Integracao AD Windows Server + Samba Linux [closed] - linux

Closed. This question is not written in English. It is not currently accepting answers.
Stack Overflow is an English-only site. The author must be able to communicate in English to understand and engage with any comments and/or answers their question receives. Don't translate this post for the author; machine translations can be inaccurate, and even human translations can alter the intended meaning of the post.
Closed 4 days ago.
Improve this question
I have a doubt if my configuration of integration between AD Windows Server with the Samba file server is correct.
We have already performed the configuration and egress from the samba server to the domain, but when I try to pull the information through the net rpc vampire command, it asks for the root password and after it is informed, the following error is displayed:
Bad SMB2 signature for message
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0000] 06 0E 6C 99 B7 1F 44 00 69 5D CA A5 BE 41 2A 84 ..l...D. i]...A*.
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_ACCESS_DENIED
Executed testparm commands successfully with the following results:
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
After executing the net join rpc command, it also successfully informed the egress to the domain.
As a final result, the goal would be to integrate AD users and groups for permissioning in Samba.

Related

HEX query automation

I have a control bord installed on a remote digital signage totem.
The card is connected via RS232 to an IP adapter which I can connect remotely.
I need to send it HEX commands every hour, get the answers and act according to them
(for example the command for what is the door status is: "AE 04 04 0A" and the answer is: "{EF}{04}{04}{01}" the last digit is 1=open 0=closed)
I would like to take the answers and get them on my Zabbix monitor system for alerts, like if the door is open or the temp is high.
can you give me a direction to a platform that can run this kind of automation?
It's surely doable, but it depends on the details of "IP adapter which I can connect remotely":
is it an http gateway where you post your authentication and commands? Then use an http item
is it a simple socket with no auth, just ip->rs232? Then a simple telnet/nc script called via zabbix with a system.run is the way to go
is the interaction more complex? I.e: telnet, then authenticate, then subcommand1 and so on? A system.run as well, but to call a more complex script like expect or pexpect
In the simplest case, assuming a socket on host 1.2.3.4 and port 23 that just accepts input:
echo 'AE 04 04 0A' | nc -N 1.2.3.4 23 | perl -lne 'print $1 if /(?:{\w\w}){3}{(\w\w)}/'
This will send the hex command AE 04 04 0A to the device, then print the fourth portion of the result: so if the result string is {EF}{04}{04}{01}, the command will return 01

Shared resource and point of failure

We need to add the high availability feature in our web application so I am considering load balancing (Application Request Routing in IIS). Here is my setup:
Server 01: This is where the ARR is installed with two nodes (02 and 03).
Server 02: This is the node 02 in Server 01.
Server 03: This is the node 03 in Server 01.
Assuming I have set it up correctly, question 1: I need to make sure that Server 01 is up all the time to archive the high availability feature. If I did not have ARR and host my web application directly on Server 01, I also need to make sure it is up all the time. What is the difference?
question 2: I have a folder that my users will upload files to the web server. That folder is available on both Server 02 and 03. If a file is saved on 02 but the request for that file goes to 03, it will not be able to find it. How do I share the resources between 02 and 03?
Since we are only looking for high availability, we will host the web application on Server 01 and have a cluster (Server 02). So when Server 01 is down, Server 02 will take over. Regarding to sharing the resources (folder), we will have a designated File Server that both Server 01 and Server 02 will point to.

Linknode R4 error: espcomm_upload_mem failed

I am very new to this sort of thing so any help would be appreciated. I've spent 2 days trying to correct the errors I'm getting but I am still having no luck. I am following this tutorial here http://www.themakersworkbench.com/tutorial/how-use-amazon-alexa-control-linknode-r4-esp8266-4-channel-relay-board. I am using the same cables he linked in the tutorial (://amzn.to/2h7PdEz) (usb to uart cable) (://amzn.to/2h7RDDf) (5v 2a power supply). I gathered the code from the link provided and updated it with the relevant information for it to connect to my wifi, other than that I made no changes to the code. (they wont let me put links in as this is my first post just add http to the front of the links)
The problem I am having is when I try to upload my code to the board its not working, the code compiles fine then encounters the error listed below. I'm sure this is something simple and I've scoured everywhere ensuring proper settings but im still unable to upload the code. I even tried the serial monitor at 115200 entering "AT" and getting the output `UC. Just to cover some of the basics i connected the tx to the rx on the board and the rx to the tx on the board, and ground to ground. The power is on and I can see the power led indicator lit, this is plugged directly into the wall. I downloaded 1.8.3 arduino ide and installed the ESP8266 board manager and I am using the generic version flash mode QIO at 115200 baud rate.
Thanks for taking the time to look at this and again I'm very new so please direct me in the right direction if this question has already been answered (I searched myself ALOT).
Arduino: 1.8.3 (Windows 10), Board: "Generic ESP8266 Module, 80 MHz, 40MHz, QIO, 115200, 512K (64K SPIFFS), ck, Disabled, None"
Build options changed, rebuilding all
Archiving built core (caching) in: C:\Users\Bro2D2\AppData\Local\Temp\arduino_cache_585316\core\core_esp8266_esp8266_generic_CpuFrequency_80,FlashFreq_40,FlashMode_qio,UploadSpeed_115200,FlashSize_512K64,ResetMethod_ck,Debug_Disabled,DebugLevel_None_____f179b2dc0cd843b50353b7c87d0452e9.a
Sketch uses 250081 bytes (57%) of program storage space. Maximum is 434160 bytes.
Global variables use 37816 bytes (46%) of dynamic memory, leaving 44104 bytes for local variables. Maximum is 81920 bytes.
C:\Users\Bro2D2\AppData\Local\Arduino15\packages\esp8266\tools\esptool\0.4.9/esptool.exe -vv -cd ck -cb 115200 -cp COM3 -ca 0x00000 -cf C:\Users\Bro2D2\AppData\Local\Temp\arduino_build_953054/wemos.ino.bin
esptool v0.4.9 - (c) 2014 Ch. Klippel <ck#atelier-klippel.de>
setting board to ck
setting baudrate from 115200 to 115200
setting port from COM1 to COM3
setting address from 0x00000000 to 0x00000000
espcomm_upload_file
espcomm_upload_mem
setting serial port timeouts to 1000 ms
opening bootloader
resetting board
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
resetting board
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
resetting board
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
trying to connect
flush start
setting serial port timeouts to 1 ms
setting serial port timeouts to 1000 ms
flush complete
espcomm_send_command: sending command header
espcomm_send_command: sending command payload
serialport_receive_C0: E0 instead of C0
warning: espcomm_sync failed
error: espcomm_open failed
error: espcomm_upload_mem failed
error: espcomm_upload_mem failed
This report would have more information with
"Show verbose output during compilation"
option enabled in File -> Preferences.
I don't know how to fix your specific problem, but I was running into the same error and ultimately it was the drivers for my usb cord. I believe the drivers for your cord can be found here.

BlueZ: How to set up a GATT server from the command line

I would like to know if there is a way to set up a gatt server from the Linux command line. I know that the BlueZ gatttool command allows you to act as a gatt client and interrogate a remote gatt server, however, I do not think that this tool can be used to set up a server.
What I want to achieve is a gatt server, created from the command line, and can be interrogated by any central device (e.g. iOS or Android device) to connect to the GATT server, discover the services and characteristics, and manipulate the data in the characteristics.
Example:
Gatt Server with 1 service which contains 3 characteristics.
Service uuid = 0xFFFF
Char 1 uuid = 0xAAAA, value = 01, properties = readable
Char 2 uuid = 0xBBBB, value = 00, properties = readable & writable
Char 3 uuid = 0xCCCC, value = 02, properties = notifiable
I am using kernel version 3.11.0 and BlueZ 5.19
So this is now handled with the new bluetoothctl tool. A gatt table can be set up using this tool as follows:-
#bluetoothctl
[bluetoothctl] menu gatt
[bluetoothctl] register-service 0xFFFF # (Choose yes when asked if primary service)
[bluetoothctl] register-characteristic 0xAAAA read # (Select a value of 1 when prompted)
[bluetoothctl] register-characteristic 0xBBBB read,write # (Select a value of 0 when prompted)
[bluetoothctl] register-characteristic 0xCCCC read # (Select a value of 2 when prompted)
[bluetoothctl] register-application # (This commits the services/characteristics and registers the profile)
[bluetoothctl] back
[bluetoothctl] advertise on
I've tried this with a few service/characteristic combinations and was able to get it to work. The GAP (0x1800) and GATT (0x1801) services are available by default and will be part of the GATT table when you advertise. You can also use the following command to see the available services:-
[bluetoothctl] show
Controller 00:AA:BB:CC:DD:EE (public)
Name: MyMachine
Alias: MyMachine
Class: 0x000c0000
Powered: yes
Discoverable: no
Pairable: yes
UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb)
UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb)
**UUID: Unknown (0000ffff-0000-1000-8000-00805f9b34fb)**
UUID: Headset (00001108-0000-1000-8000-00805f9b34fb)
Modalias: usb:v1D6Bp0246d0532
Discovering: no
I have also faced the same issue, but could find any proper solution, what you can best do using a bluez stack on an Ubuntu machine is use some hci commands to advertise LE packets. These packets will be constantly advertised as the this is if it is an LE server, If you go for scan using an GATT Client you will get the name of your bluez device on the scan list.
Use the following commands below:
Set the LE advertisement packets by the following command:
sudo hcitool -i hcix cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 E2 0A 39 F4 73 F5 4B C4 A1 2F 17 D1 AD 07 A9 61 00 00 00 00 C8 00
· Now advertise the LE packets by the following command:
sudo hciconfig hcix leadv
I believe it is not possible to setup GattServer from CLI.
Mainly because it is a upper layer functionality so there is no tool available to do it (as most of the tools provide lower layer functionalities).
But you can use mimic the way bluez creates service using dbus.
We needed a GattService with two characteristics (R,W,N)
What we ended up doing was following -
1. use the libgdbus (from bluez source) It has all the dbus wrapper to register services to bluez.
Created a translator (socket IPC) to separate the licensing issue (GPL)
Send command to the service registrar to create a service
e,g - op_code = create_service, uuid = 'service_uuid'
op_code = create_charac, uuid='charac_uuid' flags='rwn'
Hope this helps.

Testing that a website is using Kerberos authentication

How do you go about checking that an IIS website is successfully using Kerberos and not falling back on NTLM?
One way I found to test in code that you are using Kerberos is that that the HTTP_AUTHORIZATION header for NTLM always starts with the following:
Negotiate TlRMTVNTUA
If the header doesn't start with text then the browser is authenticating using Kerberos.
Fiddler2 will indicate if the authentication header is NTLM vs Kerberos.
Authorization Header (Negotiate) appears to contain a Kerberos ticket:
60 82 13 7B 06 06 2B 06 01 05 05 02 A0 82 13 6F `.{..+..... .o
WWW-Authenticate Header (Negotiate) appears to be a Kerberos reply:
A1 81 A0 30 81 9D A0 03 0A 01 00 A1 0B 06 09 2A ¡ 0 ....¡...*
The easiest way that I can think of is to use wireshark to watch the network packets and verify that your IIS server is requesting Kerberos Tickets from your DC.
You can check the security log in the event viewer of the web server.
You can also launch KerbTray on the client machine and check if it's using the correct SPN. Kerbtray is available here (don't worry, it's not Win2000 only).
I use the security log in the event viewer to check like someone already mentioned. Here is a successful kerb auth:
Successful Network Logon:
User Name: {Username here}
Domain: {Domain name here}
Logon ID: (0x0,0x########)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {########-####-####-####-############}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Well, Negotiate can also be Kerberos, because it is a wrapper over Kerberos and NTLM. Like other guys said, Wireshark (or Network Monitor) and Security event log will not cheat you.

Resources