You are here

Risharde's Blog

Missing SYSVOL Policies fix

Okay so Ishwar and I were having some issues with group policies not being updates. We looked at the AD controllers and noticed that a lot of the policy folders were missing and there was no one on the internet that could fix it without saying that the AD would need to be reinstalled. Well Ishwar had a good idea and it worked. He reinstalled the GPO manager by first uninstalling it and installing it back. It recreated the policies and saved us a lot of problems!

Good luck!

Installing SquidView on Centos 6

I was having a lot of problems with ncurses when trying to compile squidview on Centos 6. Well, apparently there's an easy fix after I did some research.
You need 2 main packages to get squidview to install.

Run the following
yum install gcc-c++ ncurses-static

After which you do the normal compile commands as follows:
./configure
make

Good luck!

SCP: bash: command not found on CENTOS

If you've installed CENTOS 6.4 minimal like I have, you might experience this problem. When you try to scp a file from one server to the next or vice versa and encounter this issue, you need to install the openssh-clients package.

To do this, run the following command
yum install openssh-clients

After the install, try to scp the file back and you'll see that it should work now

Good luck!

Extreme Networks InterVLAN Routing and DHCP Relay configuration

Previously, I brought you the idea of interVLAN routing on CISCO. Less is said about Extreme Networks but today I actually worked with a Summit 450 switch and it was fairly easy as well. The commands are a bit different but overall it wasn't anything too hard. Since I can't remember all the commands off hand, I'll just try to talk about what I remember

Firstly, configuring a vlan goes like
configure vlan "VLAN2" add ports 1 - 24 untagged
configure vlan "VLAN2" ip-address 10.0.2.1 255.255.255.0

configure vlan "VLAN3" add ports 25 - 48 untagged
configure vlan "VLAN3" ip-address 10.0.3.1 255.255.255.0

Enable routing:
enable ipforwarding "VLAN2"
enable ipforwarding "VLAN3"

DHCP Relay goes something like this:
enable bootprelay
configure bootprelay add 10.0.10.2 #This points to your superscope DHCP Server
#Also make sure to create route so DHCP knows which gateway to pass through to send back the information

Don't want DHCP relay? Instead you can do DHCP server on the switch itself using something like this
enable dhcp
configure dhcp address-ip-range 10.0.2.1 - 10.0.2.254 #THIS IS WRONG SOMEWHERE, BUT THAT'S ESSENTIALLY HOW THE COMMAND GOES

Sorry, some of the commands may be wrong because I'm trying to remember from memory with only 1 day experience

CISCO InterVLAN Layer 3 switch to switch routing

This has always been a challenge for me since I never did the CCNA courses or other practical courses. However, I have realized that most people who do the tutorials on the internet and even official cisco documentation is either extremely poor or too technical to understand the basics so here goes with my explanation which I have tested.

Why would you want VLANS (Virtual LANS)?
Well for me, it basically comes down to "broadcast domains". Essentially, this just means that you don't want a flat network because flat networks have too much broadcast data such as DHCP and so forth. This essentially affects the way your ip schema works because its hard to assign an ip to a specific building (however this is not the only reason but this was my reason). Anyways. so let's say you having a building called Building A and you want the computers in that building to have a specific ip scheme such as 10.0.2.x / 255.255.255.0 and then you have a building B which needs to have 10.0.3.x / 255.255.255.0. Essentially, you would want to assign VLANS so that the traffic stays within each building (this of course is just my example, since VLANS can be used at multiple locations - I'm just making it simple).

Why would you want InterVLAN Routing?
So in order for building A to be able to talk to Building B, intervlan switch to switch routing would need to occur (or is the easiest solution for off site metro-E infrastructure) because the communication would happen at the Layer 3 (IP layer) instead of Layer 2 which isn't very smart to route traffic. So now, the switch at Building A would be set to a different ip scheme, like example 10.1.0.1 / 255.255.255.0 on VLAN 100 while Building B's switch would be 10.1.0.1 / 255.255.255.0 on VLAN 100. This allows the 2 switches to communicate via VLAN 100. So you would then enable ip routing to ensure that Building A on VLAN2 can go through VLAN100 to reach Building B on VLAN3. This is referred to as intervlan routing but includes switch-to-switch configuration. This is apparently different from trunking - don't ask me why per say. Also, in order for computers on in building 1 (VLAN 2) to be able to know how to get to Building 3 (VLAN 3), the switch at building 1 would have to have a route to the switch at building 2. For example, if it the destination is therefore 10.0.3.x which means it has to go to building 2, then the switch would have a record as such with the gateway of building 2's switch which is 10.1.0.2 and vice versa must happen at switch 2 to complete the "cycle" for duplex communication. If you put a route on one switch and don't put it on the other switch, then only simplex communication will occur in which case pings won't work etc.

This ended up being complicated but read it through a few times

Pushing active directory updates to clients

So technically speaking, pushing updates from Active Directory group policies don't exist. The group policy has an interval which can be set low which allows computers to refresh / update its policies but this can cause potential problems of network congestion and high load on your active directory server. The good news is that there's another trick which works but with more eficiency.

The solution is using a third party application called SysInternals Suite (I believe it is now owned by MS)
You can download it from http://www.systeminternals.com
Extract it into a directory such as C:\sysinternals
Now you'll need to get to a command prompt (HINT: Run -> cmd.exe)
In the command prompt type each line and press enter as follows:
cd C:\sysinternals
PsExec.exe \\COMPUTER1 gpupdate /force

The above command essentially tells the remote computer "COMPUTER1" to execute gpupdate /force
gpupdate /force basically makes the computer refresh its group policy by pulling it from the active directory
If you are successful, you'll see a response like

Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
gpupdate exited on COMPUTER1 with error code 0.

With a little scripting, you'd be able to do this command on multiple computers

Good luck!

What people don't understand about the search engine

I've gotten 2 requests so far for the removal of "personal information" from the search engine. The problem is that this information is available via other public means. I don't know if the people that request the removal understand that this information is available to the public and that is how I got the information. In any event, I have removed the information because I am not interested in invading someone's privacy which they have already published anyway. The intention of the search engine is to make it easy for someone to search for your contact via the internet instead of having to turn pages to find it - that was all, period. I hope everyone understands that the systems are designed are not here to violate their privacy and to cause problems. I am more interested in research of the systems I build with respect to performance and design.

Women and Spanish Fly

Today I was having an adult conversation with someone who mentioned that 'Spanish Fly' is some sort of over the counter drug that you can get from pharmacies. He said there are stronger ones as well but this one only requires 2-3 drops in food or beverage which would essentially make a female aroused (what to have sex). He was not actually encouraging me to do this and the conversation only came up as we spoke about the young people in the society of Trinidad and Tobago. He said people could put it in KFC and give a female for free and that is how they could get drugged. He said its not the same as a date-rape drug in the sense that this one causes the female to want to have sex which is different from the date rape drug.

I began thinking to myself, how dangerous and stupid this product is. Firstly, I need to warn women that very rarely are anything in this life free, especially for women. You might wonder why I say this and I'll try my best to justify as long as you understand that I'm not chauvinistic nor do I have issues with women per say. The problem is that men are visually stimulated which means that you might already be handing him goods even though you don't realize it (just by simply having on "skimpy" clothes or showing too much skin for example). Coupled by the fact that I have met more people who drink alcohol versus those who haven't in Trinidad and Tobago, I'd say the chance of ingesting this substance or similar substances will be high due to how the "bar scene" can be where people offer women drinks for free and so forth. Even the liming scenarios raises a woman's chance of being caught. But of course, wisdom as you know is not our strong point here in Trinidad and Tobago.

I'm just warning women to be aware of the dangers. I know they'll still end up pregnant etc but at least I've done my duty.

Home remedies for boils

So I'm not exactly certain I have one but I do have an unusual large "pimple" on my face... I don't know if the correct term is actually a boil but I went to the pharmacy asking if there was any thing they could give me for it. The pharmacist didn't have a clue other than the Boilex plasters. From my experience, the Boilex plasters actually make the "boil" spread and run away from it. So I declined the offer in which he responded that he doesn't know. I thus started my quest for searching for something.

I came across a website with a few home remedies which I thought I'd share with you guys
http://health.howstuffworks.com/wellness/natural-medicine/home-remedies/...
http://www.home-remedies-for-you.com/remedy/Boils.html

Basically, I'm trying the first one at the moment which is to use corn meal and boiling water. Mix them into a thick paste and put it over the boil and cover it with a cloth. Instead of the cloth, I decided to use some cotton wool and tape and just taped it on. Do this every 1 to 2 hours and see if it helps. Well I hope it works. I'll have to go through the list and try something else if this doesn't work but this was actually the easiest one.

No longer supporting Kloxo

As many of you may know, I was using an open source control panel called Kloxo to host my previous versions of the website. However, I have switched control panels recently and thus most of the old posts I've made with regard to Kloxo fixes have been deleted as I created a new database for the new site. One of the reasons for not using Kloxo any longer was the lack of support for the latest CENTOS, which is currently 6.x as I write today. In addition, the control panel is extremely bulky and while the code is in PHP, it was very hard to customize to what I wanted. Even the template system in my opinion was very difficult to work with. The other issues were of course, the fear of its security level and the lack of API documentation and support for automation of the control panel. With that being said, I would still like to thank the Kloxo community for its invaluable support and for building a system that is free to use. I do hope that the above issues mentioned will be addressed in the future. Until then, the switch is permanent for the time being.

Virtualization in Windows

There are a few ways you can do virtualization in Windows. Firstly, for those of you who don't know about virtualization, I'll try to clarify what I mean by this. Virtualization is essentially the running of one or more "virtual" machines within a host operating system. For example, this article is specific towards running a Virtual Machine within Windows. Think of it as booting into your windows desktop, clicking an icon and then seeing a Window that shows you another computer booting. The Window that shows you another computer booting is doing this by "virtualization". Essentially, it involves additional software to be installed on your Windows based operating system which emulates a computer within Windows.

Firstly, you have to get the virtualization software running in Windows. This is actually very easy. There are many products available such as VMWARE Workstation (I believe there is a free trial but overall, this is software costs money) or a free alternative is Virtualbox which you can get via http://www.virtualbox.org. The VirtualBox project is an open source project sponsored by Oracle. So thank you to Oracle.

When you have finished downloading and installed the Virtualization software. You must create a new Virtual Machine. You'll also want to get a free operating system such as CentOS which is downloadable for free on the internet (http://www.centos.org). Download the .ISO files if you can. Once downloaded, make sure to point your virtual machine to boot from the ISO. This will allow you to boot the CENTOS operating system installer and follow the instructions on the screen.

Foods that cause heartburn at night

If you suffer from heart burn at night, you should avoid the following foods in particular in the evening time

- Milk
- Spicy food and/or pepper
- Acidic foods such as dhal coupled with pepper
- Too much water (not from experience but what I've heard from others)
- Juice

Home remedies (everyone is different but its worth a try)
- Commercial over the counter Antacids (such as local Dica seems to be more effective than tums)
- Probiotics
- Yogurt

Upgraded to CENTOS 6 - 64bit

Finally made the switch to CENTOS 6 - 64 BIT
Many of you might be wondering what's the difference between 32-bit an 64-bit operating systems. It all boils down to how values are stored in 32-bit versus 64-bit. For example, on a 32-bit machine, the number 1 might be represented as 00000000 00000000 00000000 00000001. I put spaces in between so its easier to read but in total: 32 numbers (which must be either 1 or 0 since its in bit format). So a 64-bit representation might then be 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001 (64-bit format). Now this also corresponds to memory addressing and this is why 64-bit machines have a much higher memory addressing limit compared to 32-bit machines. As far as I can tell, a 32-bit OS can use up to 4GB of RAM properly while a 64-bit can use alot more than 4 GB (even more than 8GB). This also means that files for databases can be much larger than 2GB in size if you're on a 64-bit machine and thus is the major reason why companies and IT have been moving over to 64-bit architecture.

Juniper vs Checkpoint Vs Fortigate

For the techies at heart, found a nice comparison table which seems to be recently added (2013) of some popular hardware firewalls

http://www.ebrahma.com/2013/03/comparison-juniper-srx1400-vs-checkpoint-...

It seems the fortigate is in a different league altogether so aside from that device, I'm wondering which one really is better between the Juniper and the Checkpoint. In terms of ease of set up, I'd assume is the Juniper because it has a built in GUI to manage it but as you can see, it can handle only about half the amount of sessions as a checkpoint. I don't want to talk at the top of my head but I think for me, I'd make an intelligent guess that the checkpoint would be more valuable in the long run against concurrent attacks if it can handle twice the amount of sessions than the Juniper. On the downside, it doesn't come with a built in GUI so it means you'll have to use an external app. In any event, this can also be seen as an upside since it might be less likely to be attacked via the GUI and/or be less vulnerable to 0-day exploits.

Pages