python-netsnmpagent 0.6.0 released

python-netsnmpagent version 0.6.0 has just been released.

This release is the first to officially introduce Python 3 support
while staying compatible with Python 2.6 and 2.7. It was tested with
Python 3.5.

Other changes since 0.5.3:

  • Introduction of the netsnmptestenv Python module
  • Introduce test cases using nose as testing framework
  • Fix packaging of examples

Please note that by contrast to 0.5.x and earlier releases the license for python-netsnmpagent has changed to the GNU Lesser General Public License (LGPL), version 3.

As usual:

Custom ZDDX device description files and flowchart for Philio 4-in-1 PST02-A and Qubino DIN dimmer ZWave devices

If you’re like me experimenting with home automation you’ll certainly have come across Philio’s 4-in-1 Multisensor PST02-A/B/C devices. They unite multiple functions:

  1. Door/window sensor (PST02-A, PST02-C)
  2. PIR motion detection (PST02-A, PST02-B)
  3. Illumination sensor (all three)
  4. Temperature sensor (all three)

Unfortunately it’s not only their Website that lacks any useful information, the supplied manual (available online at vesternet.com, eedomus.com and zwave.ie) is a prime example of Taiwan English that is very hard to understand. For example:

The PIR motion re-detected interval, in the “Test Mode” fixed to 6 seconds. In the “Normal Mode”, it according to the setting of the configuration NO. 8.

This makes use of the device quite challenging given that it is actually give flexible and powerful. Luckily the manual has some flow charts that give some hints. It gets way worse, however, in parts of the description of configuration parameter Nr. 6:

Bit 0 Disable magnetic integrate illumination to turn ON the lighting nodes in the association group 2. (1:Disable, 0:Enable) PST02-A, PST02-C
Bit 1 Disable PIR integrate illumination to turn ON the lighting nodes in the association group 2. (1:Disable, 0:Enable) PST02-A, PST02-B
Bit 2 Disable magnetic integrate PIR to turn ON the lighting nodes in the association group 2. (1:Disable, 0:Enable) PST02-A only

Got it? No? Welcome to the club, you’re not alone! There are a number of posts and pages on the Net discussing what the exact meaning of these three bits actually is.

This vesternet.com application note on using the sensor with VERA suggests that Bit 0 and Bit 1 would apply to disable lighting the sensor’s red LED when one of the two events happen — however the red LED normally does not light at all unless you’re in Test mode or low on battery, so that doesn’t make sense. And Bit 2 would mean “Do not combine PIR and door sensors” — now what is that supposed to mean?

What is rather clear is that these bits influence which events result in sending a “Basic Set” command to the devices in association group 2, telling these to turn on (by contrast to configuration parameter 5 bit 2, which disables Door/window change detection completely, and configuration parameter 3, setting the PIR sensitivity, where a value of 0 also completely disables PIR motion detection). Accordingly, bit 0 applies to for door/windows events (explaining why it is of no use with the PST02-B variant) and bit 1 applies to PIR motion events (explaining why it is of no use with the PST02-C variant).

Bit 2, however, remains a mystery: useful on the PST02-A variant only, it could be that setting it disables both but that is pretty redundant as one could just set bits 0 and 1 to 1 just as easily.

My observation is a different one: in my experiments with my PST02-A, it showed that I had to explicitly set Bit 2 to 1 for any of the other two bits to have any observable effect. The bit combinations 010, 100 and 110 did not have any effect, it had to be 011, 101 and 111.

This is what I document in my custom PST02 ZDDX file for use with the RaZberry software. I’ve also completely rewritten the option descriptions into proper English, making the PST02 way more accessible than when using the default file downloaded from the pepper1.net database (which also has a message “This database is not maintained anymore and will be shut down shortly. Please use the Z-Wave Alliance Product Catalogue as an alternative.”).

But wait, there’s more! Because the configuration settings are so comprehensive, I’ve created an all-in-one flowchart for the PST02-A (draw.io XML source file) that shows very nicely a.) the inner workings of the sensor and b.) which configuration parameter affects what. The flowchart and its source are licensed CC-BY-SA.

In addition, I’ve created a ZDDX file for the Qubino DIN dimmer device. This currently uses the manual’s English, eventually I might go and rewrite it into proper English, too.

All the files are available on Github — feel free to fork and send a PR!

Maintaining home network access from the outside with a network-controllable power plug, OpenWrt/LEDE and a 4G LTE stick

Internet routers are supposed to operate in a stable fashion. Except they don’t (FritzBox *cough*) – especially when you’re away from home and need access to your home resources. Having to call someone related to go and reset the thing tends to get awkward. If you encounter this often enough, you begin looking for a remote reset solution. Continue reading “Maintaining home network access from the outside with a network-controllable power plug, OpenWrt/LEDE and a 4G LTE stick”

python-netsnmpagent 0.5.3 released

python-netsnmpagent version 0.5.3 has just been released.

This release contains fixes for using IpAddress objects as table indices.

As usual:

Using your Raspberry Pi Zero’s USB wifi adapter as both Wifi client and access point

The Raspberry Pi Zero captivates with its small dimensions. This comes at a cost, however, with only one micro USB port available for peripherals of any kind. In this scenario you’ll probably think twice about what you connect to that port. “A USB hub” may sound like a natural choice but if you’re like me, you’ll want to carry the gadget around a bit and minimize the number of accessories.

Now there are solutions to stack a USB hub onto the Pi Zero, eg. Circuitbeard’s one or Richard Hawthorn’s one, but actually I don’t want to carry around a USB keyboard, especially if I have no HDMI-capable display around at all times. Instead I want to login onto the Pi via Wifi while still having Internet connectivity even when not at home. Thus I want the Pi to be an access point AND maintain a Wifi client connection at the same time. This is rather easy to do with two USB wifi adapters — but with the Pi Zero we’ll have to do with a single one! Continue reading “Using your Raspberry Pi Zero’s USB wifi adapter as both Wifi client and access point”

python-netsnmpagent 0.5.1 released

python-netsnmpagent version 0.5.1 has just been released.

This release has no substantial new features but a number of fixes of which the following three are important enough to warrant an update from 0.5.0:

  • netsnmpagent: Make Table’s value() method regard string lengths
  • netsnmpagent: Drop special string handling in Table’s init()/setRowCell()
  • netsnmpagent: Fix Table’s value() cutting off ASN_COUNTER64 table values

Other changes include:

  • Usage of MIB files is now completely optional
  • threading_agent got a small fix so it works on Python 2.6, too
  • __version__ got removed, use pkg_resources in your agent yourself to express version dependencies as outlined in 5715e77f’s commit message.

See the included ChangeLog for a detailed list of all changes

Ways to get the software:

  • As usual, the source is available at the GitHub repo.
  • The source distribution .tar.gz for this release can be downloaded from the PyPI page.
  • You can either build binary RPMs for your local distribution yourself (download and make rpms) or pick them up from my Open Build service project — just click on the Repositories tab and one of the Go to download repository links.

python-netsnmpagent bugfix for trailing dots in table strings

I have just pushed two fixes that should be of interest to all python-netsnmpagent users:

These changes fix the issue with trailing dots in table strings. I’ve so far only pushed them to master. I’d like to get some feedback before pushing these to the 0.5 stable branch, so please check them out :)

Integrating Samba’s DNS server with existing dnsmasq installations

As an Active Directory encompasses not only LDAP and Kerberos but also DNS and there are funny things Microsoft does with DNS (dynamic updates, special SRV records to locate hosts etc.), running Samba as an Active Directory domain controller means running either the built-in DNS server or bind9 with a special DLZ plugin.

dnsmasq integration has been discussed but seems to have been abandoned not so much for technical reasons than rather for lack of real interest on both sides. There is at least this HOWTO that works around the technical issues by teaching dnsmasq the necessary SRV records manually, but even then you won’t have dynamic DNS updates the way Samba needs them and it is more of a hack definitely unsupported by the Samba team than a viable solution.

Running dnsmasq is feasible not so much as an alternative running on the Samba host itself, but, at least in my idea of SOHO networking, it’s pre-destined for embedded devices such as access points and routers and accordingly the default DNS forwarder in OpenWrt. Having DNS resolution depend on a “higher-level” DNS service provided by Samba would contradict that concept. Apart from the fact that Samba’s DNS server would require support for every single feature existing DNS servers (such as dnsmasq) already have — or bind be used, a software I do not really miss particularly much (think zone files).

Obviously I can’t achieve the desired isolation of a basic network service such as DNS and a productive service such as Samba with a single DNS zone, as there is no such thing as zone sharing. So I’ll need two DNS zones: mysite.foo.bar and either ad.mysite.foo.bar or mysite.ad.foo.bar. The latter choice would be preferable if we were to seriously use Active Directory features such as forests and sites but also mean that there would be a “parallel forest” of “conventional” DNS zones and the need to have a foo.bar DNS server that supports delegations. As Samba 4 currently supports running a single Active Directory domain controller only anyway, I’ll go with the former:

DNS zone Managed by Running on
mysite.foo.bar dnsmasq OpenWrt-based access point/router
ad.mysite.foo.bar Samba “Real” server

Now I do, of course, have only one DHCP service at my “site”. Technically it could supply multiple DNS servers but you wouldn’t want that since you can’t control your clients’ resolvers’ behavior via DHCP (ie. when which DNS server is tried). And there’s no need to, because here comes the elegant part: all clients continue to receive the IP address of an OpenWrt device as DNS server which is authoritative for mysite.foo.bar. Requests for *.ad.foo.bar simply get delegated to the Samba host with a dnsmasq configuration such as the following:


# Local dnsmasq instance is responsible for
# mysite.foo.bar
domain=mysite.foo.bar
server=/mysite.foo.bar/

# DNS delegation for ad.mysite.foo.bar
server=/ad.mysite.foo.bar/192.168.0.1

# If rebind protection is on, this is
# required to avoid warnings on DNS
# rebinding attacks
rebind-domain-ok=ad.mysite.foo.bar

# Upstream DNS server, handles everything
# outside ad.mysite.foo.bar and mysite.foo.bar
server=192.168.0.254

Note that having two DNS zones does not imply that you need to have two IP subnets. It’s perfectly fine to have both baz.mysite.foo.bar and baz.ad.mysite.foo.bar point at 192.168.0.1 and have reverse lookup of the IP address resolve to baz.mysite.foo.bar, as long as you configure Kerberos client configuration accordingly (the rdns = false option described at the end of my sssd-ad configuration post).

This way, if the Samba server goes down, only the ad.mysite.foo.bar zone will be affected, not mysite.foo.bar as a whole. Neat :)

My SOHO network layer model

In my eyes, it makes sense to divide the elements that are part of a SOHO (small office/home office) network into one of two layers:

Basic network and productive services
Basic network and productive services

In this model, if I were to speak about “the network” I’d mean what I call the basic network: all components that in their togetherness constitute an independent, foundational layer cornered around connectivity and, by comparison, low complexity (ie. no full-blown operating system on each device). This includes the physical LAN cabling (if present), network switches, print servers (usually integrated into the printers), WLAN access points and routers.

Because nowadays it is often essential for system administrators to have Internet access, be it for googling on problems that pop up or for bootstrapping installations that download software directly from the ‘Net (eg. in disaster recovery scenarios when no local mirror is present any more), I consider DNS and DHCP services to be essential enough to be part of the basic network as well.

With the advent of flash-based embedded devices such as WLAN access points and routers, the availability of OpenWrt as a standardized Linux distribution for these and the low resource consumption of DNS/DHCP, migration of these services from hard disk-based servers onto access points/routers became feasible. After all, an access point running on flash memory is much less likely to fail than a full-blown server with hard disks as storage. The only part I’ve seen failing over years with these devices is the $0.05 power supply.

The basic network is foundational in two ways: for one thing, it is independent, ie. can stand on its own. And the productive services layer, that encompasses more value-creating (to the end user) services such as File, Print and E-Mail services, is stacked upon it. No basic network, no productive services. And at the same time: no productive services, no real value in the basic network.

Formulating such a model helps in making up your own mind and communicating with others, eg. about the question where a service such as NTP should be placed. What do you think?