> bg and Sec hacked the password for the 1.05 firmware and were able to make, pack and apply ower own firmware image.
Great! What is the password?
And now what? Only a few paragraphs above you say:
> For the time being it's not possible to hack the TeraStation without adding a serial console first.
So can I hack the TS without a serial console now or not?
--Hanno 12:00, 19 May 2005 (CEST)
- Hey man, be patient. I've documented it now.
- So, back to work
- --Bg 14:28, 19 May 2005 (CEST)
- Sorry, didn't mean to be rude! I'm extremely happy that you guys figured this out so fast!
- --Hanno 15:45, 19 May 2005 (CEST)
Scott by any means please post your kernel modules, as I was able to produce modules that allow me to mount an nfs export, but when I try to do any operation over them this mount gets stuck. And if you can, please include your .config with the modules.
--Yvasilev 19:23, 18 Aug 2005 (CEST)
Just downloaded European 2.00 firmware. Extracted, added Dropbear and NFS like described in this Wiki. The ~var symlink was not overwritten when extracted using the same tar command as suggested for Dropbear. Still, one could always extract with -w as well, do not extract the /var stuff, but extract it to another folder later on and move it manually. Re-compressed, installed new firmware. File system still there without problems. Only remaining problem:
- admin@TERASTATION:/etc$ /etc/init.d/nfs-common start
- /etc/init.d/nfs-common: modprobe: command not found
- Starting NFS common utilities: statd/etc/init.d/nfs-common: start-stop-daemon: command not found
Therefore on client side:
- [root@linuxbox ~]# mount 192.168.13.8:/mnt/array1 /mnt/terabackup/
- mount to NFS server '192.168.13.8' failed.
Two additional comments:
- after extracting the NFS stuff, etc/exports needs to be edited. The default exports only to 192.168.1.1, but you probably want to adjust it to export to either your box (change IP there) or your whole network (/mnt/array1 192.168.1.0/255.255.255.0(rw,root_squash) or similar).
- You need to edit linkstation_version.txt to show a newer version number, otherwise you won't be able to upgrade.
I tried this twice. After the first time, I had to reinitialize the drives in order to restore the file system so that I could boot. This, the second time, I poked around the file system a little more and realized untarring it, using tar xvzf all-nfsd.tar.gz, overwrote my /var directory. It was overwritten because I *think* it was a symlink to /mnt/ram/var [http:/ls-lR/1.04/ file list]. I can't be certain because I'm running 1.12, but recreating the link seems better - I see the expected stuff in /var (e.g. /var/log/messages). I have no idea if the file system is normal because I haven't rebooted.
Anyone have any input? Is there a way for tar not to clobber that link?
I started up the portmapper and nfs, but I can't mount:
[root@mymachine ~]# mkdir -p /mnt/terastation/array1 [root@mymachine ~]# mount -t nfs 192.168.11.150:/mnt/array1 /mnt/terastation/array1 Segmentation fault
- nmap shows nfs and rpcbind are up.
- mymachine, running Fedora Core 4, nfs mounts stuff from an NSLU2 running Unslung 5.5 w/o issues.
- showmount -e 192.168.11.150 shows the export
Does anyone have any ideas of what else I can try? TIA
--Bluefedora 14:40, 27 Nov 2005 (CET)
One issue is that /var/lib/nfs/rmtab is a directory instead of a file. If you look in the syslog, you will see a message like:
Feb 11 20:21:01 terastation rpc.mountd: could not open /var/lib/nfs/rmtab for locking
Unfortunately, this does not fix the problem. even after a reboot, mount request still segfault.
However, now it appears to work by examining the terastation syslog:
Feb 11 22:29:55 terastation rpc.mountd: authenticated mount request from client:616 for /mnt/array1 (/mnt/array1)
There are no other errors. This makes me wonder if there is a compatibility issue with the NFS version on my FC4 box and the one installed from sf.net.???
--cctjon Sat Feb 11 22:33:29 MST 2006
I think individual problems and requests for help belong into the discussion part, not into the article! CCRDude 13:37, 13 Feb 2006 (CET)
In my over zealous hacking attempts, I have managed to kill the code in my flash. Is there a way to restore the flash code?
- The TeraStation has a JTAG interface. It's part of the regular PowerPC debugging interface CN11. This 16pin interface is quite common for embedded PowerPCs, but I've forgotten it's name and don't have any useable links.
- Unfortunately we don't have any JTAG-borderscan information, and without you will not be able to use the JTAG interface.
- Sorry, but it looks like you're hossed. How did you destroy your flash anyway?
- Come to think of it: unless you also destroyed the bootloader, you should be able to access it. Either from the serial port or even from the network. I've no further infrmation on this either.
- You could ask buffalo, they have now at last learned how to use mdadm with a hacked firmware to recover a hossed raid.
- --Bg 08:31, 4 April 2006 (CEST)