MRV LX Console Server to Cisco Pinout

Crimp a RJ45 cable with the following pinout

1 <-> 1
2 <-> 7
3 <-> 6
4 <-> 5
5 <-> 4
6 <-> 3
7 <-> 2
8 <-> 8

On the MRV LX, use the following settings

– Flow Control to “None”
– Banner to “None”
– Disable “AutoHangup”
– Change Prompt to empty string

You can now access your cisco devices through your MRV LX Console server

Update: Extreme Network devices will work with the regular blue cisco serial cable. Console to switch, RJ45 to MRV

Using Live CDs to help repair/diagnose a PC

When I work on a Windows machine, I usually end up coming across a missing/corrupt driver. On Windows it is next to impossible to figure out what kind of hardware is in your computer without having the driver installed. You could google for a device id, but you’re going to get a lot of wrong answers.

A better solution is using a live CD. Any recent one will work; the tools you’re using will work regardless.

lspci – List all PCI Devices

01:00.0 VGA compatible controller: nVidia Corporation GeForce 8400M GS (rev a1)
03:01.0 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller (rev 05)
03:01.1 Generic system peripheral [0805]: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 22)
03:01.2 System peripheral: Ricoh Co Ltd R5C843 MMC Host Controller (rev 12)
03:01.3 System peripheral: Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter (rev 12)
03:01.4 System peripheral: Ricoh Co Ltd xD-Picture Card Controller (rev 12)
09:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5906M Fast Ethernet PCI Express (rev 02)
0c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

Want to know the model of your network card, even if Linux doesn’t support it? No quite sure what kind of nvidia card you have? Done.

You might say, “Well sure, that’s nifty. But what about USB devices?”

lsusb – List USB Devices

Bus 004 Device 002: ID 046d:c50e Logitech, Inc. MX-1000 Cordless Mouse Receiver

dmesg – Outputs nifty stuff about your computer

From hard drives, to being able to see if the machine detected a new USB device to what wireless cards were detected dmesg offers a ton of information. I suggest using grep and more; my dmesg is 541 lines long, and it wouldn’t be surprising for yours to be more.

It it also a great place to find error messages (failling hardware generally shows up here).

[    7.616000] sd 2:0:0:0: [sda] 156301488 512-byte hardware sectors (80026 MB)

[   16.076000] iwl3945: Tunable channels: 11 802.11bg, 13 802.11a channels

Want to see how much memory is actually being detected? (Windows and many BIOS’s round these numbers)

cat /proc/meminfo

Want to know a bunch of information about the CPU in the machine? Then cpuinfo is for you.

cat /proc/cpuinfo

Run Levels

In Linux, you generally have run levels that range from 0-6.

0: Halt (shutdown) the system
1: Single user mode (major upgrades, maintenance, etc.)
2: Basic multi user mode
3: Full multi user mode
4: Unused (custom)
5: Multi user mode with GUI
6: Reboot

0,1 and 6 are always the same, but different distros do different things with the other run levels (for example, Debian-based systems use run level 2 for GUI and full multi-user mode)

You can see what services start at what run level by looking in the directory /etc/rc#.d where # is the run level number.

The run level number can be found in /etc/inittab (id:2:initdefault: for example)
If you were to look in /etc/rc2.d, you would see files that look like:

S99program

These are usually symbolic links to files in /etc/init.d (so a change to /etc/init.d/program would change the programs script for every run level).

Start-up scripts in Linux follow the form “start-stop” (at minimum). Many have “start-stop-restart-reload-check” or possible more.

A basic start-stop script would look like this:

#!/bin/bash
case $1 in
start)
program
;;
stop)
program
;;
esac

Don’t forget

chmod +x script

This is useful to know, especially if you are dealing with a machine that may need specific commands to be run when booting or shutting down in order to function properly (for example, in the radio station we need the client machines to run dhclient at S99 in order to obtain an IP address).

These scripts are not all run at once (by default). S##program where ## is the priority of the script.

S99 will run last, while S10 will run before most other things.

Obtain free Cisco IOS upgrades

0. Determine who purchased the device. You will need to send an email from their CCO registered account. This does not mean it needs an active contract.
1. Log onto the device and capture all of the output of “show version”
2. Go to http://tools.cisco.com/security/center/selectIOSVersion.x  and select the “B” option to use the “show version” output
3. Choose to view all security vulnerabilties
4. Send an email to [email protected] with
  • ​The output of “show version” in the body of the e-mail
  • Serial number of the device in the body of the e-mail (yes, even though it’s in show ver)
  • A list of all vulnerabilities for the selected IOS from cisco’s website in the body of the e-mail (just copy and paste the links)
  • Request a non-vulnerable IOS version

 

​5. Wait and they should send you a link to download the IOS.

Cisco wireless access point and Windows 2008 RADIUS EAP Authentication

Configure Windows server for RADIUS
1. Install NPS and CA authority roles if you have not already
2. Go to Computer Management. Roles – Network Policy and Access –  NPS (Local) – RADIUS Clients
3. Create new RADIUS client

 

  • ​Friendly name: Name of AP (Example: corp-ap-1141-il)
  • IP Address: IP of AP
  • Shared Secret – Manual (Generate a random 12+ digit key with no special chars)
  • Under “Advanced” tab, Vendor name: Cisco and check “RADIUS client is NAP capable”

4. Under NPS – Policies –  Network Policies create a new Policy called ‘Cisco AP Radius’

  • ​Condition Tab: Windows Groups (Domain Users)
  • Constraints Tab
    • Auth Methods: Add all three auth methods. Check MS-CHAPv2, MS-CHAP, CHAP and PAP/SPAP
    • NAS Port Type: Select Wireless 802.11 under Common 802.1x types and “Wireless Other” under “Others”
  • Settings Tab
    • Standard: add Service-Type Login

​5. When done, move the Cisco AP Radius policy to the #1 position

 
​Configure Cisco AP for RADIUS

 
1. Enter in RADIUS group information
aaa new-model
aaa group server radius rad_eap
     server 10.0.0.3 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa session-id common
radius-server host 10.0.0.3 auth-port 1812 acct-port 1813 key KEYYOUGENERATEDEARILER
dot11 ssid CompanyWifi
   no authentication open
   no wpa-psk ascii
   authentication open eap eap_methods
   authentication network-eap eap_methods

2. Try to connect with a client computer. Debug on AP with: debug radius authentication​

 

Migration of a live linux system

1. Prep machine or VM for the migration. On the destination server, boot with a live CD (CentOS, Debian, etc.). Partition drives.

I am assuming you are using just one partition, adding other partitions is trivial.

2. Mount drive and transfer system

 

mkdir /media/chroot
mount /dev/sda1 /media/chroot
rsync -az –exclude ‘proc’ –exclude ‘sys’ –exclude ‘dev’ –exclude ‘media’ –exclude ‘mnt’ root@source_server:/ /media/chroot
mkdir /media/chroot/dev
mkdir /media/chroot/proc
mkdir /media/chroot/sys
mount –bind /dev /media/chroot/dev

 

3.  Chroot into system

 

chroot /media/chroot
mount /proc
mount /sys
mv /boot/grub/device.map /boot/grub/device.map.old
grub-mkdevicemap
update-grub
install-grub /dev/sda

 

Also make sure to edit /etc/fstab with your new device IDs/partitions. You can view a list of device IDs by doing

 

ls -l /dev/disk/by-uuid

 

When you are done, reboot.

3. System show now boot successfully

 

Linux copy GPT partition table with dd

I recently had to copy the partition table of a 3TB disk in a situation where tools such as sfdisk could not be installed.

Since GPT table length is dependant on the number of partitions, you need to do some investigation.

In this case, it was a ‘QNAP’ server that had fdisk (no GPT support) and parted.

On a working drive, run

parted -ms /dev/sda print

Note the number of partitions.

Formula = (128*N)+1024

Where N is the number of partitions you have. In this case I had 4, so I end up with a value of 1536

dd if=/dev/sda of=GPT_TABLE bs=1 count=1536

You now have a backup of a valid partition table you can apply to another drive

dd if=GPT_TABLE of=/dev/sdb bs=1 count=1536

Once this was done, you can manually re-add the drive.

mdadm –manage /dev/md0 –add /dev/sdb3

If you are wondering how we determined the sd[a-z], we accomplished this through hot-swapping the drive to generate logs indicating the drive.

Now why this supposedly automated RAID product required this…

Recover rpool ZFS pools and snapshots on Solaris 10 SPARC

I assume you’ve already taken a recursive ZFS snapshot and sent the snapshot/pool off to your local NFS server.

In this example, I have a Netra X1 with 2 drives (mirrored)

Now you need to boot your Solaris 10 CD/DVD, either from physical media or over the network


boot net -s

or


boot cdrom -s

Important: Make sure your disks are labeled correctly! (SMI)


format -e c0t0d0s0
>label
>0 (For SMI)
>modify
>Free Space Hog (Select s0, not s6)

Do the same for your other disk as well (In my case, c0t2d0s0)

Create your rpool


zpool create -f -o failmode=continue -R /a -m legacy -o cachefile=/etc/zfs/zpool.cache rpool mirror c0t0d0s0 c0t2d0s0

Mount NFS


mkdir /tmp/a
mount 192.168.1.1:/archives /tmp/a

ZFS Receive


zfs receive -dvuF rpool < /tmp/a/archive/rpool-backup

Set which pool you want to boot from


zpool set bootfs=rpool/ROOT/s10s_u8wos_08a rpool

Install boot blocks (SPARC)


installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk /dev/rdsk/c0t0d0s0
installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk /dev/rdsk/c0t2d0s0

Reboot


reboot -- disk

Ubuntu One Review

I’ve been using Dropbox since the service launched and have overall been very happy with it. My only complaint was that if you decide to pay there are only two tiers available: 50 and 100GB. ($99 and $199 a year respectively).

Having tried Ubuntu One when it first came out (when you could only use it on Linux) I was hesitant to try again. Checking out their website I was pleasantly surprised to see that we get 5GB free (compared to DropBox’s 2GB) and that getting 20GB was only $29 a year (or $2.99 a month). However, they still do not have a Windows client!

The first thing I did was install it on my Android phone. After it installed, I opened it and was greeted by a very clean looking interface. Unfortunately that was mostly illusion for as soon as I clicked ‘Log In’ it took me away from the app and opened up the default web browser to one.ubuntu.com

To make it even worse, the browser window just displayed an error of ‘Something has gone wrong’. Three more attempts, each time an error. Attempting to use their website on my laptop showed frequent timeouts at this same time.

Wow… really? That certainly raises a red flag.

After giving up for the night, the next morning I tried again and it worked on the first try.

After authenticating, it gives me the option to upload all past and future photos, all future photos or none.

Much like Photobucket the “auto-upload” does NOT allow you to define directories to grab images from, making the feature next to worthless if you use any apps that download photos to your phone. In fact the only options for the auto-upload are a checkbox to enable/disable and how quickly you want it to start uploading your photos when it detects them.

Pros:

  • 5GB of storage (compared to 2GB dropbox)
  • Finally has support for other devices
  • Cheaper upgrade option (compared to dropbox)

Cons:

  • Poorly made app (relies on web browser, doesn’t work half the time…)
  • Auto-upload is a tacked on feature with no way to customize
  • Unreliable website
  • Still no windows client? It’s been 2+ years!

Conclusion

Avoid Ubuntu One.

Unlike Dropbox (which supports every OS I’ve thrown at it) you will be unable to use Ubuntu One while you’re at work/school assuming they run Windows. Same for OSX.

Their Android app is flaky and still needs quite a bit of work. Their website was having difficulties which does not bode well for their infrastructure.

If you have your files “in the cloud” you want to be guaranteed you will be able to access them.

To sum it up: Ubuntu One isn’t worth it, even when you’re using the Free plan.

LDAP User Add Script

A bug with phpldapadmin in Ubuntu 10.04 has forced me to find other ways to add a generic Linux account to LDAP.

This consists of three files; I keep them in /root/ldap and have a symlink to add_ldap_user.sh in /usr/local/bin

add_ldap_user.sh Script

last.uid The last used UID, auto-incriments

user.ldif Sample linux account in LDIF format

add_ldap_user.sh


#!/bin/bash
NEWUID=`cat /root/ldap/last.uid`
echo -ne "First Name: "
read FIRST
echo -ne "Last Name: "
read LAST
echo -ne "User Name: "
read USERNAME

sed “s/FIRST/`echo $FIRST`/g” /root/ldap/user.ldif > /root/ldap/temp
sed “s/LAST/`echo $LAST`/g” /root/ldap/temp > /root/ldap/temp2
sed “s/USERNAME/`echo $USERNAME`/g” /root/ldap/temp2 > /root/ldap/temp
sed “s/USERUID/`echo $NEWUID`/g” /root/ldap/temp > /root/ldap/temp2

ldapadd -x -w`cat /etc/ldap.secret` -D “cn=admin,dc=YOUR,dc=HOSTNAME” < /root/ldap/temp2
echo `expr $NEWUID + 1` > /root/ldap/last.uid
rm /root/ldap/temp
rm /root/ldap/temp2
passwd $USERNAME

user.ldif


dn: cn=FIRST LAST,ou=People,dc=YOUR,dc=HOSTNAME
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
givenName: FIRST
sn: LAST
cn: FIRST LAST
uid: USERNAME
userPassword: {MD5}QaJUwABOZ6gUsv/xOD/FOQ==
gidNumber: 100
homeDirectory: /home/USERNAME
loginShell: /bin/bash
uidNumber: USERUID

last.uid

1900

Note that because the LDIF contains a place-holder password, you must be able to run ‘passwd LDAP-USER’ on the host you are running this on.