Stuff I'm Up To

Technical Ramblings

DFS – Access Denied — January 5, 2018

DFS – Access Denied

Whilst trying to add a new cluster for file shares to take over from the previous one we found that whilst replication worked to migrate the files, we could not remove or disable the old paths from the Folder Targets.

Access Denied – obviously some kind of permission issue, but try as we might comparing ACL’s between systems we couldn’t see where the issue was.

It all came down to the power of my Google Fu.

Continue reading

Advertisements
Mobility Printing from a Guest Network — January 4, 2018

Mobility Printing from a Guest Network

Today I have been mostly fumbling around in DNS trying to get untrusted devices on our Guest network to print to our PaperCut Pull Printing system using NAT.

All our WiFi users connect to the Guest VLAN which is isolated from the main production network. There are very few services that need to come from the Guest network into the Trusted zone, but this pull printing is one of them.

untitled_page

Continue reading

Vue.js, Vuetify and Laravel — December 24, 2017

Vue.js, Vuetify and Laravel

I’m really new to playing with Vue.js but thought I’d use it with Laravel and Vuetify rather than bootstrap. I couldn’t even get it off the ground due to this error:

app.js:442 [Vue warn]: Unknown custom element:  - did you register the component correctly? For recursive components, make sure to provide the "name" option.

(found in )

I’d tried to webpack the JS and this seems to be where the trouble lies. Something not loading quite right separating Vuetify out into the “vendor” script. Put simply the not being registered is because the vuetify.js script hasn’t loaded.

So going from this in my webpack.mix.js:

mix.js('resources/assets/js/app.js', 'public/js')
    .extract(['vue','vuetify'])
    .sass('resources/assets/sass/app.scss', 'public/css');

To this:

mix.js('resources/assets/js/app.js', 'public/js')
    .extract(['vue'])
    .sass('resources/assets/sass/app.scss', 'public/css');

resolved the problem for me.

Windows 10 Explorer Slow on Open — December 19, 2017

Windows 10 Explorer Slow on Open

This wound me up this week. Every time I tried to open an Explorer instance to view some files I’d have to wait what seemed like an eternity before the window opened. It must have been about 30 seconds, maybe longer.

Ultimately it turned out to be a problem of my own making – kind of.

I’d repeatedly visited a Samba/CIFS share on a virtual Linux box I’ve been working on. Windows decided to add the share to my “Quick Access” list. But because the virtual box isn’t always on, the share wasn’t accessible and so explorer would have to wait for it to time out before showing me my C: drive.

Just clear the “not so” Quick Access list and presto, Explorer is back to opening quickly again.

Press Windows Key (or open Start Menu), type “folder” and open the “File Explorer Options” that are listed. Then click the “Clear” button under Privacy to get things back to as they should be.

capture2

I Googled plenty that recommended MSCONFIG and stopping services like Windows Search and Cortana, adding Registry Keys and other nonsense. When all it was is a Quick Access entry.

 

PHP7.0, Microsoft SQL Driver & Debian (stretch) — December 12, 2017

PHP7.0, Microsoft SQL Driver & Debian (stretch)

What a mission today has been. I think I’ll ultimately roll back to using Debian Jessie as Stretch isn’t a supported system, yet.

To get the MS SQL ODBC driver working even in Jessie appears to be a challenge. In Stretch I almost surrendered. It is working, but I do think it’s a bit of a hack as I’ve had to install an older libssl1.0.0 and enable the locale en_US.UTF-8.

PHP development voted out the inclusion of MS SQL to the project so now you must compile and install it yourself. There are some very good instructions out there to help you – even from Microsoft.

https://docs.microsoft.com/en-gb/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server

Continue reading

Laravel & PHP Minimum Requirements — December 11, 2017

Laravel & PHP Minimum Requirements

Make sure you’ve installed php and the necessary modules before trying to create a new Laravel project.

$ sudo apt-get install php-fpm php php-mbstring php-zip

The order of php-fpm and php is important as putting them the other way around you’ll find you get apache2 installed when you probably don’t want that.

Then you should be able to create your empty project using composer without any complaints.

$ cd /var/www
$ composer create-project --prefer-dist laravel/laravel [project]

 

Google Home and Kodi — November 29, 2017

Google Home and Kodi

I thought I’d take the opportunity to add a Google Home to my gadget collection. After all it’s on a £50 off same this week, so comes in at £79 delivered.

What I really want from it above all is to control my Kodi setup. Being able to voice control what movie or TV show to play would make the wife’s life a lot easier – and when she’s happy, I’m happy.

This is where I came across the GoogleHomeKodi project on GitHub and referenced on the Kodi forum here.

Continue reading

VMware Remote Console for Linux — November 22, 2017

VMware Remote Console for Linux

This has frustrated me for as long as I can remember. How do I manage our VMware vSphere estate when the tools provided don’t work reliably on Linux?

First there was the vCenter problem using Flash Player. Thank fully they release v6.5 which has a new HTML5 based interface – no more Flash Player!

https://vcsa/ui

Then inside there you could download the VMware Remote Console (VMRC) and isntall that to allow you to remote onto the actual vSphere guest and not rely on other Guest remote tools like RDS or VNC.

Only trouble with VMRC is that it would not install on my Debian system. I upgraded to the Debian Buster/Sid (testing) version and still can’t get it to work.

Then I couldn’t uninstall it either!

The uninstall complains that there is an unmet dependency for vmware-usbabitrator<=17.1.1. Try as I might I couldn’t get that to install either. I ran the installer bundle with a -x [path] to extract it then manually tried to get the vmware-usbarbitrator to run. Then gave up.

Time to resort to using VMware Workstation Player! Yes, the player can open vmrc:// links. But I couldn’t get it to install because it too complained about vmware-usbarbitrator. So I had to revisit removing VMRC.

To get the removal to work I used DB Explorer for SQLite and opened the /etc/vmware-installer/database file. Then deleted the row from the table component_dependencies that contained vmware-usbarbitrator>=17.1.1

Selection_005

Then I could remove VMRC using:

$ sudo vmware-installer -u vmware-vmrc

This did the trick and it got rid of VMRC. A vmware-installer -l still showed VIX so I removed that too.

$ sudo vmware-installer -u vmware-vix

Now my WMware Workstation Player bundle installed successfully. So I ran it from the menu. I left the license empty at this point and continued to accept the dialogs required to get to the main VMware Player app.

Now it’s just a case of going back to my vCenter Server Appliance (https://vcsa/ui) management interface and clicking on a Guests “Launch Remote Console” link. It fires up VMware Player and asks for credentials for the vcsa and up pops the guest remote screen!

 

PaperCut Certificate — November 21, 2017

PaperCut Certificate

Time to replace the PaperCut web server certificate. So pleased I ran into Keystore Explorer previously as this made changing the web server certificate a breeze.

Put simply you create a new keystore file, in the Program Files\PaperCut MF\server\custom folder, and import your certificate that you obtain from your internal CA. We did this using MMC and the Certificate snap-in on the print server. Then export the certificate with private key to a .pfx file. Then just import the .pfx into the new keystore in Keystore Explorer.

Edit the server.properties file in Program Files\PaperCut MF\server and add the relevant keystore and password details.:

### SSL/HTTPS Configuration (Default: 9192) ###
server.ssl.port=9192

# Custom SSL keystore example (recommend placing in the custom directory)
server.ssl.keystore=custom/my-ssl-keystore
server.ssl.keystore-password=myPassword
server.ssl.key-password=myPassword

Restart the PaperCut services, give it a minute and the user and admin portal should now be using the new certificate.

https://printserver.domain.local:9192/admin

Now every printer that has an embedded PaperCut app will need to be updated to accept the new certificate. This means you have to visit each PaperCut admin console on every device – yes, that’s the painful bit if you have a lot of printers. Then you login to the console and click apply, even though you’ve made no change. This will then ask you to accept and trust the new certificate.

Selection_002

References

https://warlord0blog.wordpress.com/2017/11/14/java-keystore-management/

https://www.papercut.com/products/ng/manual/common/topics/tools-ssl-key-generation-certificate-authority-import-new.html

vSphere SSH failed to connect to host — November 17, 2017

vSphere SSH failed to connect to host

When trying to apply patches to one of our ESXi 6.0 hosts I found I couldn’t connect to it using ssh. Stopping and starting SSH from vCenter didn’t work. Neither did disabling/enabling from the DCUI.

From my client I’d see:

ssh_exchange_identification: Connection closed by remote host

So then I resorted to checking out the server from the console. First make sure I stopped SSH from either of the GUI’s.

Use ALT-F1 at the DCUI and logon to the host using your root account.

Then I tried to start sshd as a daemon using:

# /usr/lib/vmware/openssh/bin/sshd -D

Which reported errors Unsupported option running and Unsupported option PrintLastLog

So I editted my /etc/ssh/sshd_config file. Don’t know what caused it. But it was just a # missing from the first line. I guess I must have spannered it at some point when editing it to disable some ciphers. But the good news is using this method I can at least get some clear output from sshd -D to tell me why it wasn’t starting properly.

# running from inetd
# Port 2200
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

UsePrivilegeSeparation no

SyslogFacility auth
LogLevel info

PermitRootLogin yes

PrintMotd yes
PrintLastLog no

TCPKeepAlive yes

X11Forwarding no

...

So just to be safe I checked the other hosts and copied an sshd_config from one of the known good ones.

Monitor Security Flow — November 15, 2017

Monitor Security Flow

We stream the Juniper SRX logs out to our syslog server and that seems to work quite well. It is reliant upon us having the relevant log setting in the rules.

So for rules where we allow we can log the data at session-close

...
    then {
        permit;
        log {
            session-close;
        }
    }

But in our Deny All rules we log the session-init – because a denied session never gets closed (it’s never opened). So the session-init just logs the attempt.

...
    then {
        deny;
        log {
            session-init;
        }
    }

But what if we’re missing some rule logging, or are a bit unsure if packets coming in are actually coming in or not? That where monitor security flow comes in handy.

At the cli on the SRX you need to setup and activate the security flow, the filters to apply and the file to log to. In this example we’re going to capture packets from a specific ip address on a particular interface.

Create a named filter called ‘myfilter’ and then create a file to log into.

> monitor security flow filter interface reth0 source-prefix 192.168.56.10 myfilter
> monitor security flow file size 10240 securityflow.log

Then you can start and stop the monitor as you need. Then look at the content of the file.

> monitor security flow start
> monitor security flow stop
> show log securityflow.log

View the current status of your monitor

> show monitor security flow

Monitor security flow session status: Active
Monitor security flow trace file: /var/log/securityflow.log
Monitor security flow filters: 1
  Name: myfilter
    Status: Active
    Source: 192.168.56.10/32 (port 0~65535)
    Destination: 0.0.0.0/0 (port 0~65535)
    Logical system: root-logical-system
    Interface: reth0.0

Copy the log file to another system if you want to analyse it further

> file copy /var/log/securityflow.log scp://user@server.domain.local:~/

After stopping your monitor, you can then tidy up removing your file and filter using

> file delete /var/log/securityflow.log
> clear monitor security flow filter myfilter

 

Horizon View Client v4.6.0 —

Horizon View Client v4.6.0

I decided to upgrade my VMware Horizon View client today. It still has the same kind of issues as detailed here: https://warlord0blog.wordpress.com/2016/10/21/vmware-horizon-client-for-linux/

This time around my problems were with libgstreamer components. Even though I ensured they were installed the libraries were a different version that required by the client.

Specifically required:

  • libgstapp-0.10.so.0
  • libgstbase-0.10.so.0
  • libgstreamer-0.10.so.0

On my Debian Stretch install I had 1.0 versions.

So a quick fix by linking these made the scan issues go away.

$ cd /usr/lib/x86_64-linux-gnu
$ sudo ln -s libgstapp-1.0.so.0 libgstapp-0.10.so.0
$ sudo ln -s libgstbase-1.0.so.0 libgstbase-0.10.so.0
$ sudo ln -s libgstreamer-1.0.so.0 libgstreamer-0.10.so.0

Continue reading