Running MRTG cfgmaker across your entire subnet?
Posted by evan on January 27th, 2010
I realized recently that I had a bunch of newly-provisioned VMs that weren’t being monitored by MRTG (one of the tools we use to monitor network usage and other fun stats). Rather than manually run cfgmaker against all the new machines, I decided to script my way out of this.
My Apple tablet prediction.
Posted by evan on January 23rd, 2010
I know nobody cares, but I figured I’d hop on the hypewagon and write down my guess for the Apple tablet. I think a “big iPod Touch” would be pretty boring, and not worth making. My guess (based on nothing): the unit will be controlled by eye tracking, and it’ll be able to zoom in on whatever you’re looking at.
That is all.
Victory! Change Active Directory Password via LDAP through browser
Posted by evan on January 13th, 2010
I had to give up on PHP and go to Perl, but it turned out not to be so bad. Users can now change their Active Directory passwords via a self-service web page that doesn’t require admin credentials. The Perl code is below. Authentication to the script is done via .htaccess LDAP authentication, so the REMOTE_USER env variable is assumed to contain the user’s username (sAMAccountName) by the time this script is called. There is a simple check for $ENV{HTTPS} to ensure the script is called via SSL, and AD requires password changes to be done via ldaps, so the whole thing should be encrypted end to end.
LDAP-Active Directory authentication, Part 3
Posted by evan on January 8th, 2010
So I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server).
With that piece of the puzzle largely solved, I moved on to another: how will users change their passwords (which are all stored in Active Directory)? For users running Windows this is pretty trivial — they can do it right in Windows when they’re logged into the domain. But what about Linux users? I figured the easiest thing to do would be to make a web form to do this. The user would login (with the http/LDAP auth I previously setup) and the form would ask for their password (twice) and update it in Active Directory. Sounds pretty simple to me. I think if this were OpenLDAP it probably would be, but being AD, it’s not.
Single sign-on with Linux clients and Active Directory LDAP, Part 2
Posted by evan on January 5th, 2010
Following up on my previous post, it turned out not to be as big of a deal as I’d originally expected to have Apache authenticate against AD and only allow users whose accounts weren’t disabled. In a nutshell, here’s what I did:
.jobs domains – $120/year?
Posted by evan on January 3rd, 2010
I saw that Cablevision has www.cablevision.jobs as the link for its jobs page. Curious, I looked up how much a .jobs domain cost. GoDaddy has them for $119! That’s insane!
FiOS Ping Test
Posted by evan on January 2nd, 2010
Ran a ping test at pingtest.net today. Overall I can’t find fault with the FiOS service so far. Port 80 and 443 are open and I have them forwarded to my Linux box so I can actually run a webserver in my basement. I’m debating moving this domain over to my own linux box, since it’s super low traffic, but I probably won’t.
Cablevision drops HGTV, Food Network, and Travel Channel??
Posted by evan on January 1st, 2010
Boy, good thing I left Cablevision when I did… HGTV is my wife’s favorite channel.
In a separate case, the owner of the Food Network and HGTV, Scripps Networks, removed its channels from Cablevision’s lineups on Friday, a consequence of a breakdown in talks between those two parties.
“Viewers love our talent and our shows, which is why Food Network and HGTV rank among the top networks in cable,” Kenneth W. Lowe, the chief executive of Scripps Networks Interactive, said in a statement Friday morning. “But our valuable networks simply are not being compensated like top 10 networks by Cablevision. The distribution rates Cablevision pays for Food and HGTV are among the lowest in the industry.”
The dispute may linger for some time; Cablevision said it had “no expectation of carrying their programming again, given the dramatic changes in their approach to working with distributors to reach television viewers.”
Source: NY Times and the HGTV website.
Got my first FiOS bill today…
Posted by evan on December 26th, 2009
Not good. The rep I spoke with had said she’d intercept the first bill and apply all the credits up front. I guess being Christmas she couldn’t, so I got this first bill of $208.22.
Single sign-on with Linux clients and Active Directory LDAP, Part 1
Posted by evan on December 25th, 2009
One project we’ve been working on for a while is single sign-on across all our servers and other services (e.g. SVN repository, a few other things). One thing I wanted to avoid, I guess for mostly religious reasons, was reliance on a Windows instance for any of our production environment. The logical part of my brain knows that people build huge websites with Windows farms and AD, but my gut still doesn’t trust it. So what I wanted to do was setup OpenLDAP as a “slave” to an Active Directory “master” and have all the LDAP info propagate over the slave whenever any changes were made in the master. I’ve done this with DNS – setup Bind as a slave to an AD server and everything basically works as I expect in a Bind-Bind master/slave scenario. Well, it turns out that it doesn’t work like that when it comes to LDAP. Apparently AD doesn’t follow the RFC for LDAP (surprise!) so many things that would be expected to work with OpenLDAP won’t.
-
Recent tracks- Paul McCartney – For You Blue February 8, 2010
- Los Lonely Boys – La Contestación February 8, 2010
- Ozzy Osbourne – Over The Mountain February 8, 2010
- Blues Traveler – Brother John February 8, 2010
- Black Sabbath – Fairies Wear Boots February 8, 2010
- Guns N' Roses – My Michelle February 8, 2010
- Mother Love Bone – Thru Fade Away February 8, 2010
- Trans-Siberian Orchestra – Christmas Eve / Sarajevo February 8, 2010
- Metallica – The Call Of Ktulu February 8, 2010
- Grateful Dead – Friend of the Devil February 8, 2010
- Slickdeals
- Battlefield Bad Company 2 (PC) Preorder $23 February 8, 2010[…]
- Kodak C1013 10.3 Megapixel 3x Zoom Silver Digital Camera $50 February 8, 2010[…]
- Plantronics Discovery 975 Bluetooth Headset $56 February 8, 2010[…]
- Lands End Shoe Clearance: Womens $7+, Mens $10+, Girls $4+, Boys $4+ with free shipping February 8, 2010[…]
- Oster 4207 Electric Wine-Bottle Opener $13 February 8, 2010[…]
- Battlefield Bad Company 2 (PC) Preorder $23 February 8, 2010