Image

Image

Search This Blog

Monday, December 04, 2023

List Members of AD groups

To get the members of a group, we need to login into a server with an admin account.

The admin account is member of another domain in the same forest, but the groups are in a different domain. In order to perform the inquiry, an AD controller server for the target domain must be specified.

Simple select: Get-ADGroup -Filter { Name -like "*the_searched_group*" } -Server DC.TARGET.TLD | Get-ADGroupMember -Server DC.TARGET.TLD | Select-Object name, objectClass | Out-GridView

#to be run as normal user, so excel lauches without interference, it will ask for admin cred when needed

$wrkfldr='C:\temp'
$server='DC.TARGET.TLD'
$grps="app*-VNC*"
$cred = Get-Credential;
$ErrorActionPreference= 'silentlycontinue'

$excel = New-Object -ComObject Excel.Application
$excel.Visible = $true
$wb = $excel.Workbooks.Add()

$groups = Get-ADGroup -Credential $cred -filter { name -like $grps } -server $server | Select Name -ExpandProperty Name

foreach ($group in $groups){ Get-ADGroupMember -Credential $cred -identity $group -server $server | Where-Object {$_.objectClass -eq "user"} | Select-Object Name | Export-Csv "$wrkfldr\$group.csv" -NoTypeInformation }

Get-ChildItem $wrkfldr\*.csv | ForEach-Object {
if ((Import-Csv $_.FullName).Length -gt 0) {
    $csvBook = $excel.Workbooks.Open($_.FullName)
    $csvBook.ActiveSheet.Copy($wb.Worksheets($wb.Worksheets.Count))
    $csvBook.Close()
    }
}

Thursday, November 02, 2023

MULTIPLE SAMBA INSTANCES

 

In order to allow clients with different encryption levels access to the same network share, multiple instances of SAMBA must be configured on the same machine. We are benefiting from a feature of SAMBA called “bind_interface” that allow a certain instance to only run on a specific network interface. If only one interface is available, “Virtual interfaces” might be defined.


Optional step – Define virtual interfaces:

cd /etc/sysconfig/network-scripts

vi ifcfg-eth0:1

DEVICE=eth0:1

BOOTPROTO=static

IPADDR=192.168.127.1

NETMASK=255.255.0.0

NETWORK=192.168.0.0

BROADCAST=192.168.100.255

ONBOOT=yes

TYPE=Ethernet


vi ifcfg-eth0:2

DEVICE=eth0:2

BOOTPROTO=static

IPADDR=192.168.127.2

NETMASK=255.255.0.0

NETWORK=192.168.0.0

BROADCAST=192.168.100.255

ONBOOT=yes

TYPE=Ethernet


vi /etc/hosts

192.168.127.1 SMB1.domain.tld SMB1

192.168.127.2 SMB2.domain.tld SMB2



Step 1 – Prepare directories for instances:

mkdir -p /var/run/samba/SMB1 /var/run/samba/SMB2

mkdir -p /var/cache/samba/SMB1 /var/cache/samba/SMB2

mkdir -p /var/log/samba/SMB1 /var/log/samba/SMB2



Step 2 – Modify logrotate to care for the new log directories:

vi /etc/logrotate.d/samba

/var/log/samba/SMB*/log.* {

[…]

/bin/kill -HUP \`cat /var/run/samba/SMB1/smbd.pid /var/run/samba/SMB1/nmbd.pid /var/run/samba/SMB1/winbindd.pid 2> /dev/null\` 2> /dev/null || true

/bin/kill -HUP \`cat /var/run/samba/SMB2/smbd.pid /var/run/samba/SMB2/nmbd.pid /var/run/samba/SMB2/winbindd.pid 2> /dev/null\` 2> /dev/null || true

}


Step 3 – Create two configuration files:


vi /etc/samba/samba.conf.SMB1

[global]

workgroup = WORKGROUP

client min protocol = NT1

server min protocol = NT1

client ipc min protocol = NT1

client ipc signing = desired

client plaintext auth = yes

ntlm auth = ntlmv1-permitted

null passwords = yes

netbios name = SMB1

pid directory = /var/run/samba/SMB1

lock directory = /var/cache/samba/SMB1

private dir = /var/cache/samba/SMB1

server role = standalone

security = user

passdb backend = tdbsam

guest account = nobody

map to guest = Bad User

bind interfaces only = yes

interfaces = lo;eth0:1

log file = /var/log/samba/SMB1/log.%m

logging = file

log level = 2

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes

[test]

Comment = Test Share

path = /tmp/test

browsable = yes

read only = no

guest ok = yes


vi /etc/samba/samba.conf.SMB2

[global]

workgroup = WORKGROUP

null passwords = yes

netbios name = SMB2

pid directory = /var/run/samba/SMB2

lock directory = /var/cache/samba/SMB2

private dir = /var/cache/samba/SMB2

server role = standalone

security = user

passdb backend = tdbsam

bind interfaces only = yes

interfaces = eth0:2

log file = /var/log/samba/SMB2/log.%m

logging = file

log level = 2

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes

[test]

Comment = Test Share

path = /tmp/test

browsable = yes

read only = no

guest ok = yes


Step 4 – Edit/create sysconfig configuration files:


vi /etc/sysconfig/samba.SMB1

SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"

NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"


vi /etc/sysconfig/samba.SMB2

SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"

NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"


Step 4 – Edit/create systemctl startup files:


vi /usr/lib/systemd/system/smb1.service

[Unit]

Description=Samba SMB1 Daemon

Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target nmb1.service winbind.service

[Service]

Type=notify

PIDFile=/var/run/SMB1/smbd.pid

LimitNOFILE=16384

EnvironmentFile=-/etc/sysconfig/samba.SMB1

ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/smb2.service

[Unit]

Description=Samba SMB2 Daemon

Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target nmb2.service winbind.service

[Service]

Type=notify

PIDFile=/var/run/SMB2/smbd.pid

LimitNOFILE=16384

EnvironmentFile=-/etc/sysconfig/samba.SMB2

ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/nmb1.service

[Unit]

Description=Samba NMB1 Daemon

Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target

[Service]

Type=notify

PIDFile=/var/run/SMB1/nmbd.pid

EnvironmentFile=-/etc/sysconfig/samba.SMB1

ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/nmb2.service

[Unit]

Description=Samba NMB2 Daemon

Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target

[Service]

Type=notify

PIDFile=/var/run/SMB2/nmbd.pid

EnvironmentFile=-/etc/sysconfig/samba.SMB2

ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba

[Install]

WantedBy=multi-user.target


Step 5 – Create local users:


useradd -d /tmp/test test

smbpasswd -c /etc/samba/smb.conf.SMB1 -a test

smbpasswd -c /etc/samba/smb.conf.SMB2 -a test



Step 6 – Enable & Start the new services:


systemctl daemon-reload

systemctl enable nmb2

systemctl enable smb2

systemctl enable smb1

systemctl enable nmb1

systemctl start nmb1

systemctl start nmb2

systemctl start smb1

systemctl start smb2



Step 6 – Test the share:


Ideally from a different Linux machine,

mkdir /tmp/1

mount-t cifs //SMB1.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=1.0

umount /tmp/1

mount-t cifs //SMB2.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=2.0



Monday, October 16, 2023

18

Not the best year.

Friday, August 04, 2023

Generate pseudo-random, incremental serial numbers for motherboards

 

@echo off

    setlocal enableextensions disabledelayedexpansion

 

for /f "tokens=1,* delims=:" %%a in ('

        findstr /l /b /c:":::persist:::" "%~f0"

') do set "%%~b"

if not defined savedValue (

        set "savedValue=%random%" && ( call :persist.write savedValue )

)

    set /a savedValue=%savedValue%+1  && ( call :persist.write savedValue )

    ;;echo DEBUG: Recorded data %savedValue%

    set ss=DW173878110%savedValue%

    set bs=BTDN8389450%savedValue%

    set su=00020003000400050006000700080i%savedValue%

AMIDEWINx64.EXE /CM "My Corporation" /BM "My Corporation" /BV J83500-205 /BP NUC7i7DNB  /SM "My Corporation" /SV J85489-205 /SP NUC7i7DNHE /SS %ss% /BS %bs% /SU %su%

    timeout 10 /nobreak >nul

goto :eof

 

:persist.write varName

    if "%~1"=="" goto :eof

    for %%a in ("%temp%\%~nx0.%random%%random%%random%.tmp") do (

        findstr /l /v /b /c:":::persist::: %~1=" "%~f0" > "%%~fa"

        >"%~f0" (

            type "%%~fa"

            setlocal enabledelayedexpansion

            echo(:::persist::: %~1=!%~1!

            endlocal

        )

        del /q "%%~fa"

    )

    goto :eof

 

Friday, May 05, 2023

Pingresults

Ping a host once every X seconds and save the result in a csv:

 

 

@echo off
SETLOCAL

if [%1]==[/?] goto :help

::Set the address to ping
set address=%1
if [%1]==[] goto :fatal

::Set the destination filename
set filename=%2
if [%2]==[] set filename=pingres.csv

::Set delay between pings (seconds)
set delay=%3
if [%3]==[] set delay=30

:: some info
echo.
echo Running %0 %address% %filename% %delay% - press "Q" for at least %delay%s to quit.
echo.

:: Prepare csv header
echo Time, Target, Lag > %filename%

:loop
::Ping
for /F "tokens=7 delims== " %%l in ('ping -n 1 %address%^|findstr /i "time="') do set lag=%%l

::echo Current ping for %address%: %ping%
<nul set /p =.

::Set Timestamp
set curTime= %date:~0,4%/%DATE:~5,2%/%DATE:~8,3%-%time:~0,2%:%time:~3,2%:%time:~6,2%

::Write in .csv
echo %curTime%, %address%, %lag% >> %filename%

::delay
timeout /T %delay% /nobreak >nul

::keypress
choice /c QWERTY /d Y /t 1 /n >nul
if %errorlevel%==1 ( exit /B 0)

goto :loop

:help
echo.
echo Usage: %0 target resultfile delay
echo if not specified, resultfile is "pingres.csv" and delay is 30s

:fatal
echo.
echo You need to provide at least the hostname/IP of the target
echo type %0 /? for help
exit /B 1

ENDLOCAL

Sunday, April 09, 2023

Stop a service and wait for it to stop

 

@echo off
:: echo without NewLine
 <nul set /p =Please wait. Stopping Service...
 :: request stop service
sc stop "service we need to stop" >nul
:: wait up to 30 seconds for the service to stop
set a=1
set tmout=30
:retry
:: is it stopped ?
sc query "service we need to stop" | find "STOPPED"
if errorlevel 1 (
:: echo dots on the same line
 <nul set /p =.
 timeout 1 /nobreak >nul
 set /a a += 1
if %%a%% lss %%tmout%%  goto retry
)
:: allow one second to see the messages
timeout 1 /nobreak >nul

Friday, March 31, 2023

Reset ILO password without OS

If you have an OS installed is simple, just use hponcfg and you can change the password as explained in https://blog.toma.guru/2015/04/hp-ilo-linux-reset-password.html but if no OS is available, then hope is not lost, you can use the iLO Physical Presence Button.

On RX2800 Itanium iLO Physical Presence Button is hidden behind the small red hole

 

As stated on https://support.hpe.com/hpesc/public/docDisplay?docId=c02728748

The iLO 3 physical presence button enables to reset iLO 3 and reset the user-specific values to factory default values. A momentary press causes a soft reset of iLO 3 when the button is released. The iLO 3 Physical Presence button enables to reset iLO, enter TPM physical presence mode, and enter security override mode.

  • A momentary press of the button resets iLO and clears any security override or TPM physical presence mode that were initiated by this button.

  • A greater than 4 seconds less than 8 seconds, press of the button places the system in physical presence mode for up to 15 minutes.

  • A greater than 8 seconds less than 12 seconds, press of this button places iLO into security override mode for up to 15 minutes. Security override mode enables to enter iLO without being challenged for a password enabling to set up users.

    The UID LED blinks once after holding the button for 4 seconds and once after holding the button for 8 seconds to help gauge how long the button press has been held.

 

 

Blog Archive