Hodžův blog

20 Led

Error installing VMware Remote Console plugin – (k)ubuntu 18.04

Quick Fix
# apt-get install desktop-file-utils

17 Led

„The Ext Drive has been disabled due to a detected fault“ Lenovo SR570 & Lenovo DE4000H

1. Power off (all) servers
2. Change the volume LUN ID to ID 0 on DE4000H
3. Power on (all) servers

05 Říj

UBNT UniFi AP (UAP) Upgrade Loop

1. Forgot device from UniFi
2. SSH to UniFi AP (default credential ubnt/ubnt)
ssh root@ip_of_unifi_ap
3. Upload latest firmware image from UniFi web site (https://www.ui.com/download/unifi/unifi-ap)
cd /tmp
wget https://dl.ubnt.com/unifi/firmware/BZ2/4.0.15.9872/BZ.ar7240.v4.0.15.9872.181229.0259.bin --no-check-certificate
mv BZ.ar7240.v4.0.15.9872.181229.0259.bin fwupdate.bin

4. Run upgrade process
syswrapper.sh upgrade2 &
5. Wait a moment & adopt device in controller

05 Říj

DNSSEC in BIND & Fast validation

Edit Bind config file
vi /etc/bind/named.conf.options
...
options {
...
dnssec-enable yes;
dnssec-validation auto;
...
};
...

Continue Reading »

24 Zář

Error „Hardware RAID is disabled via NVRAM Controller setting“

# Show controller slots
ssacli ctrl all show config
# Disable HBA Mode
ssacli controller slot=0 modify hbamode=off
# Recheck controller status
ssacli controller slot=0 show

21 Zář

Sync time on Windows 2019 server

# Set NTP servers
w32TM /config /syncfromflags:manual /manualpeerlist:pool.ntp.org /update
# Restart the time service
net stop w32time && net start w32time
# Resync the time
w32tm /resync
# Verify status
w32tm /query /status

21 Zář

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Debian 10 (Buster) + latest NSClient++ on Windows 2019 server

Linux:
root@nagios:/# /usr/lib/nagios/plugins/check_nrpe -H 172.24.1.1 -c check_ad
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.24.1.1: 1

Windows:
2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2019-09-21 18:30:48: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure: 1040

Quick FIX:
1. Generate DH key on Linux machine (it takes a long time)
openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'
Continue Reading »

18 Zář

Convert Windows Server 2019 Eval to Server Standard

DISM /online /Get-CurrentEdition
DISM /online /Get-TargetEditions
DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEULA
slmgr.vbs /upk
slmgr.vbs /ipk your_mak_key
slmgr.vbs /ato

Official KMS client keys
https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys

14 Čvc

Jak dešifrovat heslo z Remminy

…aneb když zapomenete přihlašovací údaje.

Hesla v remmině jsou zašifrována pomocí blokové šifry 3DES s 256bitovým (náhodně vygenerovaným) klíčem.
Klíč lze nalézt (Kubuntu 18.04) v souboru ~/.config/remmina/remmina.pref (na řádce začínající slovem „secret=“). Jednotlivá zašifrovaná hesla pak jsou v souborech ~/.local/share/remmina/*.remmina (řádek začínající klíčovým slovem „password=“).

K dešifrování poslouží tento krátký skript v Pythonu (nahraďte položky TAJNY_SECRET a TAJNE_HESLO
import base64
from Crypto.Cipher import DES3
secret = base64.decodestring('TAJNY_SECRET')
password = base64.decodestring('TAJNE_HESLO')
print DES3.new(secret[:24], DES3.MODE_CBC, secret[24:]).decrypt(password)

P.S. K plné funkčnosti skriptu v *buntu bude nejspíše nutné doinstalovat balíček python-crypto
# sudo apt install python-crypto

27 Led

IPSEC tunnel from Check Point to Mikrotik

Check Point configuration:
IP address WAN: 1.2.3.4
IP address LAN: 192.168.1.0/24
Username: johndoe
Password: mysecret
Shared secret: 12345678

Mikrotik configuration:
/interface l2tp-client
add connect-to=1.2.3.4 disabled=no ipsec-secret=12345678 name=l2tp-checkpoint password="mysecret" use-ipsec=yes user=johndoe
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway=l2tp-checkpoint

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme