful if your ISP block port 25 and you want to use secure SMTP connection to send email from your local server using a remote server.

The system described here is:
  • a local postfix server
  • a remote SMTP server ( smtp.myserver.com) with TLS secure connection and which require authentication (login + password)

All the configuration is done in  /etc/postfix/main.cf. To edit this file, use this command:
gksudo gedit /etc/postfix/main.cf

First we will set the relay host. Add the following line and replace www.myserver.com:587 with your server information
relayhost = smtp.myserver.com:587
By default, your port may be 25. Set it according to your remote server configuration.

Next, we will set authentication parameters with the following lines:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
 /etc/postfix/sasl/sasl_passwd is the path to the hash file containing login and password information. You need to create this file and insure only root will have read and write capability. The edit the file and write:
smtp.myserver.com username:password
Replace  smtp.myserver.com, username and password with your SMTP server address, the username and password you want to use to login. Then execute the following command:
sudo postmap /etc/postfix/sasl/sasl_passwd

Now, we have to configure the TLS parameters. Add the following lines to /etc/postfix/main.cf:
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
In this configuration, we will force TLS use and enforce ssl certificate verification.
If the ssl key used for your server is valid, you may not require more configuration. However, since postfix may try to connect to myserver.com and not smtp.myserver.com, it may not work correctly. Same thing if you uses a self signed ssl key. To fix that, we will use a fingerprint digest verification. To do that, add the following lines:
smtp_tls_security_level = fingerprint
smtp_tls_fingerprint_digest = sha1
smtp_tls_fingerprint_cert_match = 00:11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99
 Replace 00:11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66:77:88:99 with the sha1 fingerprint of your ssl key. You can use md5 instead of sha1, but sha1 is better.
To find the sha1 or md5 fingerprint, you can connect with firefox on your server (if you uses the same ssl key for the web) and just check ssl certificate information where md5 and sha1 info are displayed.

Now, restart postfix and it should work.
sudo /etc/init.d/postfix restart

Now you can test if everything work by sending email with this command:
echo "test" | mail -s "Test subject" youremail@youremail.com
Replace  youremail@youremail.com with your email address.

You should receive this email.

This configuration allow to relay email, but do not configure your postfix server to allow you to  use the SMTP fonctionnality of your local postfix server ton send email outside. It may need more configuration to give the right to relay email outside. By default postfix prevents it to avoid the server to be used for spam. Setting the following parameters may allow you to send email to email addresses hosted on the remote server (myserver.com), but not to all email addresses.
relay_domains = myserver.com
local_recipient_maps =
smtpd_recipient_restrictions = permit_auth_destination permit_mynetworks reject_unauth_destination
To allow relaying to all addresses, check required configuration in postfix documentation.

Thursday, March 24, 2011

Linux conspiracy against Microsoft Windows and against you

Everybody knows now that Linux and open source community are in a war against Microsoft and its operating system Windows.
What is impressive is to see the amount of energy and ingenuity spent by Linux fans to hurt Microsoft Windows. Recently, the Linux community has found a way nobody may thought possible to prevent Windows 7 Service Pack 1  to install and, in this way, hurt Microsoft Windows 7 security and credibility.
Indeed, they were able to prevent Win 7 SP1 to install as soon as a hard drive with a Linux partition is present in the computer.
Since the reason of the installation error is not understandable for standard humans like you and me, everybody will think that Win 7 SP1 can't install because of a bug in Windows 7 when the source of the issue is in fact Linux.

This is cheap, but this is the way Linux tries to discredit Microsoft Windows.

So, be warn, Linux community is here and is fighting against you....





Ok, I confess, I should have enclosed this post with <troll></troll> or <sarcasm></sarcasm> tags. However you must agree that with such nice, well documented and well thought article I should have been published on slate.com.


Last thing: the issue reported here with Win 7 SP1 installation is real. Crazy, stupid, unbelievable,... but real. This is a very bad issue from Windows 7, not Linux fault.