Juniper SRX cannot use RADIUS authentication for client VPN?
Apparently using RADIUS authentication with Juniper SRX VPN is strange voodoo magic that’s never been tried before.
Renaming a single-label domain to a FQDN
TweetLong ago — eons, perhaps — before I had anything to do with the Windows environment here, someone created the AD domain in my company as a single-label domain (e.g. instead of “example.com” our domain is just “example”). Over the years this has led to lots of “fun” on the part of Windows admins who’ve [...]
Exchange 2010 Post-Upgrade weirdness: can't edit Mail Non-Universal Group or Security Group
TweetNow that everyone’s been moved to Exchange 2010 we’ve started using the 2010 Exchange Managment Console/Shell exclusively which has revealed some weirdness. First, we created a new group in AD using an old script (which used LDAP) and created a Mail-enabled Global Security group. We put people in the group, and everything seemed to be [...]
ldapsearch example on Active Directory
TweetJust putting this here for safekeeping since I couldn’t remember the exact syntax. [evan@ehoffman 10:35:50 ~]$ ldapsearch -x -LLL -D "ldapuser@example.com" -w password -b "OU=Users,DC=example,DC=com" -s sub -H ldaps://activedirectory.example.com "(sn=hoffman)" cn mail displayName samaccountname dn: CN=Evan Hoffman,OU=Tech,OU=Users,DC=example,DC=com cn: Evan Hoffman displayName: Evan D. Hoffman sAMAccountName: ehoffman mail: Evan.Hoffman@example.com Explanation: Connect to activedirectory.example.com using ldaps (SSL) [...]
Changing Active Directory Password in Browser through OWA 2010
TweetA few months ago I was on a quest to figure out how to change my Active Directory password via a browser (for Linux/Mac users). I finally figured it out, but since I’ve been working on this Exchange 2010 migration I noticed one of the features of OWA (Outlook Web App) in Exchange 2010 is [...]
Generate a report of Exchange mailbox sizes broken out by department and location
TweetI found a script a few months ago that generated a CSV report of mailbox size, which included the Mailbox Name (usually the user’s name), size in Kbytes, number of items, which server it’s on, etc. This was very helpful, but I wanted to see which department within the company used the most space on [...]
Victory! Change Active Directory Password via LDAP through browser
TweetI had to give up on PHP and go to Perl, but it turned out not to be so bad. Users can now change their Active Directory passwords via a self-service web page that doesn’t require admin credentials. The Perl code is below. Authentication to the script is done via .htaccess LDAP authentication, so the [...]
LDAP-Active Directory authentication, Part 3
TweetSo I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server). With that piece of the puzzle largely solved, I moved on to [...]
Recent Comments