Saturday, December 28, 2013

Lotus Viewer on Linux for DoD Forms


Are you using Linux and need to view/edit an IBM Lotus Form; also known as a XDFL file from work?  Well here is how you can get it up and running.  There are a few known issues working with these forms on Linux.  1.) Unfortunately, you still cannot sign the forms within Linux.  2.) A lot of us know we need to fill the line.  While the fonts are slightly different and the form may differ slightly on Windows.  Lets begin the installation.

Install Wine

Wine is a free and open source software application that aims to allow applications designed for Microsoft Windows to run on Unix-like operating systems. Wine is a compatibility layer. It duplicates functions of Windows by providing alternative implementations of the DLLs that Windows programs call, and a process to substitute for the Windows NT kernel. This method of duplication differs from other methods that might also be considered emulation, where Windows programs run in a virtual machine. The name Wine initially was an acronym for WINdows Emulator. Its meaning later shifted to the recursive "backronym", Wine Is Not an Emulator in order to differentiate the software from other emulators. While the name sometimes appears in the forms WINE and wine, the project developers have agreed to standardize on the form Wine.

$ sudo apt-get install wine

Once you have that installed you will need to open the Configure Wine application and navigate to the Libraries tab.  It will be empty but we'll be adding additional libraries to make it look like this one.

Add Libraries

Click in the New override for library  type in the name of the library and then click the Add  button.  Then do it again for the next library in the list.

formobjectmodelstub
mfc71
mfc71u
pe_cc
pe_com
msvcr71
pe_crt71
pe_crtp71
pe_java
pe_mfc71u
pehelper
riched20
ssce5432
unicows [This one will give you a warning when you add it. Click OK.]
uwi_java

Install Lotus Forms Viewers

To get your forms to open properly you'll have to install two viewers.  Let's install the first one.  It is Lotus Viewer v8.  You can get it at http://www.nrc.gov and the second one is Lotus Forms Viewer 4.0.0 Fixpack 2 and you can get that one at http://www.e-publishing.af.mil/.  When you install this second one you will get a bunch of errors that pop up.  Just ignore them for the time being and don't touch any of the windows until the installation finishes.  If you look at the install window you will notice that even with the errors it continues to install.  Once the installation window shows that it is complete you can click the Finish button and then you can close the Program Error windows.

Opening a Form

Now that both viewers are installed you can actually open a form.  However, only one of the viewers works while the other just provides libraries to the other.  So yes, both are required but only one will work.  They almost look identical but Lotus Forms Viewer 4.0.0 Fixpack 2 will close/crash when you try to open a form.  Lotus Viewer 8.0 will allow you to open forms.  To find out which one you are using you will have to open a viewer and click Help menu and then click About IBM Forms Viewer within the menu.  You should see this pop-up.  Now you can use the menus at the top to open a form.



Tuesday, December 10, 2013

Using Ubuntu to access CAC-enabled DoD websites


The Department of Defense (DoD) issues Common Access Cards (CACs) which are smart cards set up in a particular way. You can use these cards for Public Key Infrastructure (PKI) authentication and email. Overwhelmingly, the first thing most users need is PKI authentication.  We are going to set this up using FireFox on Ubuntu.

A few things you are going to need to be able to do this is a newer CAC reader and a current Common Access Card.  Most CACs will look like the one to the right.  This is where your PKI authentication is stored.  As we said earlier you need a newer CAC reader.  If you have an older square one, those are no longer supported by DoD websites.  The newer one is semi-round and looks like the one to the left.  Here in a moment we will use some commands to make sure you have a supported reader.  You need middleware to access a smart card using the SCard API (PC/SC), and a PKCS#11 standard interface for smartcards connected to a PC/SC compliant reader. US government smartcards may also need support for the Government Smartcard Interoperability Specification (GSC-IS) v2.1 or newer. The pcsclite project provides the middleware layer. Ubuntu splits pcsclite into a few packages.  So let's begin our installation.

Install Software Packages

Open a terminal and type the following:
$ sudo apt-get install libpcsclite-dev pcscd pcsc-tools libccid build-essential autoconf

Now for those packages you just installed to take effect you will need to restart your computer.  Once your computer comes back up you will need to plug in your CAC reader if you haven't done so already.  Open a terminal window again and type:
$ pcsc_scan

You should see something like this:
PC/SC device scanner
V 1.4.16 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.5.3
Scanning present readers...
0: SCM SCR 3310 (21120839GXXXXX) 00 00

Mon Aug 15 11:47:42 2011
 Reader 0: SCM SCR 3310 (21120839GXXXXX) 00 00
  Card state: Card inserted, 
  ATR: 3B 7D 96 00 00 80 XX XX XX XX XX XX XX XX XX XX XX XX

ATR: 3B 7D 96 00 00 80 XX XX XX XX XX XX XX XX XX XX XX XX
+ TS = 3B --> Direct Convention
+ T0 = 7D, Y(1): 0111, K: 13 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 31 80 65 B0 XX XX XX XX XX XX XX XX
  Category indicator byte: 80 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: 80
        - Application selection: by full DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card with MF
    Tag: 6, len: 5 (pre-issuing data)
      Data: B0 XX XX XX XX
    Tag: 8, len: 3 (status indicator)
      LCS (life card cycle): 00 (No information given)
      SW: 9000 (Normal processing.)

Possibly identified card (using /home/user_name/.smartcard_list.txt):
3B 7D 96 00 00 80 XX XX XX XX XX XX XX XX XX XX XX XX
        DoD CAC card issued Jan XX, 2010

This means you have a compatible CAC reader.  If your window doesn't look like this and you have one that's more like this:

You either don't have a compatible CAC reader or it is unable to locate your CAC reader.  You can try unplugging and plugging your reader back in.  If that doesn't work you'll probably need a new reader.

The next step is to install the PKCS #11 module and FireFox extension.  NOTE:  A computer with working CAC authentication is required for the downloads. You'll probably have to download this part at work and email it to yourself.  You'll need to go to DISA's Linux development site and download the latest version of CACKEY and DoD Configuration Extension for Firefox.  Try this link for CACKEY https://software.forge.mil/ and this one for the DoD Configuration Extension for Firefox http://www.forge.mil/Resources-Firefox.html
Before install open a terminal and do the following:
$ sudo mkdir /usr/lib64

Once this is complete you can now install CACKEY.  If that installs successfully you are now ready to configure FireFox.  Open FireFox and go to the Tools menu.  Click on Add-ons.  Now up on the right next to the search bar that says Search all add-ons should be a drop down menu similar to the one pictured.

You want to click on Install Add-on From File.  Navigate to where you saved the DoD Configuration Extension for Firefox.  Let it install the plugin and restart; don't worry about all of the errors just click
through them and restart your browser.  If you get an error that says it can't install because the add-on cannot be verified, you'll have to type, about:config into another tab.  Search for xpinstall.signatures.required to false.  You should now be good to go to use your CAC and CAC reader to access DoD websites.  There is a possibility that you might have to install the DoD Class 3 PKI Root Certificate Authorities.  If you get an error you can go to Download Root CA Certificate.  When they install you'll also get a lot of errors.  Just click OK through them and then restart your browser again.


Creative Commons License
Using Ubuntu to access CAC-enabled DoD websites by Randy Rowland is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at https://militarycac.com/linux.htm.

Saturday, December 7, 2013

Installing ownCloud on Ubuntu

What is ownCloud?

ownCloud is a free and open-source web application for data synchronization, file sharing, and remote storage of documents ("cloud storage").  It is pretty much Dropbox, Box.net, or Google Drive but on steroids and you control it.  ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn't need special permissions and is quick. ownCloud is extendable via a simple but powerful API for applications and plugins.  For a full list of features please check out ownCloud's website.  https://owncloud.org/features/

Installation

First this assumes you already have Ubuntu or another version of Linux installed.  Preferably a server edition that will not be used for normal desktop use.  Ensure you have the most current updates.

$ sudo apt-get update && sudo apt-get upgrade

Now you're ready to install ownCloud.

$ sudo apt-get install owncloud

During installation you'll get a pop that will have you set the root user password for your SQL server.  Don't forget this password! That's it! Now that it's installed you just need to point your web browser to the installation for setup.  You the computer name or ipaddress or if you have a domain name setup for it followed by owncloud.
yourwebsite.com/owncloud

Setup

Once you're on the webpage you should see something similar to below.
Here is where you're going to setup your user account that will administor ownCloud.  Type in your username and password.  Don't worry about changing the data folder it should already be set for you.  You can change it if you know you will be saving data somewhere else.  Now is where you're going to use that root user from the SQL server and that password you were suppose to remember.  For the database name type in owncloud and click Finish setup.  Everything else should be pretty self explanatory.

Desktop Client

Next thing you'll probably want to do is head over to the desktop client website and pick out the specific client you'll need for your desktop.


Next time we'll be connecting our ownCloud to our FreeNAS box over samba to enable even more storage.