MTU Mismatch and TCP Retransmissions
We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times.
I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel.
Unlock hidden Synaptics Touch Pad settings in windows 10
I was working on a ZBook G3 the other day and ran into an infuriating issue with its Synaptics Touch Pad: The touch sensitivity out-of-the-box was set so high that when I slowly moved the cursor it would get jittery and not respond.
While examining specific trackpad details, I found that I have a Synaptics LuxPad V1.3 device that communicates using an SMB port (whatever that is!)
In investigating this further I found that the Synaptics driver hides the 'advanced settings' from windows 10 users for some inexplicable reason. Once enabled I was able to fine-tune the trackpad settings to be more bearable.
How to use the ruby Net::SSH gem to automate a NetScreen SSG
I recently had to automate the configuration of a NetScreen SSG device and decided to use ruby along with the net ssh gem to accomplish this.
The trouble is that when I use the basic ssh connection / command syntax listed on the github page I get an empty string back as a result, no matter what command I execute.
There is a way to automate ssh commands via the the channel api, though!
Updated May 21st, 2016: The NetScreen device is a far more wiley device than I had originally anticipated, so my original solution ended up not working. I dug deep and found a better way to automate the netscreen device.
NFS Exports on Centos 7 to ESXi
I spent a couple hours troubleshooting NFS today. The backup server I setup in 2010 is wearing out so I upgraded to a shiny new T320 (on sale!) and set out to reconfigure my NFS backup datastore to point to the new backup server.
Since I haven't played around with NFS in ages, I had forgotten what a joy it could be /s
In the end everything worked once I got the configuration straightened up, so yay!
pfSense Community Update: radiusd won't start in GUI
I've used pfSense in certain parts of my network for several years now. While there is occasionally a hiccup, most of the time the product works perfectly for my needs. Today I updated my installations to the latest update which re-brands the web console as "pfSense Community Edition". After the update I was unable to start the Radius service via the web console.
Configure a Centos 7 Samba Server to Use a Secure LDAP Authentication
I'm in the midst of re-implementing our network. Phase 1 entailed standing up a new OpenLDAP Server. Phase 2 involves setting up a new Samba server that can take user and groups from LDAP and use them to assign share permissions.
This guide will show how to take a Centos 7 Samba installation and configure it to talk securely to an LDAP server for authentication.
I will also cover how to get SMB3 transport encryption setup and working.
Configure Centos 7 and OpenLDAP for secure connections
As part of a network infrastructure refresh I ended up rebuilding our OpenLDAP and Samba servers so they would play nicely with each other. Configuring OpenLDAP is a non-trivial exercise which required examining dozens of web pages and PDFs to get the information I needed to complete my task.
Unfortunately, most resources out there on the internet revolve around configuring the slapd.conf file, which isn't a viable solution when standing up a new server given that OpenLDAP uses a newer and much more confusing system to store its settings.
This guide will walk through setting up OpenLDAP server that communicates using a self-signed certificate (LDAPS over port 636) and that has the appropriate schema files which allow a separate samba server to leverage OpenLDAP for share permissions (configuring Samba is a different article for another day!)
ldapadd: invalid format (line 16) entry: ""
While setting up a new OpenLDAP server (v2.4.40) I encountered an error message while running ldapadd to configure my base directory tree:
[rtrz@tehbox config_n_stuff]# ldapadd -x -W -D "cn=Manager,dc=domain,dc=tld" -f /var/prototypes/ldap_config/dit.domain.tld.ldif
Enter LDAP Password:
adding new entry "dc=domain,dc=tld"
ldapadd: invalid format (line 16) entry: ""
The solution to the problem was to remove the tab from line 16 of my ldif file. Apparently OpenLDAP does not like whitespace on blank or empty lines. Go figure.
rsyslog ommail doesn't work with SELinux enabled
I setup a new Centos 7 box yesterday and configured rsyslog to send me an email whenever there is a successful authentication attempt. The funny thing was that no email would get sent when rsyslog was run as a service, yet when I ran it directly from the command line it seemed to work correctly.
In digging deeper I found that SELinux was blocking syslog from sending emails and was able to resolve it with a few configuration changes.
Disable Karabiner for apps run through Codeweavers Crossover
At my new job we use a lot of Macs, so I have been reacquainting myself with OS X. To help me feel more at home I've been using Karabiner to remap keystrokes in ways that help Linux/Windows users like myself be more comfortable.
After moving to a MacBook I find I still need the occasional windows application to be productive so I use Codeweavers CrossOver. Not surprisingly, Karabiner doesn't care what application is running and performs its remapping regardless of the application being run.
I needed my Home/End keys to work correctly both inside and outside the Crossover environment so I reconfigured Karabiner to allow for this.