Skip to main content

Posts

Showing posts from May, 2019

Linux/Unix - Create a local Certificate Authority (CA)

I get these questions all the time - people know i have some runtime with certificates and such - one question is "Can't i just issue my own certs?" - and the answer of course is yes - but I always make sure to add that it won't be any use on a public web site since no-one will trust it. So setting up your own CA is not "generally useful", it is more if you need some specific things, like issuing certificates with a single signing source for client logins or similar. Most business will have a  couple of Windows Domain controllers, if you need to sign certs for a limited set of users, what you should do is make sure some system in your windows domain runs Certificate Services, then issue certs from there, make sure any non-domain-members has a trust for that CA. If you actually do need to set up you own CA, here is one way to do it Procedure to set up your own local CA The common name for the CA cert must NOT be the same as a domain name or anything e

New Lines - Windows/Unix/Linux/MacOS - viM

If you deal with scripts and other text files and move between platforms you probably discovered this "issue". Only the founding developers can explain why they chose what they did - googling about will show you a couple of different explanations - whatever the reasons, here are the differences and how to convert. The formats The Characters in use (referenced in OS info below) LF Usually referred to as LF  or Line feed Ascii code decimal 10 Hex: A or 0xA Octal: 12 or O12 Typical Escaped character in many shells and languages: \n CR Usually referred to as CR or Carriage Return Ascii code decimal 13 Hex D or 0xD Typical Escaped character in many shells and languages:  \r Unix, Linux, and Modern MacOS - The POSIX standard Each Line ends with a single character:  LF Most programming languages will understand/interpret this format properly. Simple Windows programs, like the built in Notepad will not show this properly. Windows (and DOS) Each lin

Active Directory Account Lockout - Narrowing Down the source

If you are in a all-windows shop where everything is nice and neat, everybody has a proper domain membership and all authentication is SSO or Windows Integrated, then you probably do not have much of a problem with repeated account lockouts. On the other hand, if you are in a mixed environment, lots of :Linux, Mac, and unmanaged Wintendo, then you probably run into some users that manage to Lock themselves out frequently - typically for several days in a row after the account password had been changed. Reasons can be plenty fold - typically saved credentials somewhere, like a git client, sql-server client, email client, rdp-manager, smbfs-automount, or anything that tries a bunch of logins when you start it up, or keeps trying in the background. As a sysadmin, you don't have time to narrow it down for the end user - but they will be adamant it is not their fault, so you probably need to prove that "Yes it is" - so I use powershell to grab 4740 events from Domain Con

Mount file system over SSH (sshfs)

I do this between linux systems - Ubuntu 16 specifically in this example, shouldnt vary much. Target File System on  bob@serverremote - no need to do anything on this system directly as long as it has ssh deamon On your local system where you want to mount stuff from target: Install sshfs package from your favorite distro - on ubuntu/debian do apt install sshfs if you havent already - create ssh id keys:   ssh-keygen If you havent already, copy the ssh id to target machine, so that you can ssh without password: ssh-copy-id bob@serverremote Create a directory to mount in mkdir /home/esmaralda/mnt/serverremote Finally execute the mount command sshfs -o allow_other,IdentityFile=~/.ssh/id_rsa bob@serverremote:/ /home/esmaralda/mnt/serverremote

Home made SAN Migration

The topic sounds more elaborate than it is - alternative title could be "Hackjob SAN volume backup and restore". The Setup In a legacy-style SAN and Compute setup, I have an EMC Unity 450F box deployed with Fibre Channel (FC) to a Cisco UCS (Unified Compute System). I am booting the UCS blades off the SAN, running vmware with Block/LUN DataStores, and one blade running Windows. I also have a Dell R740 server in the mix, with a Qlogic HBA as well as onboard storage. The Situation Not in production yet, but we had spun up a few VMs, and all our blades had been installed, esx and vcenter running, a few VM's, and including the physical Windows blade, and the R740. Then we discovered that the Unity had no SFP+ ports in it, and I need to do replication - swearing my vendor up and down, I call EMC, and they are sending out NIC modules and guy to install it. BUT, because we have to remove a module to insert a new one, the whole SAN box has to be reset to Factory setting