Archive for Januar 4th, 2018

Citrix Netscaler Firmware Release 12.0.56.20 – neu ist die Netscaler Express Lizenz „Freemium“ von 20 Mbit/s Bandbreite bereits vorinstalliert

Donnerstag, Januar 4th, 2018

100SekundenPhysik – warum ein Spiegel horizontal aber nicht vertikal spiegelt

Donnerstag, Januar 4th, 2018

St. Walburga-Krankenhaus in Meschede – hier wird eine der größten Kliniken zur Behandlung von Krebserkrankungen entstehen

Donnerstag, Januar 4th, 2018

Citrix XenApp/XenDesktop 7.16 – multiple published applications/desktop sessions randomly get disconnected the disconnects happen immediately after a Policy Refresh the users are immediately able to reconnect to their sessions

Donnerstag, Januar 4th, 2018

citrix_logo.jpg   Support Knowledge Center

US-CERT – is aware of a set of security vulnerabilities known as Meltdown and Spectre that affect modern computer processors

Donnerstag, Januar 4th, 2018

   Meltdown and Spectre Side-Channel Vulnerabilities

Raspberry Pi ‚PiServer‘ – network booting a Raspberry Pi with no SD card

Donnerstag, Januar 4th, 2018

raspberrypi_logo.jpg   Before a Raspberry Pi will network boot, it needs to be booted from an SD card with a config option to enable USB boot mode. This will set a bit in the OTP (One Time Programmable) memory in the Raspberry Pi SoC that enables network booting – once this is done the SD card is no longer required

Klinikum Freising – über 48 000 Quadratmeter groß ist die Fläche zwischen Vimy- und Alois-Steinecker-Straße die als Sondergebiet für das Klinikum ausgewiesen wurde

Donnerstag, Januar 4th, 2018

MQTT Version 5.0 – most extensive and most feature-rich update to the MQTT protocol specification ever

Donnerstag, Januar 4th, 2018

mqttorg_logo   MQTT Version 5.0 – is a lightweight client/server publish/subscribe messaging transport protocol ideal for use in M2M and IoT contexts

Microsoft Windows 10 Update KB4056892 (OS Build 16299.192) – fixes Intel and AMD processors exploit

Donnerstag, Januar 4th, 2018

Windows10_logo   You can fix these issues by installing the update that is described in this article

The National Security Agency (NSA) – is losing its top talent at a worrisome rate as highly skilled personnel, some disillusioned with the spy service’s leadership and an unpopular reorganization, take higher-paying, more flexible jobs in the private sector

Donnerstag, Januar 4th, 2018

Raspberry Pi – join in Windows Active Directory Domain with Samba Winbindd

Donnerstag, Januar 4th, 2018

raspberrypi_logo.jpg   Samba’s winbindd service provides an interface for the Name Service Switch (NSS) and enables domain users to authenticate to AD when logging into the local System – using winbindd provides the benefit that you can enhance the configuration to share directories and printers without installing additional software

root@rpi-va-dom-1:~# apt-get update
root@rpi-va-dom-1:~# apt-get dist-upgrade -y
— verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC
root@rpi-va-dom-1:~# vi /etc/hosts
192.168.1.101   VA-DC-101.VA-DOM-1.LOCAL    VA-DC-101
root@rpi-va-dom-1:~#  apt-get install ntp
root@rpi-va-dom-1:~# vi /etc/ntp.conf
    server VA-DC-101.VA-DOM-1.LOCAL
root@rpi-va-dom-1:~# ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
=========================================
VA-DC-101.VA-DO .LOCL.           1 u  231 1024  373    5.894  -259.00 641.726
0.debian.pool.n .POOL.          16 p    –   64    0    0.000    0.000   0.002
1.debian.pool.n .POOL.          16 p    –   64    0    0.000    0.000   0.002
2.debian.pool.n .POOL.          16 p    –   64    0    0.000    0.000   0.002
3.debian.pool.n .POOL.          16 p    –   64    0    0.000    0.000   0.002
+zepto.mcl.gg    192.53.103.108   2 u  689 1024  377   49.519   -9.376   7.328
+ns1.blazing.de  213.172.96.14    2 u  728 1024  377   39.998    0.032   6.335
+ntp1.rrze.uni-e .DCFp.           1 u  540 1024  377   39.858    0.574  15.616
*metasntp12.admi .MRS.            1 u  650 1024  377   39.141    0.199   4.695
+b.fu110.de      131.188.3.221    2 u  634 1024  377   34.438   -0.872  16.808
+estoma.de       85.220.190.246   3 u  621 1024  377   84.043  -17.919  15.931
+li1655-15.membe 129.70.132.32    3 u  764 1024  377   37.483   -1.305   5.944
-www.mcr42.de    195.13.1.153     3 u  651 1024  377   55.607   -6.530   6.450
+ns.km33237.keym 192.53.103.108   2 u  603 1024  377   50.298   -3.585   7.295
-213.251.53.187  195.66.241.3     2 u  976 1024  277   39.773   -2.600   9.272
root@rpi-va-dom-1:~#  apt-get install samba samba-common smbclient
root@rpi-va-dom-1:~# service smbd status
root@rpi-va-dom-1:~# service nmbd status
root@rpi-va-dom-1:~# smbd -V
root@rpi-va-dom-1:~# /etc/init.d/samba stop
root@rpi-va-dom-1:~# /etc/init.d/winbind stop
— verify that no Samba processes are running

root@rpi-va-dom-1:~# ps ax | egrep „samba|smbd|nmbd|winbindd“
— remove the existing smb.conf file to list the path to the file
root@rpi-va-dom-1:~# smbd -b | grep „CONFIGFILE“
   CONFIGFILE: /etc/samba/smb.conf
root@rpi-va-dom-1:~# cp /etc/samba/smb.conf /etc/samba/smb.conf.<date>
root@rpi-va-dom-1:~# rm /etc/samba/smb.conf
— remove all Samba database files, such as *.tdb and *.ldb files to list the folders containing Samba databases

root@rpi-va-dom-1:~# smbd -b | egrep „LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR“
   LOCKDIR: /var/run/samba
   STATEDIR: /var/lib/samba
   CACHEDIR: /var/cache/samba
   PRIVATE_DIR: /var/lib/samba/private
root@rpi-va-dom-1:~# rm –f /var/lib/samba/*.[lt]db
root@rpi-va-dom-1:~# rm –f /var/lib/samba/private/*.[lt]db
root@rpi-va-dom-1:~# apt-get install winbind libpam-winbind libnss-winbind krb5-config resolvconf
— specify realm
Configuring Kerberos Authentication – when users attempt to use Kerberos and specify a principal or user Name without specifying what administrative Kerberos realm that principal belongs to, the system appends the default realm.  The default realm may also be used as the realm of a Kerberos service running on the local  machine.  Often, the default realm is the uppercase version of the local  DNS domain
Default Kerberos version 5 realm:
VA-DOM-1.LOCAL
— specify the hostname of AD DS
Configuring Kerberos Authentication – enter the hostnames of Kerberos servers in the VA-DOM-1.LOCAL Kerberos realm separated by spaces
Kerberos servers for your realm:
VA-DC-101.VA-DOM-1.LOCAL
— specify the hostname of AD DS
Configuring Kerberos Authentication – enter the hostname of the administrative (password changing) server for the VA-DOM-1.LOCAL Kerberos realm
Administrative server for your Kerberos realm:
VA-DC-101.VA-DOM-1.LOCAL
root@rpi-va-dom-1:~# vi /etc/krb5.conf
[libdefaults]
default_realm = VA-DOM-1.LOCAL
ticket_lifetime = 24000

     clock_skew = 300
     dns_lookup_realm = false
     dns_lookup_kdc = true
root@rpi-va-dom-1:~# vi /etc/samba/smb.conf
— line 29: change workgroup name to the one for AD DS and add lines like follows
    workgroup = VA-DOM-1
#    password server = VA-DC-101.VA-DOM-1.LOCAL
    realm = VA-DOM-1.LOCAL
    security = ads
    idmap config * : range = 16777216-33554431
    template homedir = /home/%U
    template shell = /bin/bash
    winbind use default domain = true
    winbind offline logon = false 
root@rpi-va-dom-1:~# vi /etc/nsswitch.conf
— line 7: add like follows
    passwd:  compat winbind
    group:  compat winbind
    shadow:  compat winbind
root@rpi-va-dom-1:~# vi /etc/pam.d/common-session
— add to the end if you need (auto create a home directory when initial login)
    session optional        pam_mkhomedir.so skel=/etc/skel umask=0077
root@rpi-va-dom-1:~# vi /etc/network/interfaces
— change name server to AD’s one
    dns-nameservers 192.168.1.101
— join in Active Directory ( net ads join -U [AD’s admin user])
root@rpi-va-dom-1:~# net ads join -U Administrator
Enter Administrator’s password:
    ldb: unable to stat module /usr/lib/x86_64-linux-gnu/samba/ldb : No such file or directory
    Using short domain name — VA-DOM-1
    Joined ‚SMB‘ to dns domain ‚VA-DOM-1.LOCAL‘
    No DNS domain configured for smb. Unable to perform DNS Update.
    DNS update failed: NT_STATUS_INVALID_PARAMETER
— the DNS error can be ignored make sure you create an A record and a PTR record manually
root@rpi-va-dom-1:~# systemctl restart winbind
— sending a Winbindd Ping 
root@rpi-va-dom-1:~# wbinfo –ping-dc
checking the NETLOGON for domain[VA-DOM-1] dc connection to „VA-DC-101.va-dom-1.local“ succeeded
— two simple test to see if your DC is alive 
root@rpi-va-dom-1:~# net ads testjoin
Join is OK
root@rpi-va-dom-1:~# wbinfo -t
checking the trust secret for domain VA-DOM-1 via RPC calls succeeded
— try to show domain users info 
root@rpi-va-dom-1:~# wbinfo -u
 administrator
 gast
 krbtgt
— try to show domain group info 
root@rpi-va-dom-1:~# wbinfo -g
— try to switch to an AD user 
root@rpi-va-dom-1:~# su – Administrator
 Creating directory ‚/home/Administrator‘.
administrator@rpi-va-dom-1:~ $
 — looking up Domain Users and Groups
root@rpi-va-dom-1:/# getent passwd VA-DOM-1\\Administrator
administrator:*:16777216:16777216::
/home/administrator:/bin/bashdom1:~ $
root@rpi-va-dom-1:~# addgroup solution
root@rpi-va-dom-1:~# adduser dp –ingroup solution
root@rpi-va-dom-1:~# mkdir -p /sharing/{JSHOgroup,JSHOpowergroup,JSHOadmingroup}
root@rpi-va-dom-1:~# chmod -R 0770 /sharing/
root@rpi-va-dom-1:~# chgrp -R solution /sharing/
root@rpi-va-dom-1:~# ulimit -n 16384
root@rpi-va-dom-1:~# vi /etc/security/limits.conf
*              –       nofile         1638
— configure samba shares
root@rpi-va-dom-1:~# vi /etc/samba/smb.conf
[JSHOgroup]
    comment = JSHOgroup
    path = /sharing/JSHOgroup/
    valid users = @“VA-DOM-1\JSHOgroup“, @“VA-DOM-1\JSHOpowergroup“,  @“VA-DOM-1\JSHOadmingroup“
    force group = „solution“
    writable = yes
    read only = no
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes
[JSHOpowergroup]
    comment = JSHOpowergroup
    path = /sharing/JSHOpowergroup/
    valid users = @“VA-DOM-1\JSHOpowergroup“, @“VA-DOM-1\JSHOadmingroup“
    force group = „solution“
    writable = yes
    read only = no
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes
[JSHOadmingroup]
    comment = JSHOadmingroup
    path = /sharing/JSHOpowergroup/
    valid users = @“VA-DOM-1\JSHOadmingroup“
    force group = „solution“
    writable = yes
    read only = no
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes
root@rpi-va-dom-1:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section „[homes]“
Processing section „[JSHOgroup]“
Processing section „[JSHOpowergroup]“
Processing section „[JSHOadmingroup]“
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER