Friday 24 June 2011

Use "IP Modem" in Deepnet DualShield

With DualShield, you try to use GPRS Modem to send SMS and may face one of the following situations.



  • You installed a 64bit version DualShield, and it is hard for you to find a 64bit driver of your modem working on a 64bit OS.

  • You installed DualShield on a virtual machine, and the host (like ESXi) can’t pass though your modem device.


Fortunately, there is a workaround, assume you have a physical machine which can install the modem driver.


On the above image, we label the PC to which the modem is physically connected as “Remote PC [Server]”. After installing the modem driver on this PC, check “Device Manager” to see if the modem device is available.


Also check what the COM port is.


Now run “Pira CZ Remote COM Port” (a freeware application which can be downloaded from http://www.pira.cz/eng/piracom.htm, not sure if it has service version. If not, you can use some utility to turn it to a service anyway), make sure select the correct COM port. You can use the default “Server Port” (=23).


Now your modem is converted to an IP modem which can be accessed from another machine (Local PC [Client] labelled in the first image), then how?
You need another software “HW VSP3 - Virtual Serial Port” which can be downloaded from http://www.hw-group.com/products/hw_vsp/index_en.html, it has 64 bit support.


It will create a virtual COM port on this PC which maps to IP and port provided by piracom we set it at the first stage.


Once connected, DualShield can use this like a local COM port.


What if you are using linux OS? You can use remserial or socat.


For your convenience, here are the commands respectively,



Give access to a RS232 device over a network.
// remserial command
remserial -d -p 23 -s "9600 raw" /dev/ttyS0 &
// socat command
socat tcp-l:23,reuseaddr,fork file:/dev/ttyS0,nonblock,raw,echo=0,waitlock=/var/run/tty

Connect a Linux program that needs a serial port to a remote serial port.
// remserial command
remserial -d -r 192.168.222.124 -p 23 -l /dev/remserial1 /dev/ptmx &
// socat command
socat pty,link=/dev/netcom0,raw tcp: 192.168.222.124:23 &

The PDF version can be accessed from here.


Reference


Pira CZ Remote COM Port

HW VSP3 - Virtual Serial Port

Remserial
Socat

Thursday 23 June 2011

JDBC connection string for failover

In its HA manual, Deepnet suggests a few HA scenarios, but it doesn’t cover the following usage.


You may have a mirrored SQL database, and it can be automatic failover, but it has no VIP (virtual IP). Also you want to run a DualShield instance only. How can DualShield benefit from the existing SQL failover feature?


Well, DualShield Authentication Sever utilizes JDBC driver to connect its SQL database, you can achieve it by adding the second server into the JDBC connection string.


Let us look at an example in MySQL. The original one in the file server.xml



<Resource driverClassName="com.mysql.jdbc.Driver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" password="changeit" type="javax.sql.DataSource" url="jdbc:mysql://localhost:3306/dualshield?useUnicode=true& characterEncoding=UTF-8" username="root" validationQuery="Select 1"/>

The new string which supports HA,



<Resource driverClassName="com.mysql.jdbc.Driver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" password="changeit" type="javax.sql.DataSource" url="jdbc:mysql://localhost,192.168.124.201:3306/dualshield?useUnicode=true&failOverReadOnly=false&characterEncoding=UTF-8" username="root" validationQuery="Select 1"/>

As you can see, we appended the second server after the original one “localhost”, separated with comma.
Don’t forget to set the HA property “failOverReadOnly=false”(its default value = true), otherwise you will get an error “Connection is read-only. Queries leading to data modification are not allowed”.


MS SQL and ORACE have the similar failover settings in their JDBC connection strings. In MS SQL, it is called “failoverPartner”.


The PDF version is available from here


Reference


Driver/Datasource Class Names, URL Syntax and Configuration Properties for Connector/J

Using Database Mirroring (JDBC)

Java – JDBC – Microsoft Drivers

Wednesday 22 June 2011

2X with Deepnet

I thought it's going to be very straightforward to use deepnet authentication in 2X. However, when I tried to do logon from 2X client, I was stuck by a strange error.


Code[01/0000000C] Account for user \\deepnetsecurity\username not found.


I was confused as this user truely existed in Deepnet application. It could be confirmed by looking through deepnet web-based management console. Also the function "Verify Deepnet user account names" provided by 2X didn't complain anything.


At the end, I turned to seek the help from Deepnet Support, they told me, in this case, the option "Use Principal Name" in application settings must be checked.


You can check the PDF version which has a few figures to help you better understand what I said.

Tuesday 21 June 2011

GPRS modem with DualShield(linux version)

Now Deepnet DualShield linux version can send SMS OTP by GPRS modem. You may need to tweak a little to make it work with your particular modem, especially it is USB modem, according to SMSLib Troubleshooting


In my case(using ZTE MF100 USB Modem in Ubuntu 11.04 32bit), it has a port as "/dev/ttyUSB2".



mingfa@water:/dev$ ls -l ttyUSB2
crw-rw---- 1 root dialout 188, 2 2011-06-21 16:01 ttyUSB2

As DualShield is running under a user called "dualshield", you need to add this user into the group "dialout" which the modem belongs to.



sudo useradd -G dialout dualshield

In addition, I have to add the parameter "-Dsmslib.serial.polling \" in the file /etc/init.d/dualshield, otherwise I got a no response exception.



case "$1" in
start)
# Start DualShield
$DAEMON_HOME/bin/jsvc \
-jvm server \
-user $TOMCAT_USER \
-home $JRE_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.tmpdir=$CATALINA_TEMP \
-Djava.io.tmpdir=$TMP_DIR \
-Djava.library.path=$JRE_HOME/bin \
-Dsmslib.serial.polling \

......

Monday 6 June 2011

token association with a user in batch mode

You can use CSV file to associate(map) a token to a user in a batch.



In DualShield(v5x)



"domain","loginName","manufacturerCode","productCode","serial"
mydomain,kates,DN,SE,10008000
mydomain,johnnya,DN,SE,10008001

In DUAP(v3x)



LoginName,UserName,Mobile,Description,Email,FromLDAP,AuthMethod,TokenDeviceID
kates,Kate Smith,07912345678,,kate.smith@company.com,,SafeID,10008000
johnnya,johnny Allen, 07912387654,,johnny.allen@company.com,,SafeID,10008001