Tuesday, June 25, 2013

Civic: Runs, with coolant leak (still) and CEL

So, I decided to try and start the car.   As long as I don't run it long enough to heat up, I should be good.  Hooked up the battery, charged it for an hour or two, and cranked away.  It fired.  Wooohooo!  Wait a minute.... is that a check engine light?  And that loud noise... sounds like an exhaust leak.  So, here's what I had :
  • Exhaust leak - I swear I put this thing back together the way it was taken apart.  Checked all of the joints, and they looked normal to me.  Running the engine for a minute told me it was around the catalytic converter, right below the exhaust manifold.  I don't think I loosened the catalytic converter flange to the exhaust pipe itself.  I do know I took the exhaust manifold off of the cc.
  • CEL - My check-engine-light is on.  I'm not sure if this is a result of (a) the timing, (b) the new crank position sensor, or (c) the fact that I had the battery disconnected for months on end (reset the computer).  I'll figure this out, and it is minimal.
  • Timing - I decided with the CEL to check the timing.  Timing is supposed to be about 15 degrees BTDC.  Mine was 15 degrees before that.  (sigh).  Got that adjusted to where I was within 2 degrees, and that seemed better.
  • Cooland leak - I have to fix the radiator, and also either the heater core or a hose (those last two are on the inside of the cabin, and I had a bit of antifreeze soaking into the carpet).  I'll get to that if I can figure out the previous stuff, because this one means I'll have to take the dash board apart.
After adjusting the timing, I still had the CEL, and the exhaust leak.  I decided to tackle the exhaust leak.  Again, I had run the car for a minute to try and isolate the leak.  I decided to simply remove the exhaust manifold.  Once it was off, I realized what I had done.

Please, in the name of smartness, be smart about being smart.  When I take something apart, I keep the screws, bolts, and nuts as close to the original location as I can.  In this case, I had taken the four nuts and washers holding the manifold to the catalytic converter when I had taken them apart, and put the nuts/washers back onto the studs so I didn't lose them.  When I reinstalled it, I took the nuts off from the studs, dropped the manifold into position, and bolted it up.

Imagine my surprise when I took the manifold off, and realized the WASHERS were still on the studs, when they should have been on the other side of the manifold.  I quickly (to hide my embarrassment) remove the washers, position the manifold, throw the washers into position, nuts, and bolt it down.  Went to start it, and it sounded SO much better!

Still, I have two issues :
  • Check Engine Light - I need to pull codes to see what trouble code is being thrown
  • Fix the coolant leaks - this means I have to dismantle the dashboard, take apart the heater core assembly, fix what I find, then fix the radiator.  Should be a major task (though not as major as the engine replacement).
So there you have it.  The car runs.  We'll get it running better.

Civic: The Car that Keeps on Giving Back to the Community

I did obtain a replacement engine block.  I trust those guys quite a bit after working with them.  They were honest, they went out of their way to help get the right things, and they were willing to work with me.  That meant I had an engine block to work with.  The problem was that I had to detach it from the transmission, replace seals (cam and crank), replace the water pump, and the usual tune up stuff.

So, I set about getting things squared away :

Then, in the middle of all of that grease and dirt, the cutest little thing appeared :

We did finish getting things ready (I hope I got the timing belt in the right place), and re-attached it to the transmission.  A few days later, it went into the car.  Some bolts here and there, replacing all of the engine mounts, re-attaching the plumbing and electrical, aligning the pulleys and belts, re-installing the air box, installing the exhaust, and the intake (the designer for that one should be shot, hung, and then thrown to the sharks).

So, with the Civic buttoned up, and before starting, I had to get the fluids in.

  1. Oil and filter .... check.
  2. Automatic Transmission fluid ... check.
  3. Coolant .... check.
Climbed into the car, and.... why does it smell so much like antifreeze after sitting for six months?  Anyway, I picked up and moved the hubcap over to the passengers foot bay.  Thats when I found the problem.  I had about a quarter inch of coolant in the passengers foot bay.  Vacuumed it out (shop vacs are awesome), and watched it drip from the heater core area.  I'm hoping it's not the heater core itself, but a hose line.  I'm not climbing in there to pinpoint the problem until it dries out.

I climb back out and check the radiator (just in case)... and it's cracked, too.

So, all of that work, and the Civic isn't done yet.  Getting things in the right places, that's been a bit tough, and it's been a little daunting (at times), but it's close.

Again, I really did a number to this poor little car, and it will be good to have it back on the road again. Just have to figure that out, and then see if it actually starts.

Friday, June 14, 2013

CentOS : 3rd party certs for LDAP auth (sshd and Samba)

Well, that was frustrating.  I had an LDAP server using a self-signed certificate.  I opted to replace it with a third-party signed certificate, and everything broke.  Just a note, a self-signed certificate is just as effective, and it's as easy to use as the others.  You still have to import CA's for third-party-signed certificates, so if you can protect your trust in your LDAP infrastructure, go with the self-signed.  For example, in /var/log/messages, I was getting :

    Jun 14 08:41:09 linuxbox sssd[be[default]]: Could not start TLS encryption. TLS error -8179:Peer's Certificate issuer is not recognized.

Anyway, once the dirty deed of going with a third-party starts, and you have LDAP authentication on your Linux box, you will need to update your authentication configs :

    authconfig --enableldap --enableldapauth --ldapserver='ldaps://example.com/' --ldapbasedn='ou=people,dc=example,dc=com' --enablemkhomedir --enableshadow --enablelocauthorize --passalgo=sha512 --update
Just a quick documentation step I completely lost the last time, and this does pretty well to update and get you back on your feet.  NOTE: if the hostname in the --ldapserver option doesn't match the SSL certificate, the server won't recognize anything, and pretty much disables the LDAP connectivity for sssd (the System Security Services Daemon).


This one was a pain because everything I kept trying was failing.  Samba simply kept saying :
    Jun 14 09:05:24 linuxbox smbd[23739]: [2013/06/14 09:05:24.723509,  0] lib/smbldap.c:1151(smbldap_connect_system)
    Jun 14 09:05:24 linuxbox smbd[23739]:   failed to bind to server ldaps://hostname.example.com/ with dn="cn=binduser,dc=example,dc=com" Error: Can't contact LDAP server
    Jun 14 09:05:24 linuxbox smbd[23739]:   #011TLS error -8179:Peer's Certificate issuer is not recognized.
What I found (strace is awesome).... you need to use the right CA here.  I kept trying the global CA from the provider.  This won't work if they use an intermediate.  If you have configured apache to use that SSL certificate, then simply find the directive :

    SSLCertificateChainFile /path/to/intermediate/certificate

Then, copy the filename that it specifies to the TLS_CACERT in your /etc/ldap.conf file, and restart.  The problem should be fixed now.