Wednesday, April 18, 2018

Ubuntu 16.04: Setting the display to turn off, turn on, and to never go to sleep.

I have an Ubuntu system I use for monitoring the network. I wanted the screen to turn on at 7am when I arrive at work and turn off at 3pm when I leave. Here's how I dd it:


  1. From the settings under Brightness and Lock I set:
    - disable Dim screen to save power
    - Set turn off screen when inactive for: Never
    - Disable Lock
  2. Then I ran chrontab -e to schedule turning the display on and off.
    0 7 * * 1-5 xset -display :0 dpms force on
    0 15 * * 1-5 xset -display :0 dpms force off
Note that I'm not root and did not sudo either of these commands. Crontab needs to be set as the user who is logged in. And "-display :0" specifies the physical screens.

Tuesday, March 13, 2018

Access Control List (ACL) odd behavior on Brocade VDX 6740.


Recently I was trying to configure ACLs on several of my VLANs with mixed results. Some would work, some wouldn't. Sometimes they'd work fine from one access layer switch and not work from another. I filed a ticket with Brocade and they suggest I upgrade my firmware to NOS 6.0.2f,  but that didn't help either.

Here's an example of one of my virtual interfaces on the router:

rbridge-id 1
 interface Ve 55
  ip access-group vlan55acl in
  ip dhcp relay address 10.100.110.29
  ip proxy-arp
  ip address 10.100.55.2/24
  vrrp-extended-group 55
   virtual-ip 10.100.55.1
   advertisement-interval 1
   enable
   no preempt-mode
   short-path-forwarding
  !
  no shutdown

After LOTS of banging my head against a wall I finally discovered that the short-path-forwarding command in the vrrp group was to blame. Occasionally traffic would arrive at a VE from an odd direction and would be stopped by the access list. Removing the short-path-forwarding command from the vrrp groups on all rbridges solved my problem

rbridge-id 1
 interface Ve 55
  ip access-group vlan55acl in
  ip dhcp relay address 10.100.110.29
  ip proxy-arp
  ip address 10.100.55.2/24
  vrrp-extended-group 55
   virtual-ip 10.100.55.1
   advertisement-interval 1
   enable
   no preempt-mode
  !
  no shutdown

Easy, User-Accessible Windows Server Disk Usage Reports

In my organization we have an FTP server which is used to transfer files between the corporate network and the secure media network. The server acts as a temporary transfer point and I have file expiration tasks which clear out old media, but depending on usage, occasionally the server may fill up. I'm not a media producer so I can't very well decide what gets deleted and the users of the system can't tell via the FTP interface whether the server is having other issues or if the drive is full. To make it easier for them to monitor I cobbled the following together:

Recipe for Monitoring Files Storage by Users:

  • IIS with Browsing Enabled.
  • File Resource Manager Role installed.
  • A soft quota for monitoring.
  • Automated storage reports.
  • File expiration tasks
With the above my users can go to http://ServerName and see a list of storage reports for the past 30 days.

Setting it up:
  1. Install the File Server Resource Manager role
  2. Install the IIS Role with directory browse.
  3. In File Server Resource Manager set up a quota for monitoring:
    1. Under Quota Management and Quotas right click and choose Create Quota.
    2. Create a soft quota with the limit matching the size of the drive you're monitoring.
  4. Create a Storage Report:
    1. Under Storage Reports Management create a new storage report.
    2. Under Settings and Report data check the Quota Usage box. Under Report formats choose HTML only.
    3. Under the Scope tab choose the drive you want to monitor.
    4. Schedule it as appropriate. I run mine once a day in the morning.
  5. Send the reports to the IIS root folder.
    1. Click on File Server Resource Manager (Local)
    2. Go to the Action menu and choose Configure Options
    3. Under the report locations and Scheduled reports folder choose the web root folder, in my case C:\inetpub\wwwroot\.
  6. Configure IIS for browsing:
    1. Select your Default Web Site and double click Configuration Editor.
    2. Under Section find system.webServer/directoryBrowse, change enabled to True, and click Apply in the Actions column.
    3. Delete the files which are already in your web root folder so you get a directory listing instead of the default IIS start page.
Now when your users go to http://YourServer they will see a list of storage reports so they can look for trends and also see how full the drive is as of that morning.

Thursday, January 4, 2018

Not all active directory users appear when using getent passwd - Joining Linux to Active Directory

We set up some Ubuntu 16.04 LTS workstations with Active Directory integration. It's works with Evolution with EWS support and passes on the credentials which is super nice. But not all of our Active Directory users could log in.

If I ran wbinfo -i I would get all the users in AD.
If I ran getent passwd I would get a subset of my AD users, specifically older accounts.

What I finally found was this: Most tutorials tell you to put the following lines in /etc/samba/smb.conf

idmap uid = 10000-20000
idmap gid = 10000-20000

What those lines do is translate your Active Directory SID to a unix UID (and GID.) It does this by taking the last section of your SID and adding 10000 to get your new UID. So, for example, if my SID ends in -0900 my UID would be 10900. (900+10000=10900.)

The problem is that we've had the same domain for many, many years so our SID are getting up there. A recent user had an SID ending in -29111. So his UID became 39111 which was past the range set up above. Anyone above that range isn't given a UID and therefor can't be logged in.

To fix this I changed the lines in /etc/samba.conf to

idmap uid = 10000-100000
idmap gid = 10000-100000
After doing so and restarting the client for good measure all my Active Directory accounts appeared when I ran getent passwd.

Thursday, December 22, 2016

Problems with IMAP4 and POP3 in Exchange 2010

We set up a new Exchange 2010 server (yes, in 2016) and soon discovered that IMAP and POP weren't working.

I checked the following:
  • Get-ImapSettings
  • Get-PopSettings
And both reported that everything was fine. Checking in the Exchange Management Console the banner string says "The Microsoft Exchange IMAP4 (or POP3) service is ready." Note, that's not a status, that's a thing which is displayed when clients connect. But all the settings look fine there too.

What else is there to check? Services. On my Exchange 2010 server I had to set both of these services:
  • Microsoft Exchange IMAP4
  • Microsoft Exchange POP3
To automatic and then start them. I'm not sure why they aren't set that way to begin with.

Wednesday, December 21, 2016

Forcing disconnected mailboxes to show up in Microsoft Exchange 2010

So you've disabled a bunch of mailboxes and you accidentally got rid of one that was still in use. Here's how to make them show up.

  1. Open the Exchange Management Shell.
  2. Run Clean-MailboxDatabase on the database in question. If you're like me and didn't take note of the database then you can run it on all of them:
    Get-MailboxDatabase | Clean-MailboxDatabase
  3. Give it few minutes depending on the number and size of your databases. Your freshly disconnected mailboxes should all appear in the Disconnected Mailboxes section of the Exchange Management Console pretty soon.
Now you need to reconnect it to the AD object. You cannot reconnect a mailbox to a disabled account. That stumped me for a bit.

Monday, December 19, 2016

Scheduling a mailbox move in Exchange 2010

Remember how Exchange 2007 used to have that handy feature via the GUI that would allow you to schedule a mailbox move? Exchange 2010 seems to have done away with that. Here's how I schedule mailbox moves with Exchange 2010:

  1. Create a suspended move request via the Exchange Management Shell. Here's an example where I'm creating three move requests.

    New-MoveRequest -Identity Person1 -TargetDatabase DB1 -BadItemLimit 50 -Suspend;
    New-MoveRequest -Identity Person2 -TargetDatabase DB2 -BadItemLimit 50 -Suspend;
    New-MoveRequest -Identity Person3 -TargetDatabase DB3 -BadItemLimit 50 -Suspend;
  2. Now those people are all queued up and ready to go. We want to move them in, say, 6 hours. Enter this command which pings localhost for 21600 seconds (6 hours) then fetches a list of suspended move requests and passes them on to the Resume-MoveRequest command. Note the semicolons after each command. These execute in series, not in parallel.

    ping localhost -n 21600; Get-MoveRequest | Resume-MoveRequest;