December 2005 – Capi's Corner

Windows 2003 Server as NTP client

Our Windows 2003 Server refused to sync the clock via NTP. Main reason for this behaviour is the fact that as PDC it wants to change the NTP server’s clock as well, which is normally not permitted by the NTP server and the packet is discarded.

To change the preferred server of the Windows Time service (w32time), follow these steps:

w32tm /config /manualpeerlist:<server>,0x8 /syncfromflags:MANUAL

w32tm /config /update

net time /querysntp

w32tm /resync

(source: Meinberg Funkuhren – FAQ – Windows synchronisiert nicht mit NTP (German))

Apache: Force SSL for a Directory Using .htaccess and mod_rewrite

To force SSL on a given directory using .htaccess, use the following code. It requires mod_rewrite enabled in Apache. Adjust the path in the RewriteRule to match the full qualified URL of the HTTPS-domain.

RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Bugzilla: Active Directory Integration

As you might have guessed from previous posts, I’m currently in the process of implementing a single-sign-on scenario within our network. Or, at least, I’m trying to have at least one single username/password combo for all internal services. Authentication is therefore realized against an Active Directory, based on a Microsoft Windows 2003 Server.

For integration of Bugzilla into the Active Directory, see this link (Update: Link is broken, for an archived version, use this link, thanks to the commenter!).

IKVM.NET: Interaction between C# and Java

A nice project, everyone coming from Java and migrating to C#:
IKVM.NET Home Page

It is a JVM implemented in .NET, contains a .NET implementation of a lot classes from the Java class libraries (JDK), compliance of 1.4 almost complete and contains tools for interop between Java and .NET.

TikiWiki and Active Directory Integration

If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.

The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.

In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():

if ((@ldap_bind($this->conn_id)) == false) {

and replace it with

if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {

Note, that someuser is in the form of user@domain.tld.

I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.

Nice “Babylon 5” Game

For fans of “Babylon 5” I came around a nice game: Babylon 5: I’ve Found Her. They got the flight physics quite good. For a fan project it has excellent graphics and sounds. I especially like the flight physics. Unfortunately I’ve only had time to play the tutorial yet.