To get the members of a group, we need to login into a server with an admin account.
The admin account is member of another domain in the same forest, but the groups are in a different domain. In order to perform the inquiry, an AD controller server for the target domain must be specified.
Get-ADGroup -Filter { Name -like "*the searched_group*" } -Server DC.TARGET.TLD | Get-ADGroupMember -Server DC.TARGET.TLD | Select-Object name, objectClass | Out-GridView
Image
Monday, December 04, 2023
List Members of AD groups
Thursday, November 02, 2023
MULTIPLE SAMBA INSTANCES
In order to allow clients with different encryption levels access to the same network share, multiple instances of SAMBA must be configured on the same machine. We are benefiting from a feature of SAMBA called “bind_interface” that allow a certain instance to only run on a specific network interface. If only one interface is available, “Virtual interfaces” might be defined.
Optional step – Define virtual interfaces:
cd /etc/sysconfig/network-scripts
vi ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
IPADDR=192.168.127.1
NETMASK=255.255.0.0
NETWORK=192.168.0.0
BROADCAST=192.168.100.255
ONBOOT=yes
TYPE=Ethernet
vi ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
IPADDR=192.168.127.2
NETMASK=255.255.0.0
NETWORK=192.168.0.0
BROADCAST=192.168.100.255
ONBOOT=yes
TYPE=Ethernet
vi /etc/hosts
192.168.127.1 SMB1.domain.tld SMB1
192.168.127.2 SMB2.domain.tld SMB2
Step 1 – Prepare directories for instances:
mkdir -p /var/run/samba/SMB1 /var/run/samba/SMB2
mkdir -p /var/cache/samba/SMB1 /var/cache/samba/SMB2
mkdir -p /var/log/samba/SMB1 /var/log/samba/SMB2
Step 2 – Modify logrotate to care for the new log directories:
vi /etc/logrotate.d/samba
/var/log/samba/SMB*/log.* {
[…]
/bin/kill -HUP \`cat /var/run/samba/SMB1/smbd.pid /var/run/samba/SMB1/nmbd.pid /var/run/samba/SMB1/winbindd.pid 2> /dev/null\` 2> /dev/null || true
/bin/kill -HUP \`cat /var/run/samba/SMB2/smbd.pid /var/run/samba/SMB2/nmbd.pid /var/run/samba/SMB2/winbindd.pid 2> /dev/null\` 2> /dev/null || true
}
Step 3 – Create two configuration files:
vi /etc/samba/samba.conf.SMB1
[global]
workgroup = WORKGROUP
client min protocol = NT1
server min protocol = NT1
client ipc min protocol = NT1
client ipc signing = desired
client plaintext auth = yes
ntlm auth = ntlmv1-permitted
null passwords = yes
netbios name = SMB1
pid directory = /var/run/samba/SMB1
lock directory = /var/cache/samba/SMB1
private dir = /var/cache/samba/SMB1
server role = standalone
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
bind interfaces only = yes
interfaces = lo;eth0:1
log file = /var/log/samba/SMB1/log.%m
logging = file
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[test]
Comment = Test Share
path = /tmp/test
browsable = yes
read only = no
guest ok = yes
vi /etc/samba/samba.conf.SMB2
[global]
workgroup = WORKGROUP
null passwords = yes
netbios name = SMB2
pid directory = /var/run/samba/SMB2
lock directory = /var/cache/samba/SMB2
private dir = /var/cache/samba/SMB2
server role = standalone
security = user
passdb backend = tdbsam
bind interfaces only = yes
interfaces = eth0:2
log file = /var/log/samba/SMB2/log.%m
logging = file
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[test]
Comment = Test Share
path = /tmp/test
browsable = yes
read only = no
guest ok = yes
Step 4 – Edit/create sysconfig configuration files:
vi /etc/sysconfig/samba.SMB1
SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"
NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"
vi /etc/sysconfig/samba.SMB2
SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"
NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"
Step 4 – Edit/create systemctl startup files:
vi /usr/lib/systemd/system/smb1.service
[Unit]
Description=Samba SMB1 Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target nmb1.service winbind.service
[Service]
Type=notify
PIDFile=/var/run/SMB1/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba.SMB1
ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/smb2.service
[Unit]
Description=Samba SMB2 Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target nmb2.service winbind.service
[Service]
Type=notify
PIDFile=/var/run/SMB2/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba.SMB2
ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/nmb1.service
[Unit]
Description=Samba NMB1 Daemon
Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=notify
PIDFile=/var/run/SMB1/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba.SMB1
ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/nmb2.service
[Unit]
Description=Samba NMB2 Daemon
Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=notify
PIDFile=/var/run/SMB2/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba.SMB2
ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba
[Install]
WantedBy=multi-user.target
Step 5 – Create local users:
useradd -d /tmp/test test
smbpasswd -c /etc/samba/smb.conf.SMB1 -a test
smbpasswd -c /etc/samba/smb.conf.SMB2 -a test
Step 6 – Enable & Start the new services:
systemctl daemon-reload
systemctl enable nmb2
systemctl enable smb2
systemctl enable smb1
systemctl enable nmb1
systemctl start nmb1
systemctl start nmb2
systemctl start smb1
systemctl start smb2
Step 6 – Test the share:
Ideally from a different Linux machine,
mkdir /tmp/1
mount-t cifs //SMB1.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=1.0
umount /tmp/1
mount-t cifs //SMB2.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=2.0
Monday, October 16, 2023
Friday, August 04, 2023
Generate pseudo-random, incremental serial numbers for motherboards
@echo off
setlocal enableextensions disabledelayedexpansion
for /f "tokens=1,* delims=:" %%a in ('
findstr /l /b /c:":::persist:::" "%~f0"
') do set "%%~b"
if not defined savedValue (
set "savedValue=%random%" && ( call :persist.write savedValue )
)
set /a savedValue=%savedValue%+1 && ( call :persist.write savedValue )
;;echo DEBUG: Recorded data %savedValue%
set ss=DW173878110%savedValue%
set bs=BTDN8389450%savedValue%
set su=00020003000400050006000700080i%savedValue%
AMIDEWINx64.EXE /CM "My Corporation" /BM "My Corporation" /BV J83500-205 /BP NUC7i7DNB /SM "My Corporation" /SV J85489-205 /SP NUC7i7DNHE /SS %ss% /BS %bs% /SU %su%
timeout 10 /nobreak >nul
goto :eof
:persist.write varName
if "%~1"=="" goto :eof
for %%a in ("%temp%\%~nx0.%random%%random%%random%.tmp") do (
findstr /l /v /b /c:":::persist::: %~1=" "%~f0" > "%%~fa"
>"%~f0" (
type "%%~fa"
setlocal enabledelayedexpansion
echo(:::persist::: %~1=!%~1!
endlocal
)
del /q "%%~fa"
)
goto :eof
Friday, May 05, 2023
Pingresults
Ping a host once every X seconds and save the result in a csv:
@echo off
SETLOCAL
if [%1]==[/?] goto :help
::Set the address to ping
set address=%1
if [%1]==[] goto :fatal
::Set the destination filename
set filename=%2
if [%2]==[] set filename=pingres.csv
::Set delay between pings (seconds)
set delay=%3
if [%3]==[] set delay=30
:: some info
echo.
echo Running %0 %address% %filename% %delay% - press "Q" for at least %delay%s to quit.
echo.
:: Prepare csv header
echo Time, Target, Lag > %filename%
:loop
::Ping
for /F "tokens=7 delims== " %%l in ('ping -n 1 %address%^|findstr /i "time="') do set lag=%%l
::echo Current ping for %address%: %ping%
<nul set /p =.
::Set Timestamp
set curTime= %date:~0,4%/%DATE:~5,2%/%DATE:~8,3%-%time:~0,2%:%time:~3,2%:%time:~6,2%
::Write in .csv
echo %curTime%, %address%, %lag% >> %filename%
::delay
timeout /T %delay% /nobreak >nul
::keypress
choice /c QWERTY /d Y /t 1 /n >nul
if %errorlevel%==1 ( exit /B 0)
goto :loop
:help
echo.
echo Usage: %0 target resultfile delay
echo if not specified, resultfile is "pingres.csv" and delay is 30s
:fatal
echo.
echo You need to provide at least the hostname/IP of the target
echo type %0 /? for help
exit /B 1
ENDLOCAL
Sunday, April 09, 2023
Stop a service and wait for it to stop
@echo off
:: echo without NewLine
<nul set /p =Please wait. Stopping Service...
:: request stop service
sc stop "service we need to stop" >nul
:: wait up to 30 seconds for the service to stop
set a=1
set tmout=30
:retry
:: is it stopped ?
sc query "service we need to stop" | find "STOPPED"
if errorlevel 1 (
:: echo dots on the same line
<nul set /p =.
timeout 1 /nobreak >nul
set /a a += 1
if %%a%% lss %%tmout%% goto retry
)
:: allow one second to see the messages
timeout 1 /nobreak >nul
Friday, March 31, 2023
Reset ILO password without OS
If you have an OS installed is simple, just use hponcfg and you can change the password as explained in https://blog.toma.guru/2015/04/hp-ilo-linux-reset-password.html but if no OS is available, then hope is not lost, you can use the iLO Physical Presence Button.
On RX2800 Itanium iLO Physical Presence Button is hidden behind the small red hole
As stated on https://support.hpe.com/hpesc/public/docDisplay?docId=c02728748
The iLO 3 physical presence button enables to reset iLO 3 and reset the user-specific values to factory default values. A momentary press causes a soft reset of iLO 3 when the button is released. The iLO 3 Physical Presence button enables to reset iLO, enter TPM physical presence mode, and enter security override mode.
-
A momentary press of the button resets iLO and clears any security override or TPM physical presence mode that were initiated by this button.
-
A greater than 4 seconds less than 8 seconds, press of the button places the system in physical presence mode for up to 15 minutes.
-
A greater than 8 seconds less than 12 seconds, press of this button places iLO into security override mode for up to 15 minutes. Security override mode enables to enter iLO without being challenged for a password enabling to set up users.
The UID LED blinks once after holding the button for 4 seconds and once after holding the button for 8 seconds to help gauge how long the button press has been held.
Sunday, December 18, 2022
Verify if the files refered by a variable in another files exists
If the file does not exist, rename the referencing file in *.BAD
SETLOCAL ENABLEDELAYEDEXPANSION
::use local variables
set di=c:\temp
for %%f in (%di%\*.ctl) do (
set di=c:\temp
for %%f in (%di%\*.ctl) do (
::look in every file that ends in .ctl
for /f "tokens=1,* delims==" %%a in ('findstr /i "object_name=" "%%f"') do (
for /f "tokens=1,* delims==" %%a in ('findstr /i "object_name=" "%%f"') do (
::get the name of the second file from the variable "object_name"
if not exist "%di%\%%b"(
if not exist "%di%\%%b"(
::if the second file does not exist
move /y "%%f" "%%f.BAD" >>%di%\script_report.log
move /y "%%f" "%%f.BAD" >>%di%\script_report.log
::rename the .ctl file in .bad and let a trace in a logfile
)
)
)
ENDLOCAL
type aaa.ctl:
[...]
object_name=File.txt
[...]
Subscribe to:
Posts (Atom)