Best posts made by anthonyh

We have an application (yes, "that" application, if you saw my earlier XenServer post) that many external agencies access for various reasons. This application uses AD authentication, so we have to create AD accounts for all external users. This was fine, except the number of external users has grown to the hundreds, and people cannot seem to figure out how to use our, what I feel is a very straight forward, password self-service portal (PWM), or they simply refuse. So we have a never ending flow of "need my password reset" requests coming from them.

These external agencies use AD as well, which makes us wonder if a domain trust is the answer. The idea being that these external agencies can manage their own accounts and we'd simply grant/deny access to the application.

This sounds wonderful. However, I've never established a domain trust before. Instead of diving in head first with any of the external agencies, I want to test this locally. I've set up a test DC with a test domain. I'd like to establish trust between it and our production domain.

Can you guys point me to some great resources on basically a "crash course" in domain trusts? Something that'll walk me through the process would be great, too.

For what it's worth, our production AD is Windows 2008 R2. The test DC/Domain is running Server 2012 R2.

Thanks!

YAY!!!!!! I'm getting the emails! Thanks @scottalanmiller for the quick fix!! You will find that with these alerts I'll be much more active with the threads I start and/or contribute to.

@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:

@guyinpv that's probably not to far from the truth.

Yep. As I continue through my IT career, I learn more and more every day that the folks who seem like true industry "experts" rarely do it any better than anyone else.

I am working on setting up a secondary link between two of our sites. The two sites currently connect via AT&T Opt-E-Man service. Since the two sites are a only a few blocks apart, we are going to use a pair of Ubiquiti AirFiber radios to put up this secondary (which will actually become our primary) link.

Because of the organization I work for, I need to encrypt the traffic flowing across the radio link. We purchased a pair of Ubiquiti ERPro8's, and I've got the VPN tunnel set up and working beautifully. I also have OSPF working between the two routers as well, so the VPN tunnel is more-or-less seamless to connecting devices.

The remainder of our network is composed of various Cisco gear, which means we are using EIGRP. So, I need to 1) redistribute EIGRP over OSPF so the ERPro's are aware of our network, and 2) redistribute OSPF over EIGRP so that the rest of our network is aware of the ERPro routes. The idea is that with dynamic routing we can automagically "fall back" to the Opt-E-Man circuit if anything happened to the radio link (hardware failure, alignment issue, etc).

I have EIGRP redistrubuting over OSPF beautifully. However, I cannot seem to get OSPF to redistribute over EIGRP. The neighboring device is getting OSPF updates without issue, but doesn't seem to be redistributing them over EIGRP. Here are the EIGRP and OSPF configurations on the neighboring switch that is to do the redistribution:

router eigrp 100
redistribute static
redistribute ospf 3
no auto-summary
no eigrp log-neighbor-changes
network 10.0.0.0
network 172.19.0.0

router ospf 3
router-id 10.39.11.1
log-adjacency-changes
redistribute static subnets
redistribute eigrp 100 subnets
passive-interface default
no passive-interface GigabitEthernet0/5
network 10.39.11.0 0.0.0.3 area 0
default-information originate always

Any ideas?

@brianlittlejohn I've been running Mint at work on my primary desktop and laptop for about a year now. I'm also running it on my desktop at home (not sure how long). I haven't looked back since!

Hmm...I might regret this though.

I got my answer. It turns out OSPF applies a default metric to readvertised EIGRP routes, but EIGRP does not apply a default metric to readvertised OSPF routes. So I modified my EIGRP config like so:

router eigrp 100
redistribute static
redistribute ospf 3 metric 1000000 0 255 1 1500
no auto-summary
no eigrp log-neighbor-changes
network 10.0.0.0
network 172.19.0.0

BOOM, works!

Nice! Having bought two homes and sold one...I wish you well. My only advise is to go against the advice of "buy as much home as you can afford." We were told that when we bought our first home and I was very glad I did not listen to that advise. Buy what fits your lifestyle and results in a comfortable mortgage payment. There is not much fun being "house poor." I've known too many folks in that situation.

When we bought our first house, it was near the rut of the recession (mid 2009). There were a ton of offers on the home we wanted. I was in the middle of a meeting at work when our relator called and was all, "OK, so the selling agent called me and said that there are a dozen or so offers...she's asking for us to put our best foot forward." So we did and re-did the offer at the maximum we were comfortable with. We won. Then came the appraisal. The house appraised at our initial offer! The bank (the house was an REO) cut their loss and sold us the house at the appraisal/our original offer. That was nice. The mortgage application process...nightmare...but we made it.

We bought our second home with the contingency of selling our first. We had a couple of projects we needed to finish before the house was in what I considered "listable" condition. The contractor we had lined up kept falling through, and so his start date kept getting pushed back which was very stressful...especially since my wife fell in love with a house already and our offer was already accepted. It all worked out, though.

I'm cleaning up the firewall at one of our datacenters, and I'm finding multiple instances of ACLs similar to the following:

access-list RTSP extended deny tcp any4 any4 eq rtsp
access-list RTSP extended deny tcp any4 host 67.113.51.34 eq rtsp
access-list RTSP extended deny tcp host 67.113.51.34 eq rtsp any4
access-list RTSP extended permit tcp any4 any4 eq rtsp
access-list RTSP extended permit tcp any4 eq rtsp any4

This is a Cisco ASA 5510. I am not, by any means, an ASA expert, but if my knowledge about ACLs is correct...the first statement in that ACL makes the remaining statements superfluous. Am I wrong?

Love you guys, but now that I'm getting email alerts I had to stop watching this thread, LOL!

I am working on document cleanup in an ancient custom (shitty) application we are trying to retire. Basically, there are files everywhere, and I need to find the files that are referenced in the database in the filesystem. My plan is to dump the file references from the application's database into a table, and do the same for the filesystem in another table. I will then match by filename and go from there.

However, I'm not sure how to approach capturing the files at the filesystem level. Say said files are structured in /this/directory, what would be the best way to capture the following data?

Filename | Absolute Path | Modified Date

Any advice would be appreciated. For what it's worth, this is on CentOS 7.

Thanks!!

@travisdh1 said in I could be a mule! Another bad job posting.:

It is also a part time position, so it can be easily combined with your full-time job, but you will have to be at home at the time of the delivery from 8AM to 5PM.

I mean, I guess if you work from home already....but...

I think I've got it close enough!

find /this/directory -type f -printf "%f\t" -printf "%h\t" -printf "%TY-%Tm-%Td %TH:%TM\n"

Result:

101581_PR78450.pdf /this/directory/data/EFile/MO 2007-10-30 11:16

@Jason It was a decision made before my time here. I inherited the setup and am supporting it. I would not have went with blades, but the setup so far has been pretty solid in the ~2 years I've been supporting it. shrug

Although blades would not have been my first choice if I had been the one building the cluster from the beginning, I am curious why you say they have more points of failure than a cluster of 1 U servers?

@travisdh1 said:

@anthonyh said:

Hey All,

I have a pool of XenServer 6.5 hosts that share a FC SAN (an inherited configuration that will change when we upgrade, and for those of you who've read past posts of mine YES the hosts in question are the blades...please hold the lecture I know this is all bad ).

While I don't know how to fix you're issue, I have to give you a golf clap for that much

Ha, thanks.

I suspect detatching and re-attaching the SRs one by one will fix the issue, but that's not something I've ever done in test, much less production...so I don't know what the implications are of doing that. If an SR that a VM's virtual disks resides on is detatched, what happens to said VM?

@travisdh1 said:

@anthonyh said:

@travisdh1 said:

@anthonyh said:

Hey All,

I have a pool of XenServer 6.5 hosts that share a FC SAN (an inherited configuration that will change when we upgrade, and for those of you who've read past posts of mine YES the hosts in question are the blades...please hold the lecture I know this is all bad ).

While I don't know how to fix you're issue, I have to give you a golf clap for that much

Ha, thanks.

I suspect detatching and re-attaching the SRs one by one will fix the issue, but that's not something I've ever done in test, much less production...so I don't know what the implications are of doing that. If an SR that a VM's virtual disks resides on is detatched, what happens to said VM?

I'd suspect that you'd have to move any VM attached to the SR you are working with to a different SR, or shut down the VM.

Hmm. While it'd be a PITA, I suppose I could shuffle the SRs one by one. Create a new SR of equal size, migrate the disks, delete old SR, rinse and repeat. It would at least be a solution, and possibly a solution with minimal downtime...

I found a slightly easier solution to this. For each pool member:

• Enter Maintenance Mode
• Disable multipathing
• Enable multipathing
• Exit Maintenance Mode

BOOM. Path counts are reset.

I have a log that I need to pull some data from. The entries look like this:

2016-04-21 07:11:34,512 INFO [qtp509886383-547489:https://10.39.6.4:443/service/soap/SyncRequest] [[email protected];mid=66;ip=10.39.248.191;ua=ZCO/8.6.0.1320 (6.2.9200 en-US) P1248 T25c0;] soap - SyncRequest elapsed=3

What I need to do is pull the text between name= and ip= and ; so that I have the following:

[email protected];10.39.248.191

These log entries are variable lengths (various URLs), but the desire is to import the user and IP into a MySQL DB so I can pull distinct results.

Once I can get it into a delimited format I can take it from there.

Oh ML magicians, what do you suggest?

@scottalanmiller said in File Parsing Magic:

Put the file that you want to process into file2parse and this will do the rest...

#!/bin/bash

while read line; do
  echo $(echo $line | cut -d'=' -f2 | cut -d';' -f1)";"$(echo $line | cut -d'=' -f4 | cut -d';' -f1)
done < file2parse

OMG SAM you are the best!

Sorry for not being clear. This is all under Linux VMs on-prem in my own environment (XenServer).

If I understand correctly, you're looking to set up a "NAS" basically, right? If that's the case, I would recommend looking into something like FreeNAS/NAS4Free/OpenFiler. These are *NIX distributions geared towards the system being a file server. There are other features built in that you may or may not benefit from, but it may be worth it over running Win10 on the box.

I've had very good success with software RAID under linux. mdadm has served me well. I've done RAID 1, RAID 5*, and RAID 10 and all performed nicely.

*Avoid RAID 5 like the plauge. I had an older PPC G5 Xserve running Debian set up in my garage not doing anything important. Those things could only hold three 3.5 inch drives. If I was able to put a 4th drive in I would've totally gone RAID 10.