Thursday, February 20, 2014

clonezilla & dirty disks

yeah okay. so my helpdesk guy was out and i had to do things not systems-based.
I had an enduser which required the transfer of the contents of his larger physical drive to a Crucial solidstate drive.  
He is using a Lenovo X230.  His original drive was 500G and his new drive is 480G.

The standard procedure when using clonezilla is to:
1.  Make a failsafe backup of his original drive prior to any imaging.  Done
2.  Using gpartd, shrink original drive Windows7_OS partition 
(provided the partition is not full) to less than that of the new drive; if it is, 
then we use something to make data contiguous.   In this case, I shrank the partition to 450G.
3.  Boot the system and allow for the issurance of chkdsk.  Cleanly shut down system.  
In my case chkdsk flashed and closed.  Okay…
4.  Do a disk-to-disk copy.  Done.

For whatever reason, the drive was not marked as cleanly shut down and after 4, 
when I booted the system up, I received a BSOD.  Man!

So, I restored the original to another disk.  Well.  Since this is an X230, it has one of those spiffy slim-drives… anyway.  
It required a chkdsk, which prematurely ended. I did not have the patience to figure this out, so I proceeded to do a 
low-level dd to the new drive.    Despite the partition running over, the system did come up.  chkdsk came up and prematurely ended.

On the live system, I ran:
fsutil dirty query C:
The query had shown that C: was indeed dirty; the root of all problems!  

Since chkdsk /f /r was not working upon system boot, I created an ERD 6.5 x64 bootable CD - for this 
I required the MS Desktop Optimization Suite and a Windows7 disk.
I created the disk and booted, and selected 'command line'. 
For whatever reason ERD 6.5 does not have fsutil.  So, I went to the system's drive and issued fsutil 
and found that the system drive disk was dirty.
I issued chkdsk /f C: (recovery partition on a Levono) sans errors (awesome).  I then issued chkdsk /f D: 
(the system drive) and indeed there were bitmap errors.
After doing its fixes, chkdsk is supposed to mark the drive as clean.  I issued fsutil and all was well.

I rebooted the system and all was well.

Thus, the lesson learned is despite a system coming down clean prior to re-imaging, step .5 & 3.5 should be 
to issue fsutil and remedy.

Friday, February 14, 2014

apache reverse proxy

Enable the following modules
$ a2enmod proxy
$ a2enmod proxy_http
$ a2enmod vhost_alias
$ a2enmod rewrite

    DocumentRoot /there

    RewriteEngine on
    ProxyPass / http://nothere/com/ connectiontimeout=5 timeout=60
    ProxyPassReverse /
    ProxyRequests     Off

Restart Apache:
$ service apache2 restart

Friday, February 7, 2014

winbind nsswitch error

yeah. so i re-compiled my samba binaries and i see this:
  request_len_recv: Invalid request size received: 2096 (expected 2088)
oh super.
this says that the nsswitch subsystem is attempting to access winbind and it
 looks like i did not shut it down properly after i installed my new samba 
binaries.a ps aux will show that.  simply stop the service and kill 
any others

/etc/init.d/winbind stop

kill $(ps aux | grep 'winbind' | awk '{print $2}')

/etc/init.d/winbind stard

now stare at the log file:

tail -f -n 30 /var/log/samba/log.winbind

hopefully, all you'll see is:

[2014/02/07 12:00:00,  0] winbindd/winbindd.c:1348(main)
  winbindd version 3.6.8 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2011
[2014/02/07 12:00:00,965625,  0] winbindd/winbindd_cache.c:3147(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version number 2

some people say reboot the system.  i think it is better idea to see what's 
calling winbind; check and see if anything in /etc/nsswitch.conf or 
/etc/pam.d is pointing to it.  lsof can be a 
good friend, too.

Thursday, February 6, 2014

am i all alone with samba 3 and server 2012 r2


i spent my afternoon doing stuff and staring at output from this command:

tail -f -n 30 log.win2012adcontroller

i am seeing this:

  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
  Rejecting auth request from client WIN2012ADCONTROLLER machine account MSAD$

The Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain 
controllers does not allow the use of older cryptography algorithms that are compatible 
with Windows NT 4.0 by default.

well then:

Log on to a Windows Server 2008-based domain controller.
Click Start, click Run, type gpmc.msc, and then click OK.
In the Group Policy Management console, expand Forest: DomainName, expand DomainName, expand Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit.
In the Group Policy Management Editor console, expand Computer Configuration, expand Policies, expand Administrative Templates, expand System, click Net Logon, and then double-click Allow cryptography algorithms compatible with Windows NT 4.0.
In the Properties dialog box, click the Enabled option, and then click OK.

By default, the Not Configured option is set for the Allow cryptography algorithms compatible with Windows NT 4.0 policy in the following Group Policy objects (GPO):
Default Domain Policy
Default Domain Controllers Policy
Local Computer Policy

thanks microsoft good thing i do this on non-prod domains first.
and this helps, too:
Windows Registry Editor Version 5.00


(hint: it can be added in a gpo to affect/ruin all your systems)

samba is really getting me down

why not use bossa nova and its cool bim bom sound? yeah, right.
so i upgraded samba on my ubuntu box.  yes.
and then no one can connect.  no!

i see this in my local log.smbd files:
samba pdc ldap_connect_system: Failed to retrieve password from secrets.tdb

you have got to be kidding me.

  failed to bind to server ldap:// with dn="cn=admin,dc=mycompany,dc=com" Error: Invalid credentials

you have got to be kidding me.

apt-get install samba libpam-smbpass

o k a y i'll reset it to what it was.

smbpasswd -w weakpassword

restart.  nope.

o k a y i'll reset it interactively

smbpasswd -W

and it works.

apt sources.list for hardy

don't ask.
# e very thing for hardy
deb hardy main restricted universe multiverse
deb-src hardy main restricted universe multiverse

# ev ery thing for hardy-updates
deb hardy-updates main restricted universe multiverse
deb-src hardy-updates main restricted universe multiverse

# ever y thing for hardy-backports
deb hardy-backports main restricted universe multiverse
deb-src hardy-backports main restricted universe multiverse

# every thing for hardy-security
deb hardy-security main restricted universe multiverse
deb-src hardy-security main restricted universe multiverse