Thursday, January 21, 2010

Load balancing OpenVPN connections via IPVS (Linux Virtual Server)

First Steps
 
First off, I've performed the setup and configuration on my own local PC using VirtualBox VMs.  Network for all the VMs are set to bridge mode.  Here's how the servers are configured:
director
--------
Fedora 12
VIP=eth0:0 192.168.1.150
RIP=eth0 192.168.1.200

ovpnserver1
-----------
Ubuntu
RIP=eth0 192.168.1.201
VIP=lo:0 192.168.1.150 (no arp)

ovpnserver2
-----------
Ubuntu
RIP=eth0 192.168.1.202
VIP=lo:0 192.168.1.150 (no arp)
Here's how the servers are laid out:
director ------- ovpnserver1
       |
       |-------- ovpnserver2
IPVS will be configured via the direct routing method; as opposed to NAT or Tunneling.


Setting Up The First OpenVPN Server (ovpnserver1)

Begin by configuring the network interface.  Here's how the /etc/network/interfaces file looks like:
# The loopback network interface
auto lo
iface lo inet loopback

# VIP routing
auto lo:0
iface lo:0 inet static
address 192.168.1.150
netmask 255.255.255.255

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.201
network 192.168.1.0
netmask 255.255.255.0
gateway 192.168.1.1
Restart networking service if necessary:
# service networking restart
Next, install OpenVPN package in the server:
# apt-get install openvpn
Now configure OpenVPN:
# cd /etc/openvpn
# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ .
# mv easy-rsa rsa
# cd rsa
Edit the vars script and edit the appropriate variables at the end of the file (e.g. KEY_COUNTRY, KEY_CITY).  We then generate the necessary keys for the server:
# . ./vars
# ./clean-all
# ./build-dh
# ./pkitool --initca
# ./pkitool --server server
The CA and server keys/certs are now in /etc/openvpn/rsa/keys.  Once the keys and certs have been generated, we'll need to create a server configuration file.  For the purpose of this test, we'll authenticate the user's credentials using the supplied auth-pam.pl script.  This script authenticates OpenVPN against the system users.  Create the configuration file in /etc/openvpn/server.conf with the following contents:
port 1194
proto udp
dev tun

ca /etc/openvpn/rsa/keys/ca.crt
cert /etc/openvpn/rsa/keys/server.crt
key /etc/openvpn/rsa/keys/server.key
dh /etc/openvpn/rsa/keys/dh1024.pem

server 10.128.127.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

comp-lzo

max-clients 50

persist-key
persist-tun

status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 20

client-cert-not-required
username-as-common-name

auth-user-pass-verify auth-pam.pl via-file
Ensure that you have Perl::PAM module installed for the script to work:
# apt-get install libauthen-pam-perl
Enable IP forwarding:
# vim /etc/sysctl.conf
Ensure that the following line is in the file:
net.ipv4.ip_forward=1
Refresh sysctl params from /etc/sysctl.conf:
# sysctl -p
Enable NAT/MASQ rules in iptables:
# iptables -t nat -A POSTROUTING -s 10.128.127.0/24 -o eth0 -j MASQUERADE
# iptables-save
Now start OpenVPN daemon:
# service openvpn restart


Setting Up The Second OpenVPN Server (ovpnserver2)

Like the first server, we begin by configuring the network interface.  Here's how the /etc/network/interfaces file looks like:
# The loopback network interface
auto lo
iface lo inet loopback

# VIP routing
auto lo:0
iface lo:0 inet static
address 192.168.1.150
netmask 255.255.255.255

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.202
network 192.168.1.0
netmask 255.255.255.0
gateway 192.168.1.1
Restart networking service if necessary:
# service networking restart
Next, install OpenVPN package in the server:
# apt-get install openvpn
Instead of configuring this instance, we'll copy the entire /etc/openvpn folder from ovpnserver1 to ovpnserver2.  This is required as the CA certs/keys must match.


Setting Up The Load Balancer (director)

Configure the network interfaces like so:
/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=08:00:27:81:7A:C2
IPADDR=192.168.1.200
BOOTPROTO=none
NETMASK=255.255.255.0
DNS2=208.67.222.222
TYPE=Ethernet
GATEWAY=192.168.1.1
DNS1=208.67.220.220
IPV6INIT=no
ONBOOT=yes
USERCTL=no
PREFIX=24
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03

/etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
HWADDR=08:00:27:81:7A:C2
IPADDR=192.168.1.150
BOOTPROTO=none
NETMASK=255.255.255.0
DNS2=208.67.222.222
TYPE=Ethernet
GATEWAY=192.168.1.1
DNS1=208.67.220.220
IPV6INIT=no
ONBOOT=yes
USERCTL=no
PREFIX=24
NAME="System eth0:0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
Turn on ipvsadm daemon:
# chkconfig ipvsadm on
# chkconfig --list ipvsadm
ipvsadm         0:off   1:off   2:on    3:on    4:on    5:on    6:off
The ipvsadm daemon reads its config file from /etc/sysconfig/ipvsadm.  Create the file with the following contents:
-A -u 192.168.1.150:1194 -s rr
-a -u 192.168.1.150:1194 -r 192.168.1.201:1194
-a -u 192.168.1.150:1194 -r 192.168.1.202:1194
ipvsadm uses the direct routing method by default.  The first line in the file instructs ipvsadm to add a virtual service.  In this case, it's a UDP service denoted by the -u parameter.  The -s rr parameter instructs it to use the round-robin scheduling method.  The subsequent two lines adds servers to the virtual service.  Since we have 2 virtual machines, we specify both the IPs.  Restart the ipvsadm service once you're done:
# service ipvsadm restart
Type the following command to verify that you have a working setup:
# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
UDP  192.168.1.150:openvpn rr
  -> 192.168.1.201:openvpn        Route   1      0          0
  -> 192.168.1.202:openvpn        Route   1      0          0




OpenVPN Client Configuration File

The client configuration file is quite straight forward.  Instead of having multiple "remote" options, you'll just have one which will be pointing to the director's IP.  The other thing to note is to add the "float" option.  Below's the configuration file for this purpose:
client
dev tun
float
proto udp
remote 192.168.1.150 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
cipher BF-CBC
comp-lzo
verb 4
mute 20
Here's a snippet from openvpn's man page on the "float" option:
--float
    Allow  remote  peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used).  --float when
    specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address
    and  pass  all  authentication  tests,  the new address will take control of the session.  This is useful when you are connecting to a peer which
    holds a dynamic address such as a dial-in user or DHCP client.

    Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was  specified  in  the  --remote
    option.

Tuesday, January 19, 2010

Mounting an NTFS partition in a folder

To mount an NTFS partition in a folder similar to what's done in Unix systems, do the following:


  • Go to the "Run..." screen and type in compmgmt.msc.
  • Click on "Disk Management".
  • Right click on the volume you want to use and select "Change Drive Letter and Paths..."
  • Click "Add".  Another window will be displayed like below:


  • Click on the second radio box "Mount in the following empty NTFS folder:".  This is where you key in the folder name where you want the partition to be mounted on.
  • Click "OK" once you're done.
Open up Windows Explorer and navigate to C:\.  You should be able to see that the "second-vol" directory has a different icon like the one shown below:



And that's it! :)

Thursday, January 14, 2010

Connecting to MQ using Spring without WAS

Here's how to connect to MQ using spring without WAS.  First, here's the properties value for the connection settings:
# MQ related values
mq.jms.qcf=IBMMQQCF
mq.jms.request.queue=TEST.REQUEST.QUEUE

# Connection details
mq.host.url=192.168.1.200:1415/SYSTEM.DEF.SVRCONN
mq.factoryclass=com.ibm.mq.jms.context.WMQInitialContextFactory

# Authentication details
mq.auth=simple
mq.user=username
mq.password=password
Now the Spring beans configuration:
    <bean id="queueConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiName" value="${mq.jms.qcf}" />
        <property name="resourceRef" value="false" />
        <property name="jndiEnvironment">
            <props>
                <prop key="java.naming.factory.initial">${mq.factoryclass}</prop>
                <prop key="java.naming.provider.url">${mq.host.url}</prop>
                <prop key="java.naming.security.authentication">${mq.auth}</prop>
                <prop key="java.naming.security.principal">${mq.user}</prop>
                <prop key="java.naming.security.credentials">${mq.password}</prop>
            </props>
        </property>
    </bean>

    <bean id="requestQueue" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiName" value="${mq.jms.request.queue}" />
        <property name="resourceRef" value="false" />
        <property name="jndiEnvironment">
            <props>
                <prop key="java.naming.factory.initial">${mq.factoryclass}</prop>
                <prop key="java.naming.provider.url">${mq.host.url}</prop>
                <prop key="java.naming.security.credentials">${mq.password}</prop>
                <prop key="java.naming.security.authentication">${mq.auth}</prop>
            </props>
        </property>
    </bean>
Once that's done, you can use the normal JMS calls to send the message to the queue.  Below is a sample of how to send a message:
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.Queue;
import javax.jms.QueueConnection;
import javax.jms.QueueConnectionFactory;
import javax.jms.QueueReceiver;
import javax.jms.QueueSender;
import javax.jms.QueueSession;
import javax.jms.Session;
import javax.jms.TextMessage;

import org.apache.log4j.Logger;

public class JMSProcessor {
    private QueueConnectionFactory qcf;
    private Queue reqQ;
    private Queue respQ;

    private long timeout = 0;

    private Logger log = Logger.getLogger(MessageProcessor.class);

    public void sendMessage(final String msg) throws Exception {
       
        String messageOut = null;
       
        QueueConnection connection = null;
        QueueSession queueSession = null;
        QueueSender queueSender = null;

        try {
            connection = qcf.createQueueConnection();
            connection.start();
       
            queueSession = connection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
       
            queueSender = queueSession.createSender(reqQ);
           
            TextMessage reqMsg = queueSession.createTextMessage(msg);
           
            reqMsg.setJMSDestination(reqQ);

            queueSender.send(reqMsg);

        } catch (Exception e) {
            throw e;

        } finally {
            try {
                connection.close();
                queueSession.close();
                queueSender.close();
            } catch (JMSException e1) {
                log.error(e1.getMessage(), e1);
            }
        }
    }

}


Installing Shorewall in Ubuntu

I started off with the simple command:
# apt-get install shorewall shorewall-doc
Thought everything was installed properly.  But I got the following error instead:
# shorewall start
Compiling...
   No shorewall compiler installed
Seems I'm missing one more package:
# apt-get install shorewall-perl
Once the shorewall-perl package is you should get the following output:
# shorewall start
Compiling...
   ERROR: No firewall zone defined
Now read up on configuring Shorewall! :)

Monday, January 11, 2010

Configuring OpenVPN + FreeRADIUS + MySQL

Here's a quick guide on how to configure OpenVPN to use FreeRADIUS for authentication.  I've only tried it on Ubuntu Karmic.  YMMV on other distros.

Download the radiusplugin here http://www.nongnu.org/radiusplugin/.  You'll have to compile it from source as there's currently no deb package for it.  Compile steps below:
# apt-get install libgcrypt11 libgcrypt11-dev build-essential
# make
The output will be a single radiusplugin.so file.  Now move the .so file and the .cnf file to the proper openvpn directory like so:
# cp radiusplugin.so /etc/openvpn/
# cp radiusplugin.cnf /etc/openvpn/
First off, edit the radiusplugin.cnf file.  Focus on the "server" section and ensure that the details are correct:
server
{
        # The UDP port for radius accounting.
        acctport=1813
        # The UDP port for radius authentication.
        authport=1812
        # The name or ip address of the radius server.
        name=127.0.0.1
        # How many times should the plugin send the if there is no response?
        retry=1
        # How long should the plugin wait for a response?
        wait=1
        # The shared secret.
        sharedsecret=testing123
}
Next up, edit the openvpn server config file and add the following line:
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
Restart openvpn service and start freeradius service and login using a username/password pair which is defined in FreeRADIUS. 

You should now have working setup.  More info below:

Installing and configuring daloRADIUS

With FreeRADIUS+MySQL installed, it's now turn to install daloRADIUS; a web-based management system for FreeRADIUS.  Before installation, ensure that Apache, PHP and MySQL have been installed and running.  You'll need PHP PEAR as well.  Use the following command to install the required libs:

# apt-get install php-pear
# pear install DB

Get the latest version of daloRADIUS from http://sourceforge.net/projects/daloradius/files/.  Extract the tarball to /var/www/daloradius.  You'll need to import daloRADIUS DB schema from /var/www/daloradius/contrib/db/mysql-daloradius.sql:

# mysql -u root -p radius < mysql-daloradius.sql

Even after importing the schema, there seems to be a missing table i.e. usergroup.  Get the missing table schema from fr1-mysql-freeradius.sql in the same directory.  Once the table has been imported, edit the /var/www/daloradius/library/daloradius.conf.php for DB access credentials.

Access the daloRADIUS installation via a web browser at http://<hostname>/daloradius.  Login as administrator/radius.

You should now have a working daloRADIUS installation.  

Sunday, January 10, 2010

Installing and configuring FreeRADIUS with MySQL authentication

Here's a *near* step-by-step guide to setup FreeRADIUS with MySQL backed authentication done on Ubuntu 9.10 (Karmic).  Start by installing the necessary deb files:
# apt-get install freeradius freeradius-mysql
Add the following lines to the /etc/freeradius/users file: 
abc     Cleartext-Password := "123"
Stop freeradius service just in case:
/etc/init.d/freeradius stop
Now test using the radtest client:
# radtest abc 123 localhost 1812 testing123
Sending Access-Request of id 149 to 127.0.0.1 port 1812
        User-Name = "abc"
        User-Password = "123"
        NAS-IP-Address = 208.67.219.132
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=149, length=20
Ensure that the response is "Access-Accept".  The following should be displayed at the server console:
rad_recv: Access-Request packet from host 127.0.0.1 port 33425, id=149, length=55
        User-Name = "abc"
        User-Password = "123"
        NAS-IP-Address = 208.67.219.132
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry abc at line 61
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "123"
[pap] Using clear text password "123"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 149 to 127.0.0.1 port 33425
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 149 with timestamp +3641
Ready to process requests.
Now on to MySQL setup.  First, create a database where FreeRADIUS will store its data.  We'll call it radius:
create database radius
Import the MySQL schema from /etc/freeradius/sql/mysql/schema.sql:
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
You should have 7 tables as shown below:
radacct
radcheck
radgroupcheck
radgroupreply
radpostauth
radreply
radusergroup
Edit the file /etc/freeradius/sql.conf and change the following parameters to suite your environment:
server = "localhost"
login = "root"
password = "password"
radius_db = "radius"
Enable the SQL configuration in /etc/freeradius/radiusd.conf by uncommenting the following line:
$INCLUDE sql.conf
Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:
authorize {
    ...
    sql
    ...
}

accounting {
    ...
    sql
    ...
}

session {
    ...
    sql
    ...
}

post-auth {
    ...
    sql
    ...
}
Insert the following record into radcheck table:
INSERT INTO `radius`.`radcheck` (`id` ,`username` ,`attribute` ,`op` ,`value`)
VALUES (NULL , 'test', 'MD5-Password', ':=', MD5( '1234' )
Note: More info on the 'op' value can be obtained by reading the 'unlang' man page.  Snippet shown below:
Operators
      The operator used to assign the value of the attribute may be one of the following, with the given meaning.

      =      Add the attribute to the list, if and only if an attribute of the same name is already present in that list.

      :=     Add  the attribute to the list.  If any attribute of the same name is already present in that list, its value is replaced with the value of the current
             attribute.

      +=     Add the attribute to the tail of the list, even if attributes of the same name are already present in the list.

Enforcement and Filtering Operators
      The following operators may also be used in addition to the ones listed above.  Their function is to perform enforcement or filtering on attributes in a list.

      -=     Remove all matching attributes from the list.  Both the attribute name and value have to match in order for the attribute to be removed from the list.

      ==     Remove all non-matching attributes from the list.  Both the attribute name and value have to match in order for the attribute to remain in the list.

             Note that this operator is very different than the '=' operator listed above!

      <=     Enforce that the integer value of the attribute is less than or equal to the value given here.  If there is no attribute of the same name in the  list,
             the  attribute  is  added  with  the  given value, is with "+=".  If an attribute in the list exists, and has value less than given here, it's value is
             unchanged.  If an attribute in the list exists, and has a value greater than given here, then that value is replaced with the one given here.

             This operator is valid only for attributes of integer type.

      >=     Enforce that the integer value of the attribute is greater than or equal to the value given here.  If there is no attribute of the  same  name  in  the
             list, the attribute is added with the given value, is with "+=".  If an attribute in the list exists, and has value greater than given here, it's value
             is unchanged.  If an attribute in the list exists, and has value less than given here, then that value is replaced with the one given here.

             This operator is valid only for attributes of integer type.
Start freeradius in debug mode by using the command below:
# freeradius -X
In another terminal console, use radtest again to test the connection:
# radtest test 1234 localhost 1812 testing123
root@mike-laptop:/etc/freeradius/sites-available# radtest test 1234 localhost 1812 testing123
Sending Access-Request of id 147 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "1234"
        NAS-IP-Address = 208.67.219.132
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=147, length=20
Again, make sure the response contains "Access-Accept".  Following output should be shown at the server terminal:
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
        expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'test'           ORDER BY id
[sql] User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'test'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'test'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "1234"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
        expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
        expand: %{User-Password} -> 1234
        expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'test',                           '1234',                           'Access-Accept', '2010-01-10 12:55:21')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'test',                           '1234',                           'Access-Accept', '2010-01-10 12:55:21')
There should also be some records in the radpostauth table:
mysql> select * from radpostauth;
+----+----------+------+---------------+---------------------+
| id | username | pass | reply         | authdate            |
+----+----------+------+---------------+---------------------+
| 14 | test     | 1234 | Access-Accept | 2010-01-10 12:00:12 |
| 15 | test     | 1234 | Access-Accept | 2010-01-10 12:19:39 |
| 16 | test     | 1234 | Access-Accept | 2010-01-10 12:55:21 |
+----+----------+------+---------------+---------------------+
3 rows in set (0.00 sec)

As you can see, it's rather dangerous to have the clear text password shown in the table.  If you want to turn off that feature, comment out the 'sql' directive in the /etc/freeradius/sites-available/default file under 'post-auth' section.

Have fun!


Friday, January 8, 2010

Creating split RAR files via command line

Command below creates split RAR files (e.g. file.part001.rar, file.part002.rar...) via the command line:
$ rar a -m0 -v50000k <rar-file-name> <files-to-be-rared>
That creates files of 50,000k a piece without any compression (-m0).  The most important option here is the -v option :)

Creating network aliases for single network interface

First some assumptions:
  • network interface is aliased to eth0
  • eth0 assigned to 192.168.1.1
Here's how you assign more than one IP to a single network interface in Ubuntu/Debian:
# ifconfig eth0:0 192.168.1.2 up
That's it.  Wait for a while for the interface to become active and you'll be able to configure services to serve from that IP.  To make the change permanent, edit the /etc/network/interfaces file and add the following lines:
auto eth0:0
iface eth0:0 inet static
        address 192.168.1.2
        netmask 255.255.255.0
        gateway 192.168.1.0


.NET and Apache Axis Interop Problem

I've been using Apache Axis for a long time to publish web services in Java apps.  But recently, it's the first time that a .NET client is used to call the web services published via Axis.  Although I do not have the exact error messages in the .NET client, the client mentioned they received "null" errors when parsing the response.

First thing to do was to disable "multirefs" output.  This can be achieved by adding the following parameter in either the global configuration or service based configuration.  Either way, output below shows the tag to disable sending "multiref" output:
<parameter name="sendMultiRefs" value="false"/>
The second option I tried was to turn on the "dotNetSoapEncFix".  Again, this can be applied in the global or service configuration.  Setting shown below:
<parameter name="dotNetSoapEncFix" value="true"/>
Unfortunately, I didn't have much luck with the "dotNetSoapEncFix" parameter.  The last thing I tried was to change the output style to "wrapped".  This option can only be turned on in the service tag.  Here's how I did it:
<service name="myService" provider="java:RPC" style="wrapped"/>
After the server's restarted, the output is a lot shorter without the "soapenc" definitions which were causing the problems.

Here's the output before setting the style to "wrapped":

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <soapenv:Body>
      <ns1:function1 soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://com.testing">
         <function1_Return xsi:type="ns2:Map" xmlns:ns2="http://xml.apache.org/xml-soap">
            <item xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
               <key xsi:type="soapenc:string">DESC</key>
               <value xsi:type="soapenc:string">EXCEPTION</value>
            </item>
            <item>
               <key xsi:type="soapenc:string" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">STATUS</key>
               <value xsi:type="soapenc:string" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">0</value>
            </item>
         </function1_Return>
      </ns1:function1>
   </soapenv:Body>
</soapenv:Envelope>

Here's the output after:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <soapenv:Body>
      <function1 xmlns="http://com.testing">
         <function1_Return>
            <item xmlns:ns1="http://xml.apache.org/xml-soap" xmlns="">
               <key xsi:type="xsd:string">DESC</key>
               <value xsi:type="xsd:string">EXCEPTION</value>
            </item>
            <item xmlns="">
               <key xsi:type="xsd:string">STATUS</key>
               <value xsi:type="xsd:string">0</value>
            </item>
         </function1_Return>
      </function1>
   </soapenv:Body>
</soapenv:Envelope>

Wednesday, January 6, 2010

Removing invalid/encoded characters from filenames

If you see the following output in your file system:
drwxrwxrwx 2 www-data www-data 4096 Jan  5 03:30 ?????? - ?Q?U?H-?X?Y??Like?t???
drwxrwxrwx 2 www-data www-data 4096 Jan  5 03:41 ???O?? ?@?????j?t???
It'll be difficult to work with the files.  By using "detox", you can remove all invalid characters from the files/folders.  In Ubuntu, simply perform the following command to install it:
# apt-get install detox
Then, do this:
# detox *Like*
If you like, perform a trial/dry run first by adding the --dry-run option.  Here's the output of the cleaned up folder name:
drwxrwxrwx 2 www-data www-data 4096 Jan  6 09:09 e_N-Q_U_H-yen_XAY_N_Like_t_U_