Administration

MAB plugin for Windows NPS

My colleague has developed a MAB solution for Windows NPS.

Solution home pageHabrahabr.ru post.

О даунтаймах

Блог лежал с 3 по 17 октября, потому что 3 отктября у меня истек домен и я пропустил нотификацию от регистратора. О проблеме я узнал 13го и ошибочно идентифицировал ее, как неполадки с веб-сервером, о чем написал в поддержку хостеру. Хотсер ответил в тот же день, что ДНС-запись адрес смотрит не на их IP. Затем я 4 дня был поглщен делами и не занимался траблшутингом, пока наконец не решил проверить, куда же смотрит моя днс-запись. Оказывается, домен истек.

Выводы

  1. Мониторить доступность блога. Стендалон – это ответственность.
  2. Добавить в календарь напоминалки на даты обновления сервисов.
  3. Делать бекапы

Сапожник, как всегда без сапог. На работе во весь рост внедряешь процессы, итил, сервис менеджмент, а собственный блог лежит две недели. Это делает очевидным то, что мне на него уже давно положить. И снова посещает мысль, что надо больше писать.

Sendmail conspiracy

Sendmail conspiracy

Cisco IOS replace running config instead of merge

By default, if you do

# copy startup-config running-config

the startup config would be merged to the running one. The same happens if you use tftp:// or flash:// instead of startup-config. Eventually, there is a way to replace the running config. The command is:

# configure replace ftp://192.168.1.1/dyn1_bgp

Juniper Network Connect Eerror nc.windows.app.23711 Fix

Diagnosis for me was getting error nc.windows.app.23711 after a random amount of time running VPN to IVE.

According to Juniper forums and burgtrack [1, 2], The error message is caused by something changing your computer’s route table. It may be any application. hen it happens, you are going to receive similar message in a network connect log (when set to ‘Detailed info’ level: Advanced View -> Logs):

00218,09 2012/04/12 23:20:43.001 1 SYSTEM dsNcService.exe dsNcService p1612 t690 routemon.cpp:582 - 'rmon' Unauthorized new route to 10.95.48.228/192.168.1.7 has been added (conflicts with our route to 0.0.0.0), disconnecting

The message is not going to be the last one before you receive the error, you have to scroll a bit up to find it.

Since I had no Bonjour installed, I had to find anything what could change my routing table. I searched registry for IP address appeared in logs. It should have pointed me to a software abusing my routing. In the registry of mine the address appeared few times, all in printing settings. Most of the branches having ‘10.95.48.22’ record had ‘Hewlett Packard’ record, or appeared in HP branch, or had other relation to HP. Since the soft belonged to HP, I had to prevent anything developed by HP from starting up with my system. I used autoruns by Sysinternals to disable all the HP-vendored soft. After the reboot I discovered my VPN connection would not interrupt. After enabling services one by one, I found out the issue was caused by

c:\windows\system32\hptcpmon.dll

I suppose it is some kind of driver or so. Most likely it is a part of printing driver ver 61.93.1.67 for HP LaserJet M2727 MFP Series PCL 6 on Windows 7 64 bit. But I’m still not 100% sure that the issue cause by the driver itself. It may be caused by Windows 7, who attempts to add a route to the installed TCP/IP printer.

Perl error “isvstring is only available with the XS version of Scalar::Util” fix

I faced the subj error after updating Perl package. It appears, Scalar::Util package is shipped with C-compiled modules which are not properly updated by yum. The workaround is manual package reinstalling:

wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.23.tar.gz && \
tar zxvf Scalar-List-Utils-1.23.tar.gz && \
cd Scalar-List-Utils-1.23 && \
perl Makefile.PL && \
make test install && \

Bringing Cisco IOS CLI to Linux CLI

There are few people on the globe who loves to work with Cisco and Linux via CLI. These people might have issues with trying to apply Bash/Vim syntax to IOS and vice versa. I’m certainly one of them. That’s why I can do the followng in my Bash:

$ show .bashrc | i return
[[ "$-" != *i* ]] && return
#     return 0
#     [[ -z $adir ]] && return 1
#   [[ $? -ne 0 ]] && return 1
#     [[ $? -ne 0 ]] && return 0
#   return 0

It’s very handy for checking Cisco configs, stored on a Unix machines, without inverting your mind out. In fact, if you are in rush and tried to apply IOS syntax to Bash, you won’t be distracted by an error message, but you’d get a result you reqired.

$ show samle_conf.cfg | i spanning-tree
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree pathcost method long
 spanning-tree portfast
 spanning-tree portfast
 spanning-tree portfast
spanning-tree bpduguard enable
...

It’s achieved very easily. You need to add some aliases to your ~/.bashrc file and relogin:

echo 'alias show="cat"' >> ~/.bashrc
echo 'alias i="grep --color"' >> ~/.bashrc

Fixing SSH access on cisco via SNMP

Sometimes you may ecounter a situation, when your SSH is not properly configured, for example, if you forgot to generate SSL certificate before enabling transport input ssh on all vty lines, as I recently did. In this situation you might be lucky enough to have SNMP RW community string configured. In this situation you can fix literally everything.

There are no many configurable settings on cisco can be done via SNMP. But you can copy a prepared config to device via TFTP, RCP etc. You may download current device’s config to tftp server, edit necessary lines and upload it back. You may upload it to either running config, startup config or a flash file.

To download running config:

snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 
snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 4 
snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 1 
snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip
snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" 
snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1

Edit on the server, and upload it back by the following commands. Be careful! If you upload to startup-config, IOS will not merge the uploaded config and the startup one, it will replace it instead. Do not upload partial sets of commands!. TO be on a safe side always I recommnd to never upload partial configs. Only necessary lines should be added/cancelled/corrected and the whole config should be uploaded.

snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 
snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 1 
snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 4 
snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip
snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" 
snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1

If you ecountered situation with SSH with no generated certificate, You config might look like this:

line vty 0 4
 length 0
 transport input ssh
line vty 5 15
 transport input ssh
exit

You should fix it to:

line vty 0 4
 length 0
 transport input telnet
line vty 5 15
 transport input telnet
exit

Some commands can be cancelled with “no ” statment before the command. Some, as in above case, not.

Fedora LXDE UI Improvement Tips

Touchpad vertical scroll:

in file /usr/share/X11/xorg.conf.d/50-synaptics.conf

Section "InputClass"
Identifier "touchpad catchall"
Driver "synaptics"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Option "VertEdgeScroll" "1"
EndSection

Option “VertEdgeScroll” “1” – adds vertical scrolling

Restart X to take effect.

Adding keyboard layouts:

In file /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf

Section "InputClass"
Identifier "system-setup-keyboard"
MatchIsKeyboard "on"
Option "XkbModel" "pc105+inet"
Option "XkbLayout" "us,ru"
Option "XkbOptions" "grp:caps_toggle,grp_led:num,terminate:ctrl_alt_bksp"
EndSection

Define layouts to be used
Option “XkbLayout” “us,ru”

Define switching keys:
Option “XkbOptions” “grp:caps_toggle,grp_led:num,terminate:ctrl_alt_bksp”
grp – key to switch
grp_led – Keyboard LED to highlight a layout
terminate – shortct to kill X

Restart X to take effect.

Doomer

С прошедним днем сисадмина, братья!