Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.

icon.linkedin.jpgicon.twitter.jpg

  • Subscribe to this RSS Feed
  • How to Configure a User Account in Active Directory So that the Password Never Expires
    06/09/2016 3:54PM

    Using ADSI Edit, navigate to the user in question.  Right-click on the user and select Properties.

    Then, scroll down to the 'userAccountControl' property and click the Edit button.

    Enter 66048 into the field and then click 'OK' and then 'Apply'.

    After closing the edit window, scroll to the right to confirm that the value indicates the following: '0x10200 = (NORMAL_ACCOUNT|DONT_EXPIRE_PASSWORD)'

  • Using netcat to Mock a RESTful Webservice that Returns JSON
    05/10/2016 10:26AM

    Let's say that you are working on a part of a project that needs to consume some JSON data from a forthcoming HTTP service.  That sub-system is being developed by one of your colleagues and is not yet ready for you to stand-up to develop against.

    You can use netcat to mock the webservice and return some static JSON data for which you can develop and test against with a simple one-liner.

    First, put together your JSON in a file, 'my.json' and then run the following command in a terminal:

    while true; do echo -e "HTTP/1.1 200 OK\r\n\r\n$(cat my.json)" | nc -l 9998; done

    An hitting http://localhost:9998 will return your test JSON data.

  • How to Use Credentials That Contain Special Characters with curl
    05/02/2016 12:00PM
    In order to execute curl commands to endpoints with passwords that contain special characters, the cleanest way that I have found to do so is to Base64 encode the authentication string for curl and then pass an Authorization request header along with the request.

    In this example the credentials are uid 'rchapin' and passwd 'abc123!@#'.  Normally we would pass this to curl as follows:

    $ curl -u rchapin:abc123!@# -X GET https://some-endpoint:443

    However, this will not work and the password will need to be sent in some other fashion other than ASCII.

    Following are the steps to pass the credentials as Base64:

    1. Using your favorite Base64 encoder, generate and ASCII string of the entire 'username:password' strin
    g that you would normally pass with the -u option for curl

    rchapin:abc123!@# converted = cmNoYXBpbjphYmMxMjMhQCM=

    2. Now modify the curl command as follows:

    $ curl -H "Authorization: Basic cmNoYXBpbjphYmMxMjMhQCM=" -X GET https://some-endpoint:443
  • Solution for MySQL ERROR 1396 (HY000): Operation CREATE USER failed for
    04/28/2016 11:56AM

    This indicates that the user already exists, or did exist but that all of the data for that user has not been deleted.

    As the mysql root user:

    REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'@'hostname';
    DROP USER 'user'@'hostname'


    Then re-try creating the user.

  • How to Configure a Linux Client for Active Directory Authentication
    04/26/2016 9:06PM
    I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.

    Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server.  It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.

      Run the following commands as a local user with root priveleges:

      . Installed necessary packages:
        . # yum install sssd-tools adcli realmd
        . sssd will not have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.

      . disabled selinux
        . Perhaps selinux can be re-enabled after joining and configuration?

      . search for a realm:
        . # realm discover -v
    # realm discover -v
     * Looking up our DHCP domain
     * Discovering for DHCP domain: somedomain.com
     * Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com
     * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com
     * server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88
     * Found kerberos DNS records for: somedomain.com
     * Found AD style DNS records for: somedomain.com
     * Successfully discovered: somedomain.com
    somedomain.com
      type: kerberos
      realm-name: SOMEDOMAIN.COM
      domain-name: somedomain.com
      configured: kerberos-member
      server-software: active-directory
      client-software: sssd
      required-package: sssd-tools
      required-package: sssd
      required-package: adcli
      required-package: samba-common
      login-formats: SOMEDOMAIN\%U
      login-policy: allow-any-login

      . joined the domain:
        . # realm join -U admin --verbose somedomain.com

      . allowed all lotame users to login
        . # realm permit --realm somedomain.com --all

      . Add the home directory paths
        . # mkdir /home/SOMEDOMAIN

      . chkconfig on sssd:
        . # systemctl enable sssd

      . Log out from the local user account and then log in as a user in the domain:
        . uid: SOMEDOMAIN\uid
        . This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid
Advanced Search

Categories

Archives