Best of Technical Support

Our experts answer your technical questions.

Setting the System Time over the Network

I have installed ntpd on Red Hat 8, and it runs but does not appear to do anything. The log file indicates it is starting up, but after a few minutes, it displays the following message:

kernel time discipline status change 41

After that, nothing else is written to the log file. What does the kernel time discipline message mean? How can I tell if ntp actually is updating my system clock? If it isn't doing updates, how can I get it to work properly?


Lance Hill


lancemhillnospam@hotmail.com

To check if ntpd, the Network Time Protocol dæmon, is working correctly, type ntptrace localhost to see where your system is getting its time and where its upstream time server is getting its time. To be polite, don't set up ntpd to use a heavily loaded public time server—your ISP or local Linux user group should be able to give you access to a server that is close to you.


Don Marti


dmarti@ssc.com

Here are a few things to check. First, ntpd will not synchronize time differences greater than one hour, so use ntpdate first to get your clock in range. Second, make sure you have not configured ntpd to use multicast/broadcast client functionality unless you have a time server on your local network. Third, if you are running a recent version of ntp make sure you have a restrict parameter in your configuration file for each time server you use, as newer versions are much more security-aware. Finally, use the ntpq tool and the assoc command to verify that ntpd is running properly.


Chad Robinson


crobinson@rfgonline.com

Exposing an Internal Site with Squid

My wife's computer is inside a LAN and accesses the Internet through a proxy (no other connections are allowed, only WWW). As we are working on a common project, I need her to connect to some of our internal sites that are accessible only through another proxy. The situation is this: my wife's computer→proxy1→Internet→proxy2→internal sites. In that scheme, I have full control on proxy2 (a Debian box running squid). Any ideas about how to do this?


Mauro A. Cremonini


mac@foodsci.unibo.it

If you are running the Squid proxy, cache_peer and other settings allow you to daisy-chain proxy servers together. You need to establish a cache_host entry that defines the internal sites as described above and a dstdomain ACL entry for the internal sites that forces them to be accessed through proxy2. Squid is a powerful proxy server, and you can slice and dice your traffic management a number of different ways. For more tips and tricks, see the Squid FAQ at www.squid-cache.org/Doc/FAQ/FAQ.html.


Chad Robinson


crobinson@rfgonline.com

If you aren't running a Web server on proxy2's port 80, you can run rinetd to forward connections from it to a system on your internal network (www.boutell.com/rinetd). For security, though, the best thing would be to ask your wife's network administrator to open up their firewall for outgoing SSH. Then, give her a shell account on proxy2 so that she can tunnel in with the following:

ssh -N -L 8080:internal:80 proxy2

Here's an explanation of the ssh command-line options above: -N, don't start a shell; -L, forward a local port; 8080, port on which to accept connections on localhost; internal, host to which to forward connections; 80, port to which to forward connections; and proxy2, host to which to make the SSH connection.

Then, she simply can point her browser at localhost:8080 and get to your internal server, and you don't have to open up anything except incoming SSH to your proxy.


Don Marti


dmarti@ssc.com

Printing from an Application

I'm trying to port some Windows applications to Linux (Red Hat 7.3 and 9), and I need to find a replacement method for my current printing mechanism. The current printing process goes like this: 1) The application opens LPT8: for write as a file. LPT8: is a Windows device, not a real physical port. Data (plain ASCII text) is written to the device. When done, the device is closed. 2) LPT8: is captured by a Novell Netware capture program so that anything written to LPT8: winds up in a Novell Netware printer queue. 3) The Novell Netware server sends the data to a barcode printer. The printer is attached to the network using one of those little AXIS print servers that can handle multiple protocols including Novell NPRINTER and lpd. I want to know if there is any way to keep the basic operation of the program the same: open a file/device, write to it, close it. Everything else that needs to happen occurs in the background. I can see doing this using calls to external programs: create a temp file with the data, then pass the file to a printing program like lpr. This is a bit more complicated but will work if the first method doesn't. Or, one could create a temp file and put a watch on the temp directory to grab any files there. The user expects near instantaneous response, however. The Novell Netware server is going to be replaced by a Linux box eventually. The Windows machines will use Samba for their printers. I haven't decided on which printing system to use yet, probably CUPS. The programs are written in Delphi/Kylix Object Pascal. Any hints on where I should start looking?


Gus Wirth


gwirth@sciti.com

This can be easy or difficult depending on what you are willing to do. The solution you referenced above that involves the creation of a temporary file actually is the easiest solution. You can use the tmpnam() function to obtain a unique filename to ensure your process won't conflict with any others. This concept keeps you within the open-file, write-file, close-file work flow you described above, and you shouldn't require an external program to do this work. If your program was structured such that it always created a temporary file and called out to a configurable command, it would remain portable. On a Windows box one could use a copy command to dump the file to LPT8:, and on a Linux box one could use the lpr command. This would make your program more flexible.


Chad Robinson


crobinson@rfgonline.com

Running a Laptop without ACPI

I installed Red Hat 9 on a Dell Inspiron 1100 laptop. It appears that no power-management support was installed (this is an ACPI machine, not APM). A few Web sites have reported success with this system, except for ACPI. I tend to stick with Red Hat standard releases because I rely on my laptop for everyday use (I use it 6–8 hours a day for teaching). I usually don't experiment on my working system. What is the impact of not including ACPI support? Do I run the risk of damaging the CPU without it, or can I live without it (at least for a while)? Can you point me to a how-to about ACPI and Linux?


Erik Hemdal


ehemdal@townisp.com

Running with ACPI enabled will not harm your system unless you are overclocking or doing some other activity that relies on the alerts ACPI would provide. In a laptop environment this is extremely unlikely. However, you may not see the same battery lifetimes without ACPI, because that is the same module used to identify whether the system is running on AC or battery, to scale the speed of the CPU and so forth. For more information on ACPI, consult the ACPI-HOWTO in the Linux Documentation Project (LDP): www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/ACPI-HOWTO.html.


Chad Robinson


crobinson@rfgonline.com

Try www.linux-laptop.net, a Web site where people list problems they experience while installing Linux on laptops.


Usman S. Ansari


uansari@yahoo.com

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix